Implement executive order M-21-31

[hannes-ucsc]

FedRAMP SSP rev 5 Template for Moderate system says

AU-11 Audit Record Retention (L)(M)(H)
Retain audit records for [FedRAMP Assignment: a time period in compliance with M-21-31] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

  	AU-11 Additional FedRAMP Requirements and Guidance:
  	Guidance: The service provider is encouraged to align with M-21-31 where possible

Requirement: The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.
Requirement: The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf).

Originally posted by @nolunwa-ucsc in #5078 (comment)

[nolunwa-ucsc]

A-Lign recommends the University of California, Santa Cruz review and update their record retention process to comply with the M-21-31 record retainage requirements.

[nolunwa-ucsc]

The team decided to increase the retention of all logs to 12 months.

[nolunwa-ucsc]

Implementation due 2/1/2025

[achave11-ucsc]

Assignee to file PR that sets the retention of every log (CloudTrail, CloudWatch, ElasticSearch, S3 access logs, load balancer logs, etc.) to 365 days.

[nolunwa-ucsc]

this is due 2/1/2025 (POAM item)