Event Log Retention Requirements as mandated by Major Compliance Regulations

On September 20th, 2016, Digital Edge released an article on Log Management Laws and Regulations. Below is a little "Cheat Sheet" on the Event Log Retention Requirements as mandated by major compliance regulations:

Regulation	Retention Requirement
HIPAA	7 years
PCI DSS	1 year
SOX	7 years
ISO 27001	3 years
FISMA	3 years
GPG 13	3+ months
NERC CIP	3 years
GLBA	6 years
DoDI 8500.2	5 years
NIST	3 years