For how long must physical access logs be retained?

The requirement to retain physical access logs for 90 days is grounded in the CIP standards to maintain an adequate level of security and oversight over critical infrastructure. By retaining these logs for this duration, organizations can effectively monitor and audit physical access to their facilities, which is crucial for both incident response and compliance verification. This timeframe allows for a sufficient window to conduct investigations if needed and ensures that any anomalies in access patterns can be scrutinized within a reasonable period.

Longer retention periods might lead to unnecessary storage costs or complicate data management, while shorter retention might not provide enough historical data for effective analysis. Therefore, 90 days strikes a balance between operational efficiency and security needs.