Compliance Documentation
NIST 800-53 Alignment for Civagent
Civagent supports common NIST 800-53 controls that public-sector organizations may be expected to follow for security and records management. This note focuses on AU-11 (Audit Record Retention) and SI-12 (Information Management and Retention).
AU-11: Audit Record Retention
Civagent provides:
- A tamper-evident audit trail of user activity, AI actions, and system changes
- Configurable retention for audit logs to align with your records schedule
- Archiving of audit logs prior to deletion to preserve integrity
Evidence you can request:
- Audit log exports
- Audit log retention settings
- Retention job history demonstrating enforcement
SI-12: Information Management and Retention
Civagent provides:
- Separate retention periods for conversations, files, and audit logs
- Retention settings by department, programme, or project
- Legal holds to preserve records during litigation, investigations, or public records requests
- A retention audit trail documenting deletions
Evidence you can request:
- Retention policy summary by department, programme, or project
- Legal hold records
- Retention deletion reports