Which practice enforces retention and tamper-evident storage of logs?

Retention and tamper-evident storage of logs focuses on keeping logs for a defined period and protecting them from modification. This is achieved by policies and technical controls that ensure logs are preserved in an immutably stored form and can be verified for integrity. The reason this is the best fit is because it directly addresses both how long logs are kept and how their integrity is protected, which are the core goals of tamper-evident storage. In practice you might use immutable storage, append-only logs, cryptographic hashing or digital signatures, and strict access controls to prevent alteration. Centralizing logs helps ensure access and management in one place but doesn't by itself enforce retention windows or tamper-evident properties. Securing transmission protects logs in transit, reducing risk of interception or tampering as they move, but the storage itself still needs to enforce retention and immutability. Synchronizing time ensures consistent timestamps across systems, aiding correlation and forensics, but does not guarantee how long logs are kept or their immutability. Therefore, enforcing retention and tamper-evident storage precisely targets both the duration and integrity of log data, making it the most appropriate practice.