Dee you are correct. While the Windows logs are currently available, clients using a Mac don't' have the logs stored for recordkeeping purposes to fulfil Cyber requirements. The majority of my clients are in the non-banking financial services sector such as Registered Investment Advisors.

The SEC has a proposed rule "Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies" where the requirement to capture the logs and review logs are mentioned. Refer to the Information Protection, Incident Response, and Recordkeeping.

SIEM logs would need to be stored for 5 years.

I believe the FTC Safeguard Rules - Standards for Safeguarding Customer Information also has overlap here in needing the logs captured.