Ensure that access logging is enabled for the audit log storage bucket to capture all requests made to the bucket, providing an audit trail of data access.
Management / Auditlog / Controls / DEV
Ensure Access Logging Is Enabled on the Audit Log Bucket
CCC.AuditLog.CN04 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP29 | Active Ingestion | While running, the service itself can fetch or reach out to some other service or external source to get data, inputs or commands for the service to process or operate on. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.AuditLog.CN04.AR01 | When audit log buckets are created then verify that server access logging MUST be enabled for the audit log bucket, with logs delivered to a separate, secure logging bucket. | tlp-red, tlp-amber |