Configure a custom retention policy on the designated audit log bucket to ensure that logs are retained for the correct number of days as defined by your organization's policy.
Management / Auditlog / Controls / DEV
Enforce Retention Policy on Audit Log Bucket
CCC.AuditLog.CN06 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. |
| CCC.Core.CP18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.AuditLog.CN06.AR01 | When the retention policy is applied, then data MUST be automatically deleted after the configured number of days. | tlp-red, tlp-amber, tlp-green |