Configure access to audit logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII.
Management / Auditlog / Controls / DEV
Restrict Field And Log Type Access
CCC.AuditLog.CN09 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.AuditLog.CN09.AR01 | When restricted fields are accessed by unauthorized users, then those fields MUST remain masked. | tlp-red, tlp-amber |