Ensure all operational and security logs from across the cloud environment, including applications, operating systems, network traffic, and cloud service activity, are captured automatically and streamed to a central, secure log management service.
Management / Logging / Controls / DEV
Centralized and Comprehensive Log Aggregation
CCC.Logging.CN01 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
| CCC.Logging.CP01 | Service Log Capture | Ability to capture logs from all relevant cloud services at varying levels of verbosity. |
| CCC.Logging.CP02 | Application Log Ingestion | Support for ingesting logs from custom applications deployed within the cloud environment. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Logging.TH07 | Insufficient Logging | If security-critical actions are not logged, it becomes more difficult to detect threats and conduct post-incident analysis. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Logging.CN01.AR01 | When a new cloud account is created, provider-level audit and network flow logging MUST be enabled by default and directed to the central sink. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Logging.CN01.AR02 | When a new cloud compute resource is deployed, it MUST be configured to forward all relevant logs (e.g., OS, application, service logs) to the central log sink. | tlp-clear, tlp-green, tlp-amber, tlp-red |