Configure access to logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII.
Management / Logging / Controls / DEV
Restrict Field And Log Type Access
CCC.Logging.CN04 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Logging.CP06 | Log Filtering & Transformation | Ability to to filter, normalise, and transform raw log data at ingestion to optimise storage and enhance usability. |
| CCC.Logging.CP08 | Retention Policies | Ability to define and enforce granular retention periods for different log types based on regulatory requirements and internal policies. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Logging.TH04 | Inadequate Log Anonymization/Masking | Sensitive data (e.g., PII, secrets, authentication tokens) is ingested into logs without proper anonymization, masking, or redaction at source or during ingestion. This creates a significant data exposure risk, particularly for data not intended for broad log access. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Logging.CN04.AR01 | When restricted fields are accessed by unauthorized users, then those fields MUST remain masked. | tlp-red, tlp-amber |