Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence.
Management / Logging / Threats / DEV
Log Retention Policy Evasion or Misconfiguration
CCC.Logging.TH05
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Logging.CP07 | Immutable Storage | Ability to prevent unauthorized alteration or deletion of logs, ensuring their integrity for auditing and forensic purposes. |
| CCC.Logging.CP08 | Retention Policies | Ability to define and enforce granular retention periods for different log types based on regulatory requirements and internal policies. |
| CCC.Logging.CP12 | Log Archiving | Ability to archive logs that are no longer needed but must be retained. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.Logging.CN02 | Enforce Data Retention Policy for Logs | Ensure that the retention period configured for logs aligns with the organization's data retention policy. |