Logs are Tampered With or Deleted

CCC.Core.TH07

Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.

Related Capabilities

ID	Title	Description
CCC.Core.CP03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.CP10	Log Publication	The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

Related Controls

ID	Title	Description
CCC.Core.CN09	Ensure Integrity of Access Logs	Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for.

External Mappings

Framework	ID	Remarks
MITRE-ATT&CK	T1070	Indicator Removal
MITRE-ATT&CK	T1565	Data Manipulation (for altering log entries)
MITRE-ATT&CK	T1027	Obfuscated Files or Information