| ID | Title | Objective |
|---|---|---|
| CCC.AuditLog.CN01 | Implement Digital Signatures With Hash Chaining | Digital signatures allows for external verification of log data tampering and hash chaining allows for deleted log files to be detected. |
| CCC.AuditLog.CN02 | Enable And Validate All Audit Log Types | Review audit log configuration and ensure that all audit log types are being generated and replicated to configured sinks |
| CCC.AuditLog.CN03 | Alert On Audit Log Changes And Access | Ensure that specific alerts have been configured to detect changes in audit log configuration such as disabling exporting of logs. Alerts MUST also be created to detect changes in retention/object lock policies for exported data log sources/buckets. |
| CCC.AuditLog.CN04 | Ensure Access Logging Is Enabled on the Audit Log Bucket | Ensure that access logging is enabled for the audit log storage bucket to capture all requests made to the bucket, providing an audit trail of data access. |
| CCC.AuditLog.CN05 | Export Audit Logs To Bucket | Configure audit logs to be sent to a external bucket where they can be globally replicated and can be subject to greater access control and data retention polices. |
| CCC.AuditLog.CN06 | Enforce Retention Policy on Audit Log Bucket | Configure a custom retention policy on the designated audit log bucket to ensure that logs are retained for the correct number of days as defined by your organization's policy. |
| CCC.AuditLog.CN07 | Enforce MFA Delete on Audit Log Bucket | Enable Multi-Factor Authentication (MFA) delete on the audit log bucket to provide greater protection against accidental or malicious deletion of audit data. |
| CCC.AuditLog.CN08 | Enable Object Lock On Audit Log Bucket | Ensure that object log is enabled globally on all objects with the bucket. The lock time MUST be configured to meet your organization, legal and compliance goals. Deletion attempts before the lock period MUST be denied. |
| CCC.AuditLog.CN09 | Restrict Field And Log Type Access | Configure access to audit logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII. |
| CCC.AuditLog.CN10 | Ensure Audit Bucket is Not Publicly Accessible | Ensure that audit log storage buckets are not publicly accessible to prevent unauthorized exposure of sensitive log data. |
Management / Auditlog
Controls
Version: