Digital signatures allows for external verification of log data tampering and hash chaining allows for deleted log files to be detected.
Management / Auditlog / Controls / DEV
Implement Digital Signatures With Hash Chaining
CCC.AuditLog.CN01 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. |
| CCC.Core.CP18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.AuditLog.CN01.AR01 | When the signature validation process is performed, then it MUST detect any modification of data. | tlp-red |
| CCC.AuditLog.CN01.AR02 | When the signature validation process is performed, then it MUST detect any missing (deleted) log file. | tlp-red |