Ability to define and enforce granular retention periods for different log types based on regulatory requirements and internal policies.
Management / Logging / Capabilities / DEV
Retention Policies
CCC.Logging.CP08
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Logging.TH04 | Inadequate Log Anonymization/Masking | Sensitive data (e.g., PII, secrets, authentication tokens) is ingested into logs without proper anonymization, masking, or redaction at source or during ingestion. This creates a significant data exposure risk, particularly for data not intended for broad log access. |
| CCC.Logging.TH05 | Log Retention Policy Evasion or Misconfiguration | Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence. |