| ID | Title | Objective |
|---|---|---|
| CCC.Logging.CN01 | Centralized and Comprehensive Log Aggregation | Ensure all operational and security logs from across the cloud environment, including applications, operating systems, network traffic, and cloud service activity, are captured automatically and streamed to a central, secure log management service. |
| CCC.Logging.CN02 | Enforce Data Retention Policy for Logs | Ensure that the retention period configured for logs aligns with the organization's data retention policy. |
| CCC.Logging.CN03 | Enable Object Lock On Log Bucket | Ensure log immutability by enabling Write Once, Read Many (WORM) protection using object lock on log storage buckets. This prevents logs from being modified or deleted during the defined retention period, supporting compliance and forensic integrity. |
| CCC.Logging.CN04 | Restrict Field And Log Type Access | Configure access to logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII. |
| CCC.Logging.CN05 | Ensure Log Bucket is Not Publicly Accessible | Ensure that log storage buckets are not publicly accessible to prevent unauthorized access to sensitive log data. In addition, logs should be replicated to another cloud region to enhance availability, durability, and support disaster recovery requirements. |
| CCC.Logging.CN06 | Detect and Alert on Potential Log Exfiltration | Identify and alert on anomalous data access patterns that may indicate an attempt to exfiltrate log data. |
| CCC.Logging.CN07 | Detect and Alert on Log Service Tampering | Alert when any component of the critical logging infrastructure is disabled, modified, or deleted, indicating a defense evasion attempt. |
Management / Logging
Controls
Version: