Ensure that the retention period configured for logs aligns with the organization's data retention policy.
Management / Logging / Controls / DEV
Enforce Data Retention Policy for Logs
CCC.Logging.CN02 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Logging.CP07 | Immutable Storage | Ability to prevent unauthorized alteration or deletion of logs, ensuring their integrity for auditing and forensic purposes. |
| CCC.Logging.CP08 | Retention Policies | Ability to define and enforce granular retention periods for different log types based on regulatory requirements and internal policies. |
| CCC.Logging.CP12 | Log Archiving | Ability to archive logs that are no longer needed but must be retained. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Logging.TH05 | Log Retention Policy Evasion or Misconfiguration | Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Logging.CN02.AR01 | When a new log bucket or stream is created, its retention policy MUST be configured in accordance with organisation's data retention policy. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Logging.CN02.AR02 | When a query is performed to retrieve log events older than the number of days defined in the organisation's data retention policy, it MUST return an empty result. | tlp-clear, tlp-green, tlp-amber, tlp-red |