CCC.Core.TH07: Logs are Tampered With or Deleted
Threat ID:CCC.Core.TH07
Title:Logs are Tampered With or Deleted
Description:
Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Logging.C03 | Enable Object Lock On Log Bucket | Ensure log immutability by enabling Write Once, Read Many (WORM) protection using object lock on log storage buckets. This prevents logs from being modified or deleted during the defined retention period, supporting compliance and forensic integrity. | Data | 1 | 3 | 1 |
| CCC.Core.C09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. | Data | 3 | 5 | 3 |