CCC.Logging.TH07: Insufficient Logging
Threat ID:CCC.Logging.TH07
Title:Insufficient Logging
Description:
If security-critical actions are not logged, it becomes more difficult to detect threats and conduct post-incident analysis.
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
OWASPTOP10 | A09:2021 | 0 | - |
CWE | CWE-223 | 0 | - |
CWE | CWE-778 | 0 | - |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Logging.C01 | Centralized and Comprehensive Log Aggregation | Ensure all operational and security logs from across the cloud environment, including applications, operating systems, network traffic, and cloud service activity, are captured automatically and streamed to a central, secure log management service. | Data | 1 | 3 | 2 |