Restrict Field And Log Type Access

CCC.AuditLog.CN09: Restrict Field And Log Type Access

Control ID:CCC.AuditLog.CN09

Title:Restrict Field And Log Type Access

Objective:Configure access to audit logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII.

Control Family:

Confidentiality

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH07	Logs are Tampered With or Deleted	Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.CP03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.CP10	Log Publication	The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.PS-04	-
NIST_800_53	AC-6	-
NIST_800_53	AU-9	-
NIST_800_53	AC-3	-
NIST_800_53	PT-2	-
NIST_800_53	PT-3	-
NIST_800_53	PT-3	-

Assessment Requirements

ID	Description	Applicability
CCC.AuditLog.CN09.AR01	When restricted fields are accessed by unauthorized users, then those fields MUST remain masked.	tlp-red tlp-amber