Ensure Integrity of Access Logs | CCC

Skip to main content

CCC.Core.CN09: Ensure Integrity of Access Logs

Control ID:CCC.Core.CN09

Title:Ensure Integrity of Access Logs

Objective:Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH04	Data is Replicated to Untrusted or External Locations	Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure.	1	1	0
CCC.Core.TH07	Logs are Tampered With or Deleted	Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails.	1	1	0
CCC.Core.TH09	Runtime Logs are Read by Unauthorized Entities	Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.CP03	Access Log Publication	The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.
CCC.Core.CP10	Log Publication	The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
CCM	LOG-02	5	Audit Logs Protection (security and retention)
CCM	LOG-04	5	Audit Logs Access and Accountability (Restrict audit logs access to authorized personnel)
CCM	LOG-09	5	Log Protection (protects audit records from unauthorized access)

Assessment Requirements

ID	Description	Applicability
CCC.Core.CN09.AR01	When the service is operational, its logs and any child resource logs MUST NOT be accessible from the resource they record access to.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.CN09.AR02	When the service is operational, disabling the logs for the service or its child resources MUST NOT be possible without also disabling the corresponding resource.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.CN09.AR03	When the service is operational, any attempt to redirect logs for the service or its child resources MUST NOT be possible without halting operation of the corresponding resource and publishing corresponding events to monitored channels.	tlp-amber tlp-red