CCC.Core.TH16: Publications are Disabled
Threat ID:CCC.Core.TH16
Title:Publications are Disabled
Description:
Publication of events, metrics, and runtime logs may be disabled, leading to a lack of expected security and operational information being shared. This can impact system availability by delaying the detection of incidents while also impacting system design decisions and enforcement of operational thresholds, such as autoscaling or cost management.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1562 | 0 | Impair Defenses |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Core.C11 | Protect Encryption Keys | Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and customer-managed encryption keys (CMEKs). | Data | 1 | 7 | 6 |
| CCC.Logging.C07 | Detect and Alert on Log Service Tampering | Alert when any component of the critical logging infrastructure is disabled, modified, or deleted, indicating a defense evasion attempt. | Logging and Monitoring | 1 | 5 | 1 |