Centralized and Comprehensive Log Aggregation

CCC.Logging.C01: Centralized and Comprehensive Log Aggregation

Control ID:CCC.Logging.C01

Title:Centralized and Comprehensive Log Aggregation

Objective:Ensure all operational and security logs from across the cloud environment, including applications, operating systems, network traffic, and cloud service activity, are captured automatically and streamed to a central, secure log management service.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Logging.TH07	Insufficient Logging	If security-critical actions are not logged, it becomes more difficult to detect threats and conduct post-incident analysis.	2	1	0

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.PS-04	-
NIST_800_53	AU-2	-
NIST_800_53	AU-3	-

Assessment Requirements

ID	Description	Applicability
CCC.Logging.C01.TR01	When a new cloud account is created, provider-level audit and network flow logging MUST be enabled by default and directed to the central sink.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Logging.C01.TR02	When a new cloud compute resource is deployed, it MUST be configured to forward all relevant logs (e.g., OS, application, service logs) to the central log sink.	tlp-clear tlp-green tlp-amber tlp-red