Enforce Data Retention Policy for Logs | CCC

Skip to main content

CCC.Logging.C02: Enforce Data Retention Policy for Logs

Control ID:CCC.Logging.C02

Title:Enforce Data Retention Policy for Logs

Objective:Ensure that the retention period configured for logs aligns with the organization's data retention policy.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Logging.TH05	Log Retention Policy Evasion or Misconfiguration	Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence.	1	1	0

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	GV.PO-01	0	-
NIST_800_53	AU-11	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Logging.C02.TR01	When a new log bucket or stream is created, its retention policy MUST be configured in accordance with organisation's data retention policy.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Logging.C02.TR02	When a query is performed to retrieve log events older than the number of days defined in the organisation's data retention policy, it MUST return an empty result.	tlp-clear tlp-green tlp-amber tlp-red