Restrict Field And Log Type Access

CCC.Logging.C04: Restrict Field And Log Type Access

Control ID:CCC.Logging.C04

Title:Restrict Field And Log Type Access

Objective:Configure access to logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII.

Control Family:

Identity and Access Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Logging.TH04	Inadequate Log Anonymization/Masking	Sensitive data (e.g., PII, secrets, authentication tokens) is ingested into logs without proper anonymization, masking, or redaction at source or during ingestion. This creates a significant data exposure risk, particularly for data not intended for broad log access.	1	1	0

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.PS-04	-
NIST_800_53	AC-6	-
NIST_800_53	AU-9	-
NIST_800_53	AC-3	-
NIST_800_53	PT-2	-
NIST_800_53	PT-3	-
NIST_800_53	PT-3	-

Assessment Requirements

ID	Description	Applicability
CCC.AuditLog.C04.TR01	When restricted fields are accessed by unauthorized users, then those fields MUST remain masked.	tlp-red tlp-amber