CCC.Logging.TH04 - Inadequate Log Anonymization/Masking

CCC.Logging.TH04: Inadequate Log Anonymization/Masking

Threat ID:CCC.Logging.TH04

Title:Inadequate Log Anonymization/Masking

Description:

Sensitive data (e.g., PII, secrets, authentication tokens) is ingested into logs without proper anonymization, masking, or redaction at source or during ingestion. This creates a significant data exposure risk, particularly for data not intended for broad log access.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1530	Data from Local System
MITRE-ATT&CK	T1537	Transfer Data to Cloud Account
MITRE-ATT&CK	T1565	Data Manipulation (if attacker is masking their own activity)

Controls

ID	Title	Objective	Control Family	Threat Mappings	Guideline Mappings	Assessment Requirements
CCC.Logging.C04	Restrict Field And Log Type Access	Configure access to logs to follow the principle of least privilege in particular where technically possible limit the log fields users have access to to prevent accidental exposure to sensitive information such as PII.	Identity and Access Management	1	7	1