CCC.Logging.TH05 - Log Retention Policy Evasion or Misconfiguration

CCC.Logging.TH05: Log Retention Policy Evasion or Misconfiguration

Threat ID:CCC.Logging.TH05

Title:Log Retention Policy Evasion or Misconfiguration

Description:

Log data is deleted prematurely or retained longer than legally required due to misconfigured retention policies, manual overrides, or evasion tactics. This can lead to non-compliance with regulatory requirements or loss of critical forensic evidence.

External Mappings

Reference ID	Entry ID	Remarks
MITRE-ATT&CK	T1070.004	Indicator Removal on Host: File Deletion
MITRE-ATT&CK	T1485	Data Destruction
MITRE-ATT&CK	T1562.008	Impair Defenses: Disable Cloud Logs

Controls

ID	Title	Objective	Control Family	Threat Mappings	Guideline Mappings	Assessment Requirements
CCC.Logging.C02	Enforce Data Retention Policy for Logs	Ensure that the retention period configured for logs aligns with the organization's data retention policy.	Data	1	2	2