Test Results: prowler-output-232348204608-20250424120512
Summary
Pass
50Fail
16N/A
0Error
0Untested Requirements
0Results by CCC Release
CCC Reference | CCC Version | Passing Tests | Failing Tests |
---|---|---|---|
CCC.ObjStor | 2025.01 | 50 | 16 |
Test Results By Control Requirement
Requirement ID | Requirement Description | CCC Versions | Test | Test Result | Resources | Result Message |
---|---|---|---|---|---|---|
CCC.C01.TR01 | When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.2 or higher. | 2025.01 | s3_bucket_secure_transport_policy | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests. |
CCC.C01.TR01 | When a port is exposed for non-SSH network traffic, all traffic MUST include a TLS handshake AND be encrypted using TLS 1.2 or higher. | 2025.01 | s3_bucket_secure_transport_policy | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests. |
CCC.C01.TR02 | When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher. | 2025.01 | s3_bucket_secure_transport_policy | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests. |
CCC.C01.TR02 | When a port is exposed for SSH network traffic, all traffic MUST include a SSH handshake AND be encrypted using SSHv2 or higher. | 2025.01 | s3_bucket_secure_transport_policy | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests. |
CCC.C02.TR01 | When data is stored at rest, the service MUST be configured to encrypt data at rest using the latest industry-standard encryption methods. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms. |
CCC.C02.TR01 | When data is stored at rest, the service MUST be configured to encrypt data at rest using the latest industry-standard encryption methods. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms. |
CCC.C04.TR01 | When any access attempt is made to the service, the service MUST log the client identity, time, and result of the attempt. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled. |
CCC.C04.TR01 | When any access attempt is made to the service, the service MUST log the client identity, time, and result of the attempt. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled. |
CCC.C04.TR02 | When any access attempt is made to the view sensitive information, the service MUST log the client identity, time, and result of the attempt. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled. |
CCC.C04.TR02 | When any access attempt is made to the view sensitive information, the service MUST log the client identity, time, and result of the attempt. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled. |
CCC.C04.TR03 | When any change is made to the service configuration, the service MUST log the change, including the client, time, previous state, and the new state following the change. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled. |
CCC.C04.TR03 | When any change is made to the service configuration, the service MUST log the change, including the client, time, previous state, and the new state following the change. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled. |
CCC.C05.TR01 | When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.C05.TR01 | When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.C05.TR01 | When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 is not public. |
CCC.C05.TR01 | When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, domains, or networks that are not explicitly included in a pre-approved allowlist. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public. |
CCC.C05.TR02 | When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.C05.TR02 | When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.C05.TR02 | When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 is not public. |
CCC.C05.TR02 | When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as defined in the allowlist. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public. |
CCC.C05.TR03 | When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.C05.TR03 | When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.C05.TR03 | When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 is not public. |
CCC.C05.TR03 | When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly allowlisted tenants. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public. |
CCC.C05.TR04 | When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.C05.TR04 | When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.C05.TR04 | When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 is not public. |
CCC.C05.TR04 | When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, and reason for denial. | 2025.01 | s3_bucket_public_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public. |
CCC.ObjStor.C01.TR01 | When a request is made to read a protected bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | pass | arn:aws:kms:us-east-1:232348204608:key/831a72c9-c94d-4407-8835-3de2e3358b01 | KMS CMK 831a72c9-c94d-4407-8835-3de2e3358b01 has automatic rotation enabled. (more) |
CCC.ObjStor.C01.TR01 | When a request is made to read a protected bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | fail | arn:aws:kms:us-east-1:232348204608:key/dd053d7f-3ae4-4010-bac4-f70ae20be625 | KMS CMK dd053d7f-3ae4-4010-bac4-f70ae20be625 has automatic rotation disabled. (more) |
CCC.ObjStor.C01.TR01 | When a request is made to read a protected bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR01 | When a request is made to read a protected bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR02 | When a request is made to read a protected object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | pass | arn:aws:kms:us-east-1:232348204608:key/831a72c9-c94d-4407-8835-3de2e3358b01 | KMS CMK 831a72c9-c94d-4407-8835-3de2e3358b01 has automatic rotation enabled. (more) |
CCC.ObjStor.C01.TR02 | When a request is made to read a protected object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | fail | arn:aws:kms:us-east-1:232348204608:key/dd053d7f-3ae4-4010-bac4-f70ae20be625 | KMS CMK dd053d7f-3ae4-4010-bac4-f70ae20be625 has automatic rotation disabled. (more) |
CCC.ObjStor.C01.TR02 | When a request is made to read a protected object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR02 | When a request is made to read a protected object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR03 | When a request is made to write to a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | pass | arn:aws:kms:us-east-1:232348204608:key/831a72c9-c94d-4407-8835-3de2e3358b01 | KMS CMK 831a72c9-c94d-4407-8835-3de2e3358b01 has automatic rotation enabled. (more) |
CCC.ObjStor.C01.TR03 | When a request is made to write to a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | fail | arn:aws:kms:us-east-1:232348204608:key/dd053d7f-3ae4-4010-bac4-f70ae20be625 | KMS CMK dd053d7f-3ae4-4010-bac4-f70ae20be625 has automatic rotation disabled. (more) |
CCC.ObjStor.C01.TR03 | When a request is made to write to a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR03 | When a request is made to write to a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR04 | When a request is made to write to an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | pass | arn:aws:kms:us-east-1:232348204608:key/831a72c9-c94d-4407-8835-3de2e3358b01 | KMS CMK 831a72c9-c94d-4407-8835-3de2e3358b01 has automatic rotation enabled. (more) |
CCC.ObjStor.C01.TR04 | When a request is made to write to an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | kms_cmk_rotation_enabled | fail | arn:aws:kms:us-east-1:232348204608:key/dd053d7f-3ae4-4010-bac4-f70ae20be625 | KMS CMK dd053d7f-3ae4-4010-bac4-f70ae20be625 has automatic rotation disabled. (more) |
CCC.ObjStor.C01.TR04 | When a request is made to write to an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms. |
CCC.ObjStor.C01.TR04 | When a request is made to write to an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization. | 2025.01 | s3_bucket_default_encryption | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms. |
CCC.ObjStor.C02.TR01 | When a permission set is allowed for an object in a bucket, the service MUST allow the same permission set to access all objects in the same bucket. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.ObjStor.C02.TR01 | When a permission set is allowed for an object in a bucket, the service MUST allow the same permission set to access all objects in the same bucket. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.ObjStor.C02.TR02 | When a permission set is denied for an object in a bucket, the service MUST deny the same permission set to access all objects in the same bucket. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy. |
CCC.ObjStor.C02.TR02 | When a permission set is denied for an object in a bucket, the service MUST deny the same permission set to access all objects in the same bucket. | 2025.01 | s3_bucket_policy_public_write_access | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy. |
CCC.ObjStor.C03.TR01 | When an object storage bucket deletion is attempted, the bucket MUST be fully recoverable for a set time-frame after deletion is requested. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C03.TR01 | When an object storage bucket deletion is attempted, the bucket MUST be fully recoverable for a set time-frame after deletion is requested. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C03.TR02 | When an attempt is made to modify the retention policy for an object storage bucket, the service MUST prevent the policy from being modified. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C03.TR02 | When an attempt is made to modify the retention policy for an object storage bucket, the service MUST prevent the policy from being modified. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C04.TR01 | When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents premature deletion or modification. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C04.TR01 | When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents premature deletion or modification. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C04.TR02 | When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action from being completed. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C04.TR02 | When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action from being completed. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C05.TR01 | When an object is uploaded to the object storage bucket, the object MUST be stored with a unique identifier. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C05.TR01 | When an object is uploaded to the object storage bucket, the object MUST be stored with a unique identifier. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C05.TR02 | When an object is modified, the service MUST assign a new unique identifier to the modified object to differentiate it from the previous version. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C05.TR02 | When an object is modified, the service MUST assign a new unique identifier to the modified object to differentiate it from the previous version. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C05.TR03 | When an object is modified, the service MUST allow for recovery of previous versions of the object. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C05.TR03 | When an object is modified, the service MUST allow for recovery of previous versions of the object. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C05.TR04 | When an object is deleted, the service MUST retain other versions of the object to allow for recovery of previous versions. | 2025.01 | s3_bucket_object_versioning | fail | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning disabled. |
CCC.ObjStor.C05.TR04 | When an object is deleted, the service MUST retain other versions of the object to allow for recovery of previous versions. | 2025.01 | s3_bucket_object_versioning | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled. |
CCC.ObjStor.C06.TR01 | When an object storage bucket is accessed, the service MUST store access logs in a separate data store. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423 | S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled. |
CCC.ObjStor.C06.TR01 | When an object storage bucket is accessed, the service MUST store access logs in a separate data store. | 2025.01 | s3_bucket_server_access_logging_enabled | pass | arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs | S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled. |