CCC.C04: Log All Access and Changes
Objective:Ensure that all access and changes are logged to maintain a
detailed audit trail for security and compliance purposes.
Control Family:
Logging & Monitoring
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH01 | Access Control is Misconfigured | Misconfigured access controls may grant excessive privileges or fail to restrict unauthorized access to sensitive resources. This could result in unintended data exposure or unauthorized actions being performed within the system. |
NIST CSF:
DE.AE-3
Control Mappings
CCM:
LOG-08
ISO_27001:
NIST_800_53:
AU-2
AU-3
AU-12
Test Requirements
CCC.C04.TR01:When any access attempt is made to the service, the service MUST log
the client identity, time, and result of the attempt.
TLP:
tlp_amber
tlp_red
CCC.C04.TR02:When any access attempt is made to the view sensitive information,
the service MUST log the client identity, time, and result of the
attempt.
TLP:
tlp_amber
tlp_red
CCC.C04.TR03:When any change is made to the service configuration, the service MUST
log the change, including the client, time, previous state, and the
new state following the change.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red