CCC.ObjStor.C06: Access Logs are Stored in a Separate Data Store
Objective:Ensure that access logs for object storage buckets are stored in a
separate data store to protect against unauthorized access, tampering,
or deletion of logs (Logbuckets are exempt from this requirement,
but must be tlp_red).
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH07 | Logs are Tampered With or Deleted | Attackers may tamper with or delete logs to cover their tracks and evade detection. This prevents security teams from identifying the full scope of an attack and may disrupt forensic investigations. |
| CCC.TH09 | Logs or Monitoring Data are Read by Unauthorized Users | Unauthorized access to logs or monitoring data can provide attackers with valuable information about the system's configuration, operations, and security mechanisms. This can be used to identify vulnerabilities, plan attacks, or evade detection. |
NIST CSF:
PR.DS-6
Control Mappings
CCM:
DSP-07
DSP-17
ISO_27001:
2022 A.8.15.0
NIST_800_53:
AU-9
SC-28
Test Requirements
CCC.ObjStor.C06.TR01:When an object storage bucket is accessed, the service MUST store
access logs in a separate data store.
TLP:
tlp_amber
tlp_red