CCC.C04: Log All Access and Changes
Objective:Ensure that all access and changes are logged to maintain a
detailed audit trail for security and compliance purposes.
Control Family:
Logging & Monitoring
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH01 | Access Control is Misconfigured | An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources. |
NIST CSF:
DE.AE-3
Control Mappings
CCM:
ISO_27001:
NIST_800_53:
AU-2
AU-3
AU-12
Test Requirements
CCC.C04.TR01:When any access attempt is made to the service, the service MUST log
the client identity, time, and result of the attempt.
TLP:
tlp_amber
tlp_red
CCC.C04.TR02:When any access attempt is made to the view sensitive information,
the service MUST log the client identity, time, and result of the
attempt.
TLP:
tlp_amber
tlp_red
CCC.C04.TR03:When any change is made to the service configuration, the service MUST
log the change, including the client, time, previous state, and the
new state following the change.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red