Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability.
Audit logs should track access to aid upon detection of suspicious activity and contain sufficient data to support investigative needs for security breaches. Access to all audit logs should be restricted based on need-to-know and least privilege principles. Additionally, monitor all relevant actions taken. In the case of unintended or unauthorized actions, alerts should occur.
- Examine policy related to the protection of log information.
- Determine if the control requirements stipulated in the policy have been implemented.
- Examine policy related to the maintenance of access records.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.