CSA CCM DSP-16

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. In terms of mitigation, automatically forward events to a log server or data repository to prevent conditions in which the adversary can locate and manipulate data on the local system. When possible, minimize time delay on event reporting to avoid prolonged storage on the local system.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. In terms of mitigation, backups that are stored off system and are protected from common methods adversaries may use to gain access and manipulate backups can lessen the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, in cloud environments, adversaries may disable versioning and backup policies and delete snapshots, database backups, machine images, and prior versions of objects designed to be used in disaster recovery scenarios. In terms of mitigation, enable versioning on storage objects where possible within the cloud environment, and copy backups to other accounts or regions to isolate them from the original copies can aid with lessening the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may modify external systems or applications to an enterprise network, thus affecting the integrity of the original content by external users. In terms of mitigation, taking regular data backups that can be used to restore organizational data can limit the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may modify internal systems or thus affecting the integrity and operations of the original content by internal users. In terms of mitigation, taking regular data backups that can be used to restore organizational data can limit the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. In terms of mitigation, taking regular data backups that can be used to restore organizational data can limit the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. In terms of mitigation, consider enabling versioning in cloud environments to maintain backup copies of storage objects to limit the impact of this technique.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may modify the lifecycle policies of a cloud storage bucket to destroy all objects stored within. Cloud storage buckets often allow users to set lifecycle policies to automate the migration, archival, or deletion of objects after a set period of time In terms of mitigation, consider limiting permissions to lessen the impact of this technique by modifying cloud bucket lifecycle policies (e.g., PutLifecycleConfiguration in AWS) to only those accounts that require it. In AWS environments, consider using Service Control policies to limit the use of the PutBucketLifecycle API call.

This control describes the shared responsibility of both the CSP and CSC for securely managing data retention, archiving, and deletion across all cloud service models. Implementation involves establishing secure tools and processes for data retention, configuring backups, enforcing retention policies, and maintaining safeguards within each party’s environment. For this technique, adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. In terms of mitigation, taking regular data backups that can be used to restore organizational data and ensuring backups are stored off system and protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery can limit the impact of this technique.