Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| LOG-10 | Audit Records Protection | mitigates | T1070.009 | Clear Persistence |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1070.007 | Clear Network Connection History and Configurations |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1070 | Indicator Removal |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562 | Impair Defenses |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562.002 | Disable Windows Event Logging |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1070.002 | Clear Linux or Mac System Logs |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1070.001 | Clear Windows Event Logs |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562.012 | Disable or Modify Linux Audit System |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562.001 | Disable or Modify Tools |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562.007 | Disable or Modify Cloud Firewall |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|
| LOG-10 | Audit Records Protection | mitigates | T1562.008 | Disable or Modify Cloud Logs |
Comments
This control requires both CSP and CSC to independently protect audit logs by enforcing strict access controls, encryption, isolated log environments, continuous monitoring, vulnerability management, and so forth for investigations or legal proceedings.
|