---
names: 
  full: "Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock"
  contextual: "og Sink exports logs to a Storage Bucket without Bucket Lock"
description: "Enabling retention policies on log buckets will protect logs stored in cloud storage buckets from being overwritten \
 or accidentally deleted. It is recommended to set up retention policies and configure Bucket Lock on all storage buckets that are \
 used as log sinks."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v4.0.0/02/03
  - /frameworks/cloudaware/logging-and-monitoring/logging-and-monitoring-configuration
  - /frameworks/nist-sp-800-53-r4/au/11
  - /frameworks/nist-sp-800-53-r5/ac/03
  - /frameworks/nist-sp-800-53-r5/ac/05
  - /frameworks/nist-sp-800-53-r5/ac/06
  - /frameworks/nist-sp-800-53-r5/mp/02
  - /frameworks/pci-dss-v3.2.1/10/05
  - /frameworks/pci-dss-v4.0/01/03/01
  - /frameworks/iso-iec-27001-2013/12/04/02
  - /frameworks/iso-iec-27001-2013/18/01/03
  - /frameworks/iso-iec-27001-2022/05/10
  - /frameworks/iso-iec-27001-2022/05/15
  - /frameworks/iso-iec-27001-2022/08/03
  - /frameworks/iso-iec-27001-2022/08/04
  - /frameworks/nist-csf-v1.1/pr-ac/04
  - /frameworks/soc-2/cc5/02/03
  - /frameworks/soc-2/cc6/01/03
  - /frameworks/soc-2/cc6/01/07
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/gcp/CloudStorage/retention-policies-with-bucket-lock.html"
      name: "Configure Retention Policies with Bucket Lock"