💼 [CloudTrail.4] CloudTrail log file validation should be enabled

• ID: /frameworks/aws-fsbp-v1.0.0/cloudtrail/04

Description

CloudTrail log file validation creates a digitally signed digest file that contains a hash of each log that CloudTrail writes to Amazon S3. You can use these digest files to determine whether a log file was changed, deleted, or unchanged after CloudTrail delivered the log.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-4
• Internal
  • ID: dec-c-ef4fe33a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 AU-9 Protection of Audit Information	7	2	5		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4 System Monitoring	25	1	10		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(1) Software, Firmware, and Information Integrity _ Integrity Checks			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(3) Software, Firmware, and Information Integrity _ Centrally Managed Integrity Tools			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(7) Software, Firmware, and Information Integrity _ Integration of Detection and Response			1		no data
💼 PCI DSS v3.2.1 → 💼 10.5.2 Protect audit trail files from unauthorized modifications.		1	4		no data
💼 PCI DSS v3.2.1 → 💼 10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.		1	2		no data
💼 PCI DSS v4.0.1 → 💼 10.3.2 Audit log files are protected to prevent modifications by individuals.			4		no data
💼 PCI DSS v4.0 → 💼 10.3.2 Audit log files are protected to prevent modifications by individuals.		2	4		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-b1e1a494	1