💼 [S3.9] S3 general purpose buckets should have server access logging enabled

• Contextual name: 💼 [S3.9] S3 general purpose buckets should have server access logging enabled

• ID: /frameworks/aws-fsbp-v1.0.0/s3/09

• Located in: 💼 Simple Storage Service (S3)

Description

Server access logging provides detailed records of requests made to a bucket. Server access logs can assist in security and access audits.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-9
• Internal
  • ID: dec-c-10f83561

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(4) Account Management _ Automated Audit Actions		14	16
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions			9
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(9) Least Privilege _ Log Use of Privileged Functions		17	19
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging	4		17
💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records	3	13	28
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories			8
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis			8
💼 NIST SP 800-53 Revision 5 → 💼 AU-10 Non-repudiation	5		7
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation	4	47	65
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		10
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic			14
💼 NIST SP 800-53 Revision 5 → 💼 SI-3(8) Malicious Code Protection _ Detect Unauthorized Commands			5
💼 NIST SP 800-53 Revision 5 → 💼 SI-4(20) System Monitoring _ Privileged Users			5
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events			8
💼 PCI DSS v4.0.1 → 💼 10.2.1 Audit logs are enabled and active for all system components and cardholder data.	7		24

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (2)

Policy	Logic Count	Flags
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-e0014333	2