Skip to main content

💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)

Contextual name: 💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)
ID: /frameworks/cis-aws-v4.0.1/03/02
Located in: 💼 3 Logging

Description

CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was changed, deleted, or remained unchanged after CloudTrail delivered the log. It is recommended that file validation be enabled for all CloudTrails.

Similar

Sections
- /frameworks/cis-aws-v5.0.0/03/02
- /frameworks/cis-aws-v4.0.0/03/02

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.0 → 💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)			1
💼 CIS AWS v5.0.0 → 💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.0 → 💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)			1
💼 CIS AWS v5.0.0 → 💼 3.2 Ensure CloudTrail log file validation is enabled (Automated)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
Policies (1)