Rule: Set Log Group Retention Period to 365 Days

Ensure that the log group retention period is set to a minimum of 365 days as part of technical safeguards.

Rule	Log group retention period should be at least 365 days
Framework	HIPAA
Severity	✔ High

Log Group Retention Period for HIPAA Compliance

Rule Description

In order to comply with HIPAA (Health Insurance Portability and Accountability Act) regulations, the log group retention period should be set to at least 365 days. This rule ensures that all logged information is retained for a sufficient period of time for auditing and investigation purposes, as mandated by HIPAA.

Troubleshooting Steps

If the log group retention period is not set to at least 365 days, follow these troubleshooting steps to rectify the issue:

1.
Check the current retention period: Start by checking the current retention period for the log group in question. You can do this by accessing the AWS Management Console or using AWS CLI (Command Line Interface).

2.
Adjust the retention period: If the current retention period is less than 365 days, modify it to meet the requirement.

Necessary Codes (if applicable)

If you prefer to use AWS CLI to adjust the retention period, execute the following command:

aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365

Replace

<log-group-name>

with the actual name of the log group you wish to modify.

Step-by-Step Guide for Remediation

1.
Access the AWS Management Console: Log in to the AWS Management Console using appropriate credentials.

2.
Navigate to AWS CloudWatch Logs: Go to the AWS CloudWatch service in the console.

3.
Select the Log Group: Locate and select the log group for which you want to adjust the retention period.

4.
Modify the Retention Period: Click on the "Actions" dropdown menu and select "Modify retention settings" from the options.

5.
Set Retention Period: In the dialog box that appears, enter "365" in the provided field to set the retention period to 365 days.

6.
Save Changes: Click on the "Save" button to apply the new retention period.

7.
Verify Implementation: Double-check that the retention period has been successfully updated to 365 days for the selected log group.

By following these steps, you should be able to adjust the log group retention period to comply with HIPAA regulations.

Rule: Set Log Group Retention Period to 365 Days

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps

Necessary Codes (if applicable)

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now