Rule: Log Group Retention Period Should Be at Least 365 Days
This rule ensures that the log group retention period is set to a minimum of 365 days for compliance.
| Rule | Log group retention period should be at least 365 days |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
The log group retention period for NIST 800-53 Revision 5 compliance should be set to a minimum of 365 days. This rule ensures that log data is retained for an extended period, allowing for comprehensive analysis, correlation, and auditing capabilities. By maintaining logs for an extended duration, organizations can meet the compliance requirements set forth by NIST 800-53 Revision 5.
Troubleshooting Steps:
If the log group retention period does not meet the minimum requirement of 365 days, the following troubleshooting steps can be followed:
- 1.
Verify the current log group retention period: Check the configured retention period for the log groups using the AWS Management Console or AWS CLI.
AWS CLI Command:
aws logs describe-log-groups --log-group-name-prefix [log-group-prefix] - 2.
Update the log group retention period: If the current retention period is less than 365 days, it needs to be updated. Changing the retention period does not affect existing log data.
AWS CLI Command:
aws logs put-retention-policy --log-group-name [log-group-name] --retention-in-days 365 - 3.
Confirm the log group retention period change: Once the retention period is updated, recheck the log group's retention period to ensure it has been set to at least 365 days.
AWS CLI Command:
aws logs describe-log-groups --log-group-name-prefix [log-group-prefix]
Remediation Steps:
To remediate the log group retention period to meet the NIST 800-53 Revision 5 compliance requirements, follow these steps:
- 1.
Identify the Log Group: Determine the specific log group that requires a retention period adjustment.
- 2.
Update the Log Group Retention Period: Change the retention period for the identified log group to a minimum of 365 days. This ensures that logs are stored for the required duration.
AWS CLI Command:
aws logs put-retention-policy --log-group-name [log-group-name] --retention-in-days 365 - 3.
Verify Retention Period Update: Validate whether the retention period has been updated successfully.
AWS CLI Command:
aws logs describe-log-groups --log-group-name-prefix [log-group-prefix] - 4.
Monitor Compliance: Regularly review the log group retention periods to ensure ongoing compliance with the NIST 800-53 Revision 5 requirement of at least 365 days.
Note:
Make sure to replace
[log-group-prefix][log-group-name][log-group-prefix]