This rule ensures the retention period for log groups is set to a minimum of 365 days.
Rule | Log group retention period should be at least 365 days |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ High |
Rule Description
The log group retention period for Federal Financial Institutions Examination Council (FFIEC) should be set to a minimum of 365 days. This rule ensures that log data generated by the FFIEC complies with the regulatory requirement of retaining logs for at least one year.
Troubleshooting Steps (if any)
If the log group retention period is not set to at least 365 days, the following troubleshooting steps can be performed:
Check the existing retention period: Verify the current retention period set for the log group associated with FFIEC logs. This can be done by navigating to the AWS CloudWatch Logs console and locating the respective log group.
Modify the retention period: If the retention period is less than 365 days, modification is required. Follow the remediation steps mentioned below to update the retention period.
Necessary Code (if any)
Depending on the AWS services and tools used to manage log groups, the necessary code may vary. Below is an example code snippet using AWS Command Line Interface (CLI):
aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Replace
<log-group-name>
with the actual name of the log group associated with FFIEC logs.Remediation Steps
Follow the step-by-step guide below to remediate the log group retention period for FFIEC logs:
Identify the log group: Determine the name of the log group that contains the FFIEC logs. This can be found in the AWS CloudWatch Logs console or by using appropriate AWS CLI command.
Set the retention period: Execute the following command to update the retention period to a minimum of 365 days:
aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Make sure to replace
<log-group-name>
with the actual name of the log group identified in step 1.Verify retention period update: After executing the command, verify the updated retention period by checking the log group settings in the AWS CloudWatch Logs console or by using the appropriate AWS CLI command.
Monitor log retention: Regularly monitor the log group retention period to ensure it remains at least 365 days. This can be achieved by setting up automated monitoring or periodic manual checks.
By following these steps, you can ensure that the log group retention period for FFIEC logs remains compliant with the required duration of 365 days.