Rule: Log Group Retention Period Should Be at Least 365 Days
This rule specifies the requirement for a minimum log group retention period of 365 days.
| Rule | Log group retention period should be at least 365 days |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Log Group Retention Policy for NIST 800-53 Revision 5
Rule Description
The log group retention policy is a requirement for compliance with the National Institute of Standards and Technology (NIST) 800-53 Revision 5 security standard. This policy requires that log groups retain their logs for a minimum of 365 days. The retention period ensures that security logs are available for monitoring, analysis, and investigating security incidents over an extended duration.
Troubleshooting
If the log group retention period is not set to the required 365 days, it can lead to non-compliance with the NIST 800-53 Revision 5 security standard. It may also limit the ability to conduct thorough investigations into security incidents that occurred beyond the retention period.
Policy Implementation
AWS CloudWatch Logs
To implement the log group retention policy, follow these steps:
- 1.
Open the AWS Management Console, and navigate to the Amazon CloudWatch service.
- 2.
Click on "Log Groups" in the left navigation pane.
- 3.
Select the log group for which you want to set the retention period.
- 4.
Click on the "Actions" dropdown menu and choose "Edit retention".
- 5.
In the "Set Retention" dialog box, enter "365" as the retention period. This will retain the logs for 365 days.
- 6.
Click "Save" to apply the retention period to the log group.
AWS CLI Command
Alternatively, you can use the AWS Command Line Interface (CLI) to set the retention period for a log group. Use the following command:
aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Ensure that you replace
<log-group-name>Remediation Steps
To ensure compliance with the NIST 800-53 Revision 5 security standard, follow these steps to set the log group retention period to 365 days:
- 1.
Identify the log groups that do not have the required retention period.
- 2.
Choose one of the two options mentioned above to set the retention period – either via the AWS Management Console or by using the AWS CLI command.
- 3.
Set the retention period to 365 days for each log group.
- 4.
Verify that the retention period has been successfully updated by checking the log group settings.
- 5.
Monitor the log groups periodically to ensure compliance with the log retention period.
By following these steps, you can establish and maintain the required log group retention policy to meet the NIST 800-53 Revision 5 security standard.