Rule: Log group retention period should be at least 365 days
This rule ensures that the log group retention period is set to a minimum of 365 days.
| Rule | Log group retention period should be at least 365 days |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
Rule Description:
The RBI (Reserve Bank of India) Cyber Security Framework requires organizations to maintain a log group retention period of at least 365 days. This rule ensures that log data is stored for a sufficient duration to facilitate auditing, forensic investigations, and compliance with regulatory requirements. By retaining logs for a year, organizations can effectively monitor their systems, detect security incidents, and analyze historical data to identify patterns and trends.
Troubleshooting Steps (if applicable):
If you encounter any issues related to the log group retention period, consider following these troubleshooting steps:
- 1.Verify current retention period: Check the current log group retention period configuration to ensure it meets the requirement of at least 365 days.
- 2.Update retention period: If the retention period is less than 365 days, modify the log group settings to extend the retention period.
Necessary Codes (if applicable):
If you need to update the log group retention period, you may use the following AWS Command Line Interface (CLI) code:
aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Replace
<log-group-name>Step-by-Step Guide for Remediation:
To ensure compliance with the RBI Cyber Security Framework and meet the log group retention period requirement of at least 365 days, follow these steps:
- 1.Identify the log group: Determine the log group(s) that need to have a retention period of 365 days or longer.
- 2.Verify current retention period: Check the current retention period configuration for the log group(s) using the AWS Management Console or CLI.
- 3.Update retention period: If the current retention period is less than 365 days, proceed with updating it.
- Using AWS Management Console:
- Navigate to the AWS Management Console and open the Amazon CloudWatch service.
- Select "Logs" from the sidebar.
- Locate the desired log group and click on its name to access its details.
- Click on the "Actions" drop-down menu and select "Modify retention".
- Enter "365" in the retention field.
- Click "Apply" or "Save" to update the retention period.
- Using AWS CLI:
- Open the AWS CLI or a terminal with AWS CLI configured.
- Execute the following command, replacing
with the actual name of the log group:<log-group-name>aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365 - Verify if the retention policy has been set successfully through the CLI response.
- 4.Verify the updated retention period: Double-check the retention period for the log group(s) to ensure it has been updated to 365 days.
- 5.Repeat for other log groups: If required, repeat the above steps for other log groups to ensure compliance across the organization.
By following this step-by-step guide, you can ensure that log groups within your organization adhere to the RBI Cyber Security Framework's requirement of a minimum 365-day retention period, providing long-term visibility and compliance.