Logging and monitoring

S3 Bucket Server Access Logging is Disabled

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • CPRA
  • ,
  • CSA CCM
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • essential_8_au
  • ,
  • essential_8_au_level_2
  • ,
  • GDPR
  • ,
  • hdh
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

Ensure that AWS S3 Server Access Logging feature is enabled in order to record access requests useful for security audits. By default, server access logging is not enabled for S3 buckets.