Mods
AWS

Policy: AWS > CIS v1 > 2 Logging > 2.02 Ensure CloudTrail log file validation is enabled (Scored)

Configures auditing against a CIS Benchmark item.

Level: 2 (Scored)

CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was changed, deleted, or unchanged after CloudTrail delivered the log. It is recommended that file validation be enabled on all CloudTrails.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string
Default
Per AWS > CIS v1
Valid Values [YAML]
  • Per AWS > CIS v1
    
  • Skip
    
  • Check: Level 2 (Scored)
    

Category

In Your Workspace

Developers