S5. Consolidate logs using platform services

Centralized logging is currently required for medium and high-risk servers per the ITSO Minimum Security Standards Document.³ However, there is currently no straightforward way to log to the on-premises Central Log Service (CLS) from public cloud providers. One goal for the Common Platform Initiative is to develop explicit guidance for centralized logging in the public cloud context and to provide appropriate supporting services to facilitate compliance with the minimum standard.

In the interim, service owners are encouraged to consolidate logging for all application components using native platform services (e.g. AWS Cloudwatch). These services typically provide a basic complement of controls for searching logs, triggering alerts based on log events, and managing log retention. Retention times should be configured so as to adhere to the specified minimum standard.

In the future, when a suitable central collection point for logs is made available to cloud-based applications and services, the native platform service used to consolidate logs can serve as the single source for all application and control plane logs for transmission to the central collection point.