Silverfog

aegis-log Production

Assessment readiness

Not ready

Repository evidence contradicts one or more testable SSP claims.

Failed
11
Needs evidence
2
Passed
2
Evaluated
2026-07-16
Evidence source
docs/infrastructure.yaml
Source timestamp
2026-07-16 21:14 UTC
SSP version
2.3 · reviewed 2024-08-12

Control results

Sorted by failed controls, evidence gaps, then passing controls.

15 controls evaluated

Assessment status and supporting detail for each evaluated control
Status Control Control name Checks Details
Failed AU-2 Event Logging Passed: 1 Failed: 2 Needs evidence: 0

SSP statement

The system logs the following event types: authentication attempts (success and failure), privilege escalations, configuration changes, data access events for records marked CUI, and system errors. Logs are retained for one year online and three years archived.

Check results

Findings, evidence, and cited source for checks under AU-2
Result Check Finding and evidence
Passed Logs retained three years archived (>= 1095 days) archive-retention-3yr

logging.retention_archive_days = 1095

  • docs/infrastructure.yaml:66 logging.retention_archive_days
    65  retention_online_days: 180
    66  retention_archive_days: 1095
    67  event_types_logged:
    
Failed Logs retained one year online (>= 365 days) online-retention-1yr

logging.retention_online_days = 180

  • docs/infrastructure.yaml:65 logging.retention_online_days
    64    - s3-archive
    65  retention_online_days: 180
    66  retention_archive_days: 1095
    
Failed Auth success/failure, privilege escalation, config changes, CUI access, and system errors are logged required-event-types

missing event types: privilege_escalation

  • docs/infrastructure.yaml:67 logging.event_types_logged
    66  retention_archive_days: 1095
    67  event_types_logged:
    68    - auth_success
    69    - auth_failure
    70    - config_change
    71    - cui_data_access
    72    - system_error
    73  tamper_protection: object_lock_governance
    
Policy source policy/controls/au2.rego
 1# AU-2 - Event Logging
 2# "The system logs the following event types: authentication attempts
 3# (success and failure), privilege escalations, configuration changes, data
 4# access events for records marked CUI, and system errors. Logs are retained
 5# for one year online and three years archived."
 6
 7package ssp.compliance
 8
 9required_event_types := {
10	"auth_success",
11	"auth_failure",
12	"privilege_escalation",
13	"config_change",
14	"cui_data_access",
15	"system_error",
16}
17
18missing_event_types := required_event_types - logged_event_types
19
20default retention_online_ok := false
21
22retention_online_ok if input.logging.retention_online_days >= 365
23
24default retention_archive_ok := false
25
26retention_archive_ok if input.logging.retention_archive_days >= 1095
27
28checks contains {
29	"control": "AU-2", "id": "required-event-types",
30	"requirement": "Auth success/failure, privilege escalation, config changes, CUI access, and system errors are logged",
31	"status": verdict(count(missing_event_types) == 0),
32	"evidence": sprintf("missing event types: %s", [csv(sort(missing_event_types))]),
33	"paths": ["logging.event_types_logged"],
34}
35
36checks contains {
37	"control": "AU-2", "id": "online-retention-1yr",
38	"requirement": "Logs retained one year online (>= 365 days)",
39	"status": verdict(retention_online_ok),
40	"evidence": sprintf("logging.retention_online_days = %v", [object.get(input, ["logging", "retention_online_days"], "unset")]),
41	"paths": ["logging.retention_online_days"],
42}
43
44checks contains {
45	"control": "AU-2", "id": "archive-retention-3yr",
46	"requirement": "Logs retained three years archived (>= 1095 days)",
47	"status": verdict(retention_archive_ok),
48	"evidence": sprintf("logging.retention_archive_days = %v", [object.get(input, ["logging", "retention_archive_days"], "unset")]),
49	"paths": ["logging.retention_archive_days"],
50}
Failed AU-9 Protection of Audit Information Passed: 1 Failed: 2 Needs evidence: 0
Failed CM-2 Baseline Configuration Passed: 3 Failed: 1 Needs evidence: 0
Failed CM-6 Configuration Settings Passed: 2 Failed: 1 Needs evidence: 1
Failed CP-9 System Backup Passed: 2 Failed: 1 Needs evidence: 1
Failed IA-2 Identification and Authentication Passed: 3 Failed: 1 Needs evidence: 0
Failed IA-5 Authenticator Management Passed: 0 Failed: 1 Needs evidence: 1
Failed SC-13 Cryptographic Protection Passed: 1 Failed: 1 Needs evidence: 0
Failed SC-7 Boundary Protection Passed: 1 Failed: 1 Needs evidence: 0
Failed SC-8 Transmission Confidentiality and Integrity Passed: 1 Failed: 1 Needs evidence: 0
Failed SI-4 System Monitoring Passed: 3 Failed: 1 Needs evidence: 0
Needs evidence AC-2 Account Management Passed: 1 Failed: 0 Needs evidence: 1
Needs evidence AC-3 Access Enforcement Passed: 0 Failed: 0 Needs evidence: 1
Passed AC-17 Remote Access Passed: 2 Failed: 0 Needs evidence: 0
Passed SC-28 Protection of Information at Rest Passed: 3 Failed: 0 Needs evidence: 0