diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0188/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0188/docs.md
new file mode 100644
index 000000000..75cc0fcea
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0188/docs.md
@@ -0,0 +1,13 @@
+
+Cloudtrail log validation should be enabled to prevent tampering of log data
+
+### Impact
+<!-- Add Impact here -->
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+
+
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
new file mode 100644
index 000000000..0a83368ab
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
@@ -0,0 +1,25 @@
+#METADATA
+# title: "CloudTrail Log Validation"
+# description: "Cloudtrail log validation should be enabled to prevent tampering of log data"
+# scope: package
+# schemas:
+# - input: schema.input
+# related_resources:
+# - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+# custom:
+#   avd_id: AVD-AWS-0188
+#   provider: aws
+#   service: cloudtrail
+#   severity: HIGH
+#   short_code: enable-log-validation
+#   recommended_action: "Log validation should be activated on Cloudtrail logs to prevent the tampering of the underlying data in the S3 bucket. It is feasible that a rogue actor compromising an AWS account might want to modify the log data to remove trace of their actions."
+#   input:
+#     selector:
+#     - type: cloud
+package builtin.aws.cloudtrail.aws0188
+
+deny[res] {
+	trail := input.aws.cloudtrail.trails[_]
+	not trail.enablelogfilevalidation.value
+	res := result.new("Trail does not have log validation enabled.", trail.enablelogfilevalidation)
+}
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
new file mode 100644
index 000000000..adcf82325
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
@@ -0,0 +1,11 @@
+package builtin.aws.cloudtrail.aws0188
+
+test_detects_when_disabled {
+	r := deny with input as {"aws": {"cloudtrail": {"trails": [{"enablelogfilevalidation": {"value": false}}]}}}
+	count(r) == 1
+}
+
+test_when_enabled {
+	r := deny with input as {"aws": {"cloudtrail": {"trails": [{"enablelogfilevalidation": {"value": true}}]}}}
+	count(r) == 0
+}