1{
2 "title": "FINOS Cloud Control Catalog",
3 "metadata": {
4 "id": "FINOS-CCC",
5 "description": "FINOS CCC is an open standard project that describes consistent controls for\ncompliant public cloud deployments in the financial services sector.\n",
6 "author": {
7 "id": "finos",
8 "name": "FINOS",
9 "type": "Human"
10 },
11 "applicability-groups": [
12 {
13 "id": "tlp_clear",
14 "title": "TLP:Clear",
15 "description": "Information may be shared without restriction.\n"
16 },
17 {
18 "id": "tlp_green",
19 "title": "TLP:Green",
20 "description": "Information may be shared with partners and restricted to the\norganization.\n"
21 },
22 {
23 "id": "tlp_amber",
24 "title": "TLP:Amber",
25 "description": "Information may be shared with partners and restricted to the\norganization.\n"
26 },
27 {
28 "id": "tlp_red",
29 "title": "TLP:Red",
30 "description": "Information is restricted to the organization.\n"
31 }
32 ]
33 },
34 "groups": [
35 {
36 "id": "data-protection",
37 "title": "Data Protection",
38 "description": "Data protection controls ensure that data is protected from unauthorized\naccess, disclosure, and tampering. This includes encryption of data at\nrest and in transit, access controls, and data retention policies.\n"
39 }
40 ],
41 "controls": [
42 {
43 "id": "CCC.C01",
44 "title": "Prevent Unencrypted Requests",
45 "objective": "Ensure that all communications are encrypted in transit to protect data\nintegrity and confidentiality.\n",
46 "threats": [
47 {
48 "reference-id": "CCC",
49 "entries": [
50 {
51 "reference-id": "CCC.TH02",
52 "remarks": "Data is Intercepted in Transit"
53 }
54 ]
55 }
56 ],
57 "guidelines": [
58 {
59 "reference-id": "CSF",
60 "entries": [
61 {
62 "reference-id": "PR.DS-02",
63 "remarks": "Data-in-transit is protected"
64 }
65 ]
66 },
67 {
68 "reference-id": "CCM",
69 "entries": [
70 {
71 "reference-id": "IVS-03"
72 },
73 {
74 "reference-id": "IVS-07"
75 }
76 ]
77 },
78 {
79 "reference-id": "ISO-27001",
80 "entries": [
81 {
82 "reference-id": "2013 A.13.1.1",
83 "remarks": "This control is closely related to 2013 A.13.1.1."
84 }
85 ]
86 },
87 {
88 "reference-id": "NIST-800-53",
89 "entries": [
90 {
91 "reference-id": "SC-8"
92 },
93 {
94 "reference-id": "SC-13"
95 }
96 ]
97 }
98 ],
99 "assessment-requirements": [
100 {
101 "id": "CCC.C01.TR01",
102 "text": "When a port is exposed for non-SSH network traffic, all traffic MUST\ninclude a TLS handshake AND be encrypted using TLS 1.2 or higher.\n",
103 "applicability": [
104 "tlp_clear",
105 "tlp_green",
106 "tlp_amber",
107 "tlp_red"
108 ]
109 },
110 {
111 "id": "CCC.C01.TR02",
112 "text": "When a port is exposed for SSH network traffic, all traffic MUST\ninclude a SSH handshake AND be encrypted using SSHv2 or higher.\n",
113 "applicability": [
114 "tlp_clear",
115 "tlp_green",
116 "tlp_amber",
117 "tlp_red"
118 ]
119 }
120 ],
121 "group": "data-protection"
122 },
123 {
124 "id": "CCC.C06",
125 "title": "Prevent Deployment in Restricted Regions",
126 "objective": "Ensure that resources are not provisioned or deployed in\ngeographic regions or cloud availability zones that have been\ndesignated as restricted or prohibited, to comply with\nregulatory requirements and reduce exposure to geopolitical\nrisks.\n",
127 "threats": [
128 {
129 "reference-id": "CCC",
130 "entries": [
131 {
132 "reference-id": "CCC.TH03",
133 "remarks": "Deployment Region Network is Untrusted"
134 }
135 ]
136 }
137 ],
138 "guidelines": [
139 {
140 "reference-id": "CCM",
141 "entries": [
142 {
143 "reference-id": "DSI-06",
144 "remarks": "This control is closely related to DSI-06."
145 },
146 {
147 "reference-id": "DSI-08",
148 "remarks": "This control is closely related to DSI-08."
149 }
150 ]
151 },
152 {
153 "reference-id": "ISO-27001",
154 "entries": [
155 {
156 "reference-id": "2013 A.11.1.1",
157 "remarks": "This control is closely related to 2013 A.11.1.1."
158 }
159 ]
160 },
161 {
162 "reference-id": "NIST-800-53",
163 "entries": [
164 {
165 "reference-id": "AC-6",
166 "remarks": "This control is closely related to AC-6."
167 }
168 ]
169 },
170 {
171 "reference-id": "CSF",
172 "entries": [
173 {
174 "reference-id": "PR.DS-1",
175 "remarks": "Data-at-rest is protected"
176 }
177 ]
178 }
179 ],
180 "assessment-requirements": [
181 {
182 "id": "CCC.C06.TR01",
183 "text": "When a deployment request is made, the service MUST validate\nthat the deployment region is not to a restricted or regions\nor availability zones.\n",
184 "applicability": [
185 "tlp_clear",
186 "tlp_green",
187 "tlp_amber",
188 "tlp_red"
189 ]
190 },
191 {
192 "id": "CCC.C06.TR02",
193 "text": "When a deployment request is made, the service MUST validate that\nreplication of data, backups, and disaster recovery operations\nwill not occur in restricted regions or availability zones.\n",
194 "applicability": [
195 "tlp_clear",
196 "tlp_green",
197 "tlp_amber",
198 "tlp_red"
199 ]
200 }
201 ],
202 "group": "data-protection"
203 },
204 {
205 "id": "CCC.C08",
206 "title": "Enable Multi-zone or Multi-region Data Replication",
207 "objective": "Ensure that data is replicated across multiple\nzones or regions to protect against data loss due to hardware\nfailures, natural disasters, or other catastrophic events.\n",
208 "threats": [
209 {
210 "reference-id": "CCC",
211 "entries": [
212 {
213 "reference-id": "CCC.TH06",
214 "remarks": "Data is Lost or Corrupted"
215 }
216 ]
217 }
218 ],
219 "guidelines": [
220 {
221 "reference-id": "CSF",
222 "entries": [
223 {
224 "reference-id": "PR.DS-5",
225 "remarks": "Protections against data leaks are implemented"
226 }
227 ]
228 },
229 {
230 "reference-id": "CCM",
231 "entries": [
232 {
233 "reference-id": "BCR-08",
234 "remarks": "Backup"
235 }
236 ]
237 },
238 {
239 "reference-id": "NIST-800-53",
240 "entries": [
241 {
242 "reference-id": "CP-2",
243 "remarks": "Contingency plan"
244 },
245 {
246 "reference-id": "CP-10",
247 "remarks": "Information system recovery and reconstitution"
248 }
249 ]
250 }
251 ],
252 "assessment-requirements": [
253 {
254 "id": "CCC.C08.TR01",
255 "text": "When data is stored, the service MUST ensure that data is\nreplicated across multiple availability zones or regions.\n",
256 "applicability": [
257 "tlp_green",
258 "tlp_amber",
259 "tlp_red"
260 ]
261 },
262 {
263 "id": "CCC.C08.TR02",
264 "text": "When data is replicated across multiple zones or regions,\nthe service MUST be able to verify the replication state,\nincluding the replication locations and data synchronization\nstatus.\n",
265 "applicability": [
266 "tlp_green",
267 "tlp_amber",
268 "tlp_red"
269 ]
270 }
271 ],
272 "group": "data-protection"
273 },
274 {
275 "id": "CCC.C09",
276 "title": "Prevent Tampering, Deletion, or Unauthorized Access to Access Logs",
277 "objective": "Access logs should always be considered sensitive.\nEnsure that access logs are protected against unauthorized\naccess, tampering, or deletion.\n",
278 "threats": [
279 {
280 "reference-id": "CCC",
281 "entries": [
282 {
283 "reference-id": "CCC.TH07",
284 "remarks": "Logs are Tampered with or Deleted"
285 },
286 {
287 "reference-id": "CCC.TH09",
288 "remarks": "Logs or Monitoring Data are Read by Unauthorized Users"
289 },
290 {
291 "reference-id": "CCC.TH04",
292 "remarks": "Data is Replicated to Untrusted or External Locations"
293 }
294 ]
295 }
296 ],
297 "guidelines": [
298 {
299 "reference-id": "CCM",
300 "entries": [
301 {
302 "reference-id": "LOG-02",
303 "remarks": "Audit log protection"
304 },
305 {
306 "reference-id": "LOG-04",
307 "remarks": "Audit log access and accountability"
308 },
309 {
310 "reference-id": "LOG-09",
311 "remarks": "Log protection"
312 }
313 ]
314 },
315 {
316 "reference-id": "NIST-800-53",
317 "entries": [
318 {
319 "reference-id": "AU-9",
320 "remarks": "Protection of audit information"
321 }
322 ]
323 }
324 ],
325 "assessment-requirements": [
326 {
327 "id": "CCC.C09.TR01",
328 "text": "When access logs are stored, the service MUST ensure that\naccess logs cannot be accessed without proper authorization.\n",
329 "applicability": [
330 "tlp_amber",
331 "tlp_red",
332 "tlp_green",
333 "tlp_clear"
334 ]
335 },
336 {
337 "id": "CCC.C09.TR02",
338 "text": "When access logs are stored, the service MUST ensure that\naccess logs cannot be modified without proper authorization.\n",
339 "applicability": [
340 "tlp_amber",
341 "tlp_red",
342 "tlp_green",
343 "tlp_clear"
344 ]
345 },
346 {
347 "id": "CCC.C09.TR03",
348 "text": "When access logs are stored, the service MUST ensure that\naccess logs cannot be deleted without proper authorization.\n",
349 "applicability": [
350 "tlp_amber",
351 "tlp_red",
352 "tlp_green",
353 "tlp_clear"
354 ]
355 }
356 ],
357 "group": "data-protection"
358 },
359 {
360 "id": "CCC.C10",
361 "title": "Prevent Data Replication to Destinations Outside of Defined\nTrust Perimeter\n",
362 "objective": "Prevent replication of data to untrusted destinations outside\nof defined trust perimeter. An untrusted destination is defined\nas a resource that exists outside of a specified trusted\nidentity or network or data perimeter.\n",
363 "threats": [
364 {
365 "reference-id": "CCC",
366 "entries": [
367 {
368 "reference-id": "CCC.TH04",
369 "remarks": "Data is Replicated to Untrusted or External Locations"
370 }
371 ]
372 }
373 ],
374 "guidelines": [
375 {
376 "reference-id": "CSF",
377 "entries": [
378 {
379 "reference-id": "PR.DS-5",
380 "remarks": "Protections against data leaks are implemented"
381 }
382 ]
383 },
384 {
385 "reference-id": "CCM",
386 "entries": [
387 {
388 "reference-id": "DSP-10",
389 "remarks": "Sensitive data transfer"
390 },
391 {
392 "reference-id": "DSP-19",
393 "remarks": "Data location"
394 }
395 ]
396 },
397 {
398 "reference-id": "NIST-800-53",
399 "entries": [
400 {
401 "reference-id": "AC-4",
402 "remarks": "Information flow enforcement"
403 }
404 ]
405 }
406 ],
407 "assessment-requirements": [
408 {
409 "id": "CCC.C10.TR01",
410 "text": "When data is replicated, the service MUST ensure that\nreplication is restricted to explicitly trusted destinations.\n",
411 "applicability": [
412 "tlp_green",
413 "tlp_amber",
414 "tlp_red"
415 ]
416 }
417 ],
418 "group": "data-protection"
419 }
420 ]
421}