1metadata:
2 id: FINOS-CCC
3 type: ControlCatalog
4 gemara-version: "0.20.0"
5 version: "2024.1"
6 description: |
7 FINOS CCC is an open standard project that describes consistent controls for
8 compliant public cloud deployments in the financial services sector.
9 author:
10 id: finos
11 name: FINOS
12 type: Human
13 mapping-references:
14 - id: CCC
15 title: FINOS Common Cloud Controls Threats
16 version: "2024.1"
17 - id: CSF
18 title: NIST Cybersecurity Framework
19 version: "2.0"
20 - id: CCM
21 title: Cloud Security Alliance Cloud Controls Matrix
22 version: "4.0"
23 - id: ISO-27001
24 title: ISO/IEC 27001
25 version: "2013"
26 - id: NIST-800-53
27 title: NIST Special Publication 800-53
28 version: "Rev. 5"
29 applicability-groups:
30 - id: tlp_clear
31 title: TLP:Clear
32 description: |
33 Information may be shared without restriction.
34 - id: tlp_green
35 title: TLP:Green
36 description: |
37 Information may be shared with partners and restricted to the
38 organization.
39 - id: tlp_amber
40 title: TLP:Amber
41 description: |
42 Information may be shared with partners and restricted to the
43 organization.
44 - id: tlp_red
45 title: TLP:Red
46 description: |
47 Information is restricted to the organization.
48title: FINOS Cloud Control Catalog
49groups:
50 - id: data-protection
51 title: Data Protection
52 description: |
53 Data protection controls ensure that data is protected from unauthorized
54 access, disclosure, and tampering. This includes encryption of data at
55 rest and in transit, access controls, and data retention policies.
56controls:
57 - id: CCC.C01
58 group: data-protection
59 title: Prevent Unencrypted Requests
60 objective: |
61 Ensure that all communications are encrypted in transit to protect data
62 integrity and confidentiality.
63 threats:
64 - reference-id: CCC
65 entries:
66 - reference-id: CCC.TH02
67 remarks: Data is Intercepted in Transit
68 guidelines:
69 - reference-id: CSF
70 entries:
71 - reference-id: PR.DS-02
72 remarks: Data-in-transit is protected
73 - reference-id: CCM
74 entries:
75 - reference-id: IVS-03
76 - reference-id: IVS-07
77 - reference-id: ISO-27001
78 entries:
79 - reference-id: 2013 A.13.1.1
80 remarks: This control is closely related to 2013 A.13.1.1.
81 - reference-id: NIST-800-53
82 entries:
83 - reference-id: SC-8
84 - reference-id: SC-13
85 assessment-requirements:
86 - id: CCC.C01.TR01
87 text: |
88 When a port is exposed for non-SSH network traffic, all traffic MUST
89 include a TLS handshake AND be encrypted using TLS 1.2 or higher.
90 applicability:
91 - tlp_clear
92 - tlp_green
93 - tlp_amber
94 - tlp_red
95 - id: CCC.C01.TR02
96 text: |
97 When a port is exposed for SSH network traffic, all traffic MUST
98 include a SSH handshake AND be encrypted using SSHv2 or higher.
99 applicability:
100 - tlp_clear
101 - tlp_green
102 - tlp_amber
103 - tlp_red
104
105 - id: CCC.C06
106 group: data-protection
107 title: Prevent Deployment in Restricted Regions
108 objective: |
109 Ensure that resources are not provisioned or deployed in
110 geographic regions or cloud availability zones that have been
111 designated as restricted or prohibited, to comply with
112 regulatory requirements and reduce exposure to geopolitical
113 risks.
114 threats:
115 - reference-id: CCC
116 entries:
117 - reference-id: CCC.TH03
118 remarks: Deployment Region Network is Untrusted
119 guidelines:
120 - reference-id: CCM
121 entries:
122 - reference-id: DSI-06
123 remarks: This control is closely related to DSI-06.
124 - reference-id: DSI-08
125 remarks: This control is closely related to DSI-08.
126 - reference-id: ISO-27001
127 entries:
128 - reference-id: 2013 A.11.1.1
129 remarks: This control is closely related to 2013 A.11.1.1.
130 - reference-id: NIST-800-53
131 entries:
132 - reference-id: AC-6
133 remarks: This control is closely related to AC-6.
134 - reference-id: CSF
135 entries:
136 - reference-id: PR.DS-1
137 remarks: Data-at-rest is protected
138 assessment-requirements:
139 - id: CCC.C06.TR01
140 text: |
141 When a deployment request is made, the service MUST validate
142 that the deployment region is not to a restricted or regions
143 or availability zones.
144 applicability:
145 - tlp_clear
146 - tlp_green
147 - tlp_amber
148 - tlp_red
149 - id: CCC.C06.TR02
150 text: |
151 When a deployment request is made, the service MUST validate that
152 replication of data, backups, and disaster recovery operations
153 will not occur in restricted regions or availability zones.
154 applicability:
155 - tlp_clear
156 - tlp_green
157 - tlp_amber
158 - tlp_red
159
160 - id: CCC.C08
161 group: data-protection
162 title: Enable Multi-zone or Multi-region Data Replication
163 objective: |
164 Ensure that data is replicated across multiple
165 zones or regions to protect against data loss due to hardware
166 failures, natural disasters, or other catastrophic events.
167 threats:
168 - reference-id: CCC
169 entries:
170 - reference-id: CCC.TH06
171 remarks: Data is Lost or Corrupted
172 guidelines:
173 - reference-id: CSF
174 entries:
175 - reference-id: PR.DS-5
176 remarks: Protections against data leaks are implemented
177 - reference-id: CCM
178 entries:
179 - reference-id: BCR-08
180 remarks: Backup
181 - reference-id: NIST-800-53
182 entries:
183 - reference-id: CP-2
184 remarks: Contingency plan
185 - reference-id: CP-10
186 remarks: Information system recovery and reconstitution
187 assessment-requirements:
188 - id: CCC.C08.TR01
189 text: |
190 When data is stored, the service MUST ensure that data is
191 replicated across multiple availability zones or regions.
192 applicability:
193 - tlp_green
194 - tlp_amber
195 - tlp_red
196 - id: CCC.C08.TR02
197 text: |
198 When data is replicated across multiple zones or regions,
199 the service MUST be able to verify the replication state,
200 including the replication locations and data synchronization
201 status.
202 applicability:
203 - tlp_green
204 - tlp_amber
205 - tlp_red
206
207 - id: CCC.C09
208 group: data-protection
209 title: Prevent Tampering, Deletion, or Unauthorized Access to Access Logs
210 objective: |
211 Access logs should always be considered sensitive.
212 Ensure that access logs are protected against unauthorized
213 access, tampering, or deletion.
214 threats:
215 - reference-id: CCC
216 entries:
217 - reference-id: CCC.TH07
218 remarks: Logs are Tampered with or Deleted
219 - reference-id: CCC.TH09
220 remarks: Logs or Monitoring Data are Read by Unauthorized Users
221 - reference-id: CCC.TH04
222 remarks: Data is Replicated to Untrusted or External Locations
223 guidelines:
224 - reference-id: CCM
225 entries:
226 - reference-id: LOG-02
227 remarks: Audit log protection
228 - reference-id: LOG-04
229 remarks: Audit log access and accountability
230 - reference-id: LOG-09
231 remarks: Log protection
232 - reference-id: NIST-800-53
233 entries:
234 - reference-id: AU-9
235 remarks: Protection of audit information
236 assessment-requirements:
237 - id: CCC.C09.TR01
238 text: |
239 When access logs are stored, the service MUST ensure that
240 access logs cannot be accessed without proper authorization.
241 applicability:
242 - tlp_amber
243 - tlp_red
244 - tlp_green
245 - tlp_clear
246 - id: CCC.C09.TR02
247 text: |
248 When access logs are stored, the service MUST ensure that
249 access logs cannot be modified without proper authorization.
250 applicability:
251 - tlp_amber
252 - tlp_red
253 - tlp_green
254 - tlp_clear
255 - id: CCC.C09.TR03
256 text: |
257 When access logs are stored, the service MUST ensure that
258 access logs cannot be deleted without proper authorization.
259 applicability:
260 - tlp_amber
261 - tlp_red
262 - tlp_green
263 - tlp_clear
264
265 - id: CCC.C10
266 group: data-protection
267 title: |
268 Prevent Data Replication to Destinations Outside of Defined
269 Trust Perimeter
270 objective: |
271 Prevent replication of data to untrusted destinations outside
272 of defined trust perimeter. An untrusted destination is defined
273 as a resource that exists outside of a specified trusted
274 identity or network or data perimeter.
275 threats:
276 - reference-id: CCC
277 entries:
278 - reference-id: CCC.TH04
279 remarks: Data is Replicated to Untrusted or External Locations
280 guidelines:
281 - reference-id: CSF
282 entries:
283 - reference-id: PR.DS-5
284 remarks: Protections against data leaks are implemented
285 - reference-id: CCM
286 entries:
287 - reference-id: DSP-10
288 remarks: Sensitive data transfer
289 - reference-id: DSP-19
290 remarks: Data location
291 - reference-id: NIST-800-53
292 entries:
293 - reference-id: AC-4
294 remarks: Information flow enforcement
295 assessment-requirements:
296 - id: CCC.C10.TR01
297 text: |
298 When data is replicated, the service MUST ensure that
299 replication is restricted to explicitly trusted destinations.
300 applicability:
301 - tlp_green
302 - tlp_amber
303 - tlp_red