1metadata:
2 id: FINOS-CCC
3 type: ControlCatalog
4 gemara-version: "0.20.0"
5 description: |
6 FINOS CCC is an open standard project that describes consistent controls for
7 compliant public cloud deployments in the financial services sector.
8 author:
9 id: finos
10 name: FINOS
11 type: Human
12 applicability-groups:
13 - id: tlp_clear
14 title: TLP:Clear
15 description: |
16 Information may be shared without restriction.
17 - id: tlp_green
18 title: TLP:Green
19 description: |
20 Information may be shared with partners and restricted to the
21 organization.
22 - id: tlp_amber
23 title: TLP:Amber
24 description: |
25 Information may be shared with partners and restricted to the
26 organization.
27 - id: tlp_red
28 title: TLP:Red
29 description: |
30 Information is restricted to the organization.
31title: FINOS Cloud Control Catalog
32groups:
33 - id: data-protection
34 title: Data Protection
35 description: |
36 Data protection controls ensure that data is protected from unauthorized
37 access, disclosure, and tampering. This includes encryption of data at
38 rest and in transit, access controls, and data retention policies.
39controls:
40 - id: CCC.C01
41 title: Prevent Unencrypted Requests
42 objective: |
43 Ensure that all communications are encrypted in transit to protect data
44 integrity and confidentiality.
45 threats:
46 - reference-id: CCC
47 entries:
48 - reference-id: CCC.TH02
49 remarks: Data is Intercepted in Transit
50 guidelines:
51 - reference-id: CSF
52 entries:
53 - reference-id: PR.DS-02
54 remarks: Data-in-transit is protected
55 - reference-id: CCM
56 entries:
57 - reference-id: IVS-03
58 - reference-id: IVS-07
59 - reference-id: ISO-27001
60 entries:
61 - reference-id: 2013 A.13.1.1
62 remarks: This control is closely related to 2013 A.13.1.1.
63 - reference-id: NIST-800-53
64 entries:
65 - reference-id: SC-8
66 - reference-id: SC-13
67 assessment-requirements:
68 - id: CCC.C01.TR01
69 text: |
70 When a port is exposed for non-SSH network traffic, all traffic MUST
71 include a TLS handshake AND be encrypted using TLS 1.2 or higher.
72 applicability:
73 - tlp_clear
74 - tlp_green
75 - tlp_amber
76 - tlp_red
77 - id: CCC.C01.TR02
78 text: |
79 When a port is exposed for SSH network traffic, all traffic MUST
80 include a SSH handshake AND be encrypted using SSHv2 or higher.
81 applicability:
82 - tlp_clear
83 - tlp_green
84 - tlp_amber
85 - tlp_red
86 group: data-protection
87 - id: CCC.C06
88 title: Prevent Deployment in Restricted Regions
89 objective: |
90 Ensure that resources are not provisioned or deployed in
91 geographic regions or cloud availability zones that have been
92 designated as restricted or prohibited, to comply with
93 regulatory requirements and reduce exposure to geopolitical
94 risks.
95 threats:
96 - reference-id: CCC
97 entries:
98 - reference-id: CCC.TH03
99 remarks: Deployment Region Network is Untrusted
100 guidelines:
101 - reference-id: CCM
102 entries:
103 - reference-id: DSI-06
104 remarks: This control is closely related to DSI-06.
105 - reference-id: DSI-08
106 remarks: This control is closely related to DSI-08.
107 - reference-id: ISO-27001
108 entries:
109 - reference-id: 2013 A.11.1.1
110 remarks: This control is closely related to 2013 A.11.1.1.
111 - reference-id: NIST-800-53
112 entries:
113 - reference-id: AC-6
114 remarks: This control is closely related to AC-6.
115 - reference-id: CSF
116 entries:
117 - reference-id: PR.DS-1
118 remarks: Data-at-rest is protected
119 assessment-requirements:
120 - id: CCC.C06.TR01
121 text: |
122 When a deployment request is made, the service MUST validate
123 that the deployment region is not to a restricted or regions
124 or availability zones.
125 applicability:
126 - tlp_clear
127 - tlp_green
128 - tlp_amber
129 - tlp_red
130 - id: CCC.C06.TR02
131 text: |
132 When a deployment request is made, the service MUST validate that
133 replication of data, backups, and disaster recovery operations
134 will not occur in restricted regions or availability zones.
135 applicability:
136 - tlp_clear
137 - tlp_green
138 - tlp_amber
139 - tlp_red
140 group: data-protection
141 - id: CCC.C08
142 title: Enable Multi-zone or Multi-region Data Replication
143 objective: |
144 Ensure that data is replicated across multiple
145 zones or regions to protect against data loss due to hardware
146 failures, natural disasters, or other catastrophic events.
147 threats:
148 - reference-id: CCC
149 entries:
150 - reference-id: CCC.TH06
151 remarks: Data is Lost or Corrupted
152 guidelines:
153 - reference-id: CSF
154 entries:
155 - reference-id: PR.DS-5
156 remarks: Protections against data leaks are implemented
157 - reference-id: CCM
158 entries:
159 - reference-id: BCR-08
160 remarks: Backup
161 - reference-id: NIST-800-53
162 entries:
163 - reference-id: CP-2
164 remarks: Contingency plan
165 - reference-id: CP-10
166 remarks: Information system recovery and reconstitution
167 assessment-requirements:
168 - id: CCC.C08.TR01
169 text: |
170 When data is stored, the service MUST ensure that data is
171 replicated across multiple availability zones or regions.
172 applicability:
173 - tlp_green
174 - tlp_amber
175 - tlp_red
176 - id: CCC.C08.TR02
177 text: |
178 When data is replicated across multiple zones or regions,
179 the service MUST be able to verify the replication state,
180 including the replication locations and data synchronization
181 status.
182 applicability:
183 - tlp_green
184 - tlp_amber
185 - tlp_red
186 group: data-protection
187 - id: CCC.C09
188 title: Prevent Tampering, Deletion, or Unauthorized Access to Access Logs
189 objective: |
190 Access logs should always be considered sensitive.
191 Ensure that access logs are protected against unauthorized
192 access, tampering, or deletion.
193 threats:
194 - reference-id: CCC
195 entries:
196 - reference-id: CCC.TH07
197 remarks: Logs are Tampered with or Deleted
198 - reference-id: CCC.TH09
199 remarks: Logs or Monitoring Data are Read by Unauthorized Users
200 - reference-id: CCC.TH04
201 remarks: Data is Replicated to Untrusted or External Locations
202 guidelines:
203 - reference-id: CCM
204 entries:
205 - reference-id: LOG-02
206 remarks: Audit log protection
207 - reference-id: LOG-04
208 remarks: Audit log access and accountability
209 - reference-id: LOG-09
210 remarks: Log protection
211 - reference-id: NIST-800-53
212 entries:
213 - reference-id: AU-9
214 remarks: Protection of audit information
215 assessment-requirements:
216 - id: CCC.C09.TR01
217 text: |
218 When access logs are stored, the service MUST ensure that
219 access logs cannot be accessed without proper authorization.
220 applicability:
221 - tlp_amber
222 - tlp_red
223 - tlp_green
224 - tlp_clear
225 - id: CCC.C09.TR02
226 text: |
227 When access logs are stored, the service MUST ensure that
228 access logs cannot be modified without proper authorization.
229 applicability:
230 - tlp_amber
231 - tlp_red
232 - tlp_green
233 - tlp_clear
234 - id: CCC.C09.TR03
235 text: |
236 When access logs are stored, the service MUST ensure that
237 access logs cannot be deleted without proper authorization.
238 applicability:
239 - tlp_amber
240 - tlp_red
241 - tlp_green
242 - tlp_clear
243 group: data-protection
244 - id: CCC.C10
245 title: |
246 Prevent Data Replication to Destinations Outside of Defined
247 Trust Perimeter
248 objective: |
249 Prevent replication of data to untrusted destinations outside
250 of defined trust perimeter. An untrusted destination is defined
251 as a resource that exists outside of a specified trusted
252 identity or network or data perimeter.
253 threats:
254 - reference-id: CCC
255 entries:
256 - reference-id: CCC.TH04
257 remarks: Data is Replicated to Untrusted or External Locations
258 guidelines:
259 - reference-id: CSF
260 entries:
261 - reference-id: PR.DS-5
262 remarks: Protections against data leaks are implemented
263 - reference-id: CCM
264 entries:
265 - reference-id: DSP-10
266 remarks: Sensitive data transfer
267 - reference-id: DSP-19
268 remarks: Data location
269 - reference-id: NIST-800-53
270 entries:
271 - reference-id: AC-4
272 remarks: Information flow enforcement
273 assessment-requirements:
274 - id: CCC.C10.TR01
275 text: |
276 When data is replicated, the service MUST ensure that
277 replication is restricted to explicitly trusted destinations.
278 applicability:
279 - tlp_green
280 - tlp_amber
281 - tlp_red
282 group: data-protection
283