Prevent public IP access to MLDE instances to reduce exposure to the internet and enhance security.
AI/ML / Mlde / Controls / DEV
Restrict Public IP Access on MLDE Instances
CCC.MLDE.CN07 · Networking
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.VPC.CP04 | Public Subnet Creation | Ability to create a subnet that allows resources within the subnet to communicate with the public internet. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MLDE.TH02 | CCC.MLDE.TH02 | |
| CCC.VPC.TH02 | Exposure of Resources to Public Internet | Assignment of external IP addresses to resources exposes resources to the public internet, increasing the risk of attacks such as brute force, exploitation of vulnerabilities, or unauthorized access. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MLDE.CN07.AR01 | Verify that MLDE instances containing sensitive data cannot be accessed via public IP addresses. | tlp-red |
| CCC.MLDE.CN07.AR02 | For MLDE instances without sensitive data requiring public access, ensure that appropriate security controls are in place and access is approved. | tlp-red, tlp-amber, tlp-green, tlp-clear |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| NIST-CSF | PR.AC-3 | |
| CCM | SEF-05 | |
| ISO_27001 | 2013 A.13.1.1 | |
| NIST_800_53 | SC-7 |