Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only.
Core / Ccc / Controls / DEV
Prevent Access from Untrusted Entities
CCC.Core.CN05 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP29 | Active Ingestion | While running, the service itself can fetch or reach out to some other service or external source to get data, inputs or commands for the service to process or operate on. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN05.AR01 | When an attempt is made to modify data on the service or a child resource, the service MUST block requests from unauthorized entities. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN05.AR02 | When administrative access or configuration change is attempted on the service or a child resource, the service MUST refuse requests from unauthorized entities. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN05.AR03 | When administrative access or configuration change is attempted on the service or a child resource in a multi-tenant environment, the service MUST refuse requests across tenant boundaries unless the origin is explicitly included in a pre-approved allowlist. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN05.AR04 | When data is requested from outside the trust perimeter, the service MUST refuse requests from unauthorized entities. | tlp-amber, tlp-red |
| CCC.Core.CN05.AR05 | When any request is made from outside the trust perimeter, the service MUST NOT provide any response that may indicate the service exists. | tlp-red |
| CCC.Core.CN05.AR06 | When any request is made to the service or a child resource, the service MUST refuse requests from unauthorized entities. | tlp-green, tlp-amber, tlp-red |