Ensure that operational metrics for the service or a child resource cannot be read or modified by unauthorized principals.
Core / Ccc / Controls / v2025.10
Protect Runtime Metrics from Unauthorized Access
CCC.Core.CN16 · Observability
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP15 | Cost Management | The service monitors data published by child or networked resources to infer usage patterns and generate cost reports for the service. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH08 | Runtime Metrics are Manipulated | Manipulation of runtime metrics can lead to inaccurate representations of system performance and resource utilization. This compromised data integrity may also impact system availability through misinformed scaling decisions, budget exhaustion, financial losses, and hindered incident detection. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN16.AR01 | When runtime metrics are published for the service or a child resource, the service MUST restrict read access to authorized principals. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN16.AR02 | When an unauthorized principal attempts to modify metric publication configuration for the service or a child resource, the service MUST reject the change. | tlp-amber, tlp-red |