Ensure that resource tags on the service or a child resource cannot be altered in ways that bypass organizational policy or cost controls.
Core / Ccc / Controls / v2025.10
Prevent Unauthorized Modification of Resource Tags
CCC.Core.CN18 · Resource Management
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP20 | Resource Tagging | The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH13 | Resource Tags are Manipulated | When resource tags are altered, it can lead to misclassification or mismanagement of resources. This can reduce the efficacy of organizational policies, billing rules, or network access rules. Such changes could cause compromised confidentiality, integrity, or availability of the system and its data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN18.AR01 | When an attempt is made to modify resource tags on the service or a child resource, the service MUST reject changes from unauthorized principals. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN18.AR02 | When mandatory classification tags are defined for the service or a child resource, the service MUST prevent deletion of those tags without privileged authorization. | tlp-amber, tlp-red |