Ensure that secrets are replicated only to authorized locations as per organizational data residency and compliance requirements.
Crypto / Secrets / Controls / DEV
Enforce Secret Replication Policies
CCC.SecMgmt.CN02 · Data
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. |
| CCC.Core.CP22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. |
| CCC.Core.CP21 | Resource Replication | The service may be configured to replicate child resources across multiple deployments. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. |
| CCC.Core.TH04 | Data is Replicated to Untrusted or External Locations | Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.SecMgmt.CN02.AR01 | Attempt to retrieve a secret from an unauthorized region and verify that access is denied. | tlp-red, tlp-amber |