Ensure vector indexes are versioned and that rollback operations are authorized and auditable.
Database / Vector / Controls / DEV
Enforce Index Versioning with Rollback Protection
CCC.Vector.CN05 · Resource
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Vector.CP07 | Index Lifecycle Management | Enables automated or manual creation, optimization, and removal of vector indexes. |
| CCC.Vector.CP11 | Query Access Control | Provides the ability to restrict who can run vector similarity or metadata filter queries, separate from data modification rights. |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. |
| CCC.Core.CP21 | Resource Replication | The service may be configured to replicate child resources across multiple deployments. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Vector.TH04 | Index Corruption or Downgrade | Attackers with unauthorized access or excessive permissions may tamper with or roll back index versions, potentially restoring poisoned data or breaking downstream integrations. |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. |
| CCC.Core.TH04 | Data is Replicated to Untrusted or External Locations | Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Vector.CN05.AR01 | When a rollback is attempted, the system MUST log the action and verify rollback authorization. | tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| AIR-DET-004 | AIR-PREV-008 | AI System Observability |