Skip to main content

Devtools / Build / Controls / DEV

Deny External Network Access for Build Environments

CCC.Build.CN03 · Networking

Ensure that build environments do not have external network access to prevent unauthorized external access and data exfiltration.

Related Capabilities

IDTitleDescription
CCC.Core.CP08Data ReplicationThe service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so.
CCC.Core.CP14API AccessThe service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE.
CCC.Core.CP12RecoveryThe service can be reverted to a previous state by providing a compatible backup or snapshot identifier.
CCC.Core.CP21Resource ReplicationThe service may be configured to replicate child resources across multiple deployments.

Related Threats

IDTitleDescription
CCC.Core.TH02Data is Intercepted in TransitData transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data.
CCC.Core.TH05Interference with Replication ProcessesMisconfigured or manipulated replication processes may lead to data being copied to unintended locations, delayed, modified, or not being copied at all. This could lead to compromised data confidentiality and integrity, potentially also affecting recovery processes and data availability.

Assessment Requirements

IDTextApplicability
CCC.Build.CN03.AR01Attempt to access the build environment from an external network and verify that access is denied.tlp-red, tlp-amber

Guideline Mappings

FrameworkIDRemarks
NIST-CSFPR.AC-5
NIST_800_53SC-7
NIST_800_53SC-5