| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.FileStor.CN01 | Restrict NFS Mount to Approved Network Sources | Ensure that NFS mount and data-plane access is limited to explicitly approved virtual network sources within the organizational trust perimeter. | Access | 1 | 0 | 2 |
| CCC.FileStor.CN02 | Enforce Least-Privilege POSIX File Permissions | Ensure that default and mapped POSIX permissions on the shared file system do not grant broader access than required by the workload. | Access | 1 | 0 | 2 |
| CCC.FileStor.CN03 | Restrict Writable Mount Access to Authorized Clients | Ensure that write access to the shared file system is granted only to clients explicitly authorized for modification. | Data | 1 | 0 | 2 |
| CCC.FileStor.CN04 | Enforce Storage Capacity Quotas | Ensure that file system capacity growth is bounded by configured quotas to prevent exhaustion that disrupts dependent workloads. | Resource | 2 | 0 | 2 |
| CCC.FileStor.CN05 | Restrict Snapshot Access for File Systems | Ensure that backup snapshots and replicas of the file system are not more accessible than the primary file system. | Data | 1 | 0 | 1 |
| CCC.FileStor.CN06 | Monitor Performance Tier Saturation | Ensure that throughput or IOPS saturation on the selected performance tier is detected before workloads experience unacceptable latency. | Resource | 2 | 0 | 2 |
Storage / File Storage
Controls
Version: