| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.FileStor.TH01 | Unauthorized NFS Mount Access is Permitted | Network access rules or mount configuration may allow clients outside the intended virtual network scope to mount the file system over NFS. Mount requests from unauthorized clients are accepted and read-write access to the shared namespace is granted. This impacts confidentiality and integrity of stored file content and may affect availability through unauthorized modification or deletion. | 2 | 1 | 1 |
| CCC.FileStor.TH02 | POSIX Permissions Grant Unintended Shared Access | Default file and directory permissions, identity mapping, or access control lists on the shared file system may be configured with broader scope than required for the workload. Users or processes on authorized mount clients can read or modify files outside their intended scope. This impacts confidentiality and integrity of file content stored on the shared file system. | 3 | 1 | 1 |
| CCC.FileStor.TH03 | File Content is Modified Through Shared Writable Mount | A writable NFS mount exposed to multiple clients may be used to modify, encrypt, or delete files across the shared namespace without application-level coordination. File content is altered or rendered inaccessible at scale across the mounted file system. This impacts integrity and availability of stored data and dependent workloads. | 2 | 1 | 1 |
| CCC.FileStor.TH04 | File System Capacity is Exhausted | Storage capacity quotas may be absent, set too high, or bypassed as utilization grows across the shared file system. The file system reaches its effective capacity limit and write operations fail or are rejected. This impacts availability of dependent applications and may affect data integrity when writes cannot complete. | 2 | 1 | 1 |
| CCC.FileStor.TH05 | Snapshots or Replicas Expose File System Contents | Backup snapshots, replicas, or cross-region copies of the file system may be configured with access controls broader than the primary mount. Unauthorized users or external systems can read file content from the copy without mounting the live file system. This impacts confidentiality of data retained in snapshots and replicas. | 2 | 1 | 1 |
| CCC.FileStor.TH06 | Under-Provisioned Performance Tier Degrades Availability | The selected throughput or performance tier may be insufficient for concurrent client I/O against the shared file system. Read and write operations are throttled or delayed beyond application tolerance. This impacts availability of workloads that depend on timely file access. | 2 | 1 | 1 |
Storage / File Storage
Threats
Version: