A writable NFS mount exposed to multiple clients may be used to modify, encrypt, or delete files across the shared namespace without application-level coordination. File content is altered or rendered inaccessible at scale across the mounted file system. This impacts integrity and availability of stored data and dependent workloads.
Storage / File Storage / Threats / DEV
File Content is Modified Through Shared Writable Mount
CCC.FileStor.TH03
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.FileStor.CP01 | Managed File Systems | The service always provisions managed file system resources that expose a hierarchical namespace of files and directories for shared read-write access by networked clients. |
| CCC.FileStor.CP02 | NFS Protocol Mount Access | The service always supports mounting the file system from compute instances using the Network File System (NFS) protocol over the provider network. |
| CCC.FileStor.CP04 | POSIX File Semantics | The service always exposes standard POSIX file and directory operations, including permissions and ownership metadata, with concurrent multi-client access to the same file system. |
| CCC.Core.CP01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. |
| CCC.Core.CP02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.FileStor.CN03 | Restrict Writable Mount Access to Authorized Clients | Ensure that write access to the shared file system is granted only to clients explicitly authorized for modification. |