Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects.
Storage / Object / Controls / DEV
Objects have an Effective Retention Policy by Default
CCC.ObjStor.CN04 · Data
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. |
| CCC.Core.CP18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. |
| CCC.ObjStor.CP08 | Lifecycle Policies | Supports defining policies to automate data management tasks, especially those related to cost management. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. |
| CCC.ObjStor.TH01 | Data Exfiltration via Insecure Lifecycle Policies | Misconfigured lifecycle policies may unintentionally allow data to be exfiltrated or destroyed prematurely, resulting in a loss of availability and potential exposure of sensitive data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.ObjStor.CN04.AR01 | When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents premature deletion or modification. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.ObjStor.CN04.AR02 | When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action from being completed. | tlp-clear, tlp-green, tlp-amber, tlp-red |