| Vendor | FINOS |
| Product | CCC-Complete (Policy) |
| Version | 0.1 |
CCC-Complete (Policy) 0.1
Test results for this specific product, vendor, and version combination
Download Raw Results
Download the original OCSF, Gemara, or HTML result files used to generate this page
Test Summary
Aggregate summary of all tests for this configuration result
| Resources In Configuration | 2 |
| Count of Tests | 12 |
| Passing Tests | 8 |
| Failing Tests | 4 |
| Catalogs Tested | CCC.VPC |
Control Catalog Summary
Summary of test results grouped by control catalog and resource
| Control Catalog | Resources | Total Tests | Passing | Failing | Tested Requirements | Missing Requirements | Unused Core Requirements |
|---|---|---|---|---|---|---|---|
| CCC.VPC | vpc-0d5625cb163976d8...vpc-0f3af4b6986f1e0a... | 12 | 8 | 4 | None |
Test Mapping Summary
Summary of test mappings showing how event codes map to test requirements
| Control Catalog | Test Requirement | Mapped Tests (Event Code | Total | Passing | Failing) |
|---|---|---|
| CCC.VPC | CCC.VPC.CN01.AR01 When a subscription is created, the subscription MUST NOT contain default network resources. | Main check: no default VPC exists440 |
| CCC.VPC | CCC.VPC.CN02.AR01 When a resource is created in a public subnet, that resource MUST NOT be assigned an external IP address by default. | Main check (config): public subnets do not auto-assign external IPs422 |
| CCC.VPC | CCC.VPC.CN04.AR01 When any network traffic goes to or from an interface in the VPC, the service MUST capture and log all relevant information. | Main check (config): flow logs are active and capture all traffic422 |
Resource Summary
Summary of all resources mentioned in OCSF results
| Resource Name | Resource Type | Control Catalogs | Total Tests | Passing | Failing |
|---|---|---|---|---|---|
vpc-0d5625cb163976d86 | vpc | CCC.VPC | 6 | 6 | 0 |
vpc-0f3af4b6986f1e0ab | vpc | CCC.VPC | 6 | 2 | 4 |
Test Results
OCSF test results filtered for entries with CCC compliance mappings
| Status | Finding | Resource Name | Resource Type | Message | Test Requirements |
|---|---|---|---|---|---|
| PASS | Main check: no default VPC exists ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I call "{vpcService}" with "CountDefaultVpcs"
✓ "{result}" is "0" | vpc-0f3af4b6986f1e0ab | vpc | Main check: no default VPC exists | |
| FAIL | Main check (config): public subnets do not auto-assign external IPs ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluatePublicSubnetDefaultIPControl" using argument "{TargetVpcId}"
✗ "{result.ViolatingSubnetCount}" is "0" - Error: expected {result.ViolatingSubnetCount} to equal '0', got '2'
⊘ "{result.Reason}" contains "disable default public IP" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Main check (config): public subnets do not auto-assign external IPs | |
| FAIL | Main check (config): flow logs are active and capture all traffic ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluateVpcFlowLogsControl" using argument "{TargetVpcId}"
✗ "{result.FlowLogCount}" should be greater than "0" - Error: expected {result.FlowLogCount} (0) to be greater than 0
⊘ "{result.NonCompliantCount}" is "0" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Main check (config): flow logs are active and capture all traffic | |
| PASS | Main check: no default VPC exists ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I call "{vpcService}" with "CountDefaultVpcs"
✓ "{result}" is "0" | vpc-0d5625cb163976d86 | vpc | Main check: no default VPC exists | |
| PASS | Main check (config): public subnets do not auto-assign external IPs ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluatePublicSubnetDefaultIPControl" using argument "{TargetVpcId}"
✓ "{result.ViolatingSubnetCount}" is "0"
✓ "{result.Reason}" contains "disable default public IP" | vpc-0d5625cb163976d86 | vpc | Main check (config): public subnets do not auto-assign external IPs | |
| PASS | Main check (config): flow logs are active and capture all traffic ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluateVpcFlowLogsControl" using argument "{TargetVpcId}"
✓ "{result.FlowLogCount}" should be greater than "0"
✓ "{result.NonCompliantCount}" is "0" | vpc-0d5625cb163976d86 | vpc | Main check (config): flow logs are active and capture all traffic | |
| PASS | Main check: no default VPC exists ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I call "{vpcService}" with "CountDefaultVpcs"
✓ "{result}" is "0" | vpc-0f3af4b6986f1e0ab | vpc | Main check: no default VPC exists | |
| FAIL | Main check (config): public subnets do not auto-assign external IPs ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluatePublicSubnetDefaultIPControl" using argument "{TargetVpcId}"
✗ "{result.ViolatingSubnetCount}" is "0" - Error: expected {result.ViolatingSubnetCount} to equal '0', got '2'
⊘ "{result.Reason}" contains "disable default public IP" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Main check (config): public subnets do not auto-assign external IPs | |
| FAIL | Main check (config): flow logs are active and capture all traffic ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluateVpcFlowLogsControl" using argument "{TargetVpcId}"
✗ "{result.FlowLogCount}" should be greater than "0" - Error: expected {result.FlowLogCount} (0) to be greater than 0
⊘ "{result.NonCompliantCount}" is "0" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Main check (config): flow logs are active and capture all traffic | |
| PASS | Main check: no default VPC exists ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I call "{vpcService}" with "CountDefaultVpcs"
✓ "{result}" is "0" | vpc-0d5625cb163976d86 | vpc | Main check: no default VPC exists | |
| PASS | Main check (config): public subnets do not auto-assign external IPs ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluatePublicSubnetDefaultIPControl" using argument "{TargetVpcId}"
✓ "{result.ViolatingSubnetCount}" is "0"
✓ "{result.Reason}" contains "disable default public IP" | vpc-0d5625cb163976d86 | vpc | Main check (config): public subnets do not auto-assign external IPs | |
| PASS | Main check (config): flow logs are active and capture all traffic ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "TargetVpcId"
✓ I call "{vpcService}" with "EvaluateVpcFlowLogsControl" using argument "{TargetVpcId}"
✓ "{result.FlowLogCount}" should be greater than "0"
✓ "{result.NonCompliantCount}" is "0" | vpc-0d5625cb163976d86 | vpc | Main check (config): flow logs are active and capture all traffic |