Skip to content

add(threat) Add in common threat and control on network access rules #685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
damienjburks merged 3 commits into from
Mar 5, 2025
Merged

add(threat) Add in common threat and control on network access rules #685

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1d3ea48
Add in common threat and control on network access rules
mlysaght2017 Mar 5, 2025
ecf6037
Update services/common-controls.yaml
mlysaght2017 Mar 5, 2025
c1c3a53
Update services/common-threats.yaml
mlysaght2017 Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions services/common-controls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,3 +503,28 @@ controls:
tlp_levels:
- tlp_amber
- tlp_red

- id: CCC.C12
title: Ensure Secure Network Access Rules
objective: |
Ensure network access to the service is restricted to explicitly
authorized IP addresses, ports, and protocols by properly
configuring security group and/or firewall rules. Configuration
must follow the principle of least privilege to minimize the
attack surface and prevent unauthorized inbound connections.
Overly permissive rules such as, 0.0.0.0/0 must be disallowed or
strictly controlled.
threats:
- CCC.TH17 # Unauthorized Network Access via Misconfigured Rules
nist_csf:
- PR.AC-3 # Access permissions, entitlements are managed
control_mappings:
NIST_800_53: AC-4 # Information Flow Enforcement
test_requirements:
- id: CCC.C12.TR01
text: |
When an unauthorized source (IP or network) attempts to connect
to the service the request must be denied.
tlp_levels:
- tlp_red
- tlp_amber
13 changes: 13 additions & 0 deletions services/common-threats.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,3 +257,16 @@ threats:
- CCC.F09 # Monitoring
mitre_technique:
- T1562 # Impair Defenses

- id: CCC.TH17
title: Unauthorized Network Access via Misconfigured Rules
description: |
Improperly configured or overly permissive network access rules
such as security groups can allow unauthorized inbound connections,
to the service, which could result in unauthorized access to sensitive
resources or data and disruption to service availability.
features:
- CCC.F23 # Network Access Rules
mitre_technique:
- T1046 # Network Service Scanning
- T1133 # External Remote Services
1 change: 1 addition & 0 deletions services/database/relational/controls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ common_controls:
- CCC.C08 # Enable Multi-zone or Multi-region Data Replication
- CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs
- CCC.C10 # Prevent data replication to destinations outside of perimeter
- CCC.C12 # Ensure Secure Network Access Rules

controls:
- id: CCC.RDMS.C01
Expand Down
1 change: 1 addition & 0 deletions services/database/relational/threats.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ common_threats:
- CCC.TH13 # Resource tags are manipulated
- CCC.TH15 # Automated enumeration and reconnaissance by non-human entities
- CCC.TH16 # Logging and Monitoring are Disabled
- CCC.TH17 # Unauthorized Network Access via Misconfigured Rules

threats:
- id: CCC.RDMS.TH01
Expand Down