common-cloud-controls/services/database/relational/controls.yaml at 1d3ea486549aac088cb708a93c8d01ee24f4c8a2 · mlysaght2017/common-cloud-controls · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
common_controls:
  - CCC.C01 # Prevent unencrypted requests
  - CCC.C02 # Ensure data encryption at rest for all stored data
  - CCC.C03 # Implement multi-factor authentication (MFA) for access
  - CCC.C04 # Log all access and changes
  - CCC.C05 # Prevent access from untrusted entities
  - CCC.C06 # Prevent deployment in restricted regions
  - CCC.C07 # Alert on non-human enumeration
  - CCC.C08 # Enable Multi-zone or Multi-region Data Replication
  - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs
  - CCC.C10 # Prevent data replication to destinations outside of perimeter
  - CCC.C12 # Ensure Secure Network Access Rules

controls:
  - id: CCC.RDMS.C01
    title: Password Management
    objective: |
      Ensure default vendor-supplied DB administrator credentials are replaced
      with strong, unique passwords and that these credentials are properly
      managed using a secure password or secrets management solution.
    control_family: Identity and Access Management
    threats:
      - CCC.RDMS.TH01 # Unauthorized Access to Database
    nist_csf: PR.AA-01
    control_mappings:
      NIST_800_53:
        - AC-2
    test_requirements:
      - id: CCC.RDMS.C01.TR02
        text: |
          When an attempt is made to authenticate to the database using known
          default credentials, the authentication attempt must fail and no
          access should be granted.
        tlp_levels:
          - tlp_red
          - tlp_amber

  - id: CCC.RDMS.C02
    title: Account Lockout and Rate-Limiting
    objective: |
      Ensure the database enforces lockouts or rate-limiting after a specified
      number of failed authentication attempts. This prevents brute force
      or password-guessing attacks from succeeding.
    control_family: Identity and Access Management
    threats:
      - CCC.RDMS.TH02 # Brute Force Attempts on Database Authentication
    nist_csf: PR.AC-1
    control_mappings:
      NIST_800_53:
        - AC-7 # Unsuccessful Logon Attempts
    test_requirements:
      - id: CCC.RDMS.C02.TR01
        text: |
          When repeated failed login attempts are made in a short timeframe,
          the account must be locked out or rate-limited to prevent
          further login attempts.
        tlp_levels:
          - tlp_red
          - tlp_amber

  - id: CCC.RDMS.C03
    title: Enforce and Monitor Automated Backups
    objective: |
      Ensure database backups are automatically scheduled, actively monitored,
      and promptly reported if any disruptions occur. This helps maintain
      data integrity, facilitates disaster recovery, and supports business
      continuity when a system failure or breach occurs.
    control_family: Data
    threats:
      - CCC.RDMS.TH03 # Database Backups Stopped
    nist_csf: PR.IP-4
    control_mappings:
      NIST_800_53:
        - CP-9 # System Backup
    test_requirements:
      - id: CCC.RDMS.C03.TR01
        text: |
          When backups are disabled, paused, or fail to run as scheduled,
          an alert must be triggered and logged.
        tlp_levels:
          - tlp_red
          - tlp_amber

  - id: CCC.RDMS.C04
    title: Access Control for Backup and Restore Operations
    objective: |
      Restrict who can initiate, manage, and validate database backup or
      restore operations through strict role-based or least-privilege
      access. Prevents accidental or malicious restorations, protecting
      data integrity and availability.
    control_family: Identity and Access Management
    threats:
      - CCC.RDMS.TH04 # Unintentional Database Backup Restoration
    nist_csf: PR.AC-4
    control_mappings:
      NIST_800_53:
        - AC-6
    test_requirements:
      - id: CCC.RDMS.C04.TR01
        text: |
          When there is an attempt to perform a backup or restore,
          then the attempt must fail with an access denied message if
          credentials or roles that are not explicitly authorized for
          backup/restore functions.
        tlp_levels:
          - tlp_red
          - tlp_amber

  - id: CCC.RDMS.C05
    title: Restrict Snapshot Sharing to Authorized Accounts
    objective: |
      Ensure database snapshots can only be shared with explicitly authorized
      accounts, thereby minimizing the risk of data exposure or exfiltration.
    control_family: Identity and Access Management
    threats:
      - CCC.RDMS.TH05 # Unauthorized Snapshot Sharing
    nist_csf: PR.DS-10
    control_mappings:
      NIST_800_53:
        - AC-4
    test_requirements:
      - id: CCC.RDMS.C05.TR01
        text: |
          When an attempt is made to share a snapshot with an unauthorized
          account, the sharing request must be denied.
        tlp_levels:
          - tlp_red
          - tlp_amber