CCC.ObjStor.C01: Prevent Requests to Buckets or Objects with Untrusted KMS Keys
Objective:Prevent any requests to object storage buckets or objects using
untrusted KMS keys to protect against unauthorized data encryption
that can impact data availability and integrity.
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH01 | Access Control is Misconfigured | An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources. |
| CCC.TH06 | Data is Lost or Corrupted | Data loss or corruption can occur due to accidental deletion, misconfiguration, or malicious activity. This can result in the loss of critical data, service disruption, or unauthorized access to sensitive information. |
NIST CSF:
PR.DS-1
Control Mappings
CCM:
DCS-04
DCS-06
ISO_27001:
2013 A.10.1.1
NIST_800_53:
SC-28
Test Requirements
CCC.ObjStor.C01.TR01:When a request is made to read a protected bucket, the service
MUST prevent any request using KMS keys not listed as trusted by
the organization.
TLP:
tlp_amber
tlp_red
CCC.ObjStor.C01.TR02:When a request is made to read a protected object, the service
MUST prevent any request using KMS keys not listed as trusted by
the organization.
TLP:
tlp_amber
tlp_red
CCC.ObjStor.C01.TR03:When a request is made to write to a bucket, the service MUST
prevent any request using KMS keys not listed as trusted by the
organization.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.ObjStor.C01.TR04:When a request is made to write to an object, the service MUST
prevent any request using KMS keys not listed as trusted by the
organization.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red