CCC.ObjStor.C02: Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions
Objective:Ensure that uniform bucket-level access is enforced across all
object storage buckets. This prevents the use of ad-hoc or
inconsistent object-level permissions, ensuring centralized,
consistent, and secure access management in accordance with the
principle of least privilege.
Control Family:
Identity and Access Management
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH01 | Access Control is Misconfigured | An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources. |
NIST CSF:
PR.AC-4
Control Mappings
CCM:
DCS-09
ISO_27001:
2013 A.9.4.1
NIST_800_53:
AC-3
AC-6
Test Requirements
CCC.ObjStor.C02.TR01:When a permission set is allowed for an object in a bucket, the
service MUST allow the same permission set to access all objects
in the same bucket.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.ObjStor.C02.TR02:When a permission set is denied for an object in a bucket, the
service MUST deny the same permission set to access all objects
in the same bucket.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red