CCC.ObjStor.C04: Objects have an Effective Retention Policy by Default
Objective:Ensure that all objects stored in the object storage system have a
retention policy applied by default, preventing premature deletion
or modification of objects and ensuring compliance with data retention
regulations.
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH06 | Data is Lost or Corrupted | Data loss or corruption can occur due to accidental deletion, misconfiguration, or malicious activity. This can result in the loss of critical data, service disruption, or unauthorized access to sensitive information. |
NIST CSF:
PR.DS-1
Control Mappings
CCM:
DSP-16
ISO_27001:
2022 A.8.1.4
NIST_800_53:
SC-28
CP-10
Test Requirements
CCC.ObjStor.C04.TR01:When an object is uploaded to the object storage system, the object
MUST automatically receive a default retention policy that prevents
premature deletion or modification.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.ObjStor.C04.TR02:When an attempt is made to delete or modify an object that is subject
to an active retention policy, the service MUST prevent the action
from being completed.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red