CCC.C10: Prevent Data Replication to Destinations Outside of Defined Trust Perimeter
Objective:Prevent replication of data to untrusted destinations outside
of defined trust perimeter. An untrusted destination is defined
as a resource that exists outside of a specified trusted
identity or network or data perimeter.
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH04 | Data is Replicated to Untrusted or External Locations | An attacker could replicate data to untrusted or external locations if replication configurations are not properly restricted. This could result in data leakage or exposure to unauthorized entities outside the organization's trusted perimeter. |
NIST CSF:
PR.DS-5
Control Mappings
CCM:
ISO_27001:
NIST_800_53:
AC-4
Test Requirements
CCC.C10.TR01:When data is replicated, the service MUST ensure that
replication is restricted to explicitly trusted destinations.
TLP:
tlp_green
tlp_amber
tlp_red