CCC.C05: Prevent Access from Untrusted Entities
Objective:Ensure that secure access controls prevent unauthorized access,
mitigate risks of data exfiltration, and block misuse of services
by adversaries. This includes restricting access based on trust
criteria such as IP allowlists, domain restrictions, and tenant
isolation.
Control Family:
Identity and Access Management
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH01 | Access Control is Misconfigured | An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources. |
NIST CSF:
PR.AC-3
Control Mappings
CCM:
DS-5
ISO_27001:
2013 A.13.1.3
NIST_800_53:
AC-3
Test Requirements
CCC.C05.TR01:When access to sensitive resources is attempted, the service MUST
block requests from untrusted sources, including IP addresses,
domains, or networks that are not explicitly included in a
pre-approved allowlist.
TLP:
tlp_amber
tlp_red
CCC.C05.TR02:When administrative access is attempted, the service MUST validate
that the request originates from an explicitly allowed source as
defined in the allowlist.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C05.TR03:When resources are accessed in a multi-tenant environment, the
service MUST enforce isolation by allowing access only to explicitly
allowlisted tenants.
TLP:
tlp_amber
tlp_red
CCC.C05.TR04:When an access attempt from an untrusted source is blocked, the
service MUST log the event, including the source details, time,
and reason for denial.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red