CCC.C06: Prevent Deployment in Restricted Regions
Objective:Ensure that resources are not provisioned or deployed in
geographic regions or cloud availability zones that have been
designated as restricted or prohibited, to comply with
regulatory requirements and reduce exposure to geopolitical
risks.
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH03 | Deployment Region Network is Untrusted | Deploying a service in an untrusted, unstable, or insecure location, the network may be susceptible to unauthorized access or data interception due to privileged network exposure or physical vulnerabilities. This could result in unintended data disclosure or compromised system integrity. |
NIST CSF:
PR.DS-1
Control Mappings
CCM:
DSI-06
DSI-08
ISO_27001:
2013 A.11.1.1
NIST_800_53:
AC-6
Test Requirements
CCC.C06.TR01:When a deployment request is made, the service MUST validate
that the deployment region is not to a restricted or regions
or availability zones.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C06.TR02:When a deployment request is made, the service MUST validate that
replication of data, backups, and disaster recovery operations
will not occur in restricted regions or availability zones.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red