CCC.C12: Ensure Secure Network Access Rules
Objective:Ensure network access to the service is restricted to explicitly
authorized IP addresses, ports, and protocols by properly
configuring security group and/or firewall rules. Configuration
must follow the principle of least privilege to minimize the
attack surface and prevent unauthorized inbound connections.
Overly permissive rules such as, 0.0.0.0/0 must be disallowed or
strictly controlled.
Control Family:
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH17 | Unauthorized Network Access via Misconfigured Rules | Improperly configured or overly permissive network access rules such as security groups can allow unauthorized inbound connections to the service. This could result in unauthorized access to sensitive resources or data and disruption to service availability. |
NIST CSF:
PR.AC-3
Control Mappings
NIST_800_53:
AC-4
Test Requirements
CCC.C12.TR01:When an unauthorized IP or network attempts to connect
to the service, the request MUST be denied.
TLP:
tlp_red
tlp_amber