CCC.C06: Prevent Deployment in Restricted Regions
Objective:Ensure that resources are not provisioned or deployed in
geographic regions or cloud availability zones that have been
designated as restricted or prohibited, to comply with
regulatory requirements and reduce exposure to geopolitical
risks.
Control Family:
Data
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH03 | Deployment Region Network is Untrusted | If any part of the service is deployed in a hostile, unstable, or insecure location, an attacker may attempt to access the resource or intercept data by exploiting privileged network access or physical vulnerabilities. |
NIST CSF:
PR.DS-1
Control Mappings
CCM:
DSI-06
DSI-08
ISO_27001:
2013 A.11.1.1
NIST_800_53:
AC-6
Test Requirements
CCC.C06.TR01:When a deployment request is made, the service MUST validate
that the deployment region is not to a restricted or regions
or availability zones.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C06.TR02:When a deployment request is made, the service MUST validate that
replication of data, backups, and disaster recovery operations
will not occur in restricted regions or availability zones.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red