Skip to content

Commit

Permalink
Rephrase control test requirements (finos#522)
Browse files Browse the repository at this point in the history 
Signed-off-by: Eddie Knight <[email protected]>
Co-authored-by: Michael Lysaght <[email protected]>
  • Loading branch information
@eddie-knight @mlysaght2017
eddie-knight and mlysaght2017 authored Dec 5, 2024
1 parent 98c856b commit dfd6c3f
Showing 1 changed file with 101 additions and 50 deletions.
151 changes: 101 additions & 50 deletions services/common-controls.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,26 +28,17 @@ controls:
test_requirements:
- id: CCC.C01.TR01
text: |
The service enforces the use of secure transport protocols for all
network communications (e.g., TLS 1.2 or higher).
When a port is exposed for non-SSH network traffic, all traffic MUST
include a TLS handshake AND be encrypted using TLS 1.2 or higher.
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C01.TR02
text: |
The service denies all unencrypted HTTP requests.
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C01.TR03
text: |
The service rejects or blocks any attempts to establish outgoing
connections using outdated or insecure protocols (e.g., SSL, TLS 1.0,
or TLS 1.1).
When a port is exposed for SSH network traffic, all traffic MUST
include a SSH handshake AND be encrypted using SSHv2 or higher.
tlp_levels:
- tlp_clear
- tlp_green
Expand All @@ -70,18 +61,9 @@ controls:
test_requirements:
- id: CCC.C02.TR01
text: |
The service encrypts all stored data at rest using
industry-standard encryption algorithms (e.g., AES-256).
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C02.TR02
text: |
The encryption status for stored data at rest can be
verified and audited, including verification of key
management processes.
When data is stored at rest, the service MUST be configured to
encrypt data at rest using the latest industry-standard encryption
methods.
tlp_levels:
- tlp_clear
- tlp_green
Expand All @@ -91,9 +73,11 @@ controls:
- id: CCC.C03 # Implement multi-factor authentication (MFA) for access
title: Implement multi-factor authentication (MFA) for access
objective: |
Ensure that all human user access requires multi-factor
authentication (MFA), minimizing the risk of unauthorized
access by enforcing strong authentication mechanisms.
Ensure that all sensitive activities require two or more identity factors
during authentication to prevent unauthorized access. This may include
something you know, something you have, or something you are. In the
case of programattically accessible services, such as API endpoints, this
includes a combination of API keys or tokens and network restrictions.
control_family: Identity and Access Management
threats:
- CCC.TH01 # Access control is misconfigured
Expand All @@ -107,17 +91,55 @@ controls:
NIST_800_53:
- IA-2
test_requirements:
- id: CCC.C03.TR01
- id: CCC.C03.TR01 # modification auth
text: |
Ensure that MFA is required for all user access to the
service interface.
When an entity attempts to modify the service, the service MUST
attempt to verify the client's identity through an authentication
process.
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C03.TR02 # amber/red view auth
text: |
When an entity attempts to view information presented by the service,
service, the service MUST attempt to verify the client's identity
through an authentication process.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C03.TR02
- id: CCC.C03.TR03 # amber/red UI view MFA
text: |
Ensure that MFA is required for all administrative access
to the management interface.
When an entity attempts to view information on the service through
a user interface, the authentication process MUST require multiple
identifying factors from the user.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C03.TR04 # API modify allowlist
text: |
When an entity attempts to modify the service through an API
endpoint, the authentication process MUST be limited to a
specific allowed network.
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C03.TR05 # amber/red API view allowlist
text: |
When an entity attempts to view information on the service through
an API endpoint, the authentication process MUST be limited to a
specific allowed network.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C03.TR06 # UI modify MFA
text: |
When an entity attempts to modify the service through a user
interface, the authentication process MUST require multiple
identifying factors from the user.
tlp_levels:
- tlp_clear
- tlp_green
Expand All @@ -140,16 +162,24 @@ controls:
test_requirements:
- id: CCC.C04.TR01
text: |
The service logs all access attempts, including successful
and failed login attempts.
When any access attempt is made to the service, the service MUST log
the client identity, time, and result of the attempt.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C04.TR01
text: |
When any access attempt is made to the view sensitive information,
the service MUST log the client identity, time, and result of the
attempt.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C04.TR02
text: |
The service logs all changes to configuration, including
administrative actions and modifications to user roles
or privileges.
When any change is made to the service configuration, the service MUST
log the change, including the client, time, previous state, and the
new state following the change.
tlp_levels:
- tlp_clear
- tlp_green
Expand All @@ -159,9 +189,14 @@ controls:
- id: CCC.C05 # Prevent access from untrusted entities
title: Prevent access from untrusted entities
objective: |
Ensure secure access controls prevent unauthorized data access,
exfiltration, and misuse of legitimate services by adversaries.
Ensure that secure access controls prevent unauthorized access,
mitigate risks of data exfiltration, and block misuse of services
by adversaries. This includes restricting access based on trust
criteria such as IP allowlists, domain restrictions, and tenant
isolation.
control_family: Identity and Access Management
threats:
- CCC.TH01 # Access control is misconfigured
nist_csf: PR.AC-3
control_mappings:
CCM:
Expand All @@ -171,22 +206,38 @@ controls:
NIST_800_53:
- AC-3
test_requirements:
- id: CCC.C05.TR01
- id: CCC.C05.TR01 # Block untrusted sources
text: |
The service blocks access to sensitive resources and admin
access from untrusted sources, including unauthorized IP
addresses, domains, or networks that are not included in
a pre-approved allowlist.
When access to sensitive resources is attempted, the service MUST
block requests from untrusted sources, including IP addresses,
domains, or networks that are not explicitly included in a
pre-approved allowlist.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C05.TR02 # Admin access restrictions
text: |
When administrative access is attempted, the service MUST validate
that the request originates from an explicitly allowed source as
defined in the allowlist.
tlp_levels:
- tlp_clear
- tlp_green
- tlp_amber
- tlp_red
- id: CCC.C05.TR04
- id: CCC.C05.TR03 # Prevent cross-tenant access
text: |
When resources are accessed in a multi-tenant environment, the
service MUST enforce isolation by allowing access only to explicitly
allowlisted tenants.
tlp_levels:
- tlp_amber
- tlp_red
- id: CCC.C05.TR04 # Unauthorized access attempts logging
text: |
The service prevents unauthorized cross-tenant access,
ensuring that only allowlisted services from other
tenants can access resources.
When an access attempt from an untrusted source is blocked, the
service MUST log the event, including the source details, time,
and reason for denial.
tlp_levels:
- tlp_clear
- tlp_green
Expand Down

0 comments on commit dfd6c3f

Please sign in to comment.