From 7753f23662b33650066236790b605d0b3e4adf02 Mon Sep 17 00:00:00 2001
From: ianwalkersmithciticom <ian.walkersmith@citi.com>
Date: Thu, 28 Nov 2024 08:51:44 -0300
Subject: [PATCH 1/4] adding stop backup threat

---
 services/database/relational/threats.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml
index 9deacba3..b1d93293 100644
--- a/services/database/relational/threats.yaml
+++ b/services/database/relational/threats.yaml
@@ -110,3 +110,12 @@ threats:
       - CCC.RDMS.F07
     mitre_technique:
       - T1110
+
+  - id: CCC.RDMS.TH16
+    title: backups stopped
+    description: |
+      threat actor stops backups from occuring
+    features:
+      - CCC.F11
+    mitre_technique:
+      - T1490

From 5c9cafada6b2b518a747ec6b67edfc0a45d9c304 Mon Sep 17 00:00:00 2001
From: ianwalkersmithciticom <ian.walkersmith@citi.com>
Date: Thu, 28 Nov 2024 16:06:44 -0300
Subject: [PATCH 2/4] init controls.yaml

---
 services/database/relational/controls.yaml | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 services/database/relational/controls.yaml

diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml
new file mode 100644
index 00000000..67fb82af
--- /dev/null
+++ b/services/database/relational/controls.yaml
@@ -0,0 +1,31 @@
+common_controls:
+  - CCC.C01 # Prevent unencrypted requests
+  - CCC.C02 # Ensure data encryption at rest for all stored data
+  - CCC.C03 # Log all access and changes
+  - CCC.C04 # Implement multi-factor authentication (MFA) for access
+  - CCC.C05 # Prevent access from untrusted entities
+  - CCC.C06 # Prevent deployment in restricted regions
+  - CCC.C07 # Alert on non-human enumeration
+  - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs
+  - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter
+
+controls:
+  - id: CCC.RDMS.C01 # Enforce Use of Managed Views for Data Access
+    title: backup database to alternative trust-zone 
+    objective: |
+      Ensure that databases are backed up and the backup is outside of the applications trust-zone
+    control_family: Data
+    threats:
+      - CCC.RDMS.TH14
+    nist_csf: PR.DS-11
+    control_mappings:
+      NIST_800_53:
+        - CP-6
+    test_requirements:
+      - id: CCC.RDMS.C01.TR01
+        text: |
+          From the same trust-zone as the database attempt to access the database backup and ensure that access is
+          denied
+        tlp_levels:
+          - tlp_red
+          - tlp_amber

From f6c21a849dac86acdb65c0b133f865b253425a18 Mon Sep 17 00:00:00 2001
From: ianwalkersmithciticom <ian.walkersmith@citi.com>
Date: Thu, 28 Nov 2024 16:10:54 -0300
Subject: [PATCH 3/4] init controls.yaml

---
 services/database/relational/controls.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml
index 67fb82af..1b9da3ae 100644
--- a/services/database/relational/controls.yaml
+++ b/services/database/relational/controls.yaml
@@ -10,13 +10,13 @@ common_controls:
   - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter
 
 controls:
-  - id: CCC.RDMS.C01 # Enforce Use of Managed Views for Data Access
+  - id: CCC.RDMS.C01 
     title: backup database to alternative trust-zone 
     objective: |
       Ensure that databases are backed up and the backup is outside of the applications trust-zone
     control_family: Data
     threats:
-      - CCC.RDMS.TH14
+      - CCC.RDMS.TH14 # DB backup is uninentionally restored
     nist_csf: PR.DS-11
     control_mappings:
       NIST_800_53:

From 4f5d6e3375316485c4c3d8162771b63b21c4b375 Mon Sep 17 00:00:00 2001
From: ianwalkersmithciticom <ian.walkersmith@citi.com>
Date: Thu, 28 Nov 2024 16:14:01 -0300
Subject: [PATCH 4/4] init controls.yaml

---
 services/database/relational/controls.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml
index 1b9da3ae..a1a4fd92 100644
--- a/services/database/relational/controls.yaml
+++ b/services/database/relational/controls.yaml
@@ -10,8 +10,8 @@ common_controls:
   - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter
 
 controls:
-  - id: CCC.RDMS.C01 
-    title: backup database to alternative trust-zone 
+  - id: CCC.RDMS.C01
+    title: backup database to alternative trust-zone
     objective: |
       Ensure that databases are backed up and the backup is outside of the applications trust-zone
     control_family: Data