| ID | Title | Objective |
|---|---|---|
| CCC.Core.CN01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. |
| CCC.Core.CN13 | Minimize Lifetime of Encryption and Authentication Certificates | Ensure that encryption and authentication certificates have a limited lifetime to reduce the risk of compromise and ensure the use of up-to-date security practices. |
| CCC.Core.CN06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. |
| CCC.Core.CN08 | Replicate Data to Multiple Locations | Ensure that data is replicated across multiple physical locations to protect against data loss due to hardware failures, natural disasters, or other catastrophic events. |
| CCC.Core.CN09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. |
| CCC.Core.CN10 | Restrict Data Replication to Trust Perimeter | Ensure that data is only replicated on infrastructure in locations that are explicitly included within a defined trust perimeter. |
| CCC.Core.CN02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. |
| CCC.Core.CN11 | Protect Encryption Keys | Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and customer-managed encryption keys (CMEKs). |
| CCC.Core.CN14 | Maintain Recent Backups | Ensure that all backups used for disaster recovery are recent and subject to a retention policy that limits deletion. |
| CCC.Core.CN03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. |
| CCC.Core.CN05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. |
| CCC.Core.CN04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. |
| CCC.Core.CN07 | Alert on Unusual Enumeration Activity | Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities. |
Core / Ccc
Controls
Version: