Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter.
Core / Ccc / Controls / DEV
Restrict Deployments to Trust Perimeter
CCC.Core.CN06 · Data
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. |
| CCC.Core.CP22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN06.AR01 | When the service is running, its region and availability zone MUST be included in a list of explicitly trusted or approved locations within the trust perimeter. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN06.AR02 | When a child resource is deployed, its region and availability zone MUST be included in a list of explicitly trusted or approved locations within the trust perimeter. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| CCM | DSP-19 | Data Location (specify and document processing and backup locations) |