| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.LB.CN01 | Enforce and Detect Rate Limiting | Detect and throttle malicious or excessive requests to prevent downstream resource exhaustion and brute-force activity. | Networking | 2 | 6 | 2 |
| CCC.LB.CN02 | Auto-Scale Load Balancer Capacity | Expand load-balancer capacity to maintain availability during traffic spikes. | Resource | 1 | 2 | 1 |
| CCC.LB.CN04 | Enforce Distribution Policies | Ensure traffic-splitting weights and algorithms are modified only by trusted identities. | Access | 1 | 2 | 1 |
| CCC.LB.CN05 | Validate Session Affinity | Configure session persistence to minimise fixation and hijacking risks. | Networking | 1 | 2 | 1 |
| CCC.LB.CN06 | Secure Health-Check Telemetry | Monitor health-check endpoints for tampering and alert on abnormal status changes. | Observability | 1 | 2 | 1 |
| CCC.LB.CN07 | Scrub Sensitive Headers | Remove headers that disclose internal details or software versions from HTTP responses. | Networking | 1 | 2 | 1 |
| CCC.LB.CN08 | Automate Certificate Renewal | Maintain valid TLS certificates by automating renewal and deployment before expiry. | Encryption | 1 | 2 | 1 |
| CCC.LB.CN09 | Restrict Management API Access | Limit load-balancer API calls to authorised identities and trusted networks. | Access | 1 | 2 | 1 |
Networking / Loadbalancer
CCC Load Balancer Capabilities Controls
Version: DEV