Ensure traffic-splitting weights and algorithms are modified only by trusted identities.
Networking / Loadbalancer / Controls / DEV
Enforce Distribution Policies
CCC.LB.CN04 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.LB.CP02 | Dynamic Load Balancing | Employ load balancing algorithms that consider the current state of servers before distributing traffic. Load balancer adjusts traffic distribution in real-time based on the current server health, resource utilization, and traffic conditions. |
| CCC.LB.CP20 | Traffic Splitting / Weighted Routing | Can distribute incoming traffic across multiple backend resources based on predefined weights or percentages (e.g., for canary deployments, A/B testing, blue-green deployments, or gradual traffic migrations). |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.LB.TH03 | Traffic Distribution Is Manipulated | Adjusting distribution policies can concentrate traffic on specific nodes causing DoS or redirect flows through unwanted paths. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.LB.CN04.AR01 | When routing weights change, the request MUST originate from an explicitly defined and trusted identity and MUST be logged. | tlp-green, tlp-amber, tlp-red |