Restrict the creation of resources in the public subnet with direct access to the internet to minimize attack surfaces.
Networking / VPC / Controls / DEV
Limit Resource Creation in Public Subnet
CCC.VPC.CN02 · Networking
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.VPC.CP04 | Public Subnet Creation | Ability to create a subnet that allows resources within the subnet to communicate with the public internet. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.VPC.TH02 | Exposure of Resources to Public Internet | Assignment of external IP addresses to resources exposes resources to the public internet, increasing the risk of attacks such as brute force, exploitation of vulnerabilities, or unauthorized access. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.VPC.CN02.AR01 | When a resource is created in a public subnet, that resource MUST NOT be assigned an external IP address by default. | tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| NIST-CSF | PR.AC-3 | |
| CCM | SEF-05 | |
| ISO_27001 | 2013 A.13.1.1 | |
| NIST_800_53 | AC-4 |