| ID | Title | Objective |
|---|---|---|
| CCC.ObjStor.CN01 | Prevent Requests to Buckets or Objects with Untrusted KMS Keys | Prevent any requests to object storage buckets or objects using untrusted KMS keys to protect against unauthorized data encryption, or sensitive data decryption. |
| CCC.ObjStor.CN03 | Prevent Bucket Deletion Through Irrevocable Bucket Retention Policy | Ensure that object storage bucket is not deleted after creation, and that the preventative measure cannot be unset. |
| CCC.ObjStor.CN04 | Objects have an Effective Retention Policy by Default | Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects. |
| CCC.ObjStor.CN05 | Versioning is Enabled for All Objects in the Bucket | Ensure that versioning is enabled for all objects stored in the object storage bucket to enable recovery of previous versions of objects in case of loss or corruption. |
| CCC.ObjStor.CN07 | Multi-Factor Authentication Is Required for Object Deletion | Ensure that deletion of objects stored in the object storage system is protected by multi-factor authentication (MFA), reducing the risk of accidental, unauthorized, or compromised-credential–based data destruction. |
| CCC.ObjStor.CN02 | Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions | Ensure that uniform bucket-level access is enforced across all object storage buckets. This prevents the use of ad-hoc or inconsistent object-level permissions, ensuring centralized, consistent, and secure access management in accordance with the principle of least privilege. |
Storage / Object
Controls
Version: