Ensure that deletion of objects stored in the object storage system is protected by multi-factor authentication (MFA), reducing the risk of accidental, unauthorized, or compromised-credential–based data destruction.
Storage / Object / Controls / DEV
Multi-Factor Authentication Is Required for Object Deletion
CCC.ObjStor.CN07 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP29 | Active Ingestion | While running, the service itself can fetch or reach out to some other service or external source to get data, inputs or commands for the service to process or operate on. |
| CCC.Core.CP11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. |
| CCC.Core.CP18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. |
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. |
| CCC.Core.TH17 | Responses are Generated for Unauthorized Requests | The service may generate responses to requests from unauthorized entities. This could lead to the exposure of system details, which may be used to plan an attack against the service, system, or network. Additionally, allocating resources to service the request could lead to a denial of service for legitimate users, leading to a loss of availability anywhere in the system. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.ObjStor.CN07.AR01 | The object storage service MUST support a configuration option that requires MFA to be successfully completed before any object deletion can be attempted, regardless of the request interface. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.ObjStor.CN07.AR02 | When MFA deletion protection is enabled on a bucket or object namespace, the service MUST deny any deletion request from an identity that has not satisfied the MFA requirement at the time of the request. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.ObjStor.CN07.AR03 | When an attempt is made to delete an object, the service's audit logs MUST clearly record each deletion attempt, including whether MFA was required and whether validation was met. | tlp-clear, tlp-green, tlp-amber, tlp-red |