CCC Container Registry
Container Registry is a repository for storing, managing and distributing container images. It acts as a hub in the container ecosystem, enabling developers to push, pull, version, and share container images efficiently and securely.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.CntrReg.F01 | Image Storage | Ability to upload and securely store container images and image metadata. | 0 |
| CCC.CntrReg.F02 | Private Repositories | Support for creating container image repositories that are restricted and only accessible by authorized users or services. | 0 |
| CCC.CntrReg.F03 | Public Repositories | Support for creating container image repositories that are open to the public. These repositories are used mainly for sharing container images. | 0 |
| CCC.CntrReg.F04 | Lifecycle Policies | Supports defining of policies for automatic expiry of unused or outdated images to manage storage effectively. | 1 |
| CCC.CntrReg.F05 | Image Scanning | Provides vulnerability scanning for container images (built-in or through integration to scanning services) to detect security issues and generate reports for known CVEs (Common Vulnerabilities and Exposures). | 1 |
| CCC.CntrReg.F06 | Integration with CI/CD Tooling | Seamlessly integrates with CI/CD pipelines to automate pushing and pulling of container images. | 0 |
| CCC.CntrReg.F07 | Caching of Images | Provides caching for faster access to frequently used images. | 0 |
| CCC.CntrReg.F08 | Multi-platform Support | Ability to store images built for different CPU architectures such as x86_64 (AMD/Intel), ARM64, and others within the same container image repository. | 0 |
| CCC.CntrReg.F09 | Immutable Tags | Prevent tags from being overwritten or deleted once they have been assigned to an image. This ensures that once a container image is tagged with a specific version or identifier, that tag remains associated with the same image throughout its lifetime. | 0 |
| CCC.CntrReg.F10 | List Repositories | Ability to list all public and private repositories in the container image registry. | 0 |
| CCC.CntrReg.F11 | Edit Repository | Ability to edit a public or private container image repository properties after being created. | 0 |
| CCC.CntrReg.F12 | Delete Repository | Ability to delete a public or private container image repository after being created. | 0 |
| CCC.CntrReg.F13 | List Images | Ability to list container images in a public or private container image repository. | 0 |
| CCC.CntrReg.F14 | Delete Image | Ability to delete a container image after being created. | 0 |
| CCC.CntrReg.F15 | List Lifecycle Policies | Ability to list lifecycle policies for container images in a public or private container repository. | 0 |
| CCC.CntrReg.F16 | Edit Lifecycle Policy | Ability to edit a lifecycle policy after being created. | 0 |
| CCC.CntrReg.F17 | Delete Lifecycle Policy | Ability to delete a lifecycle policy after being created. | 0 |
| CCC.Core.F01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. | 0 |
| CCC.Core.F02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. | 0 |
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. | 2 |
| CCC.Core.F04 | Transaction Rate Limits | The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit. | 1 |
| CCC.Core.F05 | Signed URLs | The service can generate an ad hoc URL containing authentication information to enforce user-configured permissions for accessing a specific component or a child resource. | 0 |
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.F07 | Event Publication | The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources. | 1 |
| CCC.Core.F09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 2 |
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. | 1 |
| CCC.Core.F18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. | 3 |
| CCC.Core.F22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. | 1 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.CntrReg.TH01 | Vulnerabilities in Artifacts are Exploited | Attackers exploit known vulnerabilities in container images or artifacts stored in the registry, leading to unauthorized access, data breaches, or system compromise. | 1 | 1 | 1 |
| CCC.CntrReg.TH02 | Accumulation of Unused Artifacts | The registry accumulates outdated or unused artifacts, increasing storage costs and the risk of deploying vulnerable or untested versions. | 1 | 1 | 0 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 3 |
| CCC.Core.TH02 | Data is Intercepted in Transit | Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data. | 1 | 1 | 1 |
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. | 1 | 1 | 1 |
| CCC.Core.TH04 | Data is Replicated to Untrusted or External Locations | Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure. | 1 | 1 | 2 |
| CCC.Core.TH05 | Interference with Replication Processes | Misconfigured or manipulated replication processes may lead to data being copied to unintended locations, delayed, modified, or not being copied at all. This could lead to compromised data confidentiality and integrity, potentially also affecting recovery processes and data availability. | 1 | 1 | 0 |
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. | 1 | 1 | 0 |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. | 1 | 1 | 1 |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. | 1 | 1 | 1 |
| CCC.Core.TH11 | Publications are Incorrectly Triggered | Incorrectly triggered publications may disseminate inaccurate or misleading information, creating a data integrity risk. Such misinformation can cause unintended operations to be initiated, conceal legitimate issues, and disrupt the availability or reliability of systems and their data. | 1 | 1 | 0 |
| CCC.Core.TH12 | Resource Constraints are Exhausted | Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources. | 1 | 1 | 0 |
| CCC.Core.TH14 | Older Resource Versions are Used | Running older versions of child resources can expose the system to known vulnerabilities that have been addressed in more recent versions. If the version identifier is detected by an attacker, it may be possible to exploit these vulnerabilities to compromise the confidentiality, integrity, or availability of the system and its data. | 1 | 1 | 1 |
| CCC.Core.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes may be used to gather details about service and child resource elements such as APIs, file systems, or directories. This information can reveal vulnerabilities, misconfigurations, and the network topology, which can be used to plan an attack against the system, the service, or its child resources. | 1 | 1 | 0 |
| CCC.Core.TH16 | Publications are Disabled | Publication of events, metrics, and runtime logs may be disabled, leading to a lack of expected security and operational information being shared. This can impact system availability by delaying the detection of incidents while also impacting system design decisions and enforcement of operational thresholds, such as autoscaling or cost management. | 1 | 1 | 0 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.CntrReg.C01 | Implement Vulnerability Scanning for Artifacts | Ensure that container images and artifacts stored in the container registry are scanned for vulnerabilities to identify and remediate security issues before deployment. | Risk Management | 1 | 3 | 1 |
| CCC.CntrReg.C02 | Implement Cleanup Policies for Artifacts | Ensure that unused or outdated artifacts are cleaned up according to defined policies to manage storage effectively and reduce security risks associated with outdated versions. | Data Management | 1 | 2 | 1 |
| CCC.Core.C01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. | Data | 1 | 8 | 5 |
| CCC.Core.C02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. | Data | 1 | 7 | 1 |
| CCC.Core.C06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 2 |
| CCC.Core.C09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. | Data | 3 | 5 | 3 |
| CCC.Core.C10 | Restrict Data Replication to Trust Perimeter | Ensure that data is only replicated on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 1 |
| CCC.Core.C04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 5 | 3 |
| CCC.Core.C05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 8 | 6 |