Prevent Access from Untrusted Entities

CCC.Core.C05: Prevent Access from Untrusted Entities

Control ID:CCC.Core.C05

Title:Prevent Access from Untrusted Entities

Objective:Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only.

Control Family:

Identity and Access Management

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.AC-3	0	-
CCM	DSP-01	1	Security and Privacy Policy and Proceduress
CCM	DSP-07	1	Data Protection by Design and Default
CCM	DSP-08	1	Data Privacy by Design and Default
CCM	DSP-10	1	Sensitive Data Transfer
CCM	DSP-17	0	Sensitive Data Protection
ISO_27001	2013 A.13.1.3	0	-
NIST_800_53	AC-3	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C05.TR01	When an attempt is made to modify data on the service or a child resource, the service MUST block requests from unauthorized entities.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR02	When administrative access or configuration change is attempted on the service or a child resource, the service MUST refuse requests from unauthorized entities.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR03	When administrative access or configuration change is attempted on the service or a child resource in a multi-tenant environment, the service MUST refuse requests across tenant boundaries unless the origin is explicitly included in a pre-approved allowlist.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR04	When data is requested from outside the trust perimeter, the service MUST refuse requests from unauthorized entities.	tlp-amber tlp-red
CCC.Core.C05.TR05	When any request is made from outside the trust perimeter, the service MUST NOT provide any response that may indicate the service exists.	tlp-red
CCC.Core.C05.TR06	When any request is made to the service or a child resource, the service MUST refuse requests from unauthorized entities.	tlp-green tlp-amber tlp-red