Skip to main content

CCC.Monitor.C06: Metrics pushed for authorised services only

Control ID:CCC.Monitor.C06
Title:Metrics pushed for authorised services only
Objective:Use IAM to control which types of metrics or traces can be pushed by different system to avoid a compromised system pushing fabricated metrics about a different service
Control Family:
Identity and Access Management

Related Threats

IDTitleDescriptionExternal MappingsCapability MappingsControl Mappings
CCC.Monitor.TH05Data Exfiltration Through Tampered MetricsIf a malicious actor is able to make changes to the metrics being collected, it could be used to encrypt and or compress sensitive data and bypass controls preventing exfiltration. The data can then be staged in the monitoring system and exfiltrated in bulk at a later point in time
1
1
0

Guideline Mappings

Reference IDEntry IDStrengthRemarks
NIST-CSF
PR.AA-05
0
-
NIST_800_53
AC-5
0
-

Assessment Requirements

IDDescriptionApplicability
CCC.Monitor.C06.TR01When systems push metrics or traces they MUST be authenticated for that particular type of metric or trace
tlp-clear
tlp-green
tlp-amber
tlp-red