Prevent Access from Untrusted Entities

CCC.Core.C05: Prevent Access from Untrusted Entities

Control ID:CCC.Core.C05

Title:Prevent Access from Untrusted Entities

Objective:Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only.

Control Family:

Identity and Access Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH01	Access Control is Misconfigured	Misconfigured access controls may grant excessive privileges or fail to restrict unauthorized access to the service and its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.F06	Access Control	The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes.

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.AC-3	-
CCM	DS-5	-
ISO_27001	2013 A.13.1.3	-
NIST_800_53	AC-3	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C05.TR01	When an attempt is made to modify data on the service or a child resource, the service MUST block requests from unauthorized entities.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR02	When administrative access or configuration change is attempted on the service or a child resource, the service MUST refuse requests from unauthorized entities.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR03	When administrative access or configuration change is attempted on the service or a child resource in a multi-tenant environment, the service MUST refuse requests across tenant boundaries unless the origin is explicitly included in a pre-approved allowlist.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C05.TR04	When data is requested from outside the trust perimeter, the service MUST refuse requests from unauthorized entities.	tlp-amber tlp-red
CCC.Core.C05.TR05	When any request is made from outside the trust perimeter, the service MUST NOT provide any response that may indicate the service exists.	tlp-red
CCC.Core.C05.TR06	When any request is made to the service or a child resource, the service MUST refuse requests from unauthorized entities.	tlp-green tlp-amber tlp-red