CCC.Core.TH06: Data is Lost or Corrupted
Threat ID:CCC.Core.TH06
Title:Data is Lost or Corrupted
Description:
Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. |
| CCC.Core.F18 | Resource Versioning | The service assigns versions to child resources to preserve, retrieve, and restore past iterations. |
External Mappings
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.ObjStor.C01 | Prevent Requests to Buckets or Objects with Untrusted KMS Keys | Prevent any requests to object storage buckets or objects using untrusted KMS keys to protect against unauthorized data encryption that can impact data availability and integrity. | Data | 2 | 5 | 4 |
| CCC.ObjStor.C03 | Prevent Bucket Deletion Through Irrevocable Bucket Retention Policy | Ensure that object storage bucket is not deleted after creation, and that the preventative measure cannot be unset. | Data | 1 | 5 | 2 |
| CCC.ObjStor.C04 | Objects have an Effective Retention Policy by Default | Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects and ensuring compliance with data retention regulations. | Data | 1 | 5 | 2 |
| CCC.ObjStor.C05 | Versioning is Enabled for All Objects in the Bucket | Ensure that versioning is enabled for all objects stored in the object storage bucket to enable recovery of previous versions of objects in case of loss or corruption. | Data | 1 | 5 | 4 |