CCC.ObjStor.C02: Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions
Control ID:CCC.ObjStor.C02
Title:Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions
Objective:Ensure that uniform bucket-level access is enforced across all
object storage buckets. This prevents the use of ad-hoc or
inconsistent object-level permissions, ensuring centralized,
consistent, and secure access management in accordance with the
principle of least privilege.
Control Family:
Identity and Access Management
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Core.TH01 | Access Control is Misconfigured | Misconfigured access controls may grant excessive privileges or fail to restrict unauthorized access to the service and its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
Guideline Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
NIST-CSF | PR.AC-4 | 0 | - |
ISO_27001 | 2013 A.9.4.1 | 0 | - |
NIST_800_53 | AC-3 | 0 | - |
NIST_800_53 | AC-6 | 0 | - |
CCM | DCS-09 | 0 | - |