Objects have an Effective Retention Policy by Default

CCC.ObjStor.C04: Objects have an Effective Retention Policy by Default

Control ID:CCC.ObjStor.C04

Title:Objects have an Effective Retention Policy by Default

Objective:Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects and ensuring compliance with data retention regulations.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH06	Data is Lost or Corrupted	Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.F11	Backup	The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups.
CCC.Core.F18	Resource Versioning	The service assigns versions to child resources to preserve, retrieve, and restore past iterations.

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.DS-1	-
CCM	DSP-16	-
ISO_27001	2022 A.8.1.4	-
NIST_800_53	SC-28	-
NIST_800_53	CP-10	-

Assessment Requirements

ID	Description	Applicability
CCC.ObjStor.C04.TR01	When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents premature deletion or modification.	tlp-clear tlp-green tlp-amber tlp-red
CCC.ObjStor.C04.TR02	When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action from being completed.	tlp-clear tlp-green tlp-amber tlp-red