CCC.Core.CP29: Active Ingestion
Capability ID:CCC.Core.CP29
Title:Active Ingestion
Description:While running, the service can receive inputs, commands, or data streams
from external sources such as dedicated APIs, exposed network
ports, message queues, and persistent data ingestion channels.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 0 |
| CCC.Core.TH17 | Responses are Generated for Unauthorized Requests | The service may generate responses to requests from unauthorized entities. This could lead to the exposure of system details, which may be used to plan an attack against the service, system, or network. Additionally, allocating resources to service the request could lead to a denial of service for legitimate users, leading to a loss of availability anywhere in the system. | 1 | 1 | 0 |