Restrict Deployments to Trust Perimeter

CCC.Core.C06: Restrict Deployments to Trust Perimeter

Control ID:CCC.Core.C06

Title:Restrict Deployments to Trust Perimeter

Objective:Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH03	Deployment Region Network is Untrusted	Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.F22	Location Lock-In	The service may be configured to restrict the deployment of child resources to specific geographic locations.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.DS-1	0	-
CCM	DSP-19	10	Data Location (specify and document processing and backup locations)
ISO_27001	2013 A.11.1.1	0	-
NIST_800_53	AC-6	0	-

Assessment Requirements

ID	Description	Applicability
CCC.Core.C06.TR01	When the service is running, its region and availability zone MUST be included in a list of explicitly trusted or approved locations within the trust perimeter.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C06.TR02	When a child resource is deployed, its region and availability zone MUST be included in a list of explicitly trusted or approved locations within the trust perimeter.	tlp-clear tlp-green tlp-amber tlp-red