Use Customer-Managed Encryption Keys (CMEK) for Messages

CCC.Message.C01: Use Customer-Managed Encryption Keys (CMEK) for Messages

Control ID:CCC.Message.C01

Title:Use Customer-Managed Encryption Keys (CMEK) for Messages

Objective:Ensure that messages are encrypted using customer-managed encryption keys (CMEK) to provide enhanced control over encryption processes and keys, meeting compliance and security requirements.

Control Family:

Encryption

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH01	Access is Granted to Unauthorized Users	Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.F06	Access Control	The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes.

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.DS-1	Data-at-rest is protected
NIST_800_53	SC-12	Cryptographic Key Establishment and Management
NIST_800_53	SC-13	Cryptographic Protection

Assessment Requirements

ID	Description	Applicability
CCC.Message.C01.TR01	Attempt to publish a message without using a customer-managed encryption key and verify that the message is rejected or not stored.	tlp-clear tlp-green tlp-amber tlp-red