Access External Monitoring

CCC.Monitor.C03: Access External Monitoring

Control ID:CCC.Monitor.C03

Title:Access External Monitoring

Objective:Control access to Synthetic monitoring solutions using API keys or Certificate based authentication to ensure they don't become an attack path, preventing monitoring systems from forging network requests to gain access to internal systems.

Control Family:

Identity and Access Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Monitor.TH04	External Monitoring Access	If an external monitoring system is compromised, it acts as a trusted external remote service and can then access internal services which would otherwise not be accessible directly.	1	1	0

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	DE.CM-06	-
NIST-CSF	PR.IR-01	-
NIST-CSF	PR.AA-05	-
NIST_800_53	AC-3	-

Assessment Requirements

ID	Description	Applicability
CCC.Monitor.C03.TR01	When external systems have approved access to internal systems not normally available for public access then they MUST be secured to prevent unauthorised access jumping through to the internal systems and only allow access to specific internal services.	tlp-clear tlp-green tlp-amber tlp-red