CCC Virtual Private Cloud
VPC is a logically isolated virtual network environment within the cloud, allowing users to define their own IP address range, subnets, route tables, and network gateways. VPC enables secure and controlled communication between resources while providing integration with on-premises networks through VPN or dedicated connections.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.VPC.F01 | Isolated Custom Network Creation | Ability to create a virtual network that is isolated from other users of the same public cloud. | 1 |
| CCC.VPC.F02 | IPv4 CIDR Block | Ability to specify a IPv4 CIDR block to the virtual network. | 0 |
| CCC.VPC.F03 | IPv6 CIDR Block | Ability to specify a IPv6 CIDR block to the virtual network. | 0 |
| CCC.VPC.F04 | Public Subnet Creation | Ability to create a subnet that allows resources within the subnet to communicate with the public internet. | 1 |
| CCC.VPC.F05 | Private Subnet Creation | Ability to create a subnet that resources within the subnet cannot directly access the public internet. | 0 |
| CCC.VPC.F06 | Multiple Availability Zones for Subnets | Ability to spread the subnets in more than one availability zones. | 0 |
| CCC.VPC.F07 | Routing Control | Ability to control traffic within the VPC and between the VPC and the internet or on-premises networks using customizable route tables. | 0 |
| CCC.VPC.F08 | Connectivity Options - Internet Gateway | Enables direct internet access for resources within a VPC. | 0 |
| CCC.VPC.F09 | Connectivity Options - NAT Gateways | Allows instances in private subnets to access the internet without exposing them to inbound internet traffic. | 0 |
| CCC.VPC.F10 | Connectivity Options - Private Connection | Dedicated, private, high-speed connections between on-premises networks and cloud VPC. | 0 |
| CCC.VPC.F11 | Connectivity Options - VPC Peering | Establishing a private connection between two VPCs to communicate seamlessly. | 1 |
| CCC.VPC.F12 | Connectivity Options - Transit Gateways | A hub-and-spoke model for connecting multiple VPCs and on-premises networks. | 0 |
| CCC.VPC.F13 | Connectivity Options - Site-to-site VPN | Provides an encrypted connection over the internet between a VPC and an on-premises network. | 0 |
| CCC.VPC.F14 | Built-in DNS Resolution | Resolves hostnames to IP addresses for instances within the VPC allowing instances to communicate using hostnames instead of IP addresses. | 0 |
| CCC.VPC.F15 | Built-in DHCP Resolution | Automatically assign IP addresses, subnet masks, default gateways and other network configurations to instances within the VPC. | 0 |
| CCC.VPC.F16 | Flow Logs | Ability to capture information about the IP traffic going through the VPC. | 1 |
| CCC.VPC.F17 | VPC Endpoints | Ability to allow secure, private connectivity between resources within a VPC and other services without the need for a public internet. | 1 |
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.F08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. | 1 |
| CCC.Core.F09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 1 |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. | 1 |
| CCC.Core.F20 | Resource Tagging | The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried. | 1 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.VPC.TH01 | Unauthorized Access via Insecure Default Networks | Default network configurations may include insecure settings and open firewall rules,leading to unauthorized access and potential data breaches. | 1 | 1 | 1 |
| CCC.VPC.TH02 | Exposure of Resources to Public Internet | Assignment of external IP addresses to resources exposes resources to the public internet, increasing the risk of attacks such as brute force, exploitation of vulnerabilities, or unauthorized access. | 1 | 1 | 1 |
| CCC.VPC.TH03 | Unauthorized Network Access Through VPC Peering | Unauthorized VPC peering connections can allow network traffic between untrusted or unapproved subscriptions, leading to potential data exposure or exfiltration. | 1 | 1 | 1 |
| CCC.VPC.TH04 | Lack of Network Visibility due to Disabled VPC Flow Logs | VPC subnets with disabled flow logs lack critical network traffic visibility, which can lead to undetected unauthorized access, data exfiltration, and network misconfigurations. This lack of visibility increases the risk of undetected security incidents. | 1 | 1 | 1 |
| CCC.VPC.TH05 | Overly Permissive VPC Endpoint Policies | VPC Endpoint policies that are overly permissive may inadvertently expose resources within the VPC to unintended principals or external threats. | 1 | 1 | 0 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 3 |
| CCC.Core.TH02 | Data is Intercepted in Transit | Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data. | 1 | 1 | 1 |
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. | 1 | 1 | 1 |
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. | 1 | 1 | 0 |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. | 1 | 1 | 1 |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. | 1 | 1 | 1 |
| CCC.Core.TH13 | Resource Tags are Manipulated | When resource tags are altered, it can lead to misclassification or mismanagement of resources. This can reduce the efficacy of organizational policies, billing rules, or network access rules. Such changes could cause compromised confidentiality, integrity, or availability of the system and its data. | 1 | 1 | 0 |
| CCC.Core.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes may be used to gather details about service and child resource elements such as APIs, file systems, or directories. This information can reveal vulnerabilities, misconfigurations, and the network topology, which can be used to plan an attack against the system, the service, or its child resources. | 1 | 1 | 1 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.VPC.C01 | Restrict Default Network Creation | Restrict the automatic creation of default virtual networks and related resources during subscription initialization to avoid insecure default configurations and enforce custom network policies. | Network Security | 1 | 4 | 1 |
| CCC.VPC.C02 | Limit Resource Creation in Public Subnet | Restrict the creation of resources in the public subnet with direct access to the internet to minimize attack surfaces. | Network Security | 1 | 4 | 1 |
| CCC.VPC.C03 | Restrict VPC Peering to Authorized Accounts | Ensure VPC peering connections are only established with explicitly authorized destinations to limit network exposure and enforce boundary controls. | Network Security | 1 | 4 | 1 |
| CCC.VPC.C04 | Enforce VPC Flow Logs on VPCs | Ensure VPCs are configured with flow logs enabled to capture traffic information. | Network Security | 1 | 4 | 1 |
| CCC.Core.C01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. | Data | 1 | 8 | 5 |
| CCC.Core.C06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 2 |
| CCC.Core.C09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. | Data | 3 | 5 | 3 |
| CCC.Core.C03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. | Identity and Access Management | 1 | 6 | 4 |
| CCC.Core.C05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 8 | 6 |
| CCC.Core.C04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 5 | 3 |
| CCC.Core.C07 | Alert on Unusual Enumeration Activity | Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities. | Logging & Monitoring | 1 | 4 | 2 |