Restrict VPC Peering to Authorized Accounts

CCC.VPC.C03: Restrict VPC Peering to Authorized Accounts

Control ID:CCC.VPC.C03

Title:Restrict VPC Peering to Authorized Accounts

Objective:Ensure VPC peering connections are only established with explicitly authorized destinations to limit network exposure and enforce boundary controls.

Control Family:

Network Security

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.VPC.TH03	Unauthorized Network Access Through VPC Peering	Unauthorized VPC peering connections can allow network traffic between untrusted or unapproved subscriptions, leading to potential data exposure or exfiltration.	1	1	0

Related Capabilities

ID	Title	Description
CCC.VPC.F11	Connectivity Options - VPC Peering	Establishing a private connection between two VPCs to communicate seamlessly.

Guideline Mappings

Reference ID	Entry ID	Remarks
NIST-CSF	PR.AC-3	-
CCM	IVS-01	-
ISO_27001	2013 A.13.1.3	-
NIST_800_53	AC-4	-

Assessment Requirements

ID	Description	Applicability
CCC.VPC.C03.TR01	When a VPC peering connection is requested, the service MUST prevent connections from VPCs that are not explicitly allowed.	tlp-green tlp-amber tlp-red