CCC-Complete (Behavioural) 0.1
Test results for this specific product, vendor, and version combination
| Vendor | FINOS |
| Product | CCC-Complete (Behavioural) |
| Version | 0.1 |
Download Raw Results
Download the original OCSF, Gemara, or HTML result files used to generate this page
Test Summary
Aggregate summary of all tests for this configuration result
| Resources In Configuration | 1 |
| Count of Tests | 8 |
| Passing Tests | 4 |
| Failing Tests | 4 |
| Catalogs Tested | CCC.SecMgmt |
Control Catalog Summary
Summary of test results grouped by control catalog and resource
| Control Catalog | Resources | Total Tests | Passing | Failing | Tested Requirements | Missing Requirements | Unused Core Requirements |
|---|---|---|---|---|---|---|---|
| CCC.SecMgmt | finos-ccc-integratio... | 8 | 4 | 4 | All covered | None |
Test Mapping Summary
Summary of test mappings showing how event codes map to test requirements
| Control Catalog | Test Requirement | Mapped Tests (Event Code | Total | Passing | Failing) |
|---|---|---|
| CCC.SecMgmt | CCC.SecMgmt.CN01.AR01 Attempt to use an outdated version of a secret after its rotation period
has passed and verify that access is denied.
| Current secret version is readable220 Stale secret version retrieve is denied202 |
| CCC.SecMgmt | CCC.SecMgmt.CN02.AR01 Attempt to retrieve a secret from an unauthorized region and verify that access is denied.
| Authorized region read succeeds202 Unauthorized region read is denied220 |
Resource Summary
Summary of all resources mentioned in OCSF results
| Resource Name | Resource Type | Control Catalogs | Total Tests | Passing | Failing |
|---|---|---|---|---|---|
finos-ccc-integration-secret-main | secrets | CCC.SecMgmt | 8 | 4 | 4 |
Test Results
OCSF test results filtered for entries with CCC compliance mappings
| Status | Finding | Resource Name | Resource Type | Message | Test Requirements |
|---|---|---|---|---|---|
| PASS | Current secret version is readable ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"
✓ "{result}" is not an error
✓ I refer to "{result}" as "currentSecret"
✓ I attach "{currentSecret}" to the test output as "Current Secret Version"
✓ "{currentSecret.Denied}" is "false" | finos-ccc-integration-secret-main | secrets | Current secret version is readable | |
| FAIL | Stale secret version retrieve is denied ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"
✗ "{result}" is an error - Error: expected {result} to be an error, got *secrets.SecretValue | finos-ccc-integration-secret-main | secrets | Stale secret version retrieve is denied | |
| FAIL | Authorized region read succeeds ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"
✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: access denied: Get "https://finos-ccc-integration-missing-westus2.vault.azure.net/secrets/finos-ccc-integration-secret-main/?api-version=2025-07-01": dial tcp: lookup finos-ccc-integration-missing-westus2.vault.azure.net on 127.0.0.53:53: no such host
⊘ I refer to "{result}" as "authorizedRead" (skipped)
⊘ I attach "{authorizedRead}" to the test output as "Authorized Region Read" (skipped)
⊘ "{authorizedRead.Denied}" is "false" (skipped) | finos-ccc-integration-secret-main | secrets | Authorized region read succeeds | |
| PASS | Unauthorized region read is denied ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"
✓ "{result}" is an error | finos-ccc-integration-secret-main | secrets | Unauthorized region read is denied | |
| PASS | Current secret version is readable ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "latest"
✓ "{result}" is not an error
✓ I refer to "{result}" as "currentSecret"
✓ I attach "{currentSecret}" to the test output as "Current Secret Version"
✓ "{currentSecret.Denied}" is "false" | finos-ccc-integration-secret-main | secrets | Current secret version is readable | |
| FAIL | Stale secret version retrieve is denied ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretVersion" using arguments "{uid}" and "{stale-version-id}"
✗ "{result}" is an error - Error: expected {result} to be an error, got *secrets.SecretValue | finos-ccc-integration-secret-main | secrets | Stale secret version retrieve is denied | |
| FAIL | Authorized region read succeeds ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{authorized-region}"
✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: access denied: Get "https://finos-ccc-integration-missing-westus2.vault.azure.net/secrets/finos-ccc-integration-secret-main/?api-version=2025-07-01": dial tcp: lookup finos-ccc-integration-missing-westus2.vault.azure.net on 127.0.0.53:53: no such host
⊘ I refer to "{result}" as "authorizedRead" (skipped)
⊘ I attach "{authorizedRead}" to the test output as "Authorized Region Read" (skipped)
⊘ "{authorizedRead.Denied}" is "false" (skipped) | finos-ccc-integration-secret-main | secrets | Authorized region read succeeds | |
| PASS | Unauthorized region read is denied ✓ a cloud api for "{config}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "secrets"
✓ I refer to "{result}" as "svc"
✓ I call "{svc}" with "RetrieveSecretInRegion" using arguments "{uid}" and "{unauthorized-region}"
✓ "{result}" is an error | finos-ccc-integration-secret-main | secrets | Unauthorized region read is denied |