CCC-Complete (Behavioural) 0.1

Test results for this specific product, vendor, and version combination

Vendor	FINOS
Product	CCC-Complete (Behavioural)
Version	0.1

Download Raw Results

Download the original OCSF, Gemara, or HTML result files used to generate this page

File Name	Download
combined	OCSF
finos-ccc-integration-fn-main	OCSF HTML
summary	HTML
gcpServerlessComputing	GEMARA

Test Summary

Aggregate summary of all tests for this configuration result

Resources In Configuration	1
Count of Tests	28
Passing Tests	14
Failing Tests	14
Catalogs Tested	CCC.CoreCCC.SvlsComp

Control Catalog Summary

Summary of test results grouped by control catalog and resource

Control Catalog	Resources	Total Tests	Passing	Failing	Tested Requirements	Missing Requirements	Unused Core Requirements
CCC.Core	finos-ccc-integratio...	20	10	10	CCC.Core.CN02.AR01 CCC.Core.CN03.AR01 CCC.Core.CN04.AR01 CCC.Core.CN04.AR02 CCC.Core.CN04.AR03 CCC.Core.CN05.AR06 CCC.Core.CN06.AR01 CCC.Core.CN07.AR01 CCC.Core.CN07.AR02 CCC.Core.CN10.AR01	CCC.Core.CN01.AR01 CCC.Core.CN01.AR02 CCC.Core.CN01.AR03 CCC.Core.CN01.AR07 CCC.Core.CN01.AR08 CCC.Core.CN03.AR02 CCC.Core.CN03.AR03 CCC.Core.CN03.AR04 CCC.Core.CN05.AR01 CCC.Core.CN05.AR02 CCC.Core.CN05.AR03 CCC.Core.CN05.AR04 CCC.Core.CN05.AR05 CCC.Core.CN06.AR02 CCC.Core.CN09.AR01 CCC.Core.CN09.AR02 CCC.Core.CN09.AR03	CCC.Core.CN13.AR01 CCC.Core.CN13.AR02 CCC.Core.CN13.AR03 CCC.Core.CN08.AR01 CCC.Core.CN08.AR02 CCC.Core.CN11.AR01 CCC.Core.CN11.AR02 CCC.Core.CN11.AR03 CCC.Core.CN11.AR04 CCC.Core.CN11.AR05 CCC.Core.CN11.AR06 CCC.Core.CN14.AR01 CCC.Core.CN14.AR02 CCC.Core.CN14.AR03
CCC.SvlsComp	finos-ccc-integratio...	8	4	4	CCC.SvlsComp.CN01.AR01 CCC.SvlsComp.CN02.AR01	All covered	None

Test Mapping Summary

Summary of test mappings showing how event codes map to test requirements

Control Catalog	Test Requirement	Mapped Tests (Event Code \| Total \| Passing \| Failing)
CCC.Core	CCC.Core.CN02.AR01 When data is stored, it MUST be encrypted using the latest industry-standard encryption methods.	`Function encryption status reports enabled controls` 202
CCC.Core	CCC.Core.CN03.AR01 When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors for authentication.	`MFA requirement for destructive operations cannot be tested automatically - NotTestable` 220
CCC.Core	CCC.Core.CN04.AR01 When administrative access or configuration change is attempted on the service or a child resource, the service MUST log the client identity, time, and result of the attempt.	`Verify admin actions are logged with identity and timestamp` 202
CCC.Core	CCC.Core.CN04.AR02 When any attempt is made to modify data on the service or a child resource, the service MUST log the client identity, time, and result of the attempt.	`Verify data modifications are logged with identity and timestamp` 202
CCC.Core	CCC.Core.CN04.AR03 When any attempt is made to read data on the service or a child resource, the service MUST log the client identity, time, and result of the attempt.	`Verify data read operations are logged with identity and timestamp` 202
CCC.Core	CCC.Core.CN05.AR06 When any request is made to the service or a child resource, the service MUST refuse requests from unauthorized entities.	`Service prevents data read by user with no access` 220
CCC.Core	CCC.Core.CN06.AR01 When the service is running, its region and availability zone MUST be included in a list of explicitly trusted or approved locations within the trust perimeter.	`Resource region can be retrieved for compliance verification` 202
CCC.Core	CCC.Core.CN07.AR01 When enumeration activities are detected, the service MUST publish an event to a monitored channel which includes the client identity, time, and nature of the activity.	`Enumeration event publishing cannot be tested automatically - NotTestable` 220
CCC.Core	CCC.Core.CN07.AR02 When enumeration activities are detected, the service MUST log the client identity, time, and nature of the activity.	`Enumeration logging cannot be verified automatically - NotTestable` 220
CCC.Core	CCC.Core.CN10.AR01 When data is replicated, the service MUST ensure that replication only occurs to destinations that are explicitly included within the defined trust perimeter.	`Replication destination trust cannot be verified automatically - NotTestable` 220
CCC.SvlsComp	CCC.SvlsComp.CN01.AR01 Attempt to access the serverless function over the public internet and verify that access is denied.	`No public invoke surface is configured` 220 `Private invoke path succeeds` 220 `Public internet invoke attempt is denied` 202
CCC.SvlsComp	CCC.SvlsComp.CN02.AR01 Send requests to invoke the function up to the allowed threshold and confirm they are successful; then send additional requests exceeding the threshold from the same entity and verify that they are denied.	`Invocations beyond threshold are throttled` 202

Resource Summary

Summary of all resources mentioned in OCSF results

Resource Name	Resource Type	Control Catalogs	Total Tests	Passing	Failing
finos-ccc-integration-fn-main	serverless-computing	CCC.CoreCCC.SvlsComp	28	14	14

Test Results

OCSF test results filtered for entries with CCC compliance mappings

Status	Finding	Resource Name	Resource Type	Message	Test Requirements
FAIL	Function encryption status reports enabled controls ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "GetFunctionEncryptionStatus" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "encryption" ✓ I attach "{encryption}" to the test output as "Function Encryption Status" ✗ "{encryption.EnvEncrypted}" is "true" - Error: expected {encryption.EnvEncrypted} to equal 'true', got 'false'	finos-ccc-integration-fn-main	serverless-computing	Function encryption status reports enabled controls	CCC.Core.CN02.AR01
PASS	Private invoke path succeeds ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "AttemptPrivateInvoke" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "privateInvoke" ✓ "{privateInvoke.Invoked}" is "true"	finos-ccc-integration-fn-main	serverless-computing	Private invoke path succeeds	CCC.SvlsComp.CN01.AR01
PASS	No public invoke surface is configured ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "GetInvokeEndpointExposure" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "exposure" ✓ I attach "{exposure}" to the test output as "Invoke Endpoint Exposure" ✓ "{exposure.PublicEndpointConfigured}" is "false"	finos-ccc-integration-fn-main	serverless-computing	No public invoke surface is configured	CCC.SvlsComp.CN01.AR01
FAIL	Public internet invoke attempt is denied ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "AttemptPublicInternetInvoke" using argument "{uid}" ✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: no public invoke URL available (set public-invoke-url or expose function with ALLOW_ALL ingress) ⊘ I refer to "{result}" as "publicInvoke" (skipped) ⊘ I attach "{publicInvoke}" to the test output as "Public Invoke Attempt" (skipped) ⊘ "{publicInvoke.AccessDenied}" is "true" (skipped)	finos-ccc-integration-fn-main	serverless-computing	Public internet invoke attempt is denied	CCC.SvlsComp.CN01.AR01
FAIL	Invocations beyond threshold are throttled ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "InvokeFunctionBurst" using arguments "{uid}" and "{rate-limit-threshold}" ✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: no invoke URL available for function ⊘ I refer to "{result}" as "withinThreshold" (skipped) ⊘ "{withinThreshold.AllSucceeded}" is "true" (skipped) ⊘ I call "{svc}" with "InvokeFunctionBurst" using arguments "{uid}" and "{burst-overrun}" (skipped) ⊘ "{result}" is not an error (skipped) ⊘ I refer to "{result}" as "overrun" (skipped) ⊘ I attach "{overrun}" to the test output as "Invocation Burst Overrun" (skipped) ? "{overrun.ThrottledCount}" is greater than "{0}" (undefined)	finos-ccc-integration-fn-main	serverless-computing	Invocations beyond threshold are throttled	CCC.SvlsComp.CN02.AR01
PASS	MFA requirement for destructive operations cannot be tested automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	MFA requirement for destructive operations cannot be tested automatically - NotTestable	CCC.Core.CN03.AR01
FAIL	Verify admin actions are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "UpdateResourcePolicy" ✓ "{result}" is not an error ✓ I attach "{result}" to the test output as "Policy Update Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "adminLogs" ✓ I attach "{adminLogs}" to the test output as "Admin Activity Logs" ✗ "{adminLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify admin actions are logged with identity and timestamp	CCC.Core.CN04.AR01
FAIL	Verify data modifications are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}" ✓ I attach "{result}" to the test output as "Data Write Trigger Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}" ✓ I refer to "{result}" as "dataLogs" ✓ I attach "{dataLogs}" to the test output as "Data Write Logs" ✗ "{dataLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify data modifications are logged with identity and timestamp	CCC.Core.CN04.AR02
FAIL	Verify data read operations are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "TriggerDataRead" using argument "{resource-name}" ✓ I attach "{result}" to the test output as "Data Read Trigger Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "readLogs" ✓ I attach "{readLogs}" to the test output as "Data Read Logs" ✗ "{readLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify data read operations are logged with identity and timestamp	CCC.Core.CN04.AR03
PASS	Service prevents data read by user with no access ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access" ✓ "{result}" is not an error ✓ I refer to "{result}" as "userReadableService" ✓ I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}" ✓ "{result}" is an error ✓ I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"	finos-ccc-integration-fn-main	serverless-computing	Service prevents data read by user with no access	CCC.Core.CN05.AR06
PASS	Enumeration event publishing cannot be tested automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Enumeration event publishing cannot be tested automatically - NotTestable	CCC.Core.CN07.AR01
PASS	Enumeration logging cannot be verified automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Enumeration logging cannot be verified automatically - NotTestable	CCC.Core.CN07.AR02
PASS	Replication destination trust cannot be verified automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Replication destination trust cannot be verified automatically - NotTestable	CCC.Core.CN10.AR01
FAIL	Resource region can be retrieved for compliance verification ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{theService}" with "GetResourceRegion" using argument "{resource-name}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "region" ✓ I attach "{region}" to the test output as "Resource Region" ✗ "{permitted-regions}" is an array of objects with at least the following contents - Error: expected row not found: map[value:{region}]	finos-ccc-integration-fn-main	serverless-computing	Resource region can be retrieved for compliance verification	CCC.Core.CN06.AR01
FAIL	Function encryption status reports enabled controls ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "GetFunctionEncryptionStatus" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "encryption" ✓ I attach "{encryption}" to the test output as "Function Encryption Status" ✗ "{encryption.EnvEncrypted}" is "true" - Error: expected {encryption.EnvEncrypted} to equal 'true', got 'false'	finos-ccc-integration-fn-main	serverless-computing	Function encryption status reports enabled controls	CCC.Core.CN02.AR01
PASS	Private invoke path succeeds ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "AttemptPrivateInvoke" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "privateInvoke" ✓ "{privateInvoke.Invoked}" is "true"	finos-ccc-integration-fn-main	serverless-computing	Private invoke path succeeds	CCC.SvlsComp.CN01.AR01
PASS	No public invoke surface is configured ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "GetInvokeEndpointExposure" using argument "{uid}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "exposure" ✓ I attach "{exposure}" to the test output as "Invoke Endpoint Exposure" ✓ "{exposure.PublicEndpointConfigured}" is "false"	finos-ccc-integration-fn-main	serverless-computing	No public invoke surface is configured	CCC.SvlsComp.CN01.AR01
FAIL	Public internet invoke attempt is denied ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "AttemptPublicInternetInvoke" using argument "{uid}" ✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: no public invoke URL available (set public-invoke-url or expose function with ALLOW_ALL ingress) ⊘ I refer to "{result}" as "publicInvoke" (skipped) ⊘ I attach "{publicInvoke}" to the test output as "Public Invoke Attempt" (skipped) ⊘ "{publicInvoke.AccessDenied}" is "true" (skipped)	finos-ccc-integration-fn-main	serverless-computing	Public internet invoke attempt is denied	CCC.SvlsComp.CN01.AR01
FAIL	Invocations beyond threshold are throttled ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "serverless-computing" ✓ I refer to "{result}" as "svc" ✓ I call "{svc}" with "InvokeFunctionBurst" using arguments "{uid}" and "{rate-limit-threshold}" ✗ "{result}" is not an error - Error: expected {result} to not be an error, but got: no invoke URL available for function ⊘ I refer to "{result}" as "withinThreshold" (skipped) ⊘ "{withinThreshold.AllSucceeded}" is "true" (skipped) ⊘ I call "{svc}" with "InvokeFunctionBurst" using arguments "{uid}" and "{burst-overrun}" (skipped) ⊘ "{result}" is not an error (skipped) ⊘ I refer to "{result}" as "overrun" (skipped) ⊘ I attach "{overrun}" to the test output as "Invocation Burst Overrun" (skipped) ? "{overrun.ThrottledCount}" is greater than "{0}" (undefined)	finos-ccc-integration-fn-main	serverless-computing	Invocations beyond threshold are throttled	CCC.SvlsComp.CN02.AR01
PASS	MFA requirement for destructive operations cannot be tested automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	MFA requirement for destructive operations cannot be tested automatically - NotTestable	CCC.Core.CN03.AR01
FAIL	Verify admin actions are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "UpdateResourcePolicy" ✓ "{result}" is not an error ✓ I attach "{result}" to the test output as "Policy Update Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "adminLogs" ✓ I attach "{adminLogs}" to the test output as "Admin Activity Logs" ✗ "{adminLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify admin actions are logged with identity and timestamp	CCC.Core.CN04.AR01
FAIL	Verify data modifications are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}" ✓ I attach "{result}" to the test output as "Data Write Trigger Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}" ✓ I refer to "{result}" as "dataLogs" ✓ I attach "{dataLogs}" to the test output as "Data Write Logs" ✗ "{dataLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify data modifications are logged with identity and timestamp	CCC.Core.CN04.AR02
FAIL	Verify data read operations are logged with identity and timestamp ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{api}" with "GetServiceAPI" using argument "logging" ✓ I refer to "{result}" as "loggingService" ✓ I call "{theService}" with "TriggerDataRead" using argument "{resource-name}" ✓ I attach "{result}" to the test output as "Data Read Trigger Result" ✓ we wait for a period of "10000" ms ✓ I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "readLogs" ✓ I attach "{readLogs}" to the test output as "Data Read Logs" ✗ "{readLogs}" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]	finos-ccc-integration-fn-main	serverless-computing	Verify data read operations are logged with identity and timestamp	CCC.Core.CN04.AR03
PASS	Service prevents data read by user with no access ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access" ✓ "{result}" is not an error ✓ I refer to "{result}" as "userReadableService" ✓ I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}" ✓ "{result}" is an error ✓ I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"	finos-ccc-integration-fn-main	serverless-computing	Service prevents data read by user with no access	CCC.Core.CN05.AR06
PASS	Enumeration event publishing cannot be tested automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Enumeration event publishing cannot be tested automatically - NotTestable	CCC.Core.CN07.AR01
PASS	Enumeration logging cannot be verified automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Enumeration logging cannot be verified automatically - NotTestable	CCC.Core.CN07.AR02
PASS	Replication destination trust cannot be verified automatically - NotTestable ✓ a cloud api for "{config}" in "api" ✓ no-op required	finos-ccc-integration-fn-main	serverless-computing	Replication destination trust cannot be verified automatically - NotTestable	CCC.Core.CN10.AR01
FAIL	Resource region can be retrieved for compliance verification ✓ a cloud api for "{config}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "{service-type}" ✓ I refer to "{result}" as "theService" ✓ I call "{theService}" with "GetResourceRegion" using argument "{resource-name}" ✓ "{result}" is not an error ✓ I refer to "{result}" as "region" ✓ I attach "{region}" to the test output as "Resource Region" ✗ "{permitted-regions}" is an array of objects with at least the following contents - Error: expected row not found: map[value:{region}]	finos-ccc-integration-fn-main	serverless-computing	Resource region can be retrieved for compliance verification	CCC.Core.CN06.AR01