| CCC.Core.CN01.AR01 |
— |
— |
- Service accepts TLS 1.3 encrypted traffic
- Service rejects TLS 1.2 traffic
- Service rejects TLS 1.1 traffic
- Service rejects TLS 1.0 traffic
|
- Verify SSL/TLS protocol support
- Verify no known SSL/TLS vulnerabilities
- Verify TLS 1.3 only certificate validity
|
| CCC.Core.CN01.AR02 |
— |
— |
- Verify SSH protocol version
|
- Verify SSH uses strong ciphers
- Verify SSH server configuration
|
| CCC.Core.CN01.AR03 |
— |
— |
— |
- HTTP redirects to HTTPS
- FTP traffic is blocked or not exposed
- Telnet traffic is blocked or not exposed
- Only secure protocols are exposed
|
| CCC.Core.CN01.AR07 |
— |
— |
— |
- Verify HTTPS uses IANA-assigned port 443
|
| CCC.Core.CN01.AR08 |
— |
— |
— |
- Verify mTLS requires client certificate authentication
|
| CCC.Core.CN02.AR01 - Encrypt Data For Storage |
— |
— |
- VM attached volumes report encryption enabled
|
— |
| CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations |
— |
— |
- MFA requirement for destructive operations cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN04.AR01 - Log Administrative Access Attempts |
— |
— |
— |
- Verify admin actions are logged with identity and timestamp
|
| CCC.Core.CN04.AR02 - Log Data Modification Attempts |
— |
— |
— |
- Verify data modifications are logged with identity and timestamp
|
| CCC.Core.CN04.AR03 - Log Data Read Attempts |
— |
— |
— |
- Verify data read operations are logged with identity and timestamp
|
| CCC.Core.CN05.AR06 - Block All Unauthorized Requests |
— |
— |
- Service prevents data read by user with no access
|
— |
| CCC.Core.CN06.AR01 - Resource Location Compliance |
— |
— |
— |
- Resource region can be retrieved for compliance verification
|
| CCC.Core.CN07.AR01 - Publish Enumeration Activity Events |
— |
— |
- Enumeration event publishing cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN07.AR02 - Log Enumeration Activities |
— |
— |
- Enumeration logging cannot be verified automaticallyNotTestable
|
— |
| CCC.Core.CN10.AR01 - Replication Destination Trust |
— |
— |
- Replication destination trust cannot be verified automaticallyNotTestable
|
— |
| CCC.Core.CN12.AR01 - Deny Unauthorized IP Connection |
— |
— |
— |
- Unauthorized inbound connection attempt is denied
|