| CCC.Core.CN01.AR01 |
— |
— |
- Service accepts TLS 1.3 encrypted traffic
- Service rejects TLS 1.2 traffic
- Service rejects TLS 1.1 traffic
- Service rejects TLS 1.0 traffic
|
- Verify SSL/TLS protocol support
- Verify no known SSL/TLS vulnerabilities
- Verify TLS 1.3 only certificate validity
|
| CCC.Core.CN01.AR03 |
— |
— |
— |
- HTTP redirects to HTTPS
- Only secure protocols are exposed
|
| CCC.Core.CN01.AR07 |
— |
— |
- Verify HTTPS uses IANA-assigned port 443
|
— |
| CCC.Core.CN01.AR08 |
— |
— |
— |
- Verify mTLS requires client certificate authentication
|
| CCC.Core.CN02.AR01 - Data Encryption at Rest |
— |
— |
- Verify objects are encrypted at rest
|
— |
| CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations |
— |
— |
- MFA requirement for destructive operations cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN04.AR01 - Log Administrative Access Attempts |
— |
— |
— |
- Verify admin actions are logged with identity and timestamp
|
| CCC.Core.CN04.AR02 - Log Data Modification Attempts |
— |
— |
— |
- Verify data modifications are logged with identity and timestamp
|
| CCC.Core.CN04.AR03 - Log Data Read Attempts |
— |
— |
— |
- Verify data read operations are logged with identity and timestamp
|
| CCC.Core.CN05.AR01 - Block Unauthorized Data Modification |
— |
— |
- Service prevents data modification by user with no access
|
- Service allows data modification by user with write access
|
| CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access |
— |
— |
- Service prevents administrative action (creating a new bucket) by user with no access
- Service prevents administrative action (creating a new bucket) by user with read-only access
|
- Service allows administrative action (creating a new bucket) by user with admin access
|
| CCC.Core.CN05.AR06 - Block All Unauthorized Requests |
— |
— |
- Service prevents data read by user with no access
|
— |
| CCC.Core.CN06.AR02 - Child Resource Location Compliance |
— |
— |
- Child resource region complianceNotTestable
|
— |
| CCC.Core.CN07.AR01 - Publish Enumeration Activity Events |
— |
— |
- Enumeration event publishing cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN07.AR02 - Log Enumeration Activities |
— |
— |
- Enumeration logging cannot be verified automaticallyNotTestable
|
— |
| CCC.Core.CN08.AR01 - Data Replication and Redundancy |
— |
— |
— |
- Bucket data is replicated to physically separate locations
|
| CCC.Core.CN08.AR02 - Replication Status Visibility |
— |
— |
— |
- Replication status can be retrieved for monitoring
|
| CCC.Core.CN10.AR01 - Replication Destination Trust |
— |
— |
- Replication destination trust cannot be verified automaticallyNotTestable
|
— |
| CCC.ObjStor.CN01.AR01 |
— |
— |
- Service prevents reading bucket with no access
|
- Service allows reading bucket with read access
|
| CCC.ObjStor.CN01.AR02 |
— |
— |
- Service prevents reading object with no access
|
- Service allows reading object with read access
|
| CCC.ObjStor.CN01.AR03 |
— |
— |
- Service prevents creating bucket with no access
|
- Service allows creating bucket with write access
|
| CCC.ObjStor.CN01.AR04 |
— |
— |
- Service prevents writing object with read-only access
|
- Service allows writing object with write access
|
| CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow) |
— |
— |
— |
- Service enforces uniform bucket-level access by rejecting object-level permissions
|
| CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny) |
— |
— |
- Service enforces uniform bucket-level access denial
|
— |
| CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery |
— |
— |
— |
- Service supports bucket soft delete and recovery
|
| CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy |
— |
— |
— |
- Service prevents modification of locked retention policy
|
| CCC.ObjStor.CN04.AR01 |
— |
— |
- Service enforces retention policy on newly created objects
- Service validates retention period meets minimum requirements
|
- Service applies default retention policy to newly uploaded object
|
| CCC.ObjStor.CN04.AR02 |
— |
— |
- Service prevents object deletion by admin user during retention period
|
- Service prevents object deletion by write user during retention period
- Service prevents object modification during retention period
- Service allows object read access during retention period
|
| CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers |
— |
— |
— |
- Service enables versioning and objects receive unique version identifiers
|
| CCC.ObjStor.CN05.AR02 - New Version ID on Modification |
— |
— |
— |
- Modified objects receive new version identifiers
|
| CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions |
— |
— |
— |
- Modified objects receive new version identifiers
|
| CCC.ObjStor.CN05.AR04 - Retain Versions on Delete |
— |
— |
- Deleted object data can be reloaded from previous version
|
- Deleted object version remains in version list
|