| CCC.Core.CN02.AR01 - Encrypt Data For Storage |
— |
— |
— |
- Function encryption status reports enabled controls
|
| CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations |
— |
— |
- MFA requirement for destructive operations cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN04.AR01 - Log Administrative Access Attempts |
— |
— |
— |
- Verify admin actions are logged with identity and timestamp
|
| CCC.Core.CN04.AR02 - Log Data Modification Attempts |
— |
— |
— |
- Verify data modifications are logged with identity and timestamp
|
| CCC.Core.CN04.AR03 - Log Data Read Attempts |
— |
— |
— |
- Verify data read operations are logged with identity and timestamp
|
| CCC.Core.CN05.AR06 - Block All Unauthorized Requests |
— |
— |
- Service prevents data read by user with no access
|
— |
| CCC.Core.CN06.AR01 - Resource Location Compliance |
— |
— |
— |
- Resource region can be retrieved for compliance verification
|
| CCC.Core.CN07.AR01 - Publish Enumeration Activity Events |
— |
— |
- Enumeration event publishing cannot be tested automaticallyNotTestable
|
— |
| CCC.Core.CN07.AR02 - Log Enumeration Activities |
— |
— |
- Enumeration logging cannot be verified automaticallyNotTestable
|
— |
| CCC.Core.CN10.AR01 - Replication Destination Trust |
— |
— |
- Replication destination trust cannot be verified automaticallyNotTestable
|
— |
| CCC.SvlsComp.CN01.AR01 - Deny Public Internet Access |
— |
— |
- Private invoke path succeeds
- No public invoke surface is configured
|
- Public internet invoke attempt is denied
|
| CCC.SvlsComp.CN02.AR01 - Function Invocation Rate Limits |
— |
— |
— |
- Invocations beyond threshold are throttled
|