CCC Compliance Test Summary

Control PASSING @Policy FAILING @Policy PASSING @Behavioural FAILING @Behavioural
CCC.VPC.CN01.AR01 - Subscription must not contain default network resources
  • Main check: no default VPC exists
  • Main check: no default VPC exists
  • Main check: no default VPC exists
  • Main check: no default VPC exists
  • Main check: no default VPC exists
  • Main check: no default VPC exists
CCC.VPC.CN02.AR01 - No external IP by default in public subnets
  • Main check (config): public subnets do not auto-assign external IPs
  • Main check (config): public subnets do not auto-assign external IPs
  • Main check (config): public subnets do not auto-assign external IPs
  • Main check (config): public subnets do not auto-assign external IPs
  • Main check (config): public subnets do not auto-assign external IPs
  • Main check (config): public subnets do not auto-assign external IPs
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
  • Behavioural check (active): resource launched in public subnet is not assigned an external IP
CCC.VPC.CN03.AR01 - Restrict VPC peering requests from non-allowlisted requesters
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
  • Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC
  • Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed
CCC.VPC.CN04.AR01 - Flow logs must capture all VPC traffic
  • Main check (config): flow logs are active and capture all traffic
  • Main check (config): flow logs are active and capture all traffic
  • Main check (config): flow logs are active and capture all traffic
  • Main check (config): flow logs are active and capture all traffic
  • Main check (config): flow logs are active and capture all traffic
  • Main check (config): flow logs are active and capture all traffic
  • Behavioral check (active): traffic produces flow log records
  • Behavioral check (active): traffic produces flow log records
  • Behavioral check (active): traffic produces flow log records
  • Behavioral check (active): traffic produces flow log records
  • Behavioral check (active): traffic produces flow log records
  • Behavioral check (active): traffic produces flow log records