CCC.ObjStor.CN02: Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions
Control ID:CCC.ObjStor.CN02
Title:Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions
Objective:Ensure that uniform bucket-level access is enforced across all
object storage buckets. This prevents the use of ad-hoc or
inconsistent object-level permissions, ensuring centralized,
consistent, and secure access management in accordance with the
principle of least privilege.
Control Family:
Identity and Access Management
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP29 | Active Ingestion | While running, the service can receive inputs, commands, or data streams from external sources such as dedicated APIs, exposed network ports, message queues, and persistent data ingestion channels. |
Guideline Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
NIST-CSF | PR.AC-4 | 0 | - |
ISO_27001 | 2013 A.9.4.1 | 0 | - |
NIST_800_53 | AC-3 | 0 | - |
NIST_800_53 | AC-6 | 0 | - |
CCM | DCS-09 | 0 | - |