Controls work (#594)

Signed-off-by: Eddie Knight <knight@linux.com> Co-authored-by: Eddie Knight <knight@linux.com>
finos · Jan 20, 2025 · bf88875 · bf88875
1 parent 68ddefa
commit bf88875
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml
@@ -86,3 +86,43 @@ controls:
         tlp_levels:
           - tlp_red
           - tlp_amber
+
+  - id: CCC.RDMS.C04
+    title: Password Management
+    objective: |
+        DB Admin passwords must be change from their default values and approporatly managed by password or secret
+        managers.
+    control_family: Data
+    threats:
+      - CCC.RDMS.TH01 # Unauthorized Access to Database
+    nist_csf: PR.AA-01
+    control_mappings:
+      NIST_800_53:
+        - AC-2
+    test_requirements:
+      - id: CCC.RDMS.C01.TR02
+        text: |
+          Login to the DB using a default password, it must fail
+        tlp_levels:
+          - tlp_red
+          - tlp_amber
+
+  - id: CCC.RDMS.C05
+    title: Restrict Snapshot Sharing to Authorized Accounts
+    objective: |
+      Ensure snapshots are only shared with explicitly authorized account to limit data exposure and reduce data
+      exfiltration
+    control_family: data
+    threats:
+      - CCC.RDMS.TH02
+    nist_csf: PR.DS-10
+    control_mappings:
+      NIST_800_53:
+        - AC-4
+    test_requirements:
+      - id: CCC.RDMS.C03.TR01
+        text: |
+          Attempt to share snapshot with unauthorized account and attempt is denied
+        tlp_levels:
+          - tlp_red
+          - tlp_amber
diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml
@@ -108,7 +108,7 @@ threats:
       - T1485
 
   - id: CCC.RDMS.TH15
-    title: Brute force attack against the database
+    title: Brute Force Attack Against the Database
     description: |
       Threat actor uses brute force attack to discover
       database user password, threat actor then has access to the
@@ -119,7 +119,7 @@ threats:
       - T1110
 
   - id: CCC.RDMS.TH16
-    title: Database backups stopped
+    title: Database Backups Stopped
     description: |
       Threat actor stops database backups from occuring to inhibit
       system recovery.