generated from finos/standards-project-blueprint
-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0ba67ed
commit 750b16b
Showing
7 changed files
with
272 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,112 @@ | ||
| # Relational Database Management Systems Controls | ||
| # CCC.RDMS: Relational Database Management Systems Controls | ||
|
|
||
| This document contains an abstracted list of controls based on the [Threats for Relational Database Management Systems](./threats.md). The scope of these controls expand across cloud service providers. The controls gherkin feature file can be located [here](./tests/controls.feature). | ||
| | Control Id | Service Taxonomy Id | Control | | ||
| | ----------- | ------------------- | --------------------------------------------- | | ||
| | CCC.RDMS.C1 | CCC-020115 | Enforce Role-Based Access Control | | ||
| | CCC.RDMS.C2 | CCC-020114 | Disable Access with Default Credentials | | ||
| | CCC.RDMS.C3 | CCC-020116 | Restrict Snapshot Collection To Trusted Roles | | ||
| | CCC.RDMS.C4 | CCC-020118 | Enforce Logging & Monitoring | | ||
|
|
||
| ## Controls Catalog | ||
| --- | ||
|
|
||
| | Control ID | Objective | Description | NIST CSF | MITRE ATT&CK Mitigations | Threats | | ||
| | ----------- | -------------------------------------------------------- | ------------------------------------------------------------------ | -------- | --------------------------------------------------- | ----------- | | ||
| | CCC.RDMS.C1 | Enforce Role-Based Access Control | Ensure only authorized roles can access database resources. | Protect | [M1041](https://attack.mitre.org/mitigations/M1041) | [CCC.RDMS.T1](./threats.md/#CCC.RDMS.T1) [CCC.RDMS.T4](./threats.md/#CCC.RDMS.T4) | | ||
| | CCC.RDMS.C2 | Disable Access with Default Credentials | Ensure only authorized roles can access database resources. | Protect | [M1041](https://attack.mitre.org/mitigations/M1041) | [CCC.RDMS.T1](./threats.md/#CCC.RDMS.T1) | | ||
| | CCC.RDMS.C3 | Restrict Snapshot Collection To Trusted Roles | Limit snapshot collection capabilities to trusted roles. | Protect | [M1054](https://attack.mitre.org/mitigations/M1054) | [CCC.RDMS.T2](./threats.md/#CCC.RDMS.T2) | | ||
| | CCC.RDMS.C4 | Restrict Snapshot Collection to Trusted Organization | Limit snapshot export capabilities to trusted organization. | Protect | [M1054](https://attack.mitre.org/mitigations/M1054) | [CCC.RDMS.T2](./threats.md/#CCC.RDMS.T2) | | ||
| | CCC.RDMS.C5 | Enforce Logging & Monitoring | Ensure logging and monitoring cannot be disabled by users. | Protect | [M1030](https://attack.mitre.org/mitigations/M1030) | [CCC.RDMS.T3](./threats.md/#CCC.RDMS.T3) [CCC.RDMS.T4](./threats.md/#CCC.RDMS.T4)| | ||
| | CCC.RDMS.C6 | Deny Unencrypted Connections | Require encrypted connections for all database access. | Protect | [M1041](https://attack.mitre.org/mitigations/M1041) | [CCC.RDMS.T5](./threats.md/#CCC.RDMS.T6) | | ||
| | CCC.RDMS.C7 | Validate Encryption Keys for Database Snapshots | Ensure only authorized encryption keys are used for snapshots. | Protect | [M1042](https://attack.mitre.org/mitigations/M1042) | [CCC.RDMS.T6](./threats.md/#CCC.RDMS.T7) | | ||
| ## CCC.RDMS.C1: Enforce Role-Based Access Control | ||
|
|
||
| - Corresponding Feature: CCC-020115 (Access Control) | ||
| - NIST CSF: Protect (PR.AC-1) | ||
| - MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) | ||
|
|
||
| ### Objective | ||
|
|
||
| Ensure only authorized roles can access database resources. | ||
|
|
||
| ### Control Mappings | ||
|
|
||
| - CCM: IAM-02, IAM-12 | ||
| - ISO/IEC 27001:2013 A.9.1.2 | ||
| - NIST SP 800-53: AC-2 | ||
|
|
||
| ### Testing Requirements | ||
|
|
||
| The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: | ||
|
|
||
| 1. [**CCC.RDMS.C1.TR01**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR01): Verify that access controls are in place to enforce role-based access. | ||
| 2. [**CCC.RDMS.C1.TR02**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR02): Ensure that access to database resources is restricted based on role definitions. | ||
| 3. [**CCC.RDMS.C1.TR03**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR03): Confirm that unauthorized roles cannot access database resources. | ||
|
|
||
| --- | ||
|
|
||
| ## CCC.RDMS.C2: Disable Access with Default Credentials | ||
|
|
||
| - Corresponding Feature: CCC-020114 (Credential Management) | ||
| - NIST CSF: Protect (PR.AC-5) | ||
| - MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) | ||
|
|
||
| ### Objective | ||
|
|
||
| Ensure that default credentials are disabled and only authorized roles can access database resources. | ||
|
|
||
| ### Control Mappings | ||
|
|
||
| - CCM: IAM-09, IAM-13 | ||
| - ISO/IEC 27001:2013 A.9.2.6 | ||
| - NIST SP 800-53: AC-17 | ||
|
|
||
| ### Testing Requirements | ||
|
|
||
| The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: | ||
|
|
||
| 1. [**CCC.RDMS.C2.TR01**](./tests/ccc-rdms-c2.feature#CCC.RDMS.C2.TR01): Verify that default credentials are disabled. | ||
| 2. [**CCC.RDMS.C2.TR02**](./tests/ccc-rdms-c2.feature#CCC.RDMS.C2.TR02): Ensure that only authorized roles can access database resources. | ||
| 3. [**CCC.RDMS.C2.TR03**](./tests/ccc-rdms-c2.feature#CCC.RDMS.C2.TR03): Confirm that access attempts using default credentials are denied. | ||
|
|
||
| --- | ||
|
|
||
| ## CCC.RDMS.C3: Restrict Snapshot Collection To Trusted Roles | ||
|
|
||
| - Corresponding Feature: CCC-020116 (Snapshot Management) | ||
| - NIST CSF: Protect (PR.DS-3) | ||
| - MITRE ATT&CK TTP: [M1054 - Restrict Data Access](https://attack.mitre.org/mitigations/M1054) | ||
|
|
||
| ### Objective | ||
|
|
||
| Limit snapshot collection capabilities to trusted roles. | ||
|
|
||
| ### Control Mappings | ||
|
|
||
| - CCM: DSI-05, DSI-07 | ||
| - ISO/IEC 27001:2013 A.12.3.1 | ||
| - NIST SP 800-53: CP-9 | ||
|
|
||
| ### Testing Requirements | ||
|
|
||
| The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: | ||
|
|
||
| 1. [**CCC.RDMS.C3.TR01**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR01): Verify that only trusted roles can perform snapshot collection. | ||
| 2. [**CCC.RDMS.C3.TR02**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR02): Ensure that snapshot collection capabilities are restricted to trusted roles. | ||
| 3. [**CCC.RDMS.C3.TR03**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR03): Confirm that unauthorized roles cannot collect snapshots. | ||
|
|
||
| --- | ||
|
|
||
| ## CCC.RDMS.C4: Enforce Logging & Monitoring | ||
|
|
||
| - Corresponding Feature: CCC-020118 (Logging and Monitoring) | ||
| - NIST CSF: Protect (PR.PT-1) | ||
| - MITRE ATT&CK TTP: [M1030 - Network Intrusion Detection](https://attack.mitre.org/mitigations/M1030) | ||
|
|
||
| ### Objective | ||
|
|
||
| Ensure logging and monitoring cannot be disabled by users. | ||
|
|
||
| ### Control Mappings | ||
|
|
||
| - CCM: STA-04, STA-05 | ||
| - ISO/IEC 27001:2013 A.12.4.1 | ||
| - NIST SP 800-53: AU-2, AU-3 | ||
|
|
||
| ### Testing Requirements | ||
|
|
||
| The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: | ||
|
|
||
| 1. [**CCC.RDMS.C4.TR01**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR01): Verify that logging is enabled for all database activities. | ||
| 2. [**CCC.RDMS.C4.TR02**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR02): Ensure that monitoring is active for all database resources. | ||
| 3. [**CCC.RDMS.C4.TR03**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR03): Confirm that users cannot disable logging and monitoring. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| @CCC.RDMS.C1 | ||
| Feature: Role-based access control and resource restriction | ||
|
|
||
| """ | ||
| This feature verifies that access controls are in place to enforce role-based access, restrict access to database resources based on role definitions, and confirm that unauthorized roles cannot access database resources. | ||
| """ | ||
|
|
||
| @CCC.RDMS.C1.TR01 | ||
| Scenario: Verify that access controls are in place to enforce role-based access | ||
|
|
||
| @CCC.RDMS.C1.TR01.T01 | ||
| Scenario: Access for DatabaseAdmin | ||
| Given a user with the role "DatabaseAdmin" | ||
| When the user tries to access the database management system | ||
| Then the user should be granted access to the database management system | ||
|
|
||
| @CCC.RDMS.C1.TR01.T02 | ||
| Scenario: Access for DataAnalyst | ||
| Given a user with the role "DataAnalyst" | ||
| When the user tries to access the database management system | ||
| Then the user should be granted access to the database management system | ||
|
|
||
| @CCC.RDMS.C1.TR01.T03 | ||
| Scenario: Access for Guest | ||
| Given a user with the role "Guest" | ||
| When the user tries to access the database management system | ||
| Then the user should be denied access to the database management system | ||
|
|
||
| @CCC.RDMS.C1.TR02 | ||
| Scenario: Ensure that access to database resources is restricted based on role definitions | ||
|
|
||
| @CCC.RDMS.C1.TR02.T01 | ||
| Scenario: Access to sensitive resources for DatabaseAdmin | ||
| Given a user with the role "DatabaseAdmin" | ||
| When the user tries to access sensitive database resources | ||
| Then the user should be granted access to sensitive database resources | ||
|
|
||
| @CCC.RDMS.C1.TR02.T02 | ||
| Scenario: Access to sensitive resources for DataAnalyst | ||
| Given a user with the role "DataAnalyst" | ||
| When the user tries to access sensitive database resources | ||
| Then the user should be denied access to sensitive database resources | ||
|
|
||
| @CCC.RDMS.C1.TR02.T03 | ||
| Scenario: Access to analytical resources for DataAnalyst | ||
| Given a user with the role "DataAnalyst" | ||
| When the user tries to access analytical database resources | ||
| Then the user should be granted access to analytical database resources | ||
|
|
||
| @CCC.RDMS.C1.TR03 | ||
| Scenario: Confirm that unauthorized roles cannot access database resources | ||
|
|
||
| @CCC.RDMS.C1.TR03.T01 | ||
| Scenario: Access for Guest | ||
| Given a user with the role "Guest" | ||
| When the user tries to access any database resources | ||
| Then the user should be denied access to all database resources | ||
|
|
||
| @CCC.RDMS.C1.TR03.T02 | ||
| Scenario: Access to admin-level resources for DataAnalyst | ||
| Given a user with the role "DataAnalyst" | ||
| When the user tries to access admin-level database resources | ||
| Then the user should be denied access to admin-level database resources | ||
|
|
||
| @CCC.RDMS.C1.TR03.T03 | ||
| Scenario: Access to analytical resources for DatabaseAdmin | ||
| Given a user with the role "DatabaseAdmin" | ||
| When the user tries to access analytical database resources | ||
| Then the user should be granted access to analytical database resources |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| @CCC.RDMS.C2 | ||
| Feature: Database Security Measures | ||
|
|
||
| """ | ||
| This feature verifies various security measures in the database management system, including disabling default credentials, ensuring only authorized roles have access, and denying access attempts using default credentials. | ||
| """ | ||
|
|
||
| @CCC.RDMS.C2.TR01 | ||
| Scenario: Verify that default credentials are disabled | ||
| Given the database management system is configured | ||
| When the default credentials are checked | ||
| Then the default credentials should be disabled | ||
|
|
||
| @CCC.RDMS.C2.TR02.T01 | ||
| Scenario: Ensure that only authorized roles can access database resources | ||
| Given a user with an authorized role | ||
| When the user tries to access the database resources | ||
| Then the user should be granted access to the database resources | ||
|
|
||
| @CCC.RDMS.C2.TR02.T02 | ||
| Scenario: Ensure that unauthorized roles cannot access database resources | ||
| Given a user with an unauthorized role | ||
| When the user tries to access the database resources | ||
| Then the user should be denied access to the database resources | ||
|
|
||
| @CCC.RDMS.C2.TR03 | ||
| Scenario: Confirm that access attempts using default credentials are denied | ||
| Given the database management system has default credentials | ||
| When an access attempt is made using default credentials | ||
| Then the access attempt should be denied |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| @CCC.RDMS.C3 | ||
| Feature: Snapshot collection access control | ||
|
|
||
| """ | ||
| This feature verifies that only trusted roles can perform snapshot collection in the database management system, and that unauthorized roles are restricted from this capability. | ||
| """ | ||
|
|
||
| @CCC.RDMS.C3.TR01 | ||
| Scenario: Verify that only trusted roles can perform snapshot collection | ||
| Given a user with the role "TrustedRole" | ||
| When the user tries to collect a snapshot | ||
| Then the user should be granted permission to collect a snapshot | ||
|
|
||
| @CCC.RDMS.C3.TR02 | ||
| Scenario: Ensure that snapshot collection capabilities are restricted to trusted roles | ||
| Given a user with the role "TrustedRole" | ||
| When the user tries to collect a snapshot | ||
| Then the user should be granted permission to collect a snapshot | ||
|
|
||
| Given a user with the role "UntrustedRole" | ||
| When the user tries to collect a snapshot | ||
| Then the user should be denied permission to collect a snapshot | ||
|
|
||
| @CCC.RDMS.C3.TR03 | ||
| Scenario: Confirm that unauthorized roles cannot collect snapshots | ||
| Given a user with the role "UnauthorizedRole" | ||
| When the user tries to collect a snapshot | ||
| Then the user should be denied permission to collect a snapshot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| @CCC.RDMS.C4 | ||
| Feature: Logging and monitoring for database activities | ||
|
|
||
| """ | ||
| This feature ensures that logging is enabled for all database activities, monitoring is active for all database resources, and users cannot disable logging and monitoring. | ||
| """ | ||
|
|
||
| @CCC.RDMS.C4.TR01 | ||
| Scenario: Verify that logging is enabled for all database activities | ||
| Given the database management system is configured | ||
| When the logging settings are checked | ||
| Then logging should be enabled for all database activities | ||
|
|
||
| @CCC.RDMS.C4.TR02 | ||
| Scenario: Ensure that monitoring is active for all database resources | ||
| Given the database management system is configured | ||
| When the monitoring settings are checked | ||
| Then monitoring should be active for all database resources | ||
|
|
||
| @CCC.RDMS.C4.TR03 | ||
| Scenario: Confirm that users cannot disable logging and monitoring | ||
| Given a user with the role "DatabaseAdmin" | ||
| When the user tries to disable logging | ||
| Then the user should be denied the ability to disable logging | ||
|
|
||
| Given a user with the role "DatabaseAdmin" | ||
| When the user tries to disable monitoring | ||
| Then the user should be denied the ability to disable monitoring |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.