diff --git a/services/database/relational/controls.md b/services/database/relational/controls.md deleted file mode 100644 index 55f15416..00000000 --- a/services/database/relational/controls.md +++ /dev/null @@ -1,110 +0,0 @@ -# CCC.RDMS: Relational Database Management Systems Controls - -| Control Id | Service Taxonomy Id | Control | -| ----------- | ------------------- | --------------------------------------------- | -| CCC.RDMS.C1 | CCC-RDMS-9 | Enforce Role-Based Access Control | -| CCC.RDMS.C2 | CCC-RDMS-9 | Disable Access with Default Credentials | -| CCC.RDMS.C3 | CCC-RDMS-5 | Restrict Snapshot Collection To Trusted Roles | -| CCC.RDMS.C4 | CCC-RDMS-11 | Enforce Logging & Monitoring | - ---- - -## CCC.RDMS.C1: Enforce Role-Based Access Control - -- Corresponding Feature: CCC-RDMS-9 (Role Based Access Control) -- NIST CSF: Protect (PR.AC-1) -- MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) - -### Objective - -Ensure only authorized roles can access database resources. - -### Control Mappings - -- CCM: IAM-02, IAM-12 -- ISO/IEC 27001:2013 A.9.1.2 -- NIST SP 800-53: AC-2 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C1.TR01**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR01): Role-based access control for database management system -2. [**CCC.RDMS.C1.TR02**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR02): Restrict access to database resources based on role definitions -3. [**CCC.RDMS.C1.TR03**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR03): Prevent unauthorized access to database resources - ---- - -## CCC.RDMS.C2: Disable Access with Default Credentials - -- Corresponding Feature: CCC-RDMS-9 (Role Based Access Control) -- NIST CSF: Protect (PR.AC-5) -- MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) - -### Objective - -Ensure that default credentials are disabled and only authorized roles can access database resources. - -### Control Mappings - -- CCM: IAM-09, IAM-13 -- ISO/IEC 27001:2013 A.9.2.6 -- NIST SP 800-53: AC-17 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C2.TR01**](./tests/ccc-rdms-c2.feature#CCC.RDMS.C2.TR01): Secure Database Access Control - ---- - -## CCC.RDMS.C3: Restrict Snapshot Collection To Trusted Roles - -- Corresponding Feature: CCC-RDMS-5 (Automated Backups) -- NIST CSF: Protect (PR.DS-3) -- MITRE ATT&CK TTP: [M1054 - Restrict Data Access](https://attack.mitre.org/mitigations/M1054) - -### Objective - -Limit snapshot collection capabilities to trusted roles. - -### Control Mappings - -- CCM: DSI-05, DSI-07 -- ISO/IEC 27001:2013 A.12.3.1 -- NIST SP 800-53: CP-9 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C3.TR01**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR01): Snapshot collection by trusted roles -2. [**CCC.RDMS.C3.TR02**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR02): Restriction of snapshot collection capabilities -3. [**CCC.RDMS.C3.TR03**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR03): Prevent unauthorized snapshot collection - ---- - -## CCC.RDMS.C4: Enforce Logging & Monitoring - -- Corresponding Feature: CCC-RDMS-11 (Monitoring) -- NIST CSF: Protect (PR.PT-1) -- MITRE ATT&CK TTP: [M1030 - Network Intrusion Detection](https://attack.mitre.org/mitigations/M1030) - -### Objective - -Ensure logging and monitoring cannot be disabled by users. - -### Control Mappings - -- CCM: STA-04, STA-05 -- ISO/IEC 27001:2013 A.12.4.1 -- NIST SP 800-53: AU-2, AU-3 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C4.TR01**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR01): Enable logging for database activities -2. [**CCC.RDMS.C4.TR02**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR02): Active monitoring of database resources -3. [**CCC.RDMS.C4.TR03**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR03): Restrict users from disabling logging and monitoring diff --git a/services/database/relational/tests/ccc-rdms-c2.feature b/services/database/relational/tests/ccc-rdms-c2.feature index faada5ea..888d25e5 100644 --- a/services/database/relational/tests/ccc-rdms-c2.feature +++ b/services/database/relational/tests/ccc-rdms-c2.feature @@ -5,20 +5,41 @@ Feature: Secure Database Access Control This feature verifies various security measures in the database management system, including disabling default credentials, ensuring only authorized roles have access, and denying access attempts using default credentials. """ -@CCC.RDMS.C2.TR02.T01 +@CCC.RDMS.C2.TR01.TE01 Scenario: Ensure that only authorized roles can access database resources Given a user with an authorized role When the user tries to access the database resources Then the user should be granted access to the database resources -@CCC.RDMS.C2.TR02.T02 +@CCC.RDMS.C2.TR01.TE02 Scenario: Ensure that unauthorized roles cannot access database resources Given a user with an unauthorized role When the user tries to access the database resources Then the user should be denied access to the database resources -@CCC.RDMS.C2.TR02.TR03 +@CCC.RDMS.C2.TR01.TE03 Scenario: Confirm that access attempts using default credentials are denied Given the database management system has default credentials When an access attempt is made using default credentials Then the access attempt should be denied + + +@CCC.RDMS.C2.TR02 +Feature: Secure Database Access Control with Local users + +""" +This feature targets database configurations where a local user is defined and granted permissions to interact with the database system. +""" + +@CCC.RDMS.C2.TR02.TE01 +Scenario: Ensure that only authorized local accounts exist in the database and are restricted to accessing the data they need + Given a local database with user accounts that may be used for application access + When auditing local accounts + Then only expected local accounts exist in the database + And each account is properly scoped to the expected permissions + +@CCC.RDMS.C2.TR02.TE02 +Scenario: Ensure that authorized accounts only have the minimum neccessary permissions to perform their task + Given a local database with user accounts + When auditing local account permissions + Then the permissions are the minimum needed to local account to perform necessary operations diff --git a/services/database/relational/tests/ccc-rdms-c8.feature b/services/database/relational/tests/ccc-rdms-c8.feature new file mode 100644 index 00000000..a64f53cb --- /dev/null +++ b/services/database/relational/tests/ccc-rdms-c8.feature @@ -0,0 +1,18 @@ +@CCC.RDMS.C8.TR01 +Feature: Data encryption in transit + +""" +This reature ensures that end-to-end encryption of data in transit is leveraged and enforced +""" + +@CCC.RDMS.C8.TR01.TE01 +Scenario: Verify that databases are enforcing encrypted connections + Given an application attempting to connect to a database and the database is configured with some form of "require secure transport" + When the connection attempt is made without using encryption + Then the connection should be refused + +@CCC.RDMS.C8.TR01.TE02 +Scenario: Verify all connections to the database are established using secure connectionss + Given a user connection has been established to the database + When an admin follows vendor specific steps to audit connection details + Then there should be no connections observed using insecure connections