From ca52b72f300d30c4598a9d4727b51c9b3e6cc1d8 Mon Sep 17 00:00:00 2001 From: Dave Ogle <dogle@scottlogic.com> Date: Thu, 5 Dec 2024 13:41:03 +0000 Subject: [PATCH] Fix merge conflicts --- services/database/relational/controls.yaml | 36 ++++++++++------------ 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml index 06d2cfce..afc6256f 100644 --- a/services/database/relational/controls.yaml +++ b/services/database/relational/controls.yaml @@ -1,8 +1,8 @@ common_controls: - CCC.C01 # Prevent unencrypted requests - CCC.C02 # Ensure data encryption at rest for all stored data - - CCC.C03 # Implement multi-factor authentication (MFA) for access - - CCC.C04 # Log all access and changes + - CCC.C03 # Log all access and changes + - CCC.C04 # Implement multi-factor authentication (MFA) for access - CCC.C05 # Prevent access from untrusted entities - CCC.C06 # Prevent deployment in restricted regions - CCC.C07 # Alert on non-human enumeration @@ -11,33 +11,29 @@ common_controls: controls: - id: CCC.RDMS.C01 - title: Enforce Role-Based Access Control - objective: Ensure only authorized roles can access database resources. + title: Backup Database to Alternative Trust-Zone + objective: | + Ensure that databases are backed up and the backup is outside of the applications trust-zone control_family: Data - nist_csf: PR.AC-1 threats: - - M1041 # Restrict User Privileges + - CCC.RDMS.TH14 # DB backup is unintentionally restored + nist_csf: PR.DS-11 control_mappings: - CCM: - - IAM-02 - - IAM-12 - ISO_27001: - - 2013 A.9.1.2 NIST_800_53: - - AC-2 + - CP-6 test_requirements: - - id: CCC.RDMS.C1.TR01 - text: Role-based access control for database management system - tlp_levels: # TODO Need to confirm these - - id: CCC.RDMS.C1.TR02 - text: Restrict access to database resources based on role definitions - - id: CCC.RDMS.C1.TR03 - text: Prevent unauthorized access to database resources + - id: CCC.RDMS.C01.TR01 + text: | + From the same trust-zone as the database attempt to access the database backup and ensure that access is + denied + tlp_levels: + - tlp_red + - tlp_amber - id: CCC.RDMS.C02 title: Disable Access with Default Credentials objective: | - Ensure that default credentials are disabled and only authorized + Ensure that default credentials are disabled and only authorized roles can access database resources. control_family: Data nist_csf: PR.AC-5