Merge branch 'main' into CCC-494-md-to-yaml

finos · Jan 20, 2025 · cc89133 · cc89133
2 parents 6c87446 + 191f3f6
commit cc89133
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 3 deletions.
diff --git a/services/ai-ml/service-families.yaml → services/ai-ml/service-categories.yaml b/services/ai-ml/service-families.yaml → services/ai-ml/service-categories.yaml
diff --git a/services/database/relational/tests/ccc-rdms-c2.feature b/services/database/relational/tests/ccc-rdms-c2.feature
@@ -5,20 +5,41 @@ Feature: Secure Database Access Control
 This feature verifies various security measures in the database management system, including disabling default credentials, ensuring only authorized roles have access, and denying access attempts using default credentials.
 """
 
-@CCC.RDMS.C2.TR02.T01
+@CCC.RDMS.C2.TR01.TE01
 Scenario: Ensure that only authorized roles can access database resources
    Given a user with an authorized role
    When the user tries to access the database resources
    Then the user should be granted access to the database resources
 
-@CCC.RDMS.C2.TR02.T02
+@CCC.RDMS.C2.TR01.TE02
 Scenario: Ensure that unauthorized roles cannot access database resources
    Given a user with an unauthorized role
    When the user tries to access the database resources
    Then the user should be denied access to the database resources
 
-@CCC.RDMS.C2.TR02.TR03
+@CCC.RDMS.C2.TR01.TE03
 Scenario: Confirm that access attempts using default credentials are denied
    Given the database management system has default credentials
    When an access attempt is made using default credentials
    Then the access attempt should be denied
+
+
+@CCC.RDMS.C2.TR02
+Feature: Secure Database Access Control with Local users
+
+"""
+This feature targets database configurations where a local user is defined and granted permissions to interact with the database system.  
+"""
+
+@CCC.RDMS.C2.TR02.TE01
+Scenario: Ensure that only authorized local accounts exist in the database and are restricted to accessing the data they need
+   Given a local database with user accounts that may be used for application access
+   When auditing local accounts 
+   Then only expected local accounts exist in the database
+   And each account is properly scoped to the expected permissions
+
+@CCC.RDMS.C2.TR02.TE02
+Scenario: Ensure that authorized accounts only have the minimum neccessary permissions to perform their task
+   Given a local database with user accounts
+   When auditing local account permissions
+   Then the permissions are the minimum needed to local account to perform necessary operations
diff --git a/services/database/relational/tests/ccc-rdms-c8.feature b/services/database/relational/tests/ccc-rdms-c8.feature
@@ -0,0 +1,18 @@
+@CCC.RDMS.C8.TR01
+Feature: Data encryption in transit
+
+"""
+This reature ensures that end-to-end encryption of data in transit is leveraged and enforced
+"""
+
+@CCC.RDMS.C8.TR01.TE01
+Scenario: Verify that databases are enforcing encrypted connections
+   Given an application attempting to connect to a database and the database is configured with some form of "require secure transport"
+   When the connection attempt is made without using encryption
+   Then the connection should be refused
+
+@CCC.RDMS.C8.TR01.TE02
+Scenario: Verify all connections to the database are established using secure connectionss
+   Given a user connection has been established to the database
+   When an admin follows vendor specific steps to audit connection details  
+   Then there should be no connections observed using insecure connections