CCC Relational Database Management System
Relational database services support structured data models and SQL (Structured Query Language) for data definition, manipulation, and querying.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.RDMS.CP01 | SQL Support | Properly handle queries in the SQL language. | 0 |
| CCC.RDMS.CP02 | DB Engine Option - MySQL | Ability to create a MySQL managed relational database. | 0 |
| CCC.RDMS.CP03 | DB Engine Option - PostgreSQL | Ability to create a PostgreSQL managed relational database. | 0 |
| CCC.RDMS.CP04 | DB Engine Option - MariaDB | Ability to create a MariaDB managed relational database. | 0 |
| CCC.RDMS.CP05 | DB Engine Option - SQL Server | Ability to create a Microsoft SQL Server managed relational database. | 0 |
| CCC.RDMS.CP06 | DB Managed Credentials | Ability to managed the database credentials using the cloud provider's secret management service. | 1 |
| CCC.RDMS.CP07 | DB Self Managed Credentials | Ability to manage the database credentials by client managed username and passwords. | 2 |
| CCC.RDMS.CP08 | Support for IPv4 | Ability to connect to the database using IPv4 addresses. | 0 |
| CCC.RDMS.CP09 | Support for IPv6 | Ability to connect to the database using IPv6 addresses | 0 |
| CCC.RDMS.CP10 | Public Access | Allow database to be accessed by public internet. | 0 |
| CCC.RDMS.CP11 | Disable Public Access | Prevent database been accessed by public internet. | 0 |
| CCC.RDMS.CP12 | Managed Connection Pooling | Ability to configure a managed connection pool for the database. | 0 |
| CCC.RDMS.CP13 | Deletion Protection | Protect the database against accidental deletion. | 0 |
| CCC.RDMS.CP14 | Dedicated Database Instances | Option to deploy the database on a dedicated instance for isolation requirements. | 0 |
| CCC.RDMS.CP15 | Horizontal Scaling | Read replicas of the primary database can be created. | 0 |
| CCC.RDMS.CP16 | Failover | Standby database can be implemented for failover when the primary can't be reached. | 0 |
| CCC.Core.CP01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. | 0 |
| CCC.Core.CP02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. | 0 |
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. | 3 |
| CCC.Core.CP04 | Transaction Rate Limits | The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit. | 1 |
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.CP07 | Event Publication | The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources. | 2 |
| CCC.Core.CP08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. | 2 |
| CCC.Core.CP09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 3 |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. | 2 |
| CCC.Core.CP11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. | 4 |
| CCC.Core.CP12 | Recovery | The service can be reverted to a previous state by providing a compatible backup or snapshot identifier. | 1 |
| CCC.Core.CP14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. | 1 |
| CCC.Core.CP17 | Alerting | The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource. | 2 |
| CCC.Core.CP19 | Resource Scaling | The service may be configured to scale child resources automatically or on-demand. | 1 |
| CCC.Core.CP20 | Resource Tagging | The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried. | 1 |
| CCC.Core.CP22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. | 1 |
| CCC.Core.CP23 | Network Access Rules | The service restricts access to child or networked resources based on user-defined network parameters such as IP address, protocol, port, or source. | 0 |
| CCC.Core.CP24 | Core Processing Units | The service provides users and child resources with access to core processing units (CPUs) for executing instructions and performing computations. | 0 |
| CCC.Core.CP25 | Random Access Memory Allocation | The service provides users and child resources with access to random access memory (RAM) for temporary data storage and fast data retrieval during processing tasks. | 0 |
| CCC.Core.CP26 | Persistent Storage | The service provides users and child resources with access to persistent storage for saving and retrieving data reliably over time. | 0 |
| CCC.Core.CP28 | Command-line Interface | The service includes a component that reads and translates text into commands that can be executed by the service. | 0 |
| CCC.Core.CP29 | Active Ingestion | While running, the service can receive inputs, commands, or data streams from external sources such as dedicated APIs, exposed network ports, message queues, and persistent data ingestion channels. | 2 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 4 |
| CCC.Core.TH02 | Data is Intercepted in Transit | Data transmitted by the service is susceptible to collection by any entity with access to any part of the transmission path. Packet observations can be used to support the planning of attacks by profiling origin points, destinations, and usage patterns. The data may also be vulnerable to interception or modification in transit if not properly encrypted, impacting the confidentiality or integrity of the transmitted data. | 1 | 1 | 1 |
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. | 1 | 1 | 1 |
| CCC.Core.TH04 | Data is Replicated to Untrusted or External Locations | Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure. | 1 | 1 | 2 |
| CCC.Core.TH05 | Interference with Replication Processes | Misconfigured or manipulated replication processes may lead to data being copied to unintended locations, delayed, modified, or not being copied at all. This could lead to compromised data confidentiality and integrity, potentially also affecting recovery processes and data availability. | 1 | 1 | 0 |
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. | 1 | 1 | 1 |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. | 1 | 1 | 1 |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. | 1 | 1 | 1 |
| CCC.Core.TH10 | State-change Events are Read by Unauthorized Entities | Unauthorized access to state-change events can reveal information about the system's design and usage patterns. This opens the system up to attacks of opportunity and support the planning of attacks on the service, system, or network. | 1 | 1 | 0 |
| CCC.Core.TH11 | Publications are Incorrectly Triggered | Incorrectly triggered publications may disseminate inaccurate or misleading information, creating a data integrity risk. Such misinformation can cause unintended operations to be initiated, conceal legitimate issues, and disrupt the availability or reliability of systems and their data. | 1 | 1 | 0 |
| CCC.Core.TH12 | Resource Constraints are Exhausted | Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources. | 1 | 1 | 0 |
| CCC.Core.TH13 | Resource Tags are Manipulated | When resource tags are altered, it can lead to misclassification or mismanagement of resources. This can reduce the efficacy of organizational policies, billing rules, or network access rules. Such changes could cause compromised confidentiality, integrity, or availability of the system and its data. | 1 | 1 | 0 |
| CCC.Core.TH15 | Automated Enumeration and Reconnaissance by Non-human Entities | Automated processes may be used to gather details about service and child resource elements such as APIs, file systems, or directories. This information can reveal vulnerabilities, misconfigurations, and the network topology, which can be used to plan an attack against the system, the service, or its child resources. | 1 | 1 | 1 |
| CCC.Core.TH16 | Publications are Disabled | Publication of events, metrics, and runtime logs may be disabled, leading to a lack of expected security and operational information being shared. This can impact system availability by delaying the detection of incidents while also impacting system design decisions and enforcement of operational thresholds, such as autoscaling or cost management. | 1 | 1 | 0 |
| CCC.Core.TH17 | Responses are Generated for Unauthorized Requests | The service may generate responses to requests from unauthorized entities. This could lead to the exposure of system details, which may be used to plan an attack against the service, system, or network. Additionally, allocating resources to service the request could lead to a denial of service for legitimate users, leading to a loss of availability anywhere in the system. | 1 | 1 | 0 |
| CCC.RDMS.TH01 | Unauthorized Access via Default Credentials | If default credentials are not disabled or changed, unauthorized access may be gained to the RDMS environment. This may lead to data breaches, data manipulation, or overall compromise of the database instance. | 1 | 1 | 1 |
| CCC.RDMS.TH02 | Brute Force Attempts on Database Authentication | Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information. | 1 | 1 | 1 |
| CCC.RDMS.TH03 | Database Backups Stopped | Database backups may be halted, potentially impairing the organization's ability to recover data and maintain business continuity. This condition increases the risk of data loss and extended system downtime. | 1 | 1 | 1 |
| CCC.RDMS.TH04 | Unintentional Database Backup Restoration | A database backup may be restored unintentionally, potentially leading to the loss or overwrite of current data. This condition could disrupt operations and result in data inconsistency or corruption. | 1 | 1 | 1 |
| CCC.RDMS.TH05 | Unauthorized Snapshot Sharing | Snapshots may be shared with untrusted accounts, which can lead to unauthorized access and potential data exfiltration. This significantly increases the risk of data exposure if sensitive information is contained in the snapshots. | 1 | 1 | 1 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Core.CN01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. | Data | 1 | 4 | 5 |
| CCC.Core.CN02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. | Data | 1 | 4 | 1 |
| CCC.Core.CN03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. | Identity and Access Management | 1 | 1 | 4 |
| CCC.Core.CN04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 1 | 3 |
| CCC.Core.CN05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 5 | 6 |
| CCC.Core.CN06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 1 | 2 |
| CCC.Core.CN07 | Alert on Unusual Enumeration Activity | Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities. | Logging & Monitoring | 1 | 2 | 2 |
| CCC.Core.CN08 | Replicate Data to Multiple Locations | Ensure that data is replicated across multiple physical locations to protect against data loss due to hardware failures, natural disasters, or other catastrophic events. | Data | 1 | 3 | 2 |
| CCC.Core.CN09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. | Data | 3 | 3 | 3 |
| CCC.Core.CN10 | Restrict Data Replication to Trust Perimeter | Ensure that data is only replicated on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 2 | 1 |
| CCC.RDMS.CN01 | Password Management | Ensure default vendor-supplied DB administrator credentials are replaced with strong, unique passwords and that these credentials are properly managed using a secure password or secrets management solution. | Identity and Access Management | 1 | 2 | 1 |
| CCC.RDMS.CN02 | Account Lockout and Rate-Limiting | Ensure the database enforces lockouts or rate-limiting after a specified number of failed authentication attempts. This prevents brute force or password-guessing attacks from succeeding. | Identity and Access Management | 1 | 2 | 1 |
| CCC.RDMS.CN03 | Enforce and Monitor Automated Backups | Ensure database backups are automatically scheduled, actively monitored, and promptly reported if any disruptions occur. This helps maintain data integrity, facilitates disaster recovery, and supports business continuity when a system failure or breach occurs. | Data | 1 | 2 | 1 |
| CCC.RDMS.CN04 | Access Control for Backup and Restore Operations | Restrict who can initiate, manage, and validate database backup or restore operations through strict role-based or least-privilege access. Prevents accidental or malicious restorations, protecting data integrity and availability. | Identity and Access Management | 1 | 2 | 1 |
| CCC.RDMS.CN05 | Restrict Snapshot Sharing to Authorized Accounts | Ensure database snapshots can only be shared with explicitly authorized accounts, thereby minimizing the risk of data exposure or exfiltration. | Identity and Access Management | 1 | 2 | 1 |