GRC Store

Search / finos-ccc/ccc.cntrreg.cn / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.CntrReg.CN Control Catalog

FINOS-CCC/CCC.CntrReg.CN

Controls for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.cntrreg.cn --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.cntrreg.cn:v2026.06-rc4
Manifest digest
sha256:b01b78d99aa5803d86c32a2c765cecb67e654078f8bcb59b3c50bb6d0284f79f

Provenance

1 layer
Digest Media type Size
eba33a443b09… application/vnd.gemara.artifact.v1+yaml 4.1 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.CntrReg.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.cntrreg.cn",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/container-registry/controls.yaml",
            "uri": "file://artifacts/devtools/container-registry/controls.yaml",
            "digest": {
              "sha256": "eba33a443b09df6e558cd86dd059c7cfe2c7bde0c993fa95819e027349b58cba"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:29:16.671374284Z",
          "finishedOn": "2026-06-01T17:29:16.892355256Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "eba33a443b09df6e558cd86dd059c7cfe2c7bde0c993fa95819e027349b58cba"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.CntrReg.CN",
      "role": "artifact"
    }
  ]
}

CCC Container Registry Controls

Controls for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.CntrReg.CN
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.CntrReg.CN01 Implement Vulnerability Scanning for Artifacts

    Objective

    Ensure that container images and artifacts stored in the container registry are scanned for vulnerabilities to identify and remediate security issues before deployment.

    Assessment requirements

    1. Attempt to push an artifact with known vulnerabilities to the registry and observe if it is flagged or rejected by the vulnerability scanning process.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • ID.RA-1
    • NIST_800_53
      • RA-5
      • SI-5
    Threats
    • CCC.CntrReg.Threats
      • CCC.CntrReg.TH01

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.CntrReg.CN02 Implement Cleanup Policies for Artifacts

    Objective

    Ensure that unused or outdated artifacts are cleaned up according to defined policies to manage storage effectively and reduce security risks associated with outdated versions.

    Assessment requirements

    1. Confirm that artifacts older than the specified retention period are automatically deleted from the registry.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.IP-6
    • NIST_800_53
      • SI-12
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH14