GRC Store

Search / finos-ccc/ccc.cntrreg.cn / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.CntrReg.CN Control Catalog

FINOS-CCC/CCC.CntrReg.CN

Controls for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.cntrreg.cn --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.cntrreg.cn:v2026.06-rc5
Manifest digest
sha256:ef13f06924b67b5187e83b9041302a2a72c8ead058a2fc414486d924c3326883

Provenance

1 layer
Digest Media type Size
a6690e59e77f… application/vnd.gemara.artifact.v1+yaml 4.1 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.CntrReg.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.cntrreg.cn",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/container-registry/controls.yaml",
            "uri": "file://artifacts/devtools/container-registry/controls.yaml",
            "digest": {
              "sha256": "a6690e59e77fc28f1db3396d68187c2ba9b988a2ad00fb46bd3ef3a03f3856f1"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:47:55.416695382Z",
          "finishedOn": "2026-06-01T17:47:55.514644725Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "a6690e59e77fc28f1db3396d68187c2ba9b988a2ad00fb46bd3ef3a03f3856f1"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.CntrReg.CN",
      "role": "artifact"
    }
  ]
}

CCC Container Registry Controls

Controls for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.CntrReg.CN
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.CntrReg.CN01 Implement Vulnerability Scanning for Artifacts

    Objective

    Ensure that container images and artifacts stored in the container registry are scanned for vulnerabilities to identify and remediate security issues before deployment.

    Assessment requirements

    1. Attempt to push an artifact with known vulnerabilities to the registry and observe if it is flagged or rejected by the vulnerability scanning process.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • ID.RA-1
    • NIST_800_53
      • RA-5
      • SI-5
    Threats
    • CCC.CntrReg.Threats
      • CCC.CntrReg.TH01

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.CntrReg.CN02 Implement Cleanup Policies for Artifacts

    Objective

    Ensure that unused or outdated artifacts are cleaned up according to defined policies to manage storage effectively and reduce security risks associated with outdated versions.

    Assessment requirements

    1. Confirm that artifacts older than the specified retention period are automatically deleted from the registry.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.IP-6
    • NIST_800_53
      • SI-12
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH14