GRC Store

Search / finos-ccc/ccc.core.cp / v2026.06-rc3

Release · v2026.06-rc3

FINOS-CCC/CCC.Core.CP Capability Catalog

FINOS-CCC/CCC.Core.CP

Capabilities for Common Cloud Controls Core technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.core.cp --tag v2026.06-rc3
Coordinate
oci.grc.store/finos-ccc/ccc.core.cp:v2026.06-rc3
Manifest digest
sha256:079de4080a3c73c9aa24b046e0ae8c1fb9999a39a53a665cb6205f700dc6a610

Provenance

1 layer
Digest Media type Size
e71082d8e873… application/vnd.gemara.artifact.v1+yaml 10.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.Core.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.core.cp",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/core/ccc/capabilities.yaml",
            "uri": "file://artifacts/core/ccc/capabilities.yaml",
            "digest": {
              "sha256": "e71082d8e873c9024d49c3e6ada2bd78990c61732fd4b69cdec199488764ee05"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:43:44.822429344Z",
          "finishedOn": "2026-06-01T16:43:44.950637913Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "e71082d8e873c9024d49c3e6ada2bd78990c61732fd4b69cdec199488764ee05"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.Core.CP",
      "role": "artifact"
    }
  ]
}

CCC Common Cloud Controls Core Capabilities

Capabilities for Common Cloud Controls Core technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.Core.CP
Version
v2026.06-rc3
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.Core.CP01 Encryption in Transit Enabled by Default

    The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface.

  2. CCC.Core.CP02 Encryption at Rest Enabled by Default

    The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium.

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.Core.CP03 Access Log Publication

    The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors.

  2. CCC.Core.CP07 Event Publication

    The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources.

  3. CCC.Core.CP09 Metrics Publication

    The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources.

  4. CCC.Core.CP10 Log Publication

    The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service.

  5. CCC.Core.CP17 Alerting

    The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource.

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.Core.CP04 Transaction Rate Limits

    The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit.

  2. CCC.Core.CP15 Cost Management

    The service monitors data published by child or networked resources to infer usage patterns and generate cost reports for the service.

  3. CCC.Core.CP16 Budgeting

    The service may be configured to take a user-specified action when a spending threshold is met or exceeded on a child or networked resource.

  4. CCC.Core.CP20 Resource Tagging

    The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried.

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.Core.CP05 Signed URLs

    The service can generate an ad hoc URL containing authentication information to enforce user-configured permissions for accessing a specific component or a child resource.

  2. CCC.Core.CP06 Access Control

    The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes.

  3. CCC.Core.CP23 Network Access Rules

    The service restricts access to child or networked resources based on user-defined network parameters such as IP address, protocol, port, or source.

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.Core.CP08 Data Replication

    The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so.

  2. CCC.Core.CP11 Backup

    The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups.

  3. CCC.Core.CP12 Recovery

    The service can be reverted to a previous state by providing a compatible backup or snapshot identifier.

  4. CCC.Core.CP18 Resource Versioning

    The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations.

  5. CCC.Core.CP21 Resource Replication

    The service may be configured to replicate child resources across multiple deployments.

  6. CCC.Core.CP22 Location Lock-In

    The service may be configured to restrict the deployment of child resources to specific geographic locations.

Compute

The Compute group covers entries related to processing, execution, and runtime infrastructure. This includes CPU, memory, storage allocation, network ports, command-line interfaces, and elastic scaling.

  1. CCC.Core.CP14 API Access

    The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE.

  2. CCC.Core.CP19 Child Resource Scaling

    The service may be configured to scale child resources automatically or on-demand.

  3. CCC.Core.CP24 Core Processing Units

    The service provides users and child resources with access to core processing units (CPUs) for executing instructions and performing computations.

  4. CCC.Core.CP25 Random Access Memory Allocation

    The service provides users and child resources with access to random access memory (RAM) for temporary data storage and fast data retrieval during processing tasks.

  5. CCC.Core.CP26 Persistent Storage

    The service provides users and child resources with access to persistent storage for saving and retrieving data reliably over time.

  6. CCC.Core.CP27 Configurable Network Ports

    The service allows users to configure network ports for communication, enabling flexibility in network management and integration with other services.

  7. CCC.Core.CP28 Command-line Interface

    The service includes a component that reads and translates text into commands that can be executed by the service.

  8. CCC.Core.CP31 Elastic Scaling

    The service automatically adjusts its resource allocation (such as CPU, memory, and storage) based on current demand and workload.

Ingestion

The Ingestion group covers entries related to how a service receives or retrieves data, inputs, or commands for processing. This includes both active (pull-based) and passive (push-based) ingestion patterns.

  1. CCC.Core.CP29 Active Ingestion

    While running, the service itself can fetch or reach out to some other service or external source to get data, inputs or commands for the service to process or operate on.

  2. CCC.Core.CP30 Passive Ingestion

    While running, the service can pause, idle or wait to receive inputs, commands, or data from some other service or external source for the service to process or operate on.