GRC Store

Search / finos-ccc/ccc.datawar.cn / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.DataWar.CN Control Catalog

FINOS-CCC/CCC.DataWar.CN

Controls for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.datawar.cn --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.datawar.cn:v2026.06-rc4
Manifest digest
sha256:014cfd1a5fe0bfc9e06bd3e34e609d8c3ffc22402573a7bebee10819beee650b

Provenance

1 layer
Digest Media type Size
fa6c29ed8fb6… application/vnd.gemara.artifact.v1+yaml 4.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.DataWar.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.datawar.cn",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/database/warehouse/controls.yaml",
            "uri": "file://artifacts/database/warehouse/controls.yaml",
            "digest": {
              "sha256": "fa6c29ed8fb64d40a15a64e03ea88c30e6e4f537caea1d28024cd62ad8bc771e"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:28:53.864266434Z",
          "finishedOn": "2026-06-01T17:28:54.094065517Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "fa6c29ed8fb64d40a15a64e03ea88c30e6e4f537caea1d28024cd62ad8bc771e"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.DataWar.CN",
      "role": "artifact"
    }
  ]
}

CCC Data Warehouse Controls

Controls for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.DataWar.CN
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.DataWar.CN01 Enforce Use of Managed Views for Data Access

    Objective

    Ensure that data access is provided through managed views, restricting users from accessing underlying tables directly and enforcing consistent security policies.

    Assessment requirements

    1. Attempt to access underlying database tables directly without using managed views and verify that access is denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01

  2. CCC.DataWar.CN02 Enforce Column-Level Security Policies

    Objective

    Ensure that access to sensitive data columns is restricted based on user roles, preventing unauthorized access to sensitive information.

    Assessment requirements

    1. Attempt to query sensitive columns without the necessary permissions and verify that access is denied or data is masked.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01

  3. CCC.DataWar.CN03 Enforce Row-Level Security Policies

    Objective

    Ensure that access to data rows is restricted based on user roles or attributes, preventing unauthorized access to specific subsets of data.

    Assessment requirements

    1. Attempt to query data rows that the user should not have access to and verify that access is denied or data is not returned.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01