GRC Store

Search / finos-ccc/ccc.datawar.cn / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.DataWar.CN Control Catalog

FINOS-CCC/CCC.DataWar.CN

Controls for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.datawar.cn --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.datawar.cn:v2026.06-rc5
Manifest digest
sha256:57a6c2a345815120388bf61e731b41a5c3eb72015e0efe9829d8bf87717b237e

Provenance

1 layer
Digest Media type Size
46765b0d4c5f… application/vnd.gemara.artifact.v1+yaml 4.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.DataWar.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.datawar.cn",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/database/warehouse/controls.yaml",
            "uri": "file://artifacts/database/warehouse/controls.yaml",
            "digest": {
              "sha256": "46765b0d4c5f1fc72a3603df105ab160e3e3a198e972b5da65aac919054d9e5f"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:47:39.706858661Z",
          "finishedOn": "2026-06-01T17:47:39.809672653Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "46765b0d4c5f1fc72a3603df105ab160e3e3a198e972b5da65aac919054d9e5f"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.DataWar.CN",
      "role": "artifact"
    }
  ]
}

CCC Data Warehouse Controls

Controls for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.DataWar.CN
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.DataWar.CN01 Enforce Use of Managed Views for Data Access

    Objective

    Ensure that data access is provided through managed views, restricting users from accessing underlying tables directly and enforcing consistent security policies.

    Assessment requirements

    1. Attempt to access underlying database tables directly without using managed views and verify that access is denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01

  2. CCC.DataWar.CN02 Enforce Column-Level Security Policies

    Objective

    Ensure that access to sensitive data columns is restricted based on user roles, preventing unauthorized access to sensitive information.

    Assessment requirements

    1. Attempt to query sensitive columns without the necessary permissions and verify that access is denied or data is masked.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01

  3. CCC.DataWar.CN03 Enforce Row-Level Security Policies

    Objective

    Ensure that access to data rows is restricted based on user roles or attributes, preventing unauthorized access to specific subsets of data.

    Assessment requirements

    1. Attempt to query data rows that the user should not have access to and verify that access is denied or data is not returned.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-4
    • NIST_800_53
      • AC-3
      • AC-6
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01