GRC Store

Search / finos-ccc/ccc.datawar.th / v2026.06-rc3

Release · v2026.06-rc3

FINOS-CCC/CCC.DataWar.TH Threat Catalog

FINOS-CCC/CCC.DataWar.TH

Threats for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.datawar.th --tag v2026.06-rc3
Coordinate
oci.grc.store/finos-ccc/ccc.datawar.th:v2026.06-rc3
Manifest digest
sha256:ed2a47ae65a9417c3d8418ece4e572305906a62db1adf31669c4946dd58568b5

Provenance

1 layer
Digest Media type Size
2901b9a0df6f… application/vnd.gemara.artifact.v1+yaml 3.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.DataWar.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.datawar.th",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/database/warehouse/threats.yaml",
            "uri": "file://artifacts/database/warehouse/threats.yaml",
            "digest": {
              "sha256": "2901b9a0df6f39cf16bce1d0d6a204fa2bf6b31db27567dedfff2869fc24e849"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:44:23.537337918Z",
          "finishedOn": "2026-06-01T16:44:23.662888049Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "2901b9a0df6f39cf16bce1d0d6a204fa2bf6b31db27567dedfff2869fc24e849"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.DataWar.TH",
      "role": "artifact"
    }
  ]
}

CCC Data Warehouse Threats

Threats for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.DataWar.TH
Version
v2026.06-rc3
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.DataWar.TH01 Unauthorized Public Access to Datasets

    Datasets may be unintentionally made publicly accessible, either at the dataset level or via IAM policies, allowing unauthorized users to read or modify sensitive data, leading to data breaches and compliance violations.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP01

  2. CCC.DataWar.TH03 Exposure of Sensitive Data through Inadequate Column-Level Security

    Lack of proper column-level security can lead to unauthorized users accessing sensitive data fields, resulting in data breaches.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP03

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.DataWar.TH02 Data Exfiltration via Unauthorized Views

    Attackers may create or exploit unauthorized views to access sensitive data without proper permissions, leading to data leakage.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP02