GRC Store

Search / finos-ccc/ccc.datawar.th / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.DataWar.TH Threat Catalog

FINOS-CCC/CCC.DataWar.TH

Threats for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.datawar.th --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.datawar.th:v2026.06-rc4
Manifest digest
sha256:d8e68f095bfdd525bd5ed7b40f8a37488db39734f503fa59e10423977e16b220

Provenance

1 layer
Digest Media type Size
5ebdee3584c1… application/vnd.gemara.artifact.v1+yaml 3.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.DataWar.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.datawar.th",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/database/warehouse/threats.yaml",
            "uri": "file://artifacts/database/warehouse/threats.yaml",
            "digest": {
              "sha256": "5ebdee3584c1a13082394e022f248647b05778371574a0d94b99dcb7ad71e7e5"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:28:50.934688481Z",
          "finishedOn": "2026-06-01T17:28:51.154616916Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "5ebdee3584c1a13082394e022f248647b05778371574a0d94b99dcb7ad71e7e5"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.DataWar.TH",
      "role": "artifact"
    }
  ]
}

CCC Data Warehouse Threats

Threats for Data Warehouse technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.DataWar.TH
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.DataWar.TH01 Unauthorized Public Access to Datasets

    Datasets may be unintentionally made publicly accessible, either at the dataset level or via IAM policies, allowing unauthorized users to read or modify sensitive data, leading to data breaches and compliance violations.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP01

  2. CCC.DataWar.TH03 Exposure of Sensitive Data through Inadequate Column-Level Security

    Lack of proper column-level security can lead to unauthorized users accessing sensitive data fields, resulting in data breaches.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP03

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.DataWar.TH02 Data Exfiltration via Unauthorized Views

    Attackers may create or exploit unauthorized views to access sensitive data without proper permissions, leading to data leakage.

    Capabilities
    • CCC.DataWar.Capabilities
      • CCC.DataWar.CP02