GRC Store

Search / finos-ccc/ccc.keymgmt.cp / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.KeyMgmt.CP Capability Catalog

FINOS-CCC/CCC.KeyMgmt.CP

Capabilities for Key Management technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.keymgmt.cp --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.keymgmt.cp:v2026.06-rc4
Manifest digest
sha256:5a8259193e01e2eff8124f10fb73aeaa33bc96b6e7ccbdd56ef831eedf6bacb0

Provenance

1 layer
Digest Media type Size
c14476cac263… application/vnd.gemara.artifact.v1+yaml 6.4 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.KeyMgmt.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.keymgmt.cp",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/crypto/key/capabilities.yaml",
            "uri": "file://artifacts/crypto/key/capabilities.yaml",
            "digest": {
              "sha256": "c14476cac263acd70af693e8e75b6347eb7ab3fd948da5e987961db61809fab0"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:28:05.785000175Z",
          "finishedOn": "2026-06-01T17:28:06.029003244Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "c14476cac263acd70af693e8e75b6347eb7ab3fd948da5e987961db61809fab0"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.KeyMgmt.CP",
      "role": "artifact"
    }
  ]
}

CCC Key Management Capabilities

Capabilities for Key Management technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.KeyMgmt.CP
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.KeyMgmt.CP01 AES-256

    Support for the AES-256 Advanced Encryption Standard with a 256-bit key for encryption and decryption.

  2. CCC.KeyMgmt.CP02 RSA-2048

    Supports the RSA algorithm with a key size of 2048 bits for encryption and digital signatures.

  3. CCC.KeyMgmt.CP03 RSA-3072

    Supports the RSA algorithm with a key size of 3072 bits for encryption and digital signatures.

  4. CCC.KeyMgmt.CP04 RSA-4096

    Supports the RSA algorithm with a key size of 4096 bits for encryption and digital signatures.

  5. CCC.KeyMgmt.CP05 EC-P256

    Supports the elliptic curve signing algorithm using the P-256 Curve for digital signatures.

  6. CCC.KeyMgmt.CP06 EC-P256K

    Supports the elliptic curve signing algorithm using the Secp256k1 Curve for digital signatures.

  7. CCC.KeyMgmt.CP07 EC-P384

    Supports the elliptic curve signing algorithm using the P-384 Curve for digital signatures.

  8. CCC.KeyMgmt.CP08 Key Creation

    Supports secure key creation within the key management service using the supported algorithms.

  9. CCC.KeyMgmt.CP09 Encrypt data

    Provides the ability to securely encrypt data using a managed key in the supported encryption algorithms.

  10. CCC.KeyMgmt.CP10 Decrypt data

    Provides the ability to securely decrypt data using a managed key in the supported encryption algorithms.

  11. CCC.KeyMgmt.CP11 Create Digital Signature

    Supports the generation of a digital signature for data using the supported signing algorithms.

  12. CCC.KeyMgmt.CP12 Verify Digital Signature

    Supports the verification of the digital signature of some data using the supported signing algorithms.

  13. CCC.KeyMgmt.CP13 Supports FIPS 140-2 Level 3

    Supports FIPS 140-2 Level 3 certified Hardware Security Modules (HSM).

  14. CCC.KeyMgmt.CP14 Key Versioning

    Provides the ability to manage multiple versions of a key.

  15. CCC.KeyMgmt.CP15 Key label

    Supports the ability to tag a managed key with user defined labels.

  16. CCC.KeyMgmt.CP16 Disable key

    Supports the ability to disable a managed key without deletion.

  17. CCC.KeyMgmt.CP17 Enable key

    Supports the ability to re-enable a disabled managed key.

  18. CCC.KeyMgmt.CP18 Soft Delete

    Supports the ability to prevent the immediate deletion of a managed key. This includes the ability to recover accidental deletion of keys within a grace period.

  19. CCC.KeyMgmt.CP19 Delete Key

    Supports the ability to permanently delete a managed key after the grace period defined on soft delete.

  20. CCC.KeyMgmt.CP20 Automatic Symmetric Key Rotation

    Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS.

  21. CCC.KeyMgmt.CP21 Manual Key Rotation

    Supports the ability to manually rotate a managed key.

  22. CCC.KeyMgmt.CP22 Key Import

    Supports the ability to import externally generated keys into the KMS.

  23. CCC.KeyMgmt.CP23 Key Expiry

    Supports the ability to set an expiration date for a key

  24. CCC.KeyMgmt.CP24 Key Replication

    Supports the ability to securely replicate a key across different regions using automated or manual process.