GRC Store

Search / finos-ccc/ccc.lb.cp / v2026.06-rc3

Release · v2026.06-rc3

FINOS-CCC/CCC.LB.CP Capability Catalog

FINOS-CCC/CCC.LB.CP

Capabilities for Load Balancer Capabilities technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.lb.cp --tag v2026.06-rc3
Coordinate
oci.grc.store/finos-ccc/ccc.lb.cp:v2026.06-rc3
Manifest digest
sha256:28f8a4b6947c0be1275697546c0d6973d4f40c94837b449c8f1f25e0337051b9

Provenance

1 layer
Digest Media type Size
3e017a8b6e3b… application/vnd.gemara.artifact.v1+yaml 9.0 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.LB.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.lb.cp",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/networking/loadbalancer/capabilities.yaml",
            "uri": "file://artifacts/networking/loadbalancer/capabilities.yaml",
            "digest": {
              "sha256": "3e017a8b6e3b62c2dfdb67dc47d7e67bf40575c6832fabc188be37796c9e9c63"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:45:17.397533188Z",
          "finishedOn": "2026-06-01T16:45:17.515893813Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "3e017a8b6e3b62c2dfdb67dc47d7e67bf40575c6832fabc188be37796c9e9c63"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.LB.CP",
      "role": "artifact"
    }
  ]
}

CCC Load Balancer Capabilities Capabilities

Capabilities for Load Balancer Capabilities technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.LB.CP
Version
v2026.06-rc3
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Networking

The Networking group covers entries related to network infrastructure, connectivity, and traffic management. This includes virtual networks, subnets, load balancing, DNS, routing, peering, and network-level access controls.

  1. CCC.LB.CP01 Static Load Balancing

    Employ load balancing algorithms that follow fixed rules, independent of the current server state.

  2. CCC.LB.CP02 Dynamic Load Balancing

    Employ load balancing algorithms that consider the current state of servers before distributing traffic. Load balancer adjusts traffic distribution in real-time based on the current server health, resource utilization, and traffic conditions.

  3. CCC.LB.CP03 Layer 7 Routing

    Providing distribution of incoming traffic based on the application layer or layer 7 (on ISO model) information. Some of the supported protocols on layer 7 are HTTP, HTTPS, HTTP/2, gRPC, and WebSockets.

  4. CCC.LB.CP04 Layer 4 Routing

    Providing distribution of incoming traffic based on the transport layer or layer 4 (on ISO model) information. It uses the combination of IP addresses and TCP/UDP port to distribute incoming traffic rather than inspecting the actual content of the packets.

  5. CCC.LB.CP05 URL-Based Routing

    Direct incoming requests to different backend resources based on the content of the request URL.

  6. CCC.LB.CP06 HTTP Header-Based Routing

    Direct incoming requests to different backend resources based on the values of HTTP headers.

  7. CCC.LB.CP07 WebSocket Support

    Ability to support web socket communication.

  8. CCC.LB.CP08 Dual-stack Load Balancing

    Ability to support traffic originated from both IPv4 and IPv6.

  9. CCC.LB.CP13 Health Checks-based Target Removal

    If the health check detects that a backend target is unhealthy the load balancer will remove that unhealthy target from its list of available backend instances. This ensures that traffic is no longer routed to the unhealthy target.

  10. CCC.LB.CP14 Retries

    Ability to retry delivery of failed requests to targets. The conditions under which the load balancer retries, how long to wait before retrying, and the maximum number of retries permitted are configurable.

  11. CCC.LB.CP15 Session Affinity

    Can configure subsequent requests from an initial client to be passed to the same target.

  12. CCC.LB.CP16 URL Redirects

    Redirect incoming traffic to a different URL or location.

  13. CCC.LB.CP17 URL Rewrites

    Rewrite URL paths before forwarding them to backend services.

  14. CCC.LB.CP18 Custom Response

    Ability to configure specific HTTP responses to be returned by the load balancer under defined conditions.

  15. CCC.LB.CP19 Request and Response Header Transformations

    Ability to modify HTTP headers of both incoming requests and outgoing responses.

  16. CCC.LB.CP20 Traffic Splitting / Weighted Routing

    Can distribute incoming traffic across multiple backend resources based on predefined weights or percentages (e.g., for canary deployments, A/B testing, blue-green deployments, or gradual traffic migrations).

  17. CCC.LB.CP21 Traffic Mirroring

    Can duplicate incoming network traffic and send it to a secondary destination for monitoring, analysis, or testing purposes.

  18. CCC.LB.CP22 Rate Limiting / Throttling

    Ability to limit the number of requests per second per client. This ensures that no single client or user overloads the backend servers, distributing requests fairly across multiple instances.

  19. CCC.LB.CP23 Firewall Integration

    Ability to seamlessly integrate with firewall services to ensure only legitimate and secure traffic reaches backend servers, blocking malicious requests.

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.LB.CP09 Load Balancer Autoscaling

    Ability for the load balancer to dynamically adjust its capacity in response to fluctuations in incoming traffic.

  2. CCC.LB.CP10 Target Autoscaling

    Ability for the load balancer to trigger scaling actions of the backend instances (targets) to handle fluctuations in incoming traffic.

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.LB.CP11 SSL/TLS Termination

    Process of decrypting SSL or TLS encrypted traffic at the load balancer level rather than at the backend servers. This allows the load balancer to offload the decryption task from the backend servers.

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.LB.CP12 Target Health Checks

    Ability to continuously perform health checks on backend backend targets in form of checking the response to HTTP request, TCP connection or checking other application-specific parameter