GRC Store

Search / finos-ccc/ccc.message.cn / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.Message.CN Control Catalog

FINOS-CCC/CCC.Message.CN

Controls for Messaging Services technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.message.cn --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.message.cn:v2026.06-rc4
Manifest digest
sha256:a75f59b394dceadc8e1cb47eb00a13a2216296cf06b3b45e88d8bd184b59b10b

Provenance

1 layer
Digest Media type Size
172c021fe77e… application/vnd.gemara.artifact.v1+yaml 3.6 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.Message.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.message.cn",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/app-integration/message/controls.yaml",
            "uri": "file://artifacts/app-integration/message/controls.yaml",
            "digest": {
              "sha256": "172c021fe77ef53e8af4b420f5a52f838e7d2870fb540406e5d482687c0def40"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:27:31.521664814Z",
          "finishedOn": "2026-06-01T17:27:31.771486318Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "172c021fe77ef53e8af4b420f5a52f838e7d2870fb540406e5d482687c0def40"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.Message.CN",
      "role": "artifact"
    }
  ]
}

CCC Messaging Services Controls

Controls for Messaging Services technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.Message.CN
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.Message.CN01 Use Customer-Managed Encryption Keys (CMEK) for Messages

    Objective

    Ensure that messages are encrypted using customer-managed encryption keys (CMEK) to provide enhanced control over encryption processes and keys, meeting compliance and security requirements.

    Assessment requirements

    1. Attempt to publish a message without using a customer-managed encryption key and verify that the message is rejected or not stored.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • NIST-CSF
      • PR.DS-1Data-at-rest is protected
    • NIST_800_53
      • SC-12Cryptographic Key Establishment and Management
      • SC-13Cryptographic Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Access control is misconfigured