GRC Store

Search / finos-ccc/ccc.objstor.cn / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.ObjStor.CN Control Catalog

FINOS-CCC/CCC.ObjStor.CN

Controls for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.objstor.cn --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.objstor.cn:v2026.06-rc5
Manifest digest
sha256:204efa4283fcdf36575cbcab10c7f1e95e50d6b5139827115fbfe572743c5ddc

Provenance

1 layer
Digest Media type Size
1b00dbec7b3a… application/vnd.gemara.artifact.v1+yaml 14.5 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.ObjStor.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.objstor.cn",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/storage/object/controls.yaml",
            "uri": "file://artifacts/storage/object/controls.yaml",
            "digest": {
              "sha256": "1b00dbec7b3afcf055043fc09375e652b9e2fc7dd7b2046f28f05c59df092744"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:49:00.555979561Z",
          "finishedOn": "2026-06-01T17:49:00.683991565Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "1b00dbec7b3afcf055043fc09375e652b9e2fc7dd7b2046f28f05c59df092744"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.ObjStor.CN",
      "role": "artifact"
    }
  ]
}

CCC Object Storage Controls

Controls for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.ObjStor.CN
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.ObjStor.CN01 Prevent Requests to Buckets or Objects with Untrusted KMS Keys

    Objective

    Prevent any requests to object storage buckets or objects using untrusted KMS keys to protect against unauthorized data encryption, or sensitive data decryption.

    Assessment requirements

    1. When a request is made to read a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization.

      Applicability: tlp-amber, tlp-red

    2. When a request is made to read an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization.

      Applicability: tlp-amber, tlp-red

    3. When a request is made to write to a bucket, the service MUST prevent any request using KMS keys not listed as trusted by the organization.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    4. When a request is made to write to an object, the service MUST prevent any request using KMS keys not listed as trusted by the organization.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • IAM-01IAM Policy and Procedures
      • IAM-03Identity Inventory (system identities and level of access)
      • DSP-17Sensitive Data Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Access is Granted to Unauthorized Users
      • CCC.Core.TH06Data is Lost or Corrupted

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.ObjStor.CN03 Prevent Bucket Deletion Through Irrevocable Bucket Retention Policy

    Objective

    Ensure that object storage bucket is not deleted after creation, and that the preventative measure cannot be unset.

    Assessment requirements

    1. When an object storage bucket deletion is attempted, the bucket MUST be fully recoverable for a set time-frame after deletion is requested.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    2. When an attempt is made to modify the retention policy for an object storage bucket, the service MUST prevent the policy from being modified.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • DSP-16Data Retention and Deletion
      • DSP-17Sensitive Data Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH06Data is Lost or Corrupted

  2. CCC.ObjStor.CN04 Objects have an Effective Retention Policy by Default

    Objective

    Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects.

    Assessment requirements

    1. When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents premature deletion or modification.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    2. When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action from being completed.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • DSP-16Data Retention and Deletion
      • DSP-17Sensitive Data Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH06Data is Lost or Corrupted
    • CCC.ObjStor.Threats
      • CCC.ObjStor.TH01Data Exfiltration via Insecure Lifecycle Policies

  3. CCC.ObjStor.CN05 Versioning is Enabled for All Objects in the Bucket

    Objective

    Ensure that versioning is enabled for all objects stored in the object storage bucket to enable recovery of previous versions of objects in case of loss or corruption.

    Assessment requirements

    1. When an object is uploaded to the object storage bucket, the object MUST be stored with a unique identifier.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    2. When an object is modified, the service MUST assign a new unique identifier to the modified object to differentiate it from the previous version.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    3. When an object is modified, the service MUST allow for recovery of previous versions of the object.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    4. When an object is deleted, the service MUST retain other versions of the object to allow for recovery of previous versions.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • DSP-16Data Retention and Deletion
      • DSP-17Sensitive Data Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH06Data is Lost or Corrupted

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.ObjStor.CN07 Multi-Factor Authentication Is Required for Object Deletion

    Objective

    Ensure that deletion of objects stored in the object storage system is protected by multi-factor authentication (MFA), reducing the risk of accidental, unauthorized, or compromised-credential–based data destruction.

    Assessment requirements

    1. The object storage service MUST support a configuration option that requires MFA to be successfully completed before any object deletion can be attempted, regardless of the request interface.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    2. When MFA deletion protection is enabled on a bucket or object namespace, the service MUST deny any deletion request from an identity that has not satisfied the MFA requirement at the time of the request.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    3. When an attempt is made to delete an object, the service's audit logs MUST clearly record each deletion attempt, including whether MFA was required and whether validation was met.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • DSP-16MFA enforcement strengthens data retention and deletion control
      • IAM-12MFA required for privileged or destructive operations
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Prevents unauthorized identities from deleting objects
      • CCC.Core.TH06Mitigates malicious or accidental data loss through protected deletion
      • CCC.Core.TH17Ensures deletion requests from unauthorized entities do not result in action

  2. CCC.ObjStor.CN02 Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions

    Objective

    Ensure that uniform bucket-level access is enforced across all object storage buckets. This prevents the use of ad-hoc or inconsistent object-level permissions, ensuring centralized, consistent, and secure access management in accordance with the principle of least privilege.

    Assessment requirements

    1. When a permission set is allowed for an object in a bucket, the service MUST allow the same permission set to access all objects in the same bucket.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    2. When a permission set is denied for an object in a bucket, the service MUST deny the same permission set to access all objects in the same bucket.

      Applicability: tlp-clear, tlp-green, tlp-amber, tlp-red

    Guidelines
    • CCM
      • IAM-08User Access Review
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Access is Granted to Unauthorized Users