GRC Store

Search / finos-ccc/ccc.objstor.th / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.ObjStor.TH Threat Catalog

FINOS-CCC/CCC.ObjStor.TH

Threats for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.objstor.th --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.objstor.th:v2026.06-rc4
Manifest digest
sha256:d9c1f382b1f4d2857e31976ad1450f7cf3ae64edd664d1cb034b2c8ce19a43de

Provenance

1 layer
Digest Media type Size
efc12136831d… application/vnd.gemara.artifact.v1+yaml 2.8 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.ObjStor.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.objstor.th",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/storage/object/threats.yaml",
            "uri": "file://artifacts/storage/object/threats.yaml",
            "digest": {
              "sha256": "efc12136831d463cfd5fa87cd8349c2d02313956f5557e59c10b4ba8e270e6c3"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:30:44.989006364Z",
          "finishedOn": "2026-06-01T17:30:45.24938504Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "efc12136831d463cfd5fa87cd8349c2d02313956f5557e59c10b4ba8e270e6c3"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.ObjStor.TH",
      "role": "artifact"
    }
  ]
}

CCC Object Storage Threats

Threats for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.ObjStor.TH
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.ObjStor.TH01 Data Exfiltration via Insecure Lifecycle Policies

    Misconfigured lifecycle policies may unintentionally allow data to be exfiltrated or destroyed prematurely, resulting in a loss of availability and potential exposure of sensitive data.

    Capabilities
    • CCC.ObjStor.Capabilities
      • CCC.ObjStor.CP08
    • CCC.Core.Capabilities
      • CCC.Core.CP11