GRC Store

Search / finos-ccc/ccc.objstor.th / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.ObjStor.TH Threat Catalog

FINOS-CCC/CCC.ObjStor.TH

Threats for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.objstor.th --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.objstor.th:v2026.06-rc5
Manifest digest
sha256:07ab239e74ad608e4181ea5f82dccf3954930aea38b6d66f19c671f26ccff1bc

Provenance

1 layer
Digest Media type Size
80f503f9e8a4… application/vnd.gemara.artifact.v1+yaml 2.8 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.ObjStor.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.objstor.th",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/storage/object/threats.yaml",
            "uri": "file://artifacts/storage/object/threats.yaml",
            "digest": {
              "sha256": "80f503f9e8a4dc6350336453d183dbf310e5216d3a0adf9aa8da86209cfbfeae"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:48:58.339547637Z",
          "finishedOn": "2026-06-01T17:48:58.434634384Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "80f503f9e8a4dc6350336453d183dbf310e5216d3a0adf9aa8da86209cfbfeae"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.ObjStor.TH",
      "role": "artifact"
    }
  ]
}

CCC Object Storage Threats

Threats for Object Storage technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.ObjStor.TH
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.ObjStor.TH01 Data Exfiltration via Insecure Lifecycle Policies

    Misconfigured lifecycle policies may unintentionally allow data to be exfiltrated or destroyed prematurely, resulting in a loss of availability and potential exposure of sensitive data.

    Capabilities
    • CCC.ObjStor.Capabilities
      • CCC.ObjStor.CP08
    • CCC.Core.Capabilities
      • CCC.Core.CP11