GRC Store

Search / finos-ccc/ccc.rdms.th / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.RDMS.TH Threat Catalog

FINOS-CCC/CCC.RDMS.TH

Threats for Relational Database Management System technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.rdms.th --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.rdms.th:v2026.06-rc4
Manifest digest
sha256:45c96780e956c7d61609c9bc54d02189f8e56efbd533cb22904750ca50a26ae2

Provenance

1 layer
Digest Media type Size
6e4b9ebfb5c1… application/vnd.gemara.artifact.v1+yaml 5.1 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.RDMS.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.rdms.th",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/database/relational/threats.yaml",
            "uri": "file://artifacts/database/relational/threats.yaml",
            "digest": {
              "sha256": "6e4b9ebfb5c1224a7aae3ca85af7398e30df900059bc7ef1525194dca4d0212c"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:28:29.610337495Z",
          "finishedOn": "2026-06-01T17:28:29.840324627Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "6e4b9ebfb5c1224a7aae3ca85af7398e30df900059bc7ef1525194dca4d0212c"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.RDMS.TH",
      "role": "artifact"
    }
  ]
}

CCC Relational Database Management System Threats

Threats for Relational Database Management System technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.RDMS.TH
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.RDMS.TH01 Unauthorized Access via Default Credentials

    If default credentials are not disabled or changed, unauthorized access may be gained to the RDMS environment. This may lead to data breaches, data manipulation, or overall compromise of the database instance.

    Capabilities
    • CCC.RDMS.Capabilities
      • CCC.RDMS.CP06
      • CCC.RDMS.CP07

  2. CCC.RDMS.TH02 Brute Force Attempts on Database Authentication

    Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information.

    Capabilities
    • CCC.RDMS.Capabilities
      • CCC.RDMS.CP07

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.RDMS.TH03 Database Backups Stopped

    Database backups may be halted, potentially impairing the organization's ability to recover data and maintain business continuity. This condition increases the risk of data loss and extended system downtime.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP11

  2. CCC.RDMS.TH04 Unintentional Database Backup Restoration

    A database backup may be restored unintentionally, potentially leading to the loss or overwrite of current data. This condition could disrupt operations and result in data inconsistency or corruption.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP11

  3. CCC.RDMS.TH05 Unauthorized Snapshot Sharing

    Snapshots may be shared with untrusted accounts, which can lead to unauthorized access and potential data exfiltration. This significantly increases the risk of data exposure if sensitive information is contained in the snapshots.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP11