GRC Store

Search / finos-ccc/ccc.secmgmt.cp / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.SecMgmt.CP Capability Catalog

FINOS-CCC/CCC.SecMgmt.CP

Capabilities for Secret Management technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.secmgmt.cp --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.secmgmt.cp:v2026.06-rc4
Manifest digest
sha256:1c76375990bec3f1080a5847c2091103ce1b02b19f8d047932f6130246ba8c45

Provenance

1 layer
Digest Media type Size
665b2453d348… application/vnd.gemara.artifact.v1+yaml 4.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.SecMgmt.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.secmgmt.cp",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/crypto/secrets/capabilities.yaml",
            "uri": "file://artifacts/crypto/secrets/capabilities.yaml",
            "digest": {
              "sha256": "665b2453d348a6ece820d3d0f360b45590d6d0fb117944884a4f0892b3a9236c"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:28:16.87331989Z",
          "finishedOn": "2026-06-01T17:28:17.174702324Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "665b2453d348a6ece820d3d0f360b45590d6d0fb117944884a4f0892b3a9236c"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.SecMgmt.CP",
      "role": "artifact"
    }
  ]
}

CCC Secret Management Capabilities

Capabilities for Secret Management technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.SecMgmt.CP
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.SecMgmt.CP01 Secret Storage

    Provides secure storage for sensitive data such as API keys, passwords, certificates, and other secrets.

  2. CCC.SecMgmt.CP02 Secret Creation - Plaintext

    Ability to create new secrets as basic string data for storing sensitive data such as API keys and database credentials.

  3. CCC.SecMgmt.CP03 Secret Creation - JSON Objects

    Ability to create new secrets as complex JSON objects with multiple fields for storing sensitive data.

  4. CCC.SecMgmt.CP04 Secret Creation - Binary Data

    Ability to create new secrets as binary data for storing certificates and private keys.

  5. CCC.SecMgmt.CP05 Update Secrets

    Ability to update a secret value or description after creation.

  6. CCC.SecMgmt.CP08 Secret Replication Policies

    Allows configuration of secret replication policies to control replication of secrets, supporting compliance with data residency requirements.

  7. CCC.SecMgmt.CP09 Secure Secret Retrieval

    Offers a secure API and SDK access for retrieving secrets, ensuring that secrets are transmitted securely to authorized clients.

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.SecMgmt.CP06 Soft Delete Secrets

    Prevent secrets from being deleted immediately. Soft deletion makes secrets inaccessible and schedules them for deletion after a recovery window.

  2. CCC.SecMgmt.CP07 Automatic Secret Rotation

    Supports automatic rotation of secrets based on a defined schedule or triggers to enhance security.