GRC Store

Search / finos-ccc/ccc.secmgmt.cp / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.SecMgmt.CP Capability Catalog

FINOS-CCC/CCC.SecMgmt.CP

Capabilities for Secret Management technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.secmgmt.cp --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.secmgmt.cp:v2026.06-rc5
Manifest digest
sha256:48ffad89b3bda93b58e78e49412e146c71278f9d881d3f2b60440056579dbdde

Provenance

1 layer
Digest Media type Size
8e3a2cfc3ecd… application/vnd.gemara.artifact.v1+yaml 4.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.SecMgmt.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.secmgmt.cp",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/crypto/secrets/capabilities.yaml",
            "uri": "file://artifacts/crypto/secrets/capabilities.yaml",
            "digest": {
              "sha256": "8e3a2cfc3ecd19919234ac09a7e01cda69e6a96e34ec37a2de9e5b6a5208835a"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:47:12.179155536Z",
          "finishedOn": "2026-06-01T17:47:12.268869259Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "8e3a2cfc3ecd19919234ac09a7e01cda69e6a96e34ec37a2de9e5b6a5208835a"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.SecMgmt.CP",
      "role": "artifact"
    }
  ]
}

CCC Secret Management Capabilities

Capabilities for Secret Management technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.SecMgmt.CP
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Encryption

The Encryption group covers entries related to protecting data confidentiality and integrity through cryptographic mechanisms. This includes encryption in transit and at rest, key management, and certificate lifecycle management.

  1. CCC.SecMgmt.CP01 Secret Storage

    Provides secure storage for sensitive data such as API keys, passwords, certificates, and other secrets.

  2. CCC.SecMgmt.CP02 Secret Creation - Plaintext

    Ability to create new secrets as basic string data for storing sensitive data such as API keys and database credentials.

  3. CCC.SecMgmt.CP03 Secret Creation - JSON Objects

    Ability to create new secrets as complex JSON objects with multiple fields for storing sensitive data.

  4. CCC.SecMgmt.CP04 Secret Creation - Binary Data

    Ability to create new secrets as binary data for storing certificates and private keys.

  5. CCC.SecMgmt.CP05 Update Secrets

    Ability to update a secret value or description after creation.

  6. CCC.SecMgmt.CP08 Secret Replication Policies

    Allows configuration of secret replication policies to control replication of secrets, supporting compliance with data residency requirements.

  7. CCC.SecMgmt.CP09 Secure Secret Retrieval

    Offers a secure API and SDK access for retrieving secrets, ensuring that secrets are transmitted securely to authorized clients.

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.SecMgmt.CP06 Soft Delete Secrets

    Prevent secrets from being deleted immediately. Soft deletion makes secrets inaccessible and schedules them for deletion after a recovery window.

  2. CCC.SecMgmt.CP07 Automatic Secret Rotation

    Supports automatic rotation of secrets based on a defined schedule or triggers to enhance security.