GRC Store

Search / finos-ccc/ccc.svlscomp.cn / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.SvlsComp.CN Control Catalog

FINOS-CCC/CCC.SvlsComp.CN

Controls for Serverless Computing technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.svlscomp.cn --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.svlscomp.cn:v2026.06-rc4
Manifest digest
sha256:3b9f5aa605a2945ccf8ebfc3444e78bec6e7b961cbcd8d4710d8a46e9709b469

Provenance

1 layer
Digest Media type Size
cfbb92a98616… application/vnd.gemara.artifact.v1+yaml 4.8 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.SvlsComp.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.svlscomp.cn",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/compute/serverless-computing/controls.yaml",
            "uri": "file://artifacts/compute/serverless-computing/controls.yaml",
            "digest": {
              "sha256": "cfbb92a986169d368173507d1dd83bc0f7fb1dae4b4f7d5acca5cdf42e4e6910"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:27:45.124790379Z",
          "finishedOn": "2026-06-01T17:27:45.412326072Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "cfbb92a986169d368173507d1dd83bc0f7fb1dae4b4f7d5acca5cdf42e4e6910"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.SvlsComp.CN",
      "role": "artifact"
    }
  ]
}

CCC Serverless Computing Controls

Controls for Serverless Computing technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.SvlsComp.CN
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Networking

The Networking group covers entries related to network infrastructure, connectivity, and traffic management. This includes virtual networks, subnets, load balancing, DNS, routing, peering, and network-level access controls.

  1. CCC.SvlsComp.CN01 Enforce Use of Private Endpoints for Serverless Function

    Objective

    Ensure that the serverless function is accessible only through a private endpoint, allowing it to communicate securely within a virtual private network and preventing unauthorized external access.

    Assessment requirements

    1. Attempt to access the serverless function over the public internet and verify that access is denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-5Network integrity is protected
    • NIST_800_53
      • SC-7Boundary Protection
      • SC-8Transmission Confidentiality and Integrity
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Access control is misconfigured

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.SvlsComp.CN02 Implement Function Invocation Rate Limits

    Objective

    Ensure that function invocation is limited to a specified threshold from any single entity, preventing resource exhaustion and denial of service attacks.

    Assessment requirements

    1. Send requests to invoke the function up to the allowed threshold and confirm they are successful; then send additional requests exceeding the threshold from the same entity and verify that they are denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.DS-4Adequate capacity to ensure availability
    • NIST_800_53
      • SC-5Denial of Service Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH12Resource constraints are exhausted