GRC Store

Search / finos-ccc/ccc.svlscomp.cn / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.SvlsComp.CN Control Catalog

FINOS-CCC/CCC.SvlsComp.CN

Controls for Serverless Computing technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.svlscomp.cn --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.svlscomp.cn:v2026.06-rc5
Manifest digest
sha256:b20b29e9fc6f171d7c64cc59e0cbe99feeaba145e8478fca9bfed4b0f7b0de38

Provenance

1 layer
Digest Media type Size
cfaa13c9202e… application/vnd.gemara.artifact.v1+yaml 4.8 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.SvlsComp.CN",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.svlscomp.cn",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/compute/serverless-computing/controls.yaml",
            "uri": "file://artifacts/compute/serverless-computing/controls.yaml",
            "digest": {
              "sha256": "cfaa13c9202e7de18f3f90769da24b9297c36a7928756b887285be4ef7f0d3f2"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:46:49.930937495Z",
          "finishedOn": "2026-06-01T17:46:50.024628567Z"
        },
        "byproducts": [
          {
            "name": "controls.yaml",
            "digest": {
              "sha256": "cfaa13c9202e7de18f3f90769da24b9297c36a7928756b887285be4ef7f0d3f2"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "controls.yaml",
      "type": "ControlCatalog",
      "id": "CCC.SvlsComp.CN",
      "role": "artifact"
    }
  ]
}

CCC Serverless Computing Controls

Controls for Serverless Computing technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.SvlsComp.CN
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Networking

The Networking group covers entries related to network infrastructure, connectivity, and traffic management. This includes virtual networks, subnets, load balancing, DNS, routing, peering, and network-level access controls.

  1. CCC.SvlsComp.CN01 Enforce Use of Private Endpoints for Serverless Function

    Objective

    Ensure that the serverless function is accessible only through a private endpoint, allowing it to communicate securely within a virtual private network and preventing unauthorized external access.

    Assessment requirements

    1. Attempt to access the serverless function over the public internet and verify that access is denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.AC-5Network integrity is protected
    • NIST_800_53
      • SC-7Boundary Protection
      • SC-8Transmission Confidentiality and Integrity
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH01Access control is misconfigured

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.SvlsComp.CN02 Implement Function Invocation Rate Limits

    Objective

    Ensure that function invocation is limited to a specified threshold from any single entity, preventing resource exhaustion and denial of service attacks.

    Assessment requirements

    1. Send requests to invoke the function up to the allowed threshold and confirm they are successful; then send additional requests exceeding the threshold from the same entity and verify that they are denied.

      Applicability: tlp-red, tlp-amber

    Guidelines
    • NIST-CSF
      • PR.DS-4Adequate capacity to ensure availability
    • NIST_800_53
      • SC-5Denial of Service Protection
    Threats
    • CCC.Core.Threats
      • CCC.Core.TH12Resource constraints are exhausted