diff --git a/services/database/warehouse/controls.yaml b/services/database/warehouse/controls.yaml
new file mode 100644
index 00000000..99aba9da
--- /dev/null
+++ b/services/database/warehouse/controls.yaml
@@ -0,0 +1,71 @@
+common_controls:
+  - CCC.C01 # Prevent unencrypted requests
+  - CCC.C02 # Ensure data encryption at rest for all stored data
+  - CCC.C03 # Log all access and changes
+  - CCC.C04 # Implement multi-factor authentication (MFA) for access
+  - CCC.C05 # Prevent access from untrusted entities
+  - CCC.C06 # Prevent deployment in restricted regions
+  - CCC.C07 # Alert on non-human enumeration
+  - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs
+  - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter
+
+controls:
+  - id: CCC.DataWar.C01 # Enforce Use of Managed Views for Data Access
+    title: Enforce Use of Managed Views for Data Access
+    objective: |
+      Ensure that data access is provided through managed views, restricting users from accessing underlying tables directly and enforcing consistent security policies.
+    control_family: Data
+    threats:
+      - CCC.TH01 # Access control is misconfigured
+    nist_csf: PR.AC-4 # Access permissions and authorizations are managed
+    control_mappings:
+      NIST_800_53:
+        - AC-3 # Access Enforcement
+        - AC-6 # Least Privilege
+    test_requirements:
+      - id: CCC.DataWar.C01.TR01
+        text: |
+          Attempt to access underlying database tables directly without using managed views and verify that access is denied.
+        tlp_levels:
+          - tlp_red
+          - tlp_amber
+
+  - id: CCC.DataWar.C02 # Enforce Column-Level Security Policies
+    title: Enforce Column-Level Security Policies
+    objective: |
+      Ensure that access to sensitive data columns is restricted based on user roles, preventing unauthorized access to sensitive information.
+    control_family: Data
+    threats:
+      - CCC.TH01 # Access control is misconfigured
+    nist_csf: PR.AC-4 # Access permissions and authorizations are managed
+    control_mappings:
+      NIST_800_53:
+        - AC-3 # Access Enforcement
+        - AC-6 # Least Privilege
+    test_requirements:
+      - id: CCC.DataWar.C02.TR01
+        text: |
+          Attempt to query sensitive columns without the necessary permissions and verify that access is denied or data is masked.
+        tlp_levels:
+          - tlp_red
+          - tlp_amber
+
+  - id: CCC.DataWar.C03 # Enforce Row-Level Security Policies
+    title: Enforce Row-Level Security Policies
+    objective: |
+      Ensure that access to data rows is restricted based on user roles or attributes, preventing unauthorized access to specific subsets of data.
+    control_family: Data
+    threats:
+      - CCC.TH01 # Access control is misconfigured
+    nist_csf: PR.AC-4 # Access permissions and authorizations are managed
+    control_mappings:
+      NIST_800_53:
+        - AC-3 # Access Enforcement
+        - AC-6 # Least Privilege
+    test_requirements:
+      - id: CCC.DataWar.C03.TR01
+        text: |
+          Attempt to query data rows that the user should not have access to and verify that access is denied or data is not returned.
+        tlp_levels:
+          - tlp_red
+          - tlp_amber