From af72ffd7e1a8d24b7dc3ee9fdbcd810ac320c3c3 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Mon, 21 Oct 2024 09:47:43 -0500 Subject: [PATCH 1/2] Create controls.yaml in collaboration with @nas-hub --- services/database/warehouse/controls.yaml | 164 ++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 services/database/warehouse/controls.yaml diff --git a/services/database/warehouse/controls.yaml b/services/database/warehouse/controls.yaml new file mode 100644 index 00000000..40b7d46b --- /dev/null +++ b/services/database/warehouse/controls.yaml @@ -0,0 +1,164 @@ +common_controls: + - CCC.C01 # Prevent unencrypted requests + - CCC.C02 # Ensure data encryption at rest for all stored data + - CCC.C03 # Implement multi-factor authentication (MFA) for access + - CCC.C04 # Log all access and changes + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions + - CCC.C07 # Alert on non-human enumeration + - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + +controls: + - id: CCC.DataWar.C01 # Prevent Datasets from Being Publicly Accessible + title: Prevent Datasets from Being Publicly Accessible + objective: | + Ensure that datasets in the Cloud Data Warehouse are not publicly readable or set to `allUsers` or `allAuthenticatedUsers`, both at the dataset level and via IAM policies. This prevents unauthorized data access and potential data leakage. + control_family: Identity and Access Management + threats: + - CCC.TH01 # Unauthorized access through elevated privileges + - CCC.TH06 # Data is lost or corrupted + nist_csf: PR.AC-4 # Access permissions are managed with least privilege + control_mappings: + CCM: + - IAM-12 # Identity and Access Management + ISO_27001: + - 2013 A.9.1.2 # Access to networks and network services + NIST_800_53: + - AC-3 # Access Enforcement + - AC-6 # Least Privilege + test_requirements: + - id: CCC.DataWar.C01.TR01 + text: | + Verify that no datasets are accessible by `allUsers` or `allAuthenticatedUsers` in the Cloud Data Warehouse. + tlp_levels: + - tlp_red + - tlp_amber + - id: CCC.DataWar.C01.TR02 + text: | + Check IAM policies for datasets to ensure no bindings include `allUsers` or `allAuthenticatedUsers`. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.DataWar.C02 # Encrypt Individual Values in Tables + title: Encrypt Individual Values in Tables + objective: | + Enhance data security by encrypting individual sensitive data values within tables using authenticated encryption functions, protecting data at a granular level. + control_family: Data Protection + threats: + - CCC.TH06 # Data is lost or corrupted + - CCC.TH02 # Data is intercepted in transit + nist_csf: PR.DS-5 # Protections against data leaks are implemented + control_mappings: + CCM: + - DSI-06 # Data Encryption + ISO_27001: + - 2013 A.10.1.1 # Cryptographic controls + NIST_800_53: + - SC-13 # Cryptographic Protection + test_requirements: + - id: CCC.DataWar.C02.TR01 + text: | + Verify that sensitive data fields are encrypted using appropriate encryption functions within the database. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.DataWar.C03 # Use Authorized Views for Data Sharing + title: Use Authorized Views for Data Sharing + objective: | + Implement authorized views to share query results with specific users or groups without granting direct access to the underlying source data, enhancing data security and privacy. + control_family: Identity and Access Management + threats: + - CCC.TH01 # Unauthorized access through elevated privileges + - CCC.DataWar.TH02 # Data Exfiltration via Unauthorized Views + nist_csf: PR.AC-4 # Access permissions are managed with least privilege + control_mappings: + CCM: + - IAM-12 # Identity and Access Management + ISO_27001: + - 2013 A.9.1.2 # Access to networks and network services + NIST_800_53: + - AC-3 # Access Enforcement + - AC-6 # Least Privilege + test_requirements: + - id: CCC.DataWar.C03.TR01 + text: | + Ensure that authorized views are used to grant access to query results without exposing underlying data. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.DataWar.C04 # Implement Column-Level Security + title: Implement Column-Level Security + objective: | + Apply column-level security policies to enforce fine-grained access control, ensuring users can only access data they are authorized to view, enhancing compliance and data protection. + control_family: Identity and Access Management + threats: + - CCC.TH01 # Unauthorized access through elevated privileges + - CCC.DataWar.TH03 # Exposure of Sensitive Data through Inadequate Column-Level Security + nist_csf: PR.AC-4 # Access permissions are managed with least privilege + control_mappings: + CCM: + - IAM-12 # Identity and Access Management + ISO_27001: + - 2013 A.9.1.2 # Access to networks and network services + NIST_800_53: + - AC-3 # Access Enforcement + - AC-6 # Least Privilege + test_requirements: + - id: CCC.DataWar.C04.TR01 + text: | + Verify that column-level security policies are configured and enforced for sensitive columns. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.DataWar.C05 # Implement Row-Level Security + title: Implement Row-Level Security + objective: | + Enforce row-level security policies to provide fine-grained access control to subsets of data within tables, ensuring users access only the data pertinent to them. + control_family: Identity and Access Management + threats: + - CCC.TH01 # Unauthorized access through elevated privileges + nist_csf: PR.AC-4 # Access permissions are managed with least privilege + control_mappings: + CCM: + - IAM-12 # Identity and Access Management + ISO_27001: + - 2013 A.9.1.2 # Access to networks and network services + NIST_800_53: + - AC-3 # Access Enforcement + - AC-6 # Least Privilege + test_requirements: + - id: CCC.DataWar.C05.TR01 + text: | + Ensure row-level security policies are implemented and correctly restrict access to data rows based on user roles. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.DataWar.C06 # Monitor Resource Usage with Admin Resource Charts + title: Monitor Resource Usage with Admin Resource Charts + objective: | + Utilize administrative resource monitoring tools to observe and manage resource utilization, query performance, and slot usage within the Cloud Data Warehouse, ensuring efficient operation and cost management. + control_family: Monitoring and Logging + threats: + - CCC.TH12 # Resource constraints are exhausted + nist_csf: DE.DP-4 # Detection processes are tested + control_mappings: + CCM: + - TVM-02 # Vulnerability Management + ISO_27001: + - 2013 A.12.6.1 # Management of technical vulnerabilities + NIST_800_53: + - SI-2 # Flaw Remediation + test_requirements: + - id: CCC.DataWar.C06.TR01 + text: | + Verify that resource monitoring tools (e.g., Admin Resource Charts) are configured and actively monitored for resource utilization and performance metrics. + tlp_levels: + - tlp_green + - tlp_amber + - tlp_red From b29cea6f991800a3f8d7372b98e76753dc0e5c5b Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Thu, 7 Nov 2024 08:32:07 -0600 Subject: [PATCH 2/2] Update controls.yaml Updated Test requirements + GCP Specific Terms --- services/database/warehouse/controls.yaml | 165 +++++----------------- 1 file changed, 36 insertions(+), 129 deletions(-) diff --git a/services/database/warehouse/controls.yaml b/services/database/warehouse/controls.yaml index 40b7d46b..99aba9da 100644 --- a/services/database/warehouse/controls.yaml +++ b/services/database/warehouse/controls.yaml @@ -1,164 +1,71 @@ common_controls: - - CCC.C01 # Prevent unencrypted requests - - CCC.C02 # Ensure data encryption at rest for all stored data - - CCC.C03 # Implement multi-factor authentication (MFA) for access - - CCC.C04 # Log all access and changes - - CCC.C05 # Prevent access from untrusted entities - - CCC.C06 # Prevent deployment in restricted regions - - CCC.C07 # Alert on non-human enumeration - - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs - - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + - CCC.C01 # Prevent unencrypted requests + - CCC.C02 # Ensure data encryption at rest for all stored data + - CCC.C03 # Log all access and changes + - CCC.C04 # Implement multi-factor authentication (MFA) for access + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions + - CCC.C07 # Alert on non-human enumeration + - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter controls: - - id: CCC.DataWar.C01 # Prevent Datasets from Being Publicly Accessible - title: Prevent Datasets from Being Publicly Accessible + - id: CCC.DataWar.C01 # Enforce Use of Managed Views for Data Access + title: Enforce Use of Managed Views for Data Access objective: | - Ensure that datasets in the Cloud Data Warehouse are not publicly readable or set to `allUsers` or `allAuthenticatedUsers`, both at the dataset level and via IAM policies. This prevents unauthorized data access and potential data leakage. - control_family: Identity and Access Management + Ensure that data access is provided through managed views, restricting users from accessing underlying tables directly and enforcing consistent security policies. + control_family: Data threats: - - CCC.TH01 # Unauthorized access through elevated privileges - - CCC.TH06 # Data is lost or corrupted - nist_csf: PR.AC-4 # Access permissions are managed with least privilege + - CCC.TH01 # Access control is misconfigured + nist_csf: PR.AC-4 # Access permissions and authorizations are managed control_mappings: - CCM: - - IAM-12 # Identity and Access Management - ISO_27001: - - 2013 A.9.1.2 # Access to networks and network services NIST_800_53: - - AC-3 # Access Enforcement - - AC-6 # Least Privilege + - AC-3 # Access Enforcement + - AC-6 # Least Privilege test_requirements: - id: CCC.DataWar.C01.TR01 text: | - Verify that no datasets are accessible by `allUsers` or `allAuthenticatedUsers` in the Cloud Data Warehouse. - tlp_levels: - - tlp_red - - tlp_amber - - id: CCC.DataWar.C01.TR02 - text: | - Check IAM policies for datasets to ensure no bindings include `allUsers` or `allAuthenticatedUsers`. + Attempt to access underlying database tables directly without using managed views and verify that access is denied. tlp_levels: - tlp_red - tlp_amber - - id: CCC.DataWar.C02 # Encrypt Individual Values in Tables - title: Encrypt Individual Values in Tables + - id: CCC.DataWar.C02 # Enforce Column-Level Security Policies + title: Enforce Column-Level Security Policies objective: | - Enhance data security by encrypting individual sensitive data values within tables using authenticated encryption functions, protecting data at a granular level. - control_family: Data Protection + Ensure that access to sensitive data columns is restricted based on user roles, preventing unauthorized access to sensitive information. + control_family: Data threats: - - CCC.TH06 # Data is lost or corrupted - - CCC.TH02 # Data is intercepted in transit - nist_csf: PR.DS-5 # Protections against data leaks are implemented + - CCC.TH01 # Access control is misconfigured + nist_csf: PR.AC-4 # Access permissions and authorizations are managed control_mappings: - CCM: - - DSI-06 # Data Encryption - ISO_27001: - - 2013 A.10.1.1 # Cryptographic controls NIST_800_53: - - SC-13 # Cryptographic Protection + - AC-3 # Access Enforcement + - AC-6 # Least Privilege test_requirements: - id: CCC.DataWar.C02.TR01 text: | - Verify that sensitive data fields are encrypted using appropriate encryption functions within the database. + Attempt to query sensitive columns without the necessary permissions and verify that access is denied or data is masked. tlp_levels: - tlp_red - tlp_amber - - id: CCC.DataWar.C03 # Use Authorized Views for Data Sharing - title: Use Authorized Views for Data Sharing + - id: CCC.DataWar.C03 # Enforce Row-Level Security Policies + title: Enforce Row-Level Security Policies objective: | - Implement authorized views to share query results with specific users or groups without granting direct access to the underlying source data, enhancing data security and privacy. - control_family: Identity and Access Management + Ensure that access to data rows is restricted based on user roles or attributes, preventing unauthorized access to specific subsets of data. + control_family: Data threats: - - CCC.TH01 # Unauthorized access through elevated privileges - - CCC.DataWar.TH02 # Data Exfiltration via Unauthorized Views - nist_csf: PR.AC-4 # Access permissions are managed with least privilege + - CCC.TH01 # Access control is misconfigured + nist_csf: PR.AC-4 # Access permissions and authorizations are managed control_mappings: - CCM: - - IAM-12 # Identity and Access Management - ISO_27001: - - 2013 A.9.1.2 # Access to networks and network services NIST_800_53: - - AC-3 # Access Enforcement - - AC-6 # Least Privilege + - AC-3 # Access Enforcement + - AC-6 # Least Privilege test_requirements: - id: CCC.DataWar.C03.TR01 text: | - Ensure that authorized views are used to grant access to query results without exposing underlying data. - tlp_levels: - - tlp_red - - tlp_amber - - - id: CCC.DataWar.C04 # Implement Column-Level Security - title: Implement Column-Level Security - objective: | - Apply column-level security policies to enforce fine-grained access control, ensuring users can only access data they are authorized to view, enhancing compliance and data protection. - control_family: Identity and Access Management - threats: - - CCC.TH01 # Unauthorized access through elevated privileges - - CCC.DataWar.TH03 # Exposure of Sensitive Data through Inadequate Column-Level Security - nist_csf: PR.AC-4 # Access permissions are managed with least privilege - control_mappings: - CCM: - - IAM-12 # Identity and Access Management - ISO_27001: - - 2013 A.9.1.2 # Access to networks and network services - NIST_800_53: - - AC-3 # Access Enforcement - - AC-6 # Least Privilege - test_requirements: - - id: CCC.DataWar.C04.TR01 - text: | - Verify that column-level security policies are configured and enforced for sensitive columns. - tlp_levels: - - tlp_red - - tlp_amber - - - id: CCC.DataWar.C05 # Implement Row-Level Security - title: Implement Row-Level Security - objective: | - Enforce row-level security policies to provide fine-grained access control to subsets of data within tables, ensuring users access only the data pertinent to them. - control_family: Identity and Access Management - threats: - - CCC.TH01 # Unauthorized access through elevated privileges - nist_csf: PR.AC-4 # Access permissions are managed with least privilege - control_mappings: - CCM: - - IAM-12 # Identity and Access Management - ISO_27001: - - 2013 A.9.1.2 # Access to networks and network services - NIST_800_53: - - AC-3 # Access Enforcement - - AC-6 # Least Privilege - test_requirements: - - id: CCC.DataWar.C05.TR01 - text: | - Ensure row-level security policies are implemented and correctly restrict access to data rows based on user roles. + Attempt to query data rows that the user should not have access to and verify that access is denied or data is not returned. tlp_levels: - tlp_red - tlp_amber - - - id: CCC.DataWar.C06 # Monitor Resource Usage with Admin Resource Charts - title: Monitor Resource Usage with Admin Resource Charts - objective: | - Utilize administrative resource monitoring tools to observe and manage resource utilization, query performance, and slot usage within the Cloud Data Warehouse, ensuring efficient operation and cost management. - control_family: Monitoring and Logging - threats: - - CCC.TH12 # Resource constraints are exhausted - nist_csf: DE.DP-4 # Detection processes are tested - control_mappings: - CCM: - - TVM-02 # Vulnerability Management - ISO_27001: - - 2013 A.12.6.1 # Management of technical vulnerabilities - NIST_800_53: - - SI-2 # Flaw Remediation - test_requirements: - - id: CCC.DataWar.C06.TR01 - text: | - Verify that resource monitoring tools (e.g., Admin Resource Charts) are configured and actively monitored for resource utilization and performance metrics. - tlp_levels: - - tlp_green - - tlp_amber - - tlp_red