⭐ Repository → 💼 SOC 2 → 💼 CC6 Logical and Physical Access Controls → 💼 CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.

💼 CC6.1-3 Restricts Logical Access

• ID: /frameworks/soc-2/cc6/01/03

Description

Logical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets.

Similar

• Internal
  • ID: dec-c-ee31bffc

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (21)

Policy	Logic Count	Flags	Compliance
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢	1	🟢 x6	no data
🛡️ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK)🟢	1	🟢 x6	no data
🛡️ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance has public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off🟢	1	🟢 x6	no data
🛡️ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key🟢	1	🟢 x6	no data
🛡️ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK)🟢	1	🟢 x6	no data
🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢	1	🟢 x6	no data
🛡️ Google GCE Instance Confidential Compute is not enabled🟢	1	🟢 x6	no data
🛡️ Google GCE Instance has a public IP address🟢	1	🟢 x6	no data
🛡️ Google IAM Service Account has admin privileges🟢	1	🟢 x6	no data
🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢	1	🟢 x6	no data
🛡️ Google KMS Crypto Key is anonymously or publicly accessible🟠🟢⚪		🟠 x1, 🟢 x2, ⚪ x1	no data
🛡️ Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock🟢	1	🟢 x6	no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google Storage Bucket Uniform Bucket-Level Access is not enabled🟢	1	🟢 x6	no data
🛡️ Google User has both Service Account Admin and Service Account User roles assigned🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-bcae85fb	2