💼 CC6.1-7 Restricts Access to Information Assets

• ID: /frameworks/soc-2/cc6/01/07

Description

Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access control rules for information assets.

Similar

• Internal
  • ID: dec-c-ea331b08

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (27)

Policy	Logic Count	Flags	Compliance
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢	1	🟢 x6	no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢	1	🟢 x6	no data
🛡️ Azure Network Security Group allows public access to SSH port🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢	1	🟢 x6	no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Instance has public IP addresses🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off🟢	1	🟢 x6	no data
🛡️ Google GCE Instance has a public IP address🟢	1	🟢 x6	no data
🛡️ Google IAM Service Account has admin privileges🟢	1	🟢 x6	no data
🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢	1	🟢 x6	no data
🛡️ Google KMS Crypto Key is anonymously or publicly accessible🟠🟢⚪		🟠 x1, 🟢 x2, ⚪ x1	no data
🛡️ Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock🟢	1	🟢 x6	no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢	1	🟢 x6	no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢	1	🟢 x6	no data
🛡️ Google Storage Bucket Uniform Bucket-Level Access is not enabled🟢	1	🟢 x6	no data
🛡️ Google User has both Service Account Admin and Service Account User roles assigned🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-3e379c67	1
✉️ dec-x-6eab9b88	1
✉️ dec-x-11c3009f	1
✉️ dec-x-42a09084	1
✉️ dec-x-293ab45b	1
✉️ dec-x-599c86b4	1
✉️ dec-x-66358b45	1
✉️ dec-x-083928f5	1
✉️ dec-x-bcae85fb	2
✉️ dec-x-ca1c0c0d	1
✉️ dec-x-f12d78aa	1
✉️ dec-z-dbeeed9f	1
✉️ dec-z-f778950c	1