Skip to main content

💼 CC6.1-7 Restricts Access to Information Assets

  • ID: /frameworks/soc-2/cc6/01/07

Stats

not available

Description

Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access control rules for information assets.

Similar

  • Internal
    • ID: dec-c-ea331b08

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (27)

PolicyLogic CountFlagsCompliance
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to SSH port🟢1🟢 x6no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses🟢1🟢 x6no data
🛡️ Google Cloud SQL Instance has public IP addresses🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google GCE Instance has a public IP address🟢1🟢 x6no data
🛡️ Google IAM Service Account has admin privileges🟢1🟢 x6no data
🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢1🟢 x6no data
🛡️ Google KMS Crypto Key is anonymously or publicly accessible🟠🟢⚪🟠 x1, 🟢 x2, ⚪ x1no data
🛡️ Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock🟢1🟢 x6no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢1🟢 x6no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Storage Bucket Uniform Bucket-Level Access is not enabled🟢1🟢 x6no data
🛡️ Google User has both Service Account Admin and Service Account User roles assigned🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-3e379c671
✉️ dec-x-6eab9b881
✉️ dec-x-11c3009f1
✉️ dec-x-42a090841
✉️ dec-x-293ab45b1
✉️ dec-x-599c86b41
✉️ dec-x-66358b451
✉️ dec-x-083928f51
✉️ dec-x-bcae85fb2
✉️ dec-x-ca1c0c0d1
✉️ dec-x-f12d78aa1
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1