💼 CC6.1-7 Restricts Access to Information Assets

Contextual name: 💼 CC6.1-7 Restricts Access to Information Assets
ID: /frameworks/soc-2/cc6/01/07
Located in: 💼 CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.

Description

Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access control rules for information assets.

Similar

Internal
- ID: dec-c-ea331b08

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (25)

Policy	Logic Count	Flags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted DNS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted ICMP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢	1	🟢 x6
📝 Azure Storage Account Allow Blob Anonymous Access is set enabled 🟢	1	🟢 x6
📝 Google BigQuery Dataset is anonymously or publicly accessible 🟢	1	🟢 x6
📝 Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on 🟢	1	🟢 x6
📝 Google Cloud SQL Instance External Authorized Networks do not whitelist all public IP addresses 🟢	1	🟢 x6
📝 Google Cloud SQL Instance has public IP addresses 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off 🟢	1	🟢 x6
📝 Google GCE Instance has a public IP address 🟢	1	🟢 x6
📝 Google IAM Service Account has admin privileges 🟢	1	🟢 x6
📝 Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level 🟢	1	🟢 x6
📝 Google KMS Crypto Key is anonymously or publicly accessible 🟠🟢		🟠 x1, 🟢 x3
📝 Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock 🟢	1	🟢 x6
📝 Google Storage Bucket is anonymously or publicly accessible 🟢	1	🟢 x6
📝 Google Storage Bucket Uniform Bucket-Level Access is not enabled 🟢	1	🟢 x6
📝 Google User has both Service Account Admin and Service Account User roles assigned 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-3e379c67	1
✉️ dec-x-6eab9b88	1
✉️ dec-x-11c3009f	1
✉️ dec-x-42a09084	1
✉️ dec-x-293ab45b	1
✉️ dec-x-66358b45	1
✉️ dec-x-083928f5	1
✉️ dec-x-bcae85fb	2
✉️ dec-x-ca1c0c0d	1
✉️ dec-x-f12d78aa	1
✉️ dec-z-dbeeed9f	1
✉️ dec-z-f778950c	1

Description​

Similar​

Sub Sections​

Policies (25)​

Internal Rules​

Description

Similar

Sub Sections

Policies (25)

Internal Rules