← Frameworks / Cloud Controls

FINOS Common Cloud Controls

Open standard for consistent cloud security controls in financial services. Defines cybersecurity, resiliency, and compliance controls for common cloud services across major providers.

Clauses: 17

Avg Coverage: 90.6%

Publisher: FINOS (Fintech Open Source Foundation) Version: 2025.10

FINOS CCC → SP 800-53 SP 800-53 → FINOS CCC Coverage Analysis

Clause	Title	SP 800-53 Controls
CCC-C01	Prevent Unencrypted Requests	SC-08 SC-13 SC-23
CCC-C02	Ensure Data Encryption at Rest Utilizes Customer Managed Encryption Keys	SC-12 SC-28
CCC-C03	Implement Multi-Factor Authentication (MFA) for Access	IA-02
CCC-C04	Log All Access and Changes	AU-02 AU-03 AU-06 AU-12 CM-13
CCC-C05	Prevent Access from Untrusted Entities	AC-03 AC-04 SC-07 AC-17 AC-20 CA-09
CCC-C06	Ensure Resource Inventory	CM-08 CM-12 PM-05
CCC-C07	Implement Change Management Procedures	CM-03 CM-04 CM-05 CM-09 CM-14
CCC-C08	Enable Security Monitoring and Alerting	AU-06 CA-07 SC-48 SI-04
CCC-C09	Implement Network Segmentation	SC-07 SC-32 AC-04 SC-46
CCC-C10	Implement Vulnerability Management	RA-05 SI-02 SI-05 RA-07
CCC-C11	Implement Identity and Access Management (IAM)	AC-02 AC-03 AC-06 IA-02 IA-04 IA-05
CCC-C12	Enforce Least Privilege Access	AC-06
CCC-C13	Implement Backup and Recovery	CP-09 CP-06 CP-10
CCC-C14	Maintain Secure Configuration Baselines	CM-02 CM-06 CM-07 PL-10 PL-11
CCC-C15	Implement Incident Response Procedures	IR-01 IR-04 IR-05 IR-06 IR-08 IR-09
CCC-C16	Ensure Data Classification and Handling	RA-02 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 AC-16 CM-12 CM-13
CCC-C17	Enable Audit Logging for Cloud Services	AU-02 AU-03 AU-06 AU-12 AU-16