← Frameworks / FINOS CCC / Control Mappings

FINOS Common Cloud Controls

Open standard for consistent cloud security controls in financial services. Defines cybersecurity, resiliency, and compliance controls for common cloud services across major providers.

Controls: 62

Total Mappings: 74

Publisher: FINOS (Fintech Open Source Foundation) Version: 2025.10

FINOS CCC → SP 800-53 SP 800-53 → FINOS CCC Coverage Analysis

AC (7) AU (5) CA (2) CM (11) CP (3) IA (3) IR (6) MP (7) PL (2) PM (1) RA (3) SC (9) SI (3)

AC Access Control

Control	Name	FINOS CCC References
AC-02	Account Management	CCC-C11
AC-03	Access Enforcement	CCC-C05CCC-C11
AC-04	Information Flow Enforcement	CCC-C05CCC-C09
AC-06	Least Privilege	CCC-C11CCC-C12
AC-16	Automated Labeling	CCC-C16
AC-17	Remote Access	CCC-C05
AC-20	Use Of External Information Systems	CCC-C05

AU Audit and Accountability

Control	Name	FINOS CCC References
AU-02	Auditable Events	CCC-C04CCC-C17
AU-03	Content Of Audit Records	CCC-C04CCC-C17
AU-06	Audit Monitoring, Analysis, And Reporting	CCC-C04CCC-C08CCC-C17
AU-12	Audit Record Generation	CCC-C04CCC-C17
AU-16	Cross-Organizational Audit Logging	CCC-C17

CA Security Assessment and Authorization

Control	Name	FINOS CCC References
CA-07	Continuous Monitoring	CCC-C08
CA-09	Internal System Connections	CCC-C05

CM Configuration Management

Control	Name	FINOS CCC References
CM-02	Baseline Configuration	CCC-C14
CM-03	Configuration Change Control	CCC-C07
CM-04	Monitoring Configuration Changes	CCC-C07
CM-05	Access Restrictions For Change	CCC-C07
CM-06	Configuration Settings	CCC-C14
CM-07	Least Functionality	CCC-C14
CM-08	Information System Component Inventory	CCC-C06
CM-09	Configuration Management Plan	CCC-C07
CM-12	Information Location	CCC-C06CCC-C16
CM-13	Data Action Mapping	CCC-C04CCC-C16
CM-14	Signed Components	CCC-C07

CP Contingency Planning

Control	Name	FINOS CCC References
CP-06	Alternate Storage Site	CCC-C13
CP-09	Information System Backup	CCC-C13
CP-10	Information System Recovery And Reconstitution	CCC-C13

IA Identification and Authentication

Control	Name	FINOS CCC References
IA-02	User Identification And Authentication	CCC-C03CCC-C11
IA-04	Identifier Management	CCC-C11
IA-05	Authenticator Management	CCC-C11

IR Incident Response

Control	Name	FINOS CCC References
IR-01	Incident Response Policy And Procedures	CCC-C15
IR-04	Incident Handling	CCC-C15
IR-05	Incident Monitoring	CCC-C15
IR-06	Incident Reporting	CCC-C15
IR-08	Incident Response Plan	CCC-C15
IR-09	Information Spillage Response	CCC-C15

MP Media Protection

Control	Name	FINOS CCC References
MP-01	Media Protection Policy And Procedures	CCC-C16
MP-02	Media Access	CCC-C16
MP-03	Media Labeling	CCC-C16
MP-04	Media Storage	CCC-C16
MP-05	Media Transport	CCC-C16
MP-06	Media Sanitization And Disposal	CCC-C16
MP-07	Media Use	CCC-C16

PL Planning

Control	Name	FINOS CCC References
PL-10	Baseline Selection	CCC-C14
PL-11	Baseline Tailoring	CCC-C14

PM Program Management

Control	Name	FINOS CCC References
PM-05	System Inventory	CCC-C06

RA Risk Assessment

Control	Name	FINOS CCC References
RA-02	Security Categorization	CCC-C16
RA-05	Vulnerability Scanning	CCC-C10
RA-07	Risk Response	CCC-C10

SC System and Communications Protection

Control	Name	FINOS CCC References
SC-07	Boundary Protection	CCC-C05CCC-C09
SC-08	Transmission Integrity	CCC-C01
SC-12	Cryptographic Key Establishment And Management	CCC-C02
SC-13	Use Of Cryptography	CCC-C01
SC-23	Session Authenticity	CCC-C01
SC-28	Protection of Information at Rest	CCC-C02
SC-32	System Partitioning	CCC-C09
SC-46	Cross Domain Policy Enforcement	CCC-C09
SC-48	Sensor Relocation	CCC-C08

SI System and Information Integrity

Control	Name	FINOS CCC References
SI-02	Flaw Remediation	CCC-C10
SI-04	Information System Monitoring Tools And Techniques	CCC-C08
SI-05	Security Alerts And Advisories	CCC-C10