CCC-Complete (Behavioural) 0.1
Test results for this specific product, vendor, and version combination
| Vendor | FINOS |
| Product | CCC-Complete (Behavioural) |
| Version | 0.1 |
Download Raw Results
Download the original OCSF or HTML result files used to generate this page
Test Summary
Aggregate summary of all tests for this configuration result
| Resources In Configuration | 1 |
| Count of Tests | 22 |
| Passing Tests | 16 |
| Failing Tests | 6 |
| Catalogs Tested |
Control Catalog Summary
Summary of test results grouped by control catalog and resource
Test Mapping Summary
Summary of test mappings showing how event codes map to test requirements
| Control Catalog | Test Requirement | Mapped Tests (Event Code | Total | Passing | Failing) |
|---|---|---|
| CCC.Core | CCC.Core.CN01.AR01 When a port is exposed for non-SSH network traffic, all traffic
MUST include a TLS handshake AND be encrypted using TLS 1.3 or
higher.
| Service accepts TLS 1.3 encrypted traffic220 Service rejects TLS 1.0 traffic220 Service rejects TLS 1.1 traffic220 Service rejects TLS 1.2 traffic220 Verify no known SSL/TLS vulnerabilities220 Verify SSL/TLS protocol support202 Verify TLS 1.3 only certificate validity220 |
| CCC.Core | CCC.Core.CN01.AR03 When the service receives unencrypted traffic,
then it MUST either block the request or automatically
redirect it to the secure equivalent.
| HTTP redirects to HTTPS202 Only secure protocols are exposed220 |
| CCC.Core | CCC.Core.CN01.AR07 When a port is exposed, the service MUST ensure that the protocol
and service officially assigned to that port number by the IANA
Service Name and Transport Protocol Port Number Registry, and no
other, is run on that port.
| Verify HTTPS uses IANA-assigned port 443220 |
| CCC.Core | CCC.Core.CN01.AR08 When a service transmits data using TLS, mutual TLS (mTLS) MUST be
implemented to require both client and server certificate
authentication for all connections.
| Verify mTLS requires client certificate authentication202 |
Resource Summary
Summary of all resources mentioned in OCSF results
| Resource Name | Resource Type | Control Catalogs | Total Tests | Passing | Failing |
|---|---|---|---|---|---|
stgcfi20260410t090725z.blob.core.windows.net | object-storage | 22 | 16 | 6 |
Test Results
OCSF test results filtered for entries with CCC compliance mappings
| Status | Finding | Resource Name | Resource Type | Message | Test Requirements |
|---|---|---|---|---|---|
| PASS | Service accepts TLS 1.3 encrypted traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_3" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ "{connection}" state is open
✓ "{connection.State}" is "open"
✓ I close connection "{connection}"
✓ "{connection}" state is closed | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service accepts TLS 1.3 encrypted traffic | |
| PASS | Service rejects TLS 1.2 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_2" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.2 traffic | |
| PASS | Service rejects TLS 1.1 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_1" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.1 traffic | |
| PASS | Service rejects TLS 1.0 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.0 traffic | |
| FAIL | Verify SSL/TLS protocol support ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"
✗ "{report}" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]
⊘ "{report}" is an array of objects with at least the following contents (skipped) | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify SSL/TLS protocol support | |
| PASS | Verify no known SSL/TLS vulnerabilities ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "vulnerable" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify no known SSL/TLS vulnerabilities | |
| PASS | Verify TLS 1.3 only certificate validity ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify TLS 1.3 only certificate validity | |
| FAIL | HTTP redirects to HTTPS ✓ a client connects to "{hostName}" with protocol "http" on port "80"
✓ I refer to "{result}" as "connection"
✓ "{connection}" is not an error
✓ I transmit "GET / HTTP/1.1\r\nHost: {hostName}\r\n\r\n" to "{connection}"
✓ I attach "{connection}" to the test output as "HTTP response"
✗ "{connection.Output}" contains "301" - Error: expected {connection.Output} to contain '301', but got 'HTTP/1.1 400 The account being accessed does not support http.
Content-Length: 287
Content-Type: application/xml
x-ms-request-id: 410d23c7-201e-00ac-60ca-c87816000000
Date: Fri, 10 Apr 2026 09:15:35 GMT
<?xml version="1.0" encoding="utf-8"?><Error><Code>AccountRequiresHttps</Code><Message>The account being accessed does not support http.
RequestId:410d23c7-201e-00ac-60ca-c87816000000
Time:2026-04-10T09:15:36.2025529Z</Message><AccountName>stgcfi20260410t090725z</AccountName></Error>'
⊘ I call "{connection}" with "Close" (skipped)
⊘ "{connection.State}" is "closed" (skipped) | stgcfi20260410t090725z.blob.core.windows.net | object-storage | HTTP redirects to HTTPS | |
| PASS | Only secure protocols are exposed ✓ "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Only secure protocols are exposed | |
| PASS | Verify HTTPS uses IANA-assigned port 443 ✓ "{portNumber}" is "443" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify HTTPS uses IANA-assigned port 443 | |
| FAIL | Verify mTLS requires client certificate authentication ✓ "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"
✗ "{report}" is an array of objects with at least the following contents - Error: expected row not found: map[finding:required id:clientAuth] | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify mTLS requires client certificate authentication | |
| PASS | Service accepts TLS 1.3 encrypted traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_3" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ "{connection}" state is open
✓ "{connection.State}" is "open"
✓ I close connection "{connection}"
✓ "{connection}" state is closed | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service accepts TLS 1.3 encrypted traffic | |
| PASS | Service rejects TLS 1.2 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_2" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.2 traffic | |
| PASS | Service rejects TLS 1.1 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1_1" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.1 traffic | |
| PASS | Service rejects TLS 1.0 traffic ✓ a cloud api for "{Instance}" in "api"
✓ an openssl s_client request using "tls1" to "{portNumber}" on "{hostName}" protocol "{protocol}"
✓ I refer to "{result}" as "connection"
✓ we wait for a period of "40" ms
✓ "{connection.State}" is "closed" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Service rejects TLS 1.0 traffic | |
| FAIL | Verify SSL/TLS protocol support ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"
✗ "{report}" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]
⊘ "{report}" is an array of objects with at least the following contents (skipped) | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify SSL/TLS protocol support | |
| PASS | Verify no known SSL/TLS vulnerabilities ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "vulnerable" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify no known SSL/TLS vulnerabilities | |
| PASS | Verify TLS 1.3 only certificate validity ✓ a cloud api for "{Instance}" in "api"
✓ "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify TLS 1.3 only certificate validity | |
| FAIL | HTTP redirects to HTTPS ✓ a client connects to "{hostName}" with protocol "http" on port "80"
✓ I refer to "{result}" as "connection"
✓ "{connection}" is not an error
✓ I transmit "GET / HTTP/1.1\r\nHost: {hostName}\r\n\r\n" to "{connection}"
✓ I attach "{connection}" to the test output as "HTTP response"
✗ "{connection.Output}" contains "301" - Error: expected {connection.Output} to contain '301', but got 'HTTP/1.1 400 The account being accessed does not support http.
Content-Length: 287
Content-Type: application/xml
x-ms-request-id: 410d23c7-201e-00ac-60ca-c87816000000
Date: Fri, 10 Apr 2026 09:15:35 GMT
<?xml version="1.0" encoding="utf-8"?><Error><Code>AccountRequiresHttps</Code><Message>The account being accessed does not support http.
RequestId:410d23c7-201e-00ac-60ca-c87816000000
Time:2026-04-10T09:15:36.2025529Z</Message><AccountName>stgcfi20260410t090725z</AccountName></Error>'
⊘ I call "{connection}" with "Close" (skipped)
⊘ "{connection.State}" is "closed" (skipped) | stgcfi20260410t090725z.blob.core.windows.net | object-storage | HTTP redirects to HTTPS | |
| PASS | Only secure protocols are exposed ✓ "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"
✓ "{report}" is an array of objects with at least the following contents | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Only secure protocols are exposed | |
| PASS | Verify HTTPS uses IANA-assigned port 443 ✓ "{portNumber}" is "443" | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify HTTPS uses IANA-assigned port 443 | |
| FAIL | Verify mTLS requires client certificate authentication ✓ "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"
✗ "{report}" is an array of objects with at least the following contents - Error: expected row not found: map[finding:required id:clientAuth] | stgcfi20260410t090725z.blob.core.windows.net | object-storage | Verify mTLS requires client certificate authentication |