AWS CloudHSM provides hardware security modules (HSM) in the AWS Cloud. Using this service allows generating, storing, importing, exporting, and managing cryptographic keys, including symmetric keys and asymmetric key pairs.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| aws_cloudhsm | AWS CloudHSM | protect | minimal | T1552 | Unsecured Credentials |
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1552.001 | Credentials In Files |
Comments
This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | significant | T1552.004 | Private Keys |
Comments
This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1553 | Subvert Trust Controls |
Comments
This service provides protection against sub-techniques involved with stealing credentials, certificates, and keys from the organization.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1553.002 | Code Signing |
Comments
Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1553.004 | Install Root Certificate |
Comments
Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1588 | Obtain Capabilities |
Comments
This service provides protection against sub-techniques involved with stealing credentials, certificates, keys from the organization.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1588.003 | Code Signing Certificates |
Comments
Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1588.004 | Digital Certificates |
Comments
Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
References
|
| aws_cloudhsm | AWS CloudHSM | protect | partial | T1649 | Steal or Forge Authentication Certificates |
Comments
This service provides protection against sub-techniques involved with stealing credentials, certificates, and keys from the organization.
References
|