1. Home
  2. Mapping Frameworks
  3. AWS Home
  4. AWS CloudHSM

AWS aws_cloudhsm Mappings

AWS CloudHSM provides hardware security modules (HSM) in the AWS Cloud. Using this service allows generating, storing, importing, exporting, and managing cryptographic keys, including symmetric keys and asymmetric key pairs.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
aws_cloudhsm AWS CloudHSM protect minimal T1552 Unsecured Credentials
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
  1. https://aws.amazon.com/cloudhsm/
  2. https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html
  3. https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html
aws_cloudhsm AWS CloudHSM protect partial T1552.001 Credentials In Files
Comments
This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.
References
    aws_cloudhsm AWS CloudHSM protect significant T1552.004 Private Keys
    Comments
    This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.
    References
      aws_cloudhsm AWS CloudHSM protect partial T1588 Obtain Capabilities
      Comments
      This service provides protection against sub-techniques involved with stealing credentials, certificates, keys from the organization.
      References
      1. https://aws.amazon.com/cloudhsm/
      2. https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html
      3. https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html
      aws_cloudhsm AWS CloudHSM protect partial T1588.004 Digital Certificates
      Comments
      Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
      References
        aws_cloudhsm AWS CloudHSM protect partial T1588.003 Code Signing Certificates
        Comments
        Certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
        References
          aws_cloudhsm AWS CloudHSM protect partial T1553 Subvert Trust Controls
          Comments
          This service provides protection against sub-techniques involved with stealing credentials, certificates, and keys from the organization.
          References
          1. https://aws.amazon.com/cloudhsm/
          2. https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html
          3. https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html
          aws_cloudhsm AWS CloudHSM protect partial T1553.004 Install Root Certificate
          Comments
          Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
          References
            aws_cloudhsm AWS CloudHSM protect partial T1553.002 Code Signing
            Comments
            Use cases in documentation show that certificate credentials can be stored in AWS CloudHSM which reduces the attack surface and threat from these sub-techniques.
            References