| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | partial | T1078 | Valid Accounts |
|
| aws_identity_and_access_management | AWS Identity and Access Management | detect | partial | T1078 | Valid Accounts |
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | partial | T1078.004 | Cloud Accounts |
Comments
This control may mitigate the impact of compromised valid accounts by enabling fine-grained access policies and implementing least-privilege policies. MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | detect | minimal | T1078.004 | Cloud Accounts |
Comments
The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | detect | minimal | T1098 | Account Manipulation |
Comments
This control may generate logs for creation and manipulation of accounts but the relevant security information would be handled by another security control.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | detect | minimal | T1098.001 | Additional Cloud Credentials |
Comments
The Access Analyzer tool may detect when an external entity has been granted access to cloud resources through use of access policies. This tool will scan upon any change to access policies or periodically within 24 hours.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | minimal | T1550 | Use Alternate Authentication Material |
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | minimal | T1550.001 | Application Access Token |
Comments
This control may mitigate against application access token theft if the application is configured to retrieve temporary security credentials using an IAM role. This recommendation is a best practice for IAM but must be explicitly implemented by the application developer.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | significant | T1110 | Brute Force |
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | significant | T1110.004 | Credential Stuffing |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | significant | T1110.001 | Password Guessing |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | significant | T1110.003 | Password Spraying |
Comments
This control may mitigate brute force attacks by enforcing multi-factor authentication, enforcing strong password policies, and rotating credentials periodically. These recommendations are IAM best practices but must be explicitly implemented by a cloud administrator.
References
|
| aws_identity_and_access_management | AWS Identity and Access Management | protect | minimal | T1528 | Steal Application Access Token |
Comments
This control may mitigate against application access token theft if the application is configured to retrieve temporary security credentials using an IAM role. This recommendation is a best practice for IAM but must be explicitly implemented by the application developer.
References
|