| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| continuous_access_evaluation | Continuous Access Evaluation | respond | minimal | T1078 | Valid Accounts |
Comments
This control only protects cloud accounts and therefore its overall coverage is minimal resulting in a Minimal respond score for this technique.
References
|
| continuous_access_evaluation | Continuous Access Evaluation | respond | partial | T1078.004 | Cloud Accounts |
Comments
Security controls like Azure AD Identity Protection can raise a user's risk level asynchronously after they have used a valid account to access organizational data. This CAE control can respond to this change in the users risky state to terminate the user's access within minutes or enforce an additional authentication method such as MFA. This mitigates the impact of an adversary using a valid account. This is control only forces the user to re-authenticate and doesn't resolve the usage of a valid account (i.e. password change) and is therefore a containment type of response.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| continuous_access_evaluation | Continuous Access Evaluation | 2 |