| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| role_based_access_control | Role Based Access Control | protect | minimal | T1087 | Account Discovery |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples nor its remaining sub-technqiues and therefore its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1087.004 | Cloud Account |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the accounts that can be used for account discovery.
References
|
| role_based_access_control | Role Based Access Control | protect | minimal | T1078 | Valid Accounts |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples (due to being specific to Azure AD) nor its remaining sub-technqiues. Consequently its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1078.004 | Cloud Accounts |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit what an adversary can do with a valid account.
References
|
| role_based_access_control | Role Based Access Control | protect | minimal | T1136 | Create Account |
Comments
This control only provides protection for one of this technique's sub-techniques while not providing any protection for the remaining and therefore its coverage score factor is Minimal, resulting in a Minimal score.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1136.003 | Cloud Account |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can create accounts.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1098 | Account Manipulation |
Comments
This control provides protection for some of this technique's sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1098.001 | Additional Cloud Credentials |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1098.003 | Add Office 365 Global Administrator Role |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1578 | Modify Cloud Compute Infrastructure |
Comments
This control provides partial protection for all of its sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1578.001 | Create Snapshot |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1578.002 | Create Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1578.003 | Delete Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1578.004 | Revert Cloud Instance |
Comments
This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1580 | Cloud Infrastructure Discovery |
Comments
This control can be used to limit the number of users that have privileges to discover cloud infrastructure thereby reducing an organization's cloud infrastructure attack surface.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1538 | Cloud Service Dashboard |
Comments
This control can be used to limit the number of users that have dashboard visibility thereby reducing the attack surface.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1530 | Data from Cloud Storage Object |
Comments
This control can be used to limit the number of users that have access to storage solutions except for the applications, users, and services that require access, thereby reducing the attack surface.
References
|
| role_based_access_control | Role Based Access Control | protect | partial | T1528 | Steal Application Access Token |
Comments
This control can be used to limit the number of users that are authorized to grant consent to applications for accessing organizational data. This can reduce the likelihood that a user is fooled into granting consent to a malicious application that then utilizes the user's OAuth access token to access organizational data.
References
|