CSA CCM AIS-02

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications to prevent misuse, abuse, and exploitation. When it comes to Cloud Service Hijacking, adversaries may leverage compromised software-as-a-service (SaaS) applications to complete resource-intensive tasks, which may impact hosted service availability.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Security requirements should be in place to mitigate the configuration cloud applications and web services that could be abused to exfiltrate data

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. In cloud-based environments, adversaries may also use cloud APIs, data pipelines, command line interfaces, or extract, transform, and load (ETL) services to automatically collect data.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Adversaries may collect sensitive data from cloud storage solutions used for cloud applications.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Application access tokens are used to make authorized API requests on behalf of a user or service and are commonly used as a way to access resources in cloud and container-based applications and software-as-a-service (SaaS). The baseline security requirements outlined in the implementation guidance can be used to set usage limits and manage user permissions on cloud applications to prevent access to application access tokens.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. The baseline security requirements outlined in the implementation guidance can be used to help reduce the impact of stolen cookies.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Web applications and services (hosted in cloud SaaS environments or on-premise servers) often use session cookies to authenticate and authorize user access. Access control and permissions can be mitigations to limit and restrict acceptable users granted to access web applications and services.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Access control and account management related to cloud accounts for web applications may mitigate the abuse of legitimate cloud accounts.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Adversaries may achieve persistence by leveraging OAuth application integrations in a software-as-a-service environment. Adversaries may create a custom application, add a legitimate application into the environment, or even co-opt an existing integration to achieve malicious ends. Review integrations by restricting or limiting users' ability to carelessly add new application integrations into a SaaS environment before a unapproved or potentially malicious applications is introduced to the cloud environment.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Adversaries may gain access to and use centralized software suites installed within an enterprise to execute commands and move laterally through the network. Configuration management and software deployment applications may be used in an enterprise network or cloud environment for routine administration purposes. These systems may also be integrated into CI/CD pipelines. Ensuing proper system and access control isolation for cloud applications through use of group policy may aid in mitigating this technique.

This control guidance requires organizations to establish security baseline requirements for different cloud applications. Security requirement examples include access control, encryption, and configuration management for applications. Adversaries may abuse serverless computing, integration, and automation services to execute arbitrary code in cloud environments. Many cloud providers offer a variety of serverless resources, including compute engines, application integration services, and web servers. Access control that can restrict the abuse of serverless functions from users and processes can help with mitigating this technique.