CSA CCM I&S-04

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Application controls can help prevent the running of executables masquerading as other files.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Application controls to block unknown programs can limit adversaries from adding content to shared storage locations.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Use of application control, especially regarding the execution of tools outside of security policies, and ensuring that only approved security applications are used can prevent adversaries from maliciously modifying an environment to hinder or disable security tools.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Use of application control, especially regarding the execution of tools outside of security policies, and ensuring that only approved security applications are used can prevent adversaries from maliciously modifying an environment to hinder or disable defensive mechanisms.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Use of application control and disabling or removing any unnecessary or unused shells or interpreters can mitigate adversary use of cloud APIs to execute malicious commands.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Use of application control and disabling or removing any unnecessary or unused shells or interpreters can mitigate adversary use of command and script interpreters to execute malicious commands.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Restricting access to sensitive sensitive data such as Cloud Formation templates and preventing a user's command history from being stored can prevent adversaries from obtaining insecurely stored credentials.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Restricting access to cloud resources and APIs can reduce the risk of adversaries modifying authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Implement application controls and technical controls to prevent adversaries from disabling versioning and backup policies and deleting files involved in disaster recovery scenarios.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Configuring access to critical servers and systems used to create and manage accounts can prevent adversaries from creating accounts.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Configuring access to critical servers by limiting unnecessary protocols and services and removing unnecessary and potentially abusable authentication and authorization mechanisms can mitigate account manipulation.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Secure system settings can help prevent adversaries from circumventing mechanisms designed to control elevate privileges and gain higher-level permissions. Performing regular software updates also mitigates exploitation risk.

This control implements secure configuration best practices for hardening cloud platforms to mitigate adversary exploitation and abuse of system functionality. Preventing accounts from being enumerated and limiting accessible interfaces to obtain user lists can prevent adversaries from identifying valid email addresses and account names.