De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| IAM-07 | User Access Changes and Revocation | mitigates | T1078.004 | Cloud Accounts |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1078 | Valid Accounts |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1648 | Serverless Execution |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1021 | Remote Services |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1021.004 | SSH |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1021.008 | Direct Cloud VM Connections |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1213.002 | Sharepoint |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1213.001 | Confluence |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1213 | Data from Information Repositories |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1530 | Data from Cloud Storage |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1555.005 | Password Managers |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1555 | Credentials from Password Stores |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1538 | Cloud Service Dashboard |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1098.003 | Additional Cloud Roles |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1098 | Account Manipulation |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|
| IAM-07 | User Access Changes and Revocation | mitigates | T1548.005 | Temporary Elevated Cloud Access |
Comments
This control focuses on the secure deprovisioning of user access by automating account removal, detecting and revoking inactive accounts. These mitigative actions reduce the risk of lingering or inappropriate access following employee termination, role changes, or security incidents.
|