Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| IAM-08 | User Access Review | mitigates | T1550.001 | Application Access Token |
Comments
This control describes the periodic review and validation of user access by centralizing access management, automating review processes, and continuously monitoring for unauthorized activities. These mitigative actions ensure that access rights remain appropriate, obsolete or excessive privileges are removed, and potential security access risks are promptly identified and mitigated. For this technique, administrators should perform automated reviews of all cloud and container accounts to ensure that they are necessary and that the permissions granted to them are appropriate.
|
| IAM-08 | User Access Review | mitigates | T1552.004 | Private Keys |
Comments
This control describes the periodic review and validation of user access by centralizing access management, automating review processes, and continuously monitoring for unauthorized activities. These mitigative actions ensure that access rights remain appropriate, obsolete or excessive privileges are removed, and potential security access risks are promptly identified and mitigated. For this technique, ensure only authorized keys are allowed access to critical resources and perform automated reviews of access lists regularly.
|
| IAM-08 | User Access Review | mitigates | T1528 | Steal Application Access Token |
Comments
This control describes the periodic review and validation of user access by centralizing access management, automating review processes, and continuously monitoring for unauthorized activities. These mitigative actions ensure that access rights remain appropriate, obsolete or excessive privileges are removed, and potential security access risks are promptly identified and mitigated. For this technique, administrators should perform automated reviews of all cloud and container accounts to ensure that they are necessary and that the permissions granted to them are appropriate.
|
| IAM-08 | User Access Review | mitigates | T1606 | Forge Web Credentials |
Comments
This control describes the periodic review and validation of user access by centralizing access management, automating review processes, and continuously monitoring for unauthorized activities. These mitigative actions ensure that access rights remain appropriate, obsolete or excessive privileges are removed, and potential security access risks are promptly identified and mitigated. For this technique, administrators should perform an automated review of all access lists and the permissions they have been granted to access web applications and services. This should be done extensively on all resources in order to establish a baseline, followed up on with periodic audits of new or updated resources. Suspicious accounts/credentials should be investigated and removed.
|
| IAM-08 | User Access Review | mitigates | T1530 | Data from Cloud Storage |
Comments
This control describes the periodic review and validation of user access by centralizing access management, automating review processes, and continuously monitoring for unauthorized activities. These mitigative actions ensure that access rights remain appropriate, obsolete or excessive privileges are removed, and potential security access risks are promptly identified and mitigated. For this technique, conduct automated permissions reviewing on cloud storage to ensure proper permissions are set to deny open or unprivileged access to resources.
|