Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| IAM-16 | Authorization Mechanisms | mitigates | T1567 | Exfiltration Over Web Service |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1490 | Inhibit System Recovery |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1486 | Data Encrypted for Impact |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1491.002 | External Defacement |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1485 | Data Destruction |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1531 | Account Access Removal |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1021.007 | Cloud Services |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1496.002 | Bandwidth Hijacking |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1496.001 | Compute Hijacking |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1496.004 | Cloud Service Hijacking |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1496 | Resource Hijacking |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1074.002 | Remote Data Staging |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1021.008 | Direct Cloud VM Connections |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1550 | Use Alternate Authentication Material |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1555 | Credentials from Password Stores |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1535 | Unused/Unsupported Cloud Regions |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1070 | Indicator Removal |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1564 | Hide Artifacts |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098 | Account Manipulation |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1070.008 | Clear Mailbox Data |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1136.003 | Cloud Account |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1136 | Create Account |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1546 | Event Triggered Execution |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.005 | Device Registration |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.004 | SSH Authorized Keys |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.002 | Additional Email Delegate Permissions |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1651 | Cloud Administration Command |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1204.003 | Malicious Image |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1606 | Forge Web Credentials |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1610 | Deploy Container |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1648 | Serverless Execution |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.003 | Additional Cloud Roles |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1098.006 | Additional Container Cluster Roles |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1484 | Domain or Tenant Policy Modification |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1484.002 | Trust Modification |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578.004 | Revert Cloud Instance |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578.002 | Create Cloud Instance |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578.001 | Create Snapshot |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578.003 | Delete Cloud Instance |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1556.009 | Conditional Access Policies |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1602 | Data from Configuration Repository |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1530 | Data from Cloud Storage |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1213 | Data from Information Repositories |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1485.001 | Lifecycle-Triggered Deletion |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1567.002 | Exfiltration to Cloud Storage |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1552.007 | Container API |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1562.001 | Disable or Modify Tools |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1562.008 | Disable or Modify Cloud Logs |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578.005 | Modify Cloud Compute Configurations |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1562.007 | Disable or Modify Cloud Firewall |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1578 | Modify Cloud Compute Infrastructure |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1666 | Modify Cloud Resource Hierarchy |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1556 | Modify Authentication Process |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1080 | Taint Shared Content |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1552.005 | Cloud Instance Metadata API |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1671 | Cloud Application Integration |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1059.009 | Cloud API |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1059 | Command and Scripting Interpreter |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|
| IAM-16 | Authorization Mechanisms | mitigates | T1562 | Impair Defenses |
Comments
This control requires both CSP and CSC to independently enforce formal approval processes for user access, implement dynamic and explicit authorization mechanisms. The guidance focuses on implementing technical measures to verify authorization and prevent unauthorized access and execution.
|