A cloud-hosted key management service that allows a user manage symmetric and asymmetric cryptographic keys for cloud services the same way one does on-premises. It also manages encryption keys on Google cloud.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| cloud_key_management | Cloud Key Management | protect | partial | T1528 | Steal Application Access Token |
Comments
Provides protection against attackers stealing application access tokens if they are stored within Cloud KMS.
References
|
| cloud_key_management | Cloud Key Management | protect | minimal | T1552 | Unsecured Credentials |
Comments
Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. Unsecured Credentials can be moved to the Cloud Key Management Service to protect from being stolen or abused. Since this service does not actually identify credentials that are currently insecure the score is low.
References
|
| cloud_key_management | Cloud Key Management | protect | minimal | T1552.001 | Credentials In Files |
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
|
| cloud_key_management | Cloud Key Management | protect | minimal | T1552.004 | Private Keys |
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
|
| cloud_key_management | Cloud Key Management | protect | significant | T1552.005 | Cloud Instance Metadata API |
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
|
| cloud_key_management | Cloud Key Management | protect | significant | T1553 | Subvert Trust Controls |
Comments
Protects against trust mechanisms and stealing of code signing certificates
References
|
| cloud_key_management | Cloud Key Management | protect | partial | T1555 | Credentials from Password Stores |
Comments
This control manages symmetric and asymmetric cryptographic keys for cloud services and protects against stealing credentials, certificates, keys from the organization.
References
|
| cloud_key_management | Cloud Key Management | protect | partial | T1588 | Obtain Capabilities |
Comments
This control manages symmetric and asymmetric cryptographic keys for cloud services and protects against stealing credentials, certificates, keys from the organization.
References
|
| cloud_key_management | Cloud Key Management | protect | partial | T1588.003 | Code Signing Certificates |
Comments
This control manages symmetric and asymmetric cryptographic keys for cloud services and protects against stealing credentials, certificates, keys from the organization.
References
|
| cloud_key_management | Cloud Key Management | protect | partial | T1588.004 | Digital Certificates |
Comments
This control manages symmetric and asymmetric cryptographic keys for cloud services and protects against stealing credentials, certificates, keys from the organization.
References
|