CCC.Core.TH18: Encryption Key is Misused
Threat ID:CCC.Core.TH18
Title:Encryption Key is Misused
Description:
Encryption keys may be used by an unauthorized entity due to inadequate key management practices or the compromise of a connected system. This could lead to the decryption of sensitive data, impacting its confidentiality and integrity.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. |
| CCC.Core.CP02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1555.006 | 0 | Credentials from Password Stores: Cloud Secrets Management Stores |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Core.CN13 | Minimize Lifetime of Encryption and Authentication Certificates | Ensure that encryption and authentication certificates have a limited lifetime to reduce the risk of compromise and ensure the use of up-to-date security practices. | Data | 1 | 0 | 3 |