CCC.IAM.C08: Maximum Age for Unused Credentials
Control ID:CCC.IAM.C08
Title:Maximum Age for Unused Credentials
Objective:Ensure that unused IAM credentals are removed to reduce exposure
in the event of potential compromise.
Control Family:
Identity Provisioning and Lifecycle
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.IAM.TH11 | Unused Credentials | Unused IAM identity that is no longer needed or monitored remains active. Its compromise is less likely to be detected, and it represents a persistent, unnecessary attack surface. | 1 | 1 | 0 |
| CCC.IAM.TH01 | Valid Cloud Credentials Abuse | Valid identity credentials such as access keys, tokens or passwords are misused or compromised. Examples include public exposure, token theft, unprotected metadata service of a compromised compute instance or brute-force attacks. The use of these credentials can provide unauthorized access to the cloud environment, potentially bypassing other security controls and enabling lateral movement across cloud resources. | 1 | 1 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.IAM.F02 | IAM Users | Ability to create, manage, list and delete IAM users. IAM user represents a single person or application. |
| CCC.IAM.F03 | Long-Term Credentials | Ability to create, manage, list and delete long-term credentials such as access keys and service account keys. |
| CCC.IAM.F04 | Password Management | Ability to create, change and delete IAM user passwords. |
| CCC.IAM.F06 | IAM Roles / Service Principals | Ability to create, manage, list and delete IAM roles. IAM role is an identity for applications or services to access resources. |