CCC.IAM.F05: IAM Groups
Capability ID:CCC.IAM.F05
Title:IAM Groups
Description:Ability to create, manage, list and delete IAM groups.
IAM group is a collection of users, roles or other groups.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.IAM.TH02 | Overly-Permissive IAM Policy | An access control policy attached to an identity or a resource is configured with excessive permissions, violating the principle of least privilege. This can enable unauthorized data access, privilege escalation, or other unintended actions by principals whose credentials might be compromised or who are acting erroneously. | 1 | 1 | 0 |
| CCC.IAM.TH07 | Identity Inherits Excessive Permissions Through Group Membership | An identity principal becomes a member of one or more IAM groups, and the combined policies of these groups grant permissions beyond what is necessary for the principal's function. This "privilege creep" through group inheritance complicates auditing and can lead to an identity having standing access to sensitive resources. | 1 | 1 | 0 |