CCC.IAM.F08: Federated Identity - SAML
Capability ID:CCC.IAM.F08
Title:Federated Identity - SAML
Description:Support for user authentication outside the cloud service
provider using SAML. Authenticated federated identities can
assume IAM roles.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.IAM.TH01 | Valid Cloud Credentials Abuse | Valid identity credentials such as access keys, tokens or passwords are misused or compromised. Examples include public exposure, token theft, unprotected metadata service of a compromised compute instance or brute-force attacks. The use of these credentials can provide unauthorized access to the cloud environment, potentially bypassing other security controls and enabling lateral movement across cloud resources. | 1 | 1 | 0 |
| CCC.IAM.TH04 | Additional Cloud Credentials Creation | An adversary with access to a sufficiently privileged cloud account may create additional credentials such as access keys, service accounts and temporary credentials to establish persistance or elevate their privileges. | 1 | 1 | 0 |
| CCC.IAM.TH10 | Orphaned Federated Identity Retains Access | A federated identity is de-provisioned from the external Identity Provider (IdP), but its corresponding cloud identity remains active within the cloud environment. This orphaned identity creates a latent access path that could be exploited if the original username is reactivated or reassigned in the IdP, granting unintended access to a new principal. | 1 | 1 | 0 |