CCC.IAM.F11: Resource-Level Access
Capability ID:CCC.IAM.F11
Title:Resource-Level Access
Description:Ability to restrict where actions are allowed, rather than
the entire service. Defines the scope of the assignment.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.IAM.TH04 | Additional Cloud Credentials Creation | An adversary with access to a sufficiently privileged cloud account may create additional credentials such as access keys, service accounts and temporary credentials to establish persistance or elevate their privileges. | 1 | 1 | 0 |