CCC.IAM.TH06 - IAM Policies Modification | CCC

Skip to main content

CCC.IAM.TH06: IAM Policies Modification

Threat ID:CCC.IAM.TH06

Title:IAM Policies Modification

Description:

An adversary with access to a sufficiently privileged cloud account may modify IAM policies to establish persistance or elevate their privileges.

Related Capabilities

ID	Title	Description
CCC.IAM.F02	IAM Users	Ability to create, manage, list and delete IAM users. IAM user represents a single person or application.
CCC.IAM.F06	IAM Roles / Service Principals	Ability to create, manage, list and delete IAM roles. IAM role is an identity for applications or services to access resources.
CCC.IAM.F10	Custom Roles	Ability to create, manage, list and delete custom roles. Custom roles are user-defined roles that defines what actions are allowed.

External Mappings

Reference ID	Entry ID	Strength	Remarks
MITRE-ATT&CK	T1098.003	0	Account Manipulation: Additional Cloud Roles
MITRE-ATT&CK	T1556.009	0	Modify Authentication Process: Conditional Access Policies

Controls

ID	Title	Objective	Control Family	Threat Mappings	Guideline Mappings	Assessment Requirements
CCC.IAM.C02	Restrict IAM Policies Modification	Ensure that only designated administrative accounts have the ability to create, modify, or attach policies that define permissions for other identities.	Identity and Access Management	1	5	2