CCC.KeyMgmt.TH02: Unrestricted Use of a KMS Key to Decrypt Data
Threat ID:CCC.KeyMgmt.TH02
Title:Unrestricted Use of a KMS Key to Decrypt Data
Description:
Misconfigured permissions that allow broad invocation of the Decrypt API can expose plaintext data, enabling unintended disclosure or exfiltration of sensitive information.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.F10 | Decrypt data | Provides the ability to securely decrypt data using a managed key in the supported encryption algorithms. |
| CCC.KeyMgmt.F17 | Enable key | Supports the ability to re-enable a disabled managed key. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1550 | 0 | Use Alternate Authentication Material |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.KeyMgmt.C02 | Limit Decrypt Permissions | Restrict the Decrypt operation to authorised principals only, applying the principle of least privilege to protect sensitive data. | Identity and Access Management | 1 | 2 | 1 |