Skip to main content
← Back to Object Storage

CCC.TH01: Access Control is Misconfigured

Threat ID:CCC.TH01
Title:Access Control is Misconfigured
Description:

An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources.

Related Features:
IDTitleDescription
CCC.F06Identity Based Access ControlProvides the ability to determine access to resources based on attributes associated with a user identity.
MITRE ATT&CK Techniques:
T1078
T1548
T1203
T1098
T1484
T1546
T1537
T1567
T1048
T1485
T1565
T1027
Related Controls:
IDTitle
CCC.C02Ensure Data Encryption at Rest for All Stored Data
CCC.C03Implement Multi-factor Authentication (MFA) for Access
CCC.C04Log All Access and Changes
CCC.C05Prevent Access from Untrusted Entities
CCC.ObjStor.C01Prevent Requests to Buckets or Objects with Untrusted KMS Keys
CCC.ObjStor.C02Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions