A mapping of IAM privileges in various systems to their potential risk of abuse.
When combined with details of how a system (and its services and components) are used, this catalog can help identify the risk of compromised or abused identities in an organization.
View the Data
Use the Data
How to Use This Catalog
This catalog has multiple intended purposes:
- Understand the security posture associated with a specific IAM configuration.
- Determine the effect of an IAM configuration modification on organizational security posture.
- Create organization access policies to limit or prevent certain threat vectors.
- Discover references detailing the security effects of specific privileges.
How This Catalog Is Organized
This catalog is broken into two main components:
- A catalog of general privilege risks, with assigned risk ratings.
- A catalog of privileges in IAM systems, with details on potential abuses and scopes of impact.
To contribute, go to the GitHub project.