T.Admin.Cred.1
|
|
|
An entity gives access to information assets to inappropriate users
|
T.Admin.Cred.2
|
|
|
An AMI entity with proper access gives access to resource assets to inappropriate users
|
T.Admin.Cred.3
|
|
|
An AMI entity with proper access gives access to service assets to inappropriate users
|
T.Admin.Enroll.1
|
|
|
An AMI entity with proper access enrolls a user with inappropriate levels of access control. .
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
T.Admin.Lockout.1
|
|
|
An entity uses the Lockout service asset in an unauthorized manner to lock out a user.
|
T.Admin.Lockout.2
|
|
|
An entity uses the Lockout service asset in an unauthorized manner to unlock a locked out a user.
|
|
|
|
|
|
|
|
|
|
|
|
|
T.Admin.Policy.4
|
|
|
An entity gains unintentional access to objects in another system due to information sharing between the two information systems.
|
T.Admin.Policy.5
|
|
|
An AMI entity with access creates a large policy causing an exhaustion of storage space.
|
|
|
|
|
T.Admin.Policy.7
|
|
|
An AMI entity without proper access exploits policy flaws to gain improper (unintended) access to assets.
|
|
|
|
|
T.Admin.Policy.9
|
|
|
An AMI entity with access enters/modifies AMI policy incorrectly, due to a lack of understanding of the policy system.
|
T.Admin.Policy.10
|
|
|
An AMI entity with access enters/modifies AMI policy incorrectly, due to a lack of understanding of the current policy.
|
T.Admin.Policy.11
|
|
|
An AMI entity with access enters/modifies AMI policy maliciously to cause information disclosure or loss.
|
T.Admin.Policy.12
|
|
|
An AMI entity with access enters inconsistent AMI policy.
|
T.Admin.Policy.13
|
|
|
An AMI entity with access imports a malicious AMI organizational policy.
|
T.Admin.Policy.14
|
|
|
A policy authority provides a malicious AMI organizational policy.
|
|
|
|
|
|
|
|
|
T.Admin.Policy.17
|
|
|
Required organizational policies are inconsistent resulting in denial of service.
|
|
|
|
|
|
|
|
|
|
