---
type: "term"
title: "R-CRED (Credential Lifecycle Non-Overlap)"
description: "Global mapping rule: Credential acquisition maps to the enabling cluster; credential application MUST always map to 4 Identity Theft ."
resource: "tlctc:term:r-cred-credential-lifecycle-non-overlap"
tags:
  - "glossary"
---
# R-CRED (Credential Lifecycle Non-Overlap)

Global mapping rule: Credential acquisition maps to the enabling cluster; credential application MUST always map to `#4 Identity Theft`. If both occur, they MUST be represented as at least two steps: `(enabling cluster) → #4`.

**Reference:** §4.2.5 (R-CRED)

**Related reading:** [Cobalt Strike capabilities × TLCTC V2.0](https://www.tlctc.net/tlctc-cobaltstrike-mapping.html)