Home
Mapping Frameworks
CRI Profile Home
Unauthorized network connections and data transfers

CRI Profile DE.CM-01.03

The organization has policies, procedures, and tools in place to monitor for, detect, and block unauthorized network connections and data transfers.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1102	Web Service	Comments This diagnostic statement provides protection from Web Service by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1572	Protocol Tunneling	Comments This diagnostic statement provides protection from Protocol Tunneling by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1571	Non-Standard Port	Comments This diagnostic statement provides protection from Non-Standard Port by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1104	Multi-Stage Channels	Comments This diagnostic statement provides protection from Multi-Stage Channels by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1008	Fallback Channels	Comments This diagnostic statement provides protection from Fallback Channels by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1041	Exfiltration Over C2 Channel	Comments This diagnostic statement provides protection from Exfiltration Over C2 Channel by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1090	Proxy	Comments This diagnostic statement provides protection from Proxy by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1030	Data Transfer Size Limits	Comments This diagnostic statement provides protection from Data Transfer Size Limits by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1095	Non-Application Layer Protocol	Comments This diagnostic statement provides protection from Non-Application Layer Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1599	Network Boundary Bridging	Comments This diagnostic statement provides protection from Network Boundary Bridging by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Comments This diagnostic statement provides protection from Exfiltration Over Unencrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Comments This diagnostic statement provides protection from Exfiltration Over Asymmetric Encrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Comments This diagnostic statement provides protection from Exfiltration Over Symmetric Encrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.
DE.CM-01.03	Unauthorized network connections and data transfers	Mitigates	T1048	Exfiltration Over Alternative Protocol	Comments This diagnostic statement provides protection from Exfiltration Over Alternative Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.