| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement protects against OS Credential Dumping through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1003.001 | LSASS Memory |
Comments
This diagnostic statement protects against LSASS Memory through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1036 | Masquerading |
Comments
This diagnostic statement protects against Masquerading through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1036.001 | Invalid Code Signature |
Comments
This diagnostic statement protects against Invalid Code Signature through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1036.005 | Match Legitimate Name or Location |
Comments
This diagnostic statement protects against Match Legitimate Name or Location through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
This diagnostic statement protects against Command and Scripting Interpreter through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement protects against PowerShell through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1059.002 | AppleScript |
Comments
This diagnostic statement protects against AppleScript through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1127 | Trusted Developer Utilities Proxy Execution |
Comments
This diagnostic statement protects against Trusted Developer Utilities Proxy Execution through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1127.002 | ClickOnce |
Comments
This diagnostic statement protects against ClickOnce through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1176 | Browser Extensions |
Comments
This diagnostic statement protects against Browser Extensions through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1195 | Supply Chain Compromise |
Comments
This diagnostic statement protects against Supply Chain Compromise through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1195.001 | Compromise Software Dependencies and Development Tools |
Comments
This diagnostic statement protects against Compromise Software Dependencies and Development Tools through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1204.003 | Malicious Image |
Comments
This diagnostic statement protects against Malicious Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This diagnostic statement protects against Customer Relationship Management Software through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1495 | Firmware Corruption |
Comments
This diagnostic statement protects against Firmware Corruption through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1505 | Server Software Component |
Comments
This diagnostic statement protects against Server Software Component through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1505.001 | SQL Stored Procedures |
Comments
This diagnostic statement protects against SQL Stored Procedures through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1505.002 | Transport Agent |
Comments
This diagnostic statement protects against Transport Agent through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1505.004 | IIS Components |
Comments
This diagnostic statement protects against IIS Components through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement protects against Implant Internal Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This diagnostic statement protects against Transfer Data to Cloud Account through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1539 | Steal Web Session Cookie |
Comments
This diagnostic statement protects against Steal Web Session Cookie through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1542 | Pre-OS Boot |
Comments
This diagnostic statement protects against Pre-OS Boot through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1542.001 | System Firmware |
Comments
This diagnostic statement protects against System Firmware through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1542.003 | Bootkit |
Comments
This diagnostic statement protects against Bootkit through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1542.004 | ROMMONkit |
Comments
This diagnostic statement protects against ROMMONkit through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement protects against TFTP Boot through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1543 | Create or Modify System Process |
Comments
This diagnostic statement protects against Create or Modify System Process through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1543.002 | Systemd Service |
Comments
This diagnostic statement protects against Systemd Service through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1543.003 | Windows Service |
Comments
This diagnostic statement protects against Windows Service through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1546.006 | LC_LOAD_DYLIB Addition |
Comments
This diagnostic statement protects against LC_LOAD_DYLIB Addition through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1546.013 | PowerShell Profile |
Comments
This diagnostic statement protects against PowerShell Profile through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1547.002 | Authentication Package |
Comments
This diagnostic statement protects against Authentication Package through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1547.005 | Security Support Provider |
Comments
This diagnostic statement protects against Security Support Provider through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1547.008 | LSASS Driver |
Comments
This diagnostic statement protects against LSASS Driver through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1547.013 | XDG Autostart Entries |
Comments
This diagnostic statement protects against XDG Autostart Entries through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1553.006 | Code Signing Policy Modification |
Comments
This diagnostic statement protects against Code Signing Policy Modification through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1554 | Compromise Host Software Binary |
Comments
This diagnostic statement protects against Compromise Host Software Binary through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1556.001 | Domain Controller Authentication |
Comments
This diagnostic statement protects against Domain Controller Authentication through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1574 | Hijack Execution Flow |
Comments
This diagnostic statement protects against Hijack Execution Flow through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1574.001 | DLL Search Order Hijacking |
Comments
This diagnostic statement protects against DLL Search Order Hijacking through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement protects against Modify System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1601.001 | Patch System Image |
Comments
This diagnostic statement protects against Patch System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|
| DE.CM-09.01 | Software and data integrity checking | Mitigates | T1601.002 | Downgrade System Image |
Comments
This diagnostic statement protects against Downgrade System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
|