| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This diagnostic statement prevents adversaries from manipulating data that is in transit. Encrypting and/or obfuscating data can be used to protect sensitive data from being accessed by adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This diagnostic statement prevents adversaries from manipulating data at rest. storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1114.001 | Local Email Collection |
Comments
This diagnostic statement prevents adversaries from manipulating emails and having the ability to collect sensitive data (PII) from users. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1070.008 | Clear Mailbox Data |
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to modify mail and mail application data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1070.002 | Clear Linux or Mac System Logs |
Comments
Utilizing methods that can obfuscate and/or encrypt event files locally and in transit can prevent adversaries from clearing system logs and feeding them to adversaries. Also, storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1070 | Indicator Removal |
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to interfere with processes used to detect intrusion activities. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1003.003 | NTDS |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via Active Directory domain databases. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1558.005 | Ccache Files |
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets in credential cache files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets to enforce unauthorized access. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1557.004 | Evil Twin |
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and enticing users to connecting to malicious networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1552.004 | Private Keys |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via private key certificate files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1550.001 | Application Access Token |
Comments
This diagnostic statement prevents adversaries from being able to steal application access token by bypassing regular authentication methods and accessing restricting accounts and user credentials. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This diagnostic statement prevents adversaries from being able to manipulate mechanisms to gain access to user's higher-level permissions and control elevated privileges. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement prevents adversaries from collecting sensitive data from cloud storage solutions, such as Amazon S3, Azure, Storage, and Google Cloud. Permissions on cloud storage should be frequently checked and encrypting sensitive data in the cloud should be managed properly. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This diagnostic statement prevents adversaries from leveraging sensitive (PII) data from customer relationship management software by sending phishing emails or targeting organization's customers in ways that enable financial gain. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1119 | Automated Collection |
Comments
This diagnostic statement prevents adversaries from using automated techniques for collecting internal data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1114.003 | Email Forwarding Rule |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from abusing email forwarding rules. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1114.002 | Remote Email Collection |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from manipulating data via exchange server, Office 365, or Google Workspace from trying to collect sensitive information. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1114 | Email Collection |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. here may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1070.001 | Clear Windows Event Logs |
Comments
This diagnostic statement protects data from being easily manipulated by adversaries that try to clear Windows event logs by intruding different activities. Encrypting files locally and in transit shall avoid giving data to an adversary. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1040 | Network Sniffing |
Comments
This diagnostic statement protects data from being easily manipulated by adversaries due to network sniffing while authentication material is being passed over networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1020.001 | Traffic Duplication |
Comments
This diagnostic statement protects data from being exfiltrated from adversaries via traffic monitoring. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|
| ID.AM-08.03 | Data governance and lifecycle management | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
|