| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1555.005 | Password Managers |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1059.008 | Network Device CLI |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1555.005 | Password Managers |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1651 | Cloud Administration Command |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1555 | Credentials from Password Stores |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1649 | Steal or Forge Authentication Certificates |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1003.001 | LSASS Memory |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1550 | Use Alternate Authentication Material |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1187 | Forced Authentication |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1078.004 | Cloud Accounts |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1078.003 | Local Accounts |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1078.002 | Domain Accounts |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1078.001 | Default Accounts |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1078 | Valid Accounts |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1539 | Steal Web Session Cookie |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1072 | Software Deployment Tools |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1021.007 | Cloud Services |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1021.004 | SSH |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1599.001 | Network Address Translation Traversal |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1599 | Network Boundary Bridging |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1601.002 | Downgrade System Image |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1601.001 | Patch System Image |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556.007 | Hybrid Identity |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556.006 | Multi-Factor Authentication |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556.004 | Network Device Authentication |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556.001 | Domain Controller Authentication |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1114 | Email Collection |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1593.003 | Code Repositories |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1213 | Data from Information Repositories |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1136.003 | Cloud Account |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1136.001 | Local Account |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1136 | Create Account |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1110.002 | Password Cracking |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1110.004 | Credential Stuffing |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1110.003 | Password Spraying |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1110.001 | Password Guessing |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1110 | Brute Force |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1098.006 | Additional Container Cluster Roles |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1098.005 | Device Registration |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1098.003 | Additional Cloud Roles |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|
| PR.AA-03.01 | Authentication requirements | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement describes how the organization implement appropriate authentication requirements, including selecting mechanisms based on risk, utilizing multi-factor authentication where necessary, and safeguarding the storage of authenticators like pins and passwords to protect sensitive access credentials.
|