| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1505 | Server Software Component |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1578 | Modify Cloud Compute Infrastructure |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1562.012 | Disable or Modify Linux Audit System |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1610 | Deploy Container |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1613 | Container and Resource Discovery |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1580 | Cloud Infrastructure Discovery |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1547.009 | Shortcut Modification |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1087.004 | Cloud Account |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1134.003 | Make and Impersonate Token |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1134.002 | Create Process with Token |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1134.001 | Token Impersonation/Theft |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1134 | Access Token Manipulation |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. An adversary must already have high-level, admin or root level access on a local system to make full use of these ATT&CK techniques. Restrict users and accounts to the least privileges they require can help mitigate these techniques.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1574.012 | COR_PROFILER |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper permissions are set for Registry hives to prevent users from modifying keys associated with COR_PROFILER.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1574.011 | Services Registry Permissions Weakness |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper permissions are set for Registry hives to prevent users from modifying keys for logon scripts that may lead to persistence.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1574 | Hijack Execution Flow |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper permissions are set for Registry hives to prevent users from modifying keys for logon scripts that may lead to persistence.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1037.001 | Logon Script (Windows) |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper permissions are set for Registry hives to prevent users from modifying keys for logon scripts that may lead to persistence.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1037 | Boot or Logon Initialization Scripts |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper permissions are set for Registry hives to prevent users from modifying keys for logon scripts that may lead to persistence.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1565 | Data Manipulation |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure least privilege principles are applied to important information resources to reduce exposure to data manipulation risk.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1562.009 | Safe Mode Boot |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Restrict administrator accounts to as few individuals as possible, following least privilege principles, that may be abused to remotely boot a machine in safe mode.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1484.002 | Trust Modification |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Use the principal of least privilege and protect administrative access to domain trusts and identity tenants.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1484 | Domain or Tenant Policy Modification |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Use least privilege and protect administrative access to the Domain Controller and Active Directory Federation Services (AD FS) server.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limiting users' access to resources over network can help mitigate these techniques. Limiting access to file shares, remote access to systems, unnecessary services.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1200 | Hardware Additions |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limiting users' access to resources over network can help mitigate these techniques. Establish network access control policies, such as using device certificates and the 802.1x standard. Restrict use of DHCP to registered devices to prevent unregistered devices from communicating with trusted systems.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limiting users' access to resources over network can help mitigate these techniques. Limit access to remote services through centrally managed concentrators such as VPNs and other managed remote access systems.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limiting users' access to resources over network can help mitigate these techniques. Limit access to network infrastructure and resources that can be used to reshape traffic or otherwise produce AiTM conditions.
|
| PR.AA-05.01 | Access privilege limitation | Mitigates | T1562 | Impair Defenses |
Comments
This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Ensure proper Registry permissions are in place to prevent unnecessary users and adversaries from disabling or interfering with security/logging services.
|