| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.AA-05.03 | Service accounts | Mitigates | T1558.001 | Golden Ticket |
Comments
This diagnostic statement describes security controls implemented for service accounts (i.e., accounts used by systems to access other systems). Limit service accounts to minimal required privileges to mitigate attempts to steal or forge Kerberos tickets.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems), such as granting service accounts only the minimum necessary permissions.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems), such as granting service accounts only the minimum necessary permissions.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1559 | Inter-Process Communication |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Set service account access restrictions to grant only the minimum necessary permissions to mitigate abuse of inter-process communication (IPC) mechanisms.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Minimize service account permissions and access for the service to mitigate exploitation via remote services that use service accounts.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1021.007 | Cloud Services |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Minimize service account permissions and access for the service to mitigate exploitation via cloud services service accounts.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1021.002 | SMB/Windows Admin Shares |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Block the SMB/Windows Admin Shares service account to mitigate exploitation.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1021.006 | Windows Remote Management |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Minimize service account permissions and access for the service to mitigate exploitation via the WinRM service account.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1190 | Exploit Public-Facing Application |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Use least privilege for service accounts to limit what permissions the exploited process gets on the rest of the system.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1484 | Domain or Tenant Policy Modification |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Restrict administrative privileges to mitigate this technique.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1484.002 | Trust Modification |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Protect administrative access to domain trusts and identity tenants to mitigate this technique.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Minimize service account permissions and access for the service to mitigate exploitation via Distributed Component Object Model (DCOM).
|
| PR.AA-05.03 | Service accounts | Mitigates | T1558.003 | Kerberoasting |
Comments
This diagnostic statement describes security controls implemented for service accounts (i.e., accounts used by systems to access other systems). Limit service accounts to minimal required privileges to mitigate attempts to steal or forge Kerberos tickets.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1558.002 | Silver Ticket |
Comments
This diagnostic statement describes security controls implemented for service accounts (i.e., accounts used by systems to access other systems). Limit service accounts to minimal required privileges to mitigate attempts to steal or forge Kerberos tickets.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1563.001 | SSH Hijacking |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems), such as granting service accounts only the minimum necessary permissions.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1078.002 | Domain Accounts |
Comments
This diagnostic statement describes how the organization establishes security standards based on industry guidelines to institute strict controls over service account (i.e., accounts used by systems to access other systems).
|
| PR.AA-05.03 | Service accounts | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement describes security controls implemented for service accounts (i.e., accounts used by systems to access other systems). Limit service accounts to minimal required privileges to mitigate attempts to steal or forge Kerberos tickets.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This diagnostic statement describes how the organization establishes security standards based on industry guidelines to institute strict controls over service account (i.e., accounts used by systems to access other systems). Minimize permissions and access for service accounts to mitigate this technique.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1559.001 | Component Object Model |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Set service account access restrictions to grant only the minimum necessary permissions to mitigate abuse of inter-process communication (IPC) mechanisms.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1078 | Valid Accounts |
Comments
This diagnostic statement describes how the organization establishes security standards based on industry guidelines to institute strict controls over service account (i.e., accounts used by systems to access other systems).
|
| PR.AA-05.03 | Service accounts | Mitigates | T1210 | Exploitation of Remote Services |
Comments
This diagnostic statement is for the implementation of security controls for service accounts (i.e., accounts used by systems to access other systems). Minimize permissions and access for service accounts to limit impact of exploitation.
|
| PR.AA-05.03 | Service accounts | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement describes how the organization establishes security standards based on industry guidelines to institute strict controls over service account (i.e., accounts used by systems to access other systems).
|