| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This diagnostic statement provides protection from adversaries that try to manipulate and/or modify data at rest, which harms the integrity of data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1565 | Data Manipulation |
Comments
This diagnostic statement provides protection from adversaries that try to manipulate, modify and/or harm the integrity of data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561.002 | Disk Structure Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt disk data structures on a hard drive. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite while targeting critical systems
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561.001 | Disk Content Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt contents of storage device data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561 | Disk Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt raw disk data on systems. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1490 | Inhibit System Recovery |
Comments
This diagnostic statement provides protection from adversaries that try to remove built in data and/or turn off services that are used to help with the recovery of corrupted systems. Ensuring backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery is a way to deny adversaries access to available backup and recovery options
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1486 | Data Encrypted for Impact |
Comments
This diagnostic statement provides protection from adversaries that may encrypt data on target systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. Implementing data backup or disaster recovery plan can be used to restore organizational data. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1485.001 | Lifecycle-Triggered Deletion |
Comments
This diagnostic statement provides protection from adversaries that may modify lifecycle policies of cloud storage bucket to destroy all objects stored within. Implementing data backup or disaster recovery plan can be used to restore organizational data.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1485 | Data Destruction |
Comments
This diagnostic statement provides protection from adversaries that may try to destroy data and files on systems or on a network/network resource. Implementing data backup or disaster recovery plan can be used to restore organizational data.
|