| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.IR-01.01 | Network segmentation | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network filtering, defense-in-depth, and access isolation principles provides protection against adversaries trying to obtain unsecured credentials.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing secure network configuration, defense-in-depth, and access isolation principles provides protection against adversaries attempting to obtain credentials via APIs within a containers environment.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1199 | Trusted Relationship |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to isolate infrastructure and limit access through trusted third party relationships.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1072 | Software Deployment Tools |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. The permissions required for execution of this technique vary by system configuration. Employing proper system isolation can protect critical network systems from potential exploitation.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1489 | Service Stop |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing defense-in-depth and access isolation provides protection against adversaries attempting to stop services.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as blocking RDP traffic between network security zones provides protection against adversaries attempting to use RDP to expand access.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as Windows Firewall provides protection against adversaries attempting to exploit Distributed Component Object Model.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1021.006 | Windows Remote Management |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as blocking or restricting WinRM provides protection against adversaries attempting to exploit this service.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Blocking network traffic that is not necessary can mitigate, or at least alleviate, use of remote services to move laterally in an environment.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Blocking network traffic that is not necessary can mitigate, or at least alleviate, use of remote desktop to move laterally in an environment.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1571 | Non-Standard Port |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Configuring firewalls and proxies to limit outgoing traffic to only necessary ports and proper systems can mitigate use of this technique.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1095 | Non-Application Layer Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Configuring firewalls and proxies to limit outgoing traffic to only necessary ports and proper systems can mitigate use of this technique.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1040 | Network Sniffing |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as denying direct access of broadcasts and multicast sniffing can prevent network sniffing attacks.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1046 | Network Service Discovery |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation can protect critical servers and devices from discovery and potential exploitation.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Denying direct remote access to internal systems to prevent adversaries from leveraging external-facing remote services to access and/or persist within a network.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1210 | Exploitation of Remote Services |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Segmenting externally facing networks and systems appropriately to mitigate exploitation of remote services.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1190 | Exploit Public-Facing Application |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Segment externally facing servers and services to mitigate exploitation of public-facing applications.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1482 | Domain Trust Discovery |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation for sensitive domains can help prevent adversary exploitation of domain trust relationships.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1610 | Deploy Container |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to deny direct remote access to internal systems externally provides protection against adversaries attempting to deploy containers.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1565 | Data Manipulation |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to isolate and secure systems hosting critical business and system processes.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1565.003 | Runtime Data Manipulation |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to isolate and secure systems hosting critical business and system processes.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1136 | Create Account |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1136.003 | Cloud Account |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1613 | Container and Resource Discovery |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to deny direct remote access to internal systems externally provides protection against adversaries attempting to discover resources in container environments.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1612 | Build Image on Host |
Comments
This diagnostic statement protects against Build Image on Host through the use of network segmentation, firewalls, secure network configuration, defense-in-depth and access isolation principles. Employing defense-in-depth and access isolation principles provides protection against adversaries attempting to build image on host.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation limits access to critical systems and domain controllers.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation limits access to critical systems and domain controllers.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1552.005 | Cloud Instance Metadata API |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network filtering, defense-in-depth, and access isolation principles provides protection against adversaries attempting to obtain credentials and other sensitive data.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.
|
| PR.IR-01.01 | Network segmentation | Mitigates | T1557.003 | DHCP Spoofing |
Comments
This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.
|