| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.IR-01.02 | Network device configurations | Mitigates | T1610 | Deploy Container |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversary deployment of a container.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1557.003 | DHCP Spoofing |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1218 | System Binary Proxy Execution |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can help to mitigate this technique.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1071.004 | DNS |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1021.005 | VNC |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1021.006 | Windows Remote Management |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1071 | Application Layer Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1071.005 | Publish/Subscribe Protocols |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1095 | Non-Application Layer Protocol |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of non-application layer protocols.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversaries from leveraging externally-facing remote services to initially access and/or persist within a network.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1187 | Forced Authentication |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversaries from obtaining credentials through forced authentication.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1197 | BITS Jobs |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to to only allow legitimate BITS traffic can mitigate adversary abuse of BITS Jobs.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1218.012 | Verclsid |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can help to mitigate this technique.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1219 | Remote Access Software |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can mitigate adversary abuse of remote access software.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing IP-based restrictions for accessing cloud resources can mitigate adversary access to data in cloud storage.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing network-based filtering restrictions can mitigate data transfers to untrusted VPCs.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1542 | Pre-OS Boot |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit access can mitigate adversary abuse of pre-OS boot mechanisms.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions on untrusted network sources can mitigate adversary abuse of TFTP boot (netbooting).
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1552.005 | Cloud Instance Metadata API |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit access can prevent RDP hijacking.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1572 | Protocol Tunneling |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic to untrusted or known bad domains and resources can prevent tunnelling of network communications.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversary abuse of container administration.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1612 | Build Image on Host |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversaries from building container images on hosts.
|
| PR.IR-01.02 | Network device configurations | Mitigates | T1613 | Container and Resource Discovery |
Comments
This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversaries from discovering resources in container environments.
|