| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.IR-01.05 | Remote access protection | Mitigates | T1078.001 | Default Accounts |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1078.002 | Domain Accounts |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1199 | Trusted Relationship |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.007 | Cloud Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.008 | Direct Cloud VM Connections |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.002 | SMB/Windows Admin Shares |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.004 | SSH |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.006 | Windows Remote Management |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.005 | VNC |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.006 | Multi-Factor Authentication |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1136.001 | Local Account |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1136.003 | Cloud Account |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1136 | Create Account |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1098.006 | Additional Container Cluster Roles |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1098.002 | Additional Email Delegate Permissions |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1098.003 | Additional Cloud Roles |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1078 | Valid Accounts |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1078.004 | Cloud Accounts |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1110.001 | Password Guessing |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1110.003 | Password Spraying |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1110.004 | Credential Stuffing |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1651 | Cloud Administration Command |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1648 | Serverless Execution |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1110 | Brute Force |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1606.002 | SAML Tokens |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1606 | Forge Web Credentials |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1601.002 | Downgrade System Image |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1601.001 | Patch System Image |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1569.002 | Service Execution |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1569 | System Services |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1563.001 | SSH Hijacking |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1558.003 | Kerberoasting |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1558.002 | Silver Ticket |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1558.001 | Golden Ticket |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.007 | Hybrid Identity |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.005 | Reversible Encryption |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.003 | Pluggable Authentication Modules |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.004 | Network Device Authentication |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1543.002 | Systemd Service |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1543 | Create or Modify System Process |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1547.006 | Kernel Modules and Extensions |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1548.002 | Bypass User Account Control |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1548.003 | Sudo and Sudo Caching |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1548.006 | TCC Manipulation |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1484.002 | Trust Modification |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1484.001 | Group Policy Modification |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1484 | Domain or Tenant Policy Modification |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1550 | Use Alternate Authentication Material |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1542.001 | System Firmware |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1542.003 | Bootkit |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1542 | Pre-OS Boot |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1546 | Event Triggered Execution |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1546.003 | Windows Management Instrumentation Event Subscription |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1552.002 | Credentials in Registry |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1556.001 | Domain Controller Authentication |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1611 | Escape to Host |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1612 | Build Image on Host |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|
| PR.IR-01.05 | Remote access protection | Mitigates | T1621 | Multi-Factor Authentication Request Generation |
Comments
This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.
|