| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1195 | Supply Chain Compromise |
Comments
This diagnostic statement provides protection from Supply Chain Compromise through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Ensuring software management security standards can help protect against adversaries attempting to compromise the supply chain.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1553 | Subvert Trust Controls |
Comments
This diagnostic statement provides protection from Subvert Trust Controls through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to subvert trust controls.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1553.006 | Code Signing Policy Modification |
Comments
This diagnostic statement provides protection from Code Signing Policy Modification through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1542 | Pre-OS Boot |
Comments
This diagnostic statement provides protection from Pre-OS Boot through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software/firmware and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1542.001 | System Firmware |
Comments
This diagnostic statement provides protection from System Firmware through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify firmware and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1542.003 | Bootkit |
Comments
This diagnostic statement provides protection from Bootkit through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1542.004 | ROMMONkit |
Comments
This diagnostic statement provides protection from ROMMONkit through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement provides protection from TFTP Boot through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement provides protection from Modify System Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify the system image.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1601.001 | Patch System Image |
Comments
This diagnostic statement provides protection from Patch System Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify the system image
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1601.002 | Downgrade System Image |
Comments
This diagnostic statement provides protection from Downgrade System Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify the system image.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1495 | Firmware Corruption |
Comments
This diagnostic statement provides protection from Firmware Corruption through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify firmware and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1204 | User Execution |
Comments
This diagnostic statement provides protection from User Execution through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to execute malicious unsigned code.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1204.003 | Malicious Image |
Comments
This diagnostic statement provides protection from User Execution through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to execute malicious unsigned code.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1127 | Trusted Developer Utilities Proxy Execution |
Comments
This diagnostic statement provides protection from Trusted Developer Utilities Proxy Execution through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1127.002 | ClickOnce |
Comments
This diagnostic statement provides protection from Trusted Developer Utilities Proxy Execution: ClickOnce through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1505 | Server Software Component |
Comments
This diagnostic statement provides protection from Server Software Component through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1505.001 | SQL Stored Procedures |
Comments
This diagnostic statement provides protection from SQL Stored Procedures through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1505.002 | Transport Agent |
Comments
This diagnostic statement provides protection from Transport Agent through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1505.004 | IIS Components |
Comments
This diagnostic statement provides protection from IIS Components through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1036 | Masquerading |
Comments
This diagnostic statement provides protection from Masquerading through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1036.001 | Invalid Code Signature |
Comments
This diagnostic statement provides protection from Masquerading: Invalid Code Signature through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1036.005 | Match Legitimate Name or Location |
Comments
This diagnostic statement provides protection from Masquerading: Match Legitimate Name or Location through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1525 | Implant Internal Image |
Comments
This diagnostic statement provides protection from Implant Internal Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1546 | Event Triggered Execution |
Comments
This diagnostic statement provides protection from Event Triggered Execution through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1546.006 | LC_LOAD_DYLIB Addition |
Comments
This diagnostic statement provides protection from Event Triggered Execution: LC_LOAD_DYLIB Addition through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1546.013 | PowerShell Profile |
Comments
This diagnostic statement provides protection from Powershell Profile through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1543 | Create or Modify System Process |
Comments
This diagnostic statement provides protection from Create or Modify System Process through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1543.003 | Windows Service |
Comments
This diagnostic statement provides protection from Create or Modify System Process: Windows Service through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1554 | Compromise Host Software Binary |
Comments
This diagnostic statement provides protection from Compromise Host Software Binary the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
This diagnostic statement provides protection from Command and Scripting Interpreter through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining along with disallowing scripts and integrity checking can help protect against adversaries that may abuse command and script interpreters.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement provides protection from Command and Scripting Interpreter through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining along with disallowing scripts and integrity checking can help protect against adversaries that may abuse command and script interpreters.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1059.002 | AppleScript |
Comments
This diagnostic statement provides protection from Command and Scripting Interpreter through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining along with disallowing scripts and integrity checking can help protect against adversaries that may abuse command and script interpreters.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1550.004 | Web Session Cookie |
Comments
This diagnostic statement provides protection from Web Session Cookie through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Baseline security configuration including the automated deletion of cookies can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1535 | Unused/Unsupported Cloud Regions |
Comments
This diagnostic statement provides protection from Unused/Unsupported Cloud Regions through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This diagnostic statement provides protection from Transfer Data to Cloud through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that enforce data sharing restrictions to the cloud and integrity checking can help protect against adversaries attempting to transfer data to a cloud account.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1553.004 | Install Root Certificate |
Comments
This diagnostic statement provides protection from Subvert Trust Controls: Install Root Certificate through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration including Windows Group Policy or Key Pinning and integrity checking can help protect against adversaries attempting to compromise and modify certificate configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1539 | Steal Web Session Cookie |
Comments
This diagnostic statement provides protection from Steal Web Session Cookie through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Baseline security configuration including the automated deletion of cookies can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1598 | Phishing for Information |
Comments
This diagnostic statement provides protection from Phishing for Information through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration that uses anti-spoofing, email authentication mechanisms, encryption of credential data, and integrity checking can help protect against adversaries attempting to gather information.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1598.002 | Spearphishing Attachment |
Comments
This diagnostic statement provides protection from Phishing for Information: Spearphishing Attachment through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration that uses anti-spoofing, email authentication mechanisms, external email tracking, encryption of credential data, and integrity checking can help protect against adversaries attempting to gather information.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1598.003 | Spearphishing Link |
Comments
This diagnostic statement provides protection from Phishing for Information: Spearphishing Link through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration that uses anti-spoofing, email authentication mechanisms, web filtering, encryption of credential data, and integrity checking can help protect against adversaries attempting to gather information.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1566 | Phishing |
Comments
This diagnostic statement provides protection from Phishing through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration that uses anti-spoofing, email authentication mechanisms, blocking of non-essential sites or attachment types, encryption of credential data, and integrity checking can help protect against adversaries attempting to access systems.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1566.002 | Spearphishing Link |
Comments
This diagnostic statement provides protection from Phishing through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration that uses anti-spoofing, email authentication mechanisms, blocking of non-essential sites or attachment types, encryption of credential data, and integrity checking can help protect against adversaries attempting to access systems
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1137 | Office Application Startup |
Comments
This diagnostic statement provides protection from Office Application Startup through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of Office software and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1137.002 | Office Test |
Comments
This diagnostic statement provides protection from Office Test through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1666 | Modify Cloud Resource Hierarchy |
Comments
This diagnostic statement provides protection from Modify Cloud Resource Hierarchy through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations for Cloud platforms and integrity checking can help protect against adversaries attempting to compromise and modify cloud configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1559 | Inter-Process Communication |
Comments
This diagnostic statement provides protection from Inter-Process Communication through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1559.002 | Dynamic Data Exchange |
Comments
This diagnostic statement provides protection from Inter-Process Communication: Dynamic Data Exchange through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1562 | Impair Defenses |
Comments
This diagnostic statement provides protection from Impair Defenses through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1562.006 | Indicator Blocking |
Comments
This diagnostic statement provides protection from Impair Defenses: Indicator Blocking through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1562.009 | Safe Mode Boot |
Comments
This diagnostic statement provides protection from Impair Defenses: Safe Mode Boot through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1562.010 | Downgrade Attack |
Comments
This diagnostic statement provides protection from Impair Defenses: Downgrade Attack through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1590.002 | DNS |
Comments
This diagnostic statement provides protection from Gather Victim Information: DNS through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration including secure policies for DNS servers including Zone Transfer Policies and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1606 | Forge Web Credentials |
Comments
This diagnostic statement provides protection from Forge Web Credentials through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1606.001 | Web Cookies |
Comments
This diagnostic statement provides protection from Web Cookies through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Baseline security configuration including the automated deletion of cookies can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1213 | Data from Information Repositories |
Comments
This diagnostic statement provides protection from Data from Information Repositories through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include data retention policies to periodically archive and/or delete data and integrity checking can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This diagnostic statement provides protection from Data from Information Repositories: Customer Relationship Management Software through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include data retention policies to periodically archive and/or delete data and integrity checking can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement provides protection from Data from Information Repositories: Data from Configuration Repository through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include data retention policies to periodically archive and/or delete data and integrity checking can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement provides protection from Data from Configuration Repository: SNMP (MIB Dump) through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include allowlist MIB objects and implement SNMP Views can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement provides protection from Data from Configuration Repository: Network Device Configuration Dump through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include allowlist MIB objects and implement SNMP Views, and keeping system images and software up to date can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1555.005 | Password Managers |
Comments
This diagnostic statement provides protection from Credentials from Password Stores: Password Managers through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configurations that include secure password storage policies, and keeping system images and software up to date can help protect against adversaries attempting to leverage information repositories.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1543.005 | Container Service |
Comments
This diagnostic statement provides protection from Create or Modify System Process: Container Service through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This diagnostic statement provides protection from Abuse Elevation Control Mechanism through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1548.003 | Sudo and Sudo Caching |
Comments
This diagnostic statement provides protection from Abuse Elevation Control Mechanism: Sudo and Sudo Caching through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuraiton of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1548.002 | Bypass User Account Control |
Comments
This diagnostic statement provides protection from Abuse Elevation Control Mechanism: Bypass User Account Control through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1548.001 | Setuid and Setgid |
Comments
This diagnostic statement provides protection from Abuse Elevation Control Mechanism: Setuid and Setgid through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1087 | Account Discovery |
Comments
This diagnostic statement provides protection from Account Discovery through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1087.001 | Local Account |
Comments
This diagnostic statement provides protection from Account Discovery: Local Account through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1087.002 | Domain Account |
Comments
This diagnostic statement provides protection from Account Discovery: Domain Account through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement provides protection from Account Manipulation through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1197 | BITS Jobs |
Comments
This diagnostic statement provides protection from BITS Jobs through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1092 | Communication Through Removable Media |
Comments
This diagnostic statement provides protection from Communication Through Removable Media through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1136 | Create Account |
Comments
This diagnostic statement provides protection from Create Account through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement provides protection from Create Account: Domain Account through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1546.008 | Accessibility Features |
Comments
This diagnostic statement provides protection from Accessibility Features through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1011 | Exfiltration Over Other Network Medium |
Comments
This diagnostic statement provides protection from Exfiltration Over Other Network Medium through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1011.001 | Exfiltration Over Bluetooth |
Comments
This diagnostic statement provides protection from Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1564 | Hide Artifacts |
Comments
This diagnostic statement provides protection from Hide Artifacts through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1564.002 | Hidden Users |
Comments
This diagnostic statement provides protection from Hide Artifacts: Hidden Users through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1574 | Hijack Execution Flow |
Comments
This diagnostic statement provides protection from Hijack Execution Flow through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1574.006 | Dynamic Linker Hijacking |
Comments
This diagnostic statement provides protection from Hijack Execution Flow: Dynamic Linker Hijacking through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1562.003 | Impair Command History Logging |
Comments
This diagnostic statement provides protection from Impair Defenses: Impair Command History Logging through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1490 | Inhibit System Recovery |
Comments
This diagnostic statement provides protection from Inhibit System Recovery through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1036.007 | Double File Extension |
Comments
This diagnostic statement provides protection from Masquerading: Double File Extension through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement provides protection from Modify Authentication Process through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System (including only allowing valid DLLs, secure policies) and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1556.002 | Password Filter DLL |
Comments
This diagnostic statement provides protection from Modify Authentication Process: Password Filter DLL through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System (including only allowing valid DLLs, secure policies) and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1556.008 | Network Provider DLL |
Comments
This diagnostic statement provides protection from Modify Authentication Process: Network Provider DLL through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System (including only allowing valid DLLs, secure policies) and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1135 | Network Share Discovery |
Comments
This diagnostic statement provides protection from Network Share Discovery through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement provides protection from OS Credential Dumping through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1003.001 | LSASS Memory |
Comments
This diagnostic statement provides protection from OS Credential Dumping: LSASS Memory through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1003.002 | Security Account Manager |
Comments
This diagnostic statement provides protection from OS Credential Dumping: Security Account Manager through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1003.005 | Cached Domain Credentials |
Comments
This diagnostic statement provides protection from OS Credential Dumping: Cached Domain Credentials through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement provides protection from Remote Service Session Hijacking through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement provides protection from Remote Service Session Hijacking: RDP Hijacking through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement provides protection from Remote Services through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement provides protection from Remote Desktop Protocol through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1053 | Scheduled Task/Job |
Comments
This diagnostic statement provides protection from Scheduled Task/Job through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System including running of scheduled tasks as authenticated user instead of SYSTEM and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1053.002 | At |
Comments
This diagnostic statement provides protection from Scheduled Task/Job: At through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System including running of scheduled tasks as authenticated user instead of SYSTEM and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1053.005 | Scheduled Task |
Comments
This diagnostic statement provides protection from Scheduled Task/Job: Scheduled Task through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System including running of scheduled tasks as authenticated user instead of SYSTEM and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement provides protection from Unsecured Credentials through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|
| PR.PS-01.03 | Configuration deviation | Mitigates | T1552.003 | Bash History |
Comments
This diagnostic statement provides protection from Unsecured Credentials: Bash History through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baseline configuration of the Operating System and integrity checking can help protect against adversaries attempting to compromise and elevate privileges.
|