| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098.006 | Additional Container Cluster Roles |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to manipulate accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098.005 | Device Registration |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to register devices.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098.003 | Additional Cloud Roles |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to manipulate accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098.002 | Additional Email Delegate Permissions |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to add permissions to accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to manipulate accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement protects against Account Manipulation through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to manipulate accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1110.004 | Credential Stuffing |
Comments
This diagnostic statement protects against Brute Force through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to brute force credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1110.003 | Password Spraying |
Comments
This diagnostic statement protects against Brute Force through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to brute force credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1110.002 | Password Cracking |
Comments
This diagnostic statement protects against Brute Force through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to brute force credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1110.001 | Password Guessing |
Comments
This diagnostic statement protects against Brute Force through the use of revocation of keys and key management. Employing strong encryption keys and limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to guess credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1110 | Brute Force |
Comments
This diagnostic statement protects against Brute Force through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to brute force credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1136.003 | Cloud Account |
Comments
This diagnostic statement protects against Create Account through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to create accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement protects against Create Account through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to create accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1136.001 | Local Account |
Comments
This diagnostic statement protects against Create Account through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to create accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1136 | Create Account |
Comments
This diagnostic statement protects against Create Account through the use of revocation of keys and key management. Employing limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to create accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1485 | Data Destruction |
Comments
This diagnostic statement protects against Data Destruction through the use of revocation of keys and key management used in multi-factor authentication. Employing key protection strategies, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to destroy data.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement protects against Data from Cloud Storage through the use of revocation of keys and key management used in multi-factor authentication. Employing key protection strategies, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to access data from cloud storage.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1213.003 | Code Repositories |
Comments
This diagnostic statement protects against Code Repositories through the use of revocation of keys and key management. Employing key protection strategies such as removing keys from code repositories, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to glean credentials from code repositories.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1213 | Data from Information Repositories |
Comments
This diagnostic statement protects against Code Repositories through the use of revocation of keys and key management. Employing key protection strategies such as removing keys from information repositories, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to glean credentials from code repositories.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1114.002 | Remote Email Collection |
Comments
This diagnostic statement protects against Email Collection through the use of revocation of keys and key management. Employing key protection strategies such as ensuring proper encryption methods and key management for those used in email along with policies for sending cryptographic material over email, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to glean credentials from emails.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1114 | Email Collection |
Comments
This diagnostic statement protects against Email Collection through the use of revocation of keys and key management. Employing key protection strategies such as ensuring proper encryption methods and key management for those used in email along with policies for sending cryptographic material over email, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to glean credentials from emails.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement protects against External Remote Services through the use of revocation of keys and key management. Employing key protection strategies and key management for those used in external remote services, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to access external remote services.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556.007 | Hybrid Identity |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use hybrid identities.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556.006 | Multi-Factor Authentication |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes (including multi-factor authentication or MFA), limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to bypass or generate MFA requests.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556.004 | Network Device Authentication |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in managing and signing images, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify or patch network device authentication processes in those system images.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556.003 | Pluggable Authentication Modules |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in PAM modules and its authentication process, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify the PAM processes.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556.001 | Domain Controller Authentication |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify domain controller authentication mechanisms.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify authentication processes.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1601.002 | Downgrade System Image |
Comments
This diagnostic statement protects against Downgrade System Image through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in managing and signing images, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify or patch system images.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1601.001 | Patch System Image |
Comments
This diagnostic statement protects against Patch System Image through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in managing and signing images, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify or patch system images.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1601 | Modify System Image |
Comments
This diagnostic statement protects against Modify System Image through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in managing and signing images, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to modify or patch system images.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1621 | Multi-Factor Authentication Request Generation |
Comments
This diagnostic statement protects against Multi-Factor Authentication Request Generation through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes (including multi-factor authentication or MFA), limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to bypass or generate MFA requests.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1599.001 | Network Address Translation Traversal |
Comments
This diagnostic statement protects against Network Address Translation Traversal through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes (including multi-factor authentication or MFA for network devices using TACACS+/RADIUS), limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to perform Network Address Translation Traversal.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1599 | Network Boundary Bridging |
Comments
This diagnostic statement protects against Network Boundary Bridging through the use of revocation of keys and key management. Employing key protection strategies and key management for key material used in identity management and authentication processes (including multi-factor authentication or MFA for network devices using TACACS+/RADIUS), limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to perform Network Boundary Bridging.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1040 | Network Sniffing |
Comments
This diagnostic statement protects against Network Sniffing through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes transmitted over networks, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use network sniffing.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1021.007 | Cloud Services |
Comments
This diagnostic statement protects against Remote Services: Cloud Services through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes in cloud services, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use cloud services.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1021.004 | SSH |
Comments
This diagnostic statement protects against Remote Services: SSH through the use of revocation of keys and key management. Employing key protection strategies for key material used in SSH, limitations to specific accounts along with access control mechanisms limits adversaries attempting to use valid accounts on SSH.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement protects against Remote Services: Remote Desktop Protocol (RDP) through the use of revocation of keys and key management. Employing key protection strategies such as multi-factor authentication for key material used in authentication for RDP, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use valid accounts over RDP.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement protects against Remote Services through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes transmitted over networks, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to misuse remote services.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1072 | Software Deployment Tools |
Comments
This diagnostic statement protects against Software Deployment Tools through the use of revocation of keys and key management. Employing key protection strategies for key material used in software deployment tools including signing, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to misuse software deployment tools.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1539 | Steal Web Session Cookie |
Comments
This diagnostic statement protects against Steal Web Session Cookie through the use of revocation of keys and key management. Employing key protection strategies for key material used as part of multifactor authentication in authentication processes for web applications using cookies, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to steal session cookies.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1199 | Trusted Relationship |
Comments
This diagnostic statement protects against Trusted Relationship through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes for trusted entities, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to abuse trusted relationships.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1078.004 | Cloud Accounts |
Comments
This diagnostic statement protects against Valid Accounts: Cloud Accounts through the use of revocation of keys and key management. Employing key protection strategies for key material used as part of multi-factor authentication for valid accounts, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use valid accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1078.003 | Local Accounts |
Comments
This diagnostic statement protects against Valid Accounts: Local Accounts through the use of revocation of keys and key management. Employing key protection strategies for key material used as part of multi-factor authentication for valid accounts, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use valid accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1078.002 | Domain Accounts |
Comments
This diagnostic statement protects against Valid Accounts: Domain Accounts through the use of revocation of keys and key management. Employing key protection strategies for key material used as part of multi-factor authentication for valid accounts, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use valid accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1078 | Valid Accounts |
Comments
This diagnostic statement protects against Valid Accounts through the use of revocation of keys and key management. Employing key protection strategies for key material used as part of multi-factor authentication for valid accounts, limitations to specific accounts along with access control mechanisms provides protection against adversaries attempting to use valid accounts.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement protects against Adversary-in-the-middle: ARP Cache Poisoning through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against adversary-in-the-middle.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement protects against Adversary-in-the-middle through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against adversary-in-the-middle
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1119 | Automated Collection |
Comments
This diagnostic statement protects against Adversary-in-the-middle: ARP Cache Poisoning through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against adversary-in-the-middle
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1020.001 | Traffic Duplication |
Comments
This diagnostic statement protects against Automated Exfiltration: Traffic Duplication through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against traffic duplication.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1020 | Automated Exfiltration |
Comments
This diagnostic statement protects against Automated Exfiltration through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against automated exfiltration.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1659 | Content Injection |
Comments
This diagnostic statement protects against Content Injection through the use of revocation of keys and key management. Employing key protection strategies for key material used in virtual private networks, identity management, and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against content injection.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement protects against Data from Configuration Repository: Network Device Configuration Dump through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against network device configuration dump.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement protects against Data from Configuration Repository: SNMP (MIB Dump) through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against MIB Dump.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement protects against Data from Configuration Repository through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes over networks, limitations to specific accounts along with access control mechanisms provides protection against data from configuration repository.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This diagnostic statement protects against Transmitted Data Manipulation through the use of revocation of keys and key management. Employing key protection strategies for key material used in sensitive information transmitted over networks, limitations to specific accounts along with access control mechanisms provides protection against transmitted data manipulation by adversaries.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This diagnostic statement protects against Stored Data Manipulation through the use of revocation of keys and key management. Employing key protection strategies for key material used for storage of sensitive information, limitations to specific accounts along with access control mechanisms provides protection against stored data manipulation by adversaries.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1565 | Data Manipulation |
Comments
This diagnostic statement protects against Data Manipulation through the use of revocation of keys and key management. Employing key protection strategies for key material used for storage and transmission of sensitive information over networks, limitations to specific accounts along with access control mechanisms provides protection against data manipulation by adversaries.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1114.003 | Email Forwarding Rule |
Comments
This diagnostic statement protects against Email Forwarding Rule through the use of key management. Employing key protection strategies for key material used in protection of emails, limitations to specific accounts along with access control mechanisms provides protection against adversaries abusing email forwarding rule.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1114.001 | Local Email Collection |
Comments
This diagnostic statement protects against Local Email Collection through the use of key management. Employing key protection strategies for key material used in protection of emails, limitations to specific accounts along with access control mechanisms provides protection against adversaries abusing local email collection.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1070.002 | Clear Linux or Mac System Logs |
Comments
This diagnostic statement protects against Clear Linux or Mac System Logs through the use of key management. Employing key protection strategies for key material used in protection of event logs, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to clear system logs.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1070.001 | Clear Windows Event Logs |
Comments
This diagnostic statement protects against Clear Windows Event Logs through the use of key management. Employing key protection strategies for key material used in protection of event logs, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to clear system logs.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1070 | Indicator Removal |
Comments
This diagnostic statement protects against Indicator Removal through the use of key management. Employing key protection strategies for key material used in protection of indicators, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to remove indicators of compromise.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1003.003 | NTDS |
Comments
This diagnostic statement protects against OS Credential Dumping: NTDS through the use of revocation of keys and key management. Employing key protection strategies for key material used in protection of domain controller backups, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to obtain credentials from NTDS backups.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement protects against OS Credential Dumping through the use of revocation of keys and key management. Employing key protection strategies for key material used in protection of OS credential backups, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to obtain credentials from OS credential backups.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1649 | Steal or Forge Authentication Certificates |
Comments
This diagnostic statement protects against Steal or Forge Authentication Certificates through the use of revocation of keys and key management. Employing certificate protection strategies such as storing in a Hardware Security Module like a TPM and checking certificate validity for those used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to steal or forge authentication certificates.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1558.004 | AS-REP Roasting |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets: AS-REP Roasting through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to perform AS-REP Roasting.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1558.003 | Kerberoasting |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets: Kerberoasting through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to perform Kerbeoasting.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1558.002 | Silver Ticket |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets: Silver Ticket through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes, especially for known services such as MSSQL etc., limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to steal or forge kerberos tickets.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes, especially for Kerberos authentication process, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to steal or forge kerberos tickets.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1552.004 | Private Keys |
Comments
This diagnostic statement protects against Unsecured Credentials: Private Keys through the use of revocation of keys and key management. Employing key protection strategies for key material such as private keys used in protecting credentials, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to compromise credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement protects against Unsecured Credentials through the use of revocation of keys and key management. Employing key protection strategies for key material such as private keys, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to compromise credentials.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1550.001 | Application Access Token |
Comments
This diagnostic statement protects against Application Access Token through the use of revocation of keys and key management. Employing key protection strategies for key material such as those used in generation or protection of application access tokens, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to compromise application access tokens.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1550 | Use Alternate Authentication Material |
Comments
This diagnostic statement protects against Use Alternate Authentication Material through the use of revocation of keys and key management. Employing key protection strategies for key material used for identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to use alternate authentication material.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1547 | Boot or Logon Autostart Execution |
Comments
This diagnostic statement protects against Boot or Logon Autostart Execution through the use of revocation of keys and key management. Employing key protection strategies for key material used for protecting integrity of boot firmware, system images, and using Hardware Security Modules such as TPMs to store those keys, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to compromise boot or logon autostart execution.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1547.008 | LSASS Driver |
Comments
This diagnostic statement protects against Boot or Logon Autostart Execution: LSASS Driver through the use of revocation of keys and key management. Employing key protection strategies for key material used for protecting integrity of boot firmware, system images, and using Hardware Security Modules such as TPMs to store those keys, along with use of Credential Guard provides protection against adversaries trying to compromise boot or logon autostart execution.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1003.001 | LSASS Memory |
Comments
This diagnostic statement protects against OS Credential Dumping: LSASS Memory through the use of revocation of keys and key management. Employing key protection strategies for key material used for protecting integrity of boot firmware, system images, and using Hardware Security Modules such as TPMs to store those keys, along with use of Credential Guard provides protection against adversaries trying to perform OS Credential dumping of LSASS memory.
|
| PR.PS-01.07 | Cryptographic keys and certificates | Mitigates | T1558.005 | Ccache Files |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets: Ccache Files through the use of revocation of keys and key management. Employing key protection strategies for key material used in identity management and authentication processes, limitations to specific accounts along with access control mechanisms provides protection against adversaries trying to steal or forge kerberos tickets.
|