| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.001 | Office Template Macros |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.002 | Office Test |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.003 | Outlook Forms |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.004 | Outlook Home Page |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.005 | Outlook Rules |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137.006 | Add-ins |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.001 | Dynamic-link Library Injection |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.002 | Portable Executable Injection |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.003 | Thread Execution Hijacking |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.004 | Asynchronous Procedure Call |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.005 | Thread Local Storage |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.008 | Ptrace System Calls |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.009 | Proc Memory |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055 | Process Injection |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.012 | Process Hollowing |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.013 | Process Doppelgänging |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.014 | VDSO Hijacking |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1189 | Drive-by Compromise |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1190 | Exploit Public-Facing Application |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1203 | Exploitation for Client Execution |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1212 | Exploitation for Credential Access |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1211 | Exploitation for Defense Evasion |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1210 | Exploitation of Remote Services |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1559 | Inter-Process Communication |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1559.001 | Component Object Model |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1559.002 | Dynamic Data Exchange |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1055.011 | Extra Window Memory Injection |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1021 | Remote Services |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1548.004 | Elevated Execution with Prompt |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059.001 | PowerShell |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059.002 | AppleScript |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059.005 | Visual Basic |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059.006 | Python |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1059.007 | JavaScript |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1036 | Masquerading |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1036.005 | Match Legitimate Name or Location |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1036.008 | Masquerade File Type |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1137 | Office Application Startup |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.001 | Compiled HTML File |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.002 | Control Panel |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.003 | CMSTP |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.004 | InstallUtil |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.005 | Mshta |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.008 | Odbcconf |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.009 | Regsvcs/Regasm |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.012 | Verclsid |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.013 | Mavinject |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.014 | MMC |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1218.015 | Electron Applications |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1047 | Windows Management Instrumentation |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1127.002 | ClickOnce |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|
| PR.PS-05.02 | Mobile code prevention | Mitigates | T1036.001 | Invalid Code Signature |
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
|