1. Home
  2. Mapping Frameworks
  3. CRI Profile Home
  4. Identify: Asset Management Capability Group

CRI Profile Identify: Asset Management Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
ID.AM-08.03 Data governance and lifecycle management Mitigates T1565.002 Transmitted Data Manipulation
Comments
This diagnostic statement prevents adversaries from manipulating data that is in transit. Encrypting and/or obfuscating data can be used to protect sensitive data from being accessed by adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1565.001 Stored Data Manipulation
Comments
This diagnostic statement prevents adversaries from manipulating data at rest. storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1114.001 Local Email Collection
Comments
This diagnostic statement prevents adversaries from manipulating emails and having the ability to collect sensitive data (PII) from users. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1070.008 Clear Mailbox Data
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to modify mail and mail application data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1070.002 Clear Linux or Mac System Logs
Comments
Utilizing methods that can obfuscate and/or encrypt event files locally and in transit can prevent adversaries from clearing system logs and feeding them to adversaries. Also, storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1070 Indicator Removal
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to interfere with processes used to detect intrusion activities. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1003.003 NTDS
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via Active Directory domain databases. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1558.005 Ccache Files
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets in credential cache files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1558 Steal or Forge Kerberos Tickets
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets to enforce unauthorized access. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1557.004 Evil Twin
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and enticing users to connecting to malicious networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1557 Adversary-in-the-Middle
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1552.004 Private Keys
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via private key certificate files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1552 Unsecured Credentials
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1550.001 Application Access Token
Comments
This diagnostic statement prevents adversaries from being able to steal application access token by bypassing regular authentication methods and accessing restricting accounts and user credentials. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1548 Abuse Elevation Control Mechanism
Comments
This diagnostic statement prevents adversaries from being able to manipulate mechanisms to gain access to user's higher-level permissions and control elevated privileges. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1530 Data from Cloud Storage
Comments
This diagnostic statement prevents adversaries from collecting sensitive data from cloud storage solutions, such as Amazon S3, Azure, Storage, and Google Cloud. Permissions on cloud storage should be frequently checked and encrypting sensitive data in the cloud should be managed properly. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1213.004 Customer Relationship Management Software
Comments
This diagnostic statement prevents adversaries from leveraging sensitive (PII) data from customer relationship management software by sending phishing emails or targeting organization's customers in ways that enable financial gain. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1119 Automated Collection
Comments
This diagnostic statement prevents adversaries from using automated techniques for collecting internal data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1114.003 Email Forwarding Rule
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from abusing email forwarding rules. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1114.002 Remote Email Collection
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from manipulating data via exchange server, Office 365, or Google Workspace from trying to collect sensitive information. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1114 Email Collection
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. here may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1070.001 Clear Windows Event Logs
Comments
This diagnostic statement protects data from being easily manipulated by adversaries that try to clear Windows event logs by intruding different activities. Encrypting files locally and in transit shall avoid giving data to an adversary. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1040 Network Sniffing
Comments
This diagnostic statement protects data from being easily manipulated by adversaries due to network sniffing while authentication material is being passed over networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1020.001 Traffic Duplication
Comments
This diagnostic statement protects data from being exfiltrated from adversaries via traffic monitoring. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.03 Data governance and lifecycle management Mitigates T1003 OS Credential Dumping
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1565.002 Transmitted Data Manipulation
Comments
This diagnostic statement prevents adversaries from manipulating data that is in transit. Encrypting and/or obfuscating data can be used to protect sensitive data from being accessed by adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1565.001 Stored Data Manipulation
Comments
This diagnostic statement prevents adversaries from manipulating data at rest. storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1114.001 Local Email Collection
Comments
This diagnostic statement prevents adversaries from manipulating emails and having the ability to collect sensitive data (PII) from users. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1070.008 Clear Mailbox Data
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to modify mail and mail application data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1070.002 Clear Linux or Mac System Logs
Comments
Utilizing methods that can obfuscate and/or encrypt event files locally and in transit can prevent adversaries from clearing system logs and feeding them to adversaries. Also, storing data remotely can be used to properly manage data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1070 Indicator Removal
Comments
Storing data remotely can be used to properly manage data so that adversaries won't be able to interfere with processes used to detect intrusion activities. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1003.003 NTDS
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via Active Directory domain databases. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1558.005 Ccache Files
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets in credential cache files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1558 Steal or Forge Kerberos Tickets
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and abusing Kerberos by stealing tickets to enforce unauthorized access. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1557.004 Evil Twin
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks by accessing Wi-Fi access points and enticing users to connecting to malicious networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1557 Adversary-in-the-Middle
Comments
This diagnostic statement prevents adversaries from being able to steal data in transit between networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1552.004 Private Keys
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries via private key certificate files. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1552 Unsecured Credentials
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1550.001 Application Access Token
Comments
This diagnostic statement prevents adversaries from being able to steal application access token by bypassing regular authentication methods and accessing restricting accounts and user credentials. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1548 Abuse Elevation Control Mechanism
Comments
This diagnostic statement prevents adversaries from being able to manipulate mechanisms to gain access to user's higher-level permissions and control elevated privileges. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1530 Data from Cloud Storage
Comments
This diagnostic statement prevents adversaries from collecting sensitive data from cloud storage solutions, such as Amazon S3, Azure, Storage, and Google Cloud. Permissions on cloud storage should be frequently checked and encrypting sensitive data in the cloud should be managed properly. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1213.004 Customer Relationship Management Software
Comments
This diagnostic statement prevents adversaries from leveraging sensitive (PII) data from customer relationship management software by sending phishing emails or targeting organization's customers in ways that enable financial gain. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1119 Automated Collection
Comments
This diagnostic statement prevents adversaries from using automated techniques for collecting internal data. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1114.003 Email Forwarding Rule
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from abusing email forwarding rules. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1114.002 Remote Email Collection
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. It also prevents adversaries from manipulating data via exchange server, Office 365, or Google Workspace from trying to collect sensitive information. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1114 Email Collection
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries found in emails. here may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1070.001 Clear Windows Event Logs
Comments
This diagnostic statement protects data from being easily manipulated by adversaries that try to clear Windows event logs by intruding different activities. Encrypting files locally and in transit shall avoid giving data to an adversary. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1040 Network Sniffing
Comments
This diagnostic statement protects data from being easily manipulated by adversaries due to network sniffing while authentication material is being passed over networks. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1020.001 Traffic Duplication
Comments
This diagnostic statement protects data from being exfiltrated from adversaries via traffic monitoring. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.
ID.AM-08.05 Data destruction procedures Mitigates T1003 OS Credential Dumping
Comments
This diagnostic statement protects credential data and sensitive PII from being stolen from adversaries. There may be some similarities to NIST 800-53 SI-12 Information Management and Retention. This may provide mitigation of data access/exfiltration techniques.

Capabilities

Capability ID Capability Name Number of Mappings
ID.AM-08.03 Data governance and lifecycle management 25
ID.AM-08.05 Data destruction procedures 25