| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1040 | Network Sniffing |
Comments
This diagnostic statement protects adversaries from being able to access data in transit over networks. Encrypting information and files by utilizing authentication protocols, such as Kerberos, can ensure web traffic that may contain credentials is protected by SSL/TLS.
|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This diagnostic statement provides another layer of protection from adversaries trying to gain access to data that is en route to storage or other systems.
|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1550.003 | Pass the Ticket |
Comments
This diagnostic statement provide protection from adversaries that may possibly use stolen Kerberos tickets. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1550.002 | Pass the Hash |
Comments
This diagnostic statement provide protection from adversaries that may possibly utilize stolen password hashes. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1550.001 | Application Access Token |
Comments
This diagnostic statement provide protection from adversaries that may possibly bypass the authentication process and use stolen tokens. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
|
| PR.DS-02.01 | Data-in-transit protection | Mitigates | T1550 | Use Alternate Authentication Material |
Comments
This diagnostic statement provide protection from adversaries that may possibly attack via alternate authentication methods. Various methods should be used to protect data-in-transit including encryption, password hashing, and tokenization.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1005 | Data from Local System |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1550.001 | Application Access Token |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1003.003 | NTDS |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1040 | Network Sniffing |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1213 | Data from Information Repositories |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.01 | Data-at-rest protection | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement focuses on protecting data-at-rest by implementing encryption and other security measures such as sandboxing, authentication, segregation, masking, tokenization, and file integrity monitoring.
|
| PR.DS-01.03 | Removable media protection | Mitigates | T1030 | Data Transfer Size Limits |
Comments
This diagnostic statement focuses on restricting the use of removable media devices (e.g., USB drives, CDs, DVDs) to prevent unauthorized access, data leakage, or malicious activity.
|
| PR.DS-01.03 | Removable media protection | Mitigates | T1200 | Hardware Additions |
Comments
This diagnostic statement focuses on restricting the use of removable media devices (e.g., USB drives, CDs, DVDs) to prevent unauthorized access, data leakage, or malicious activity.
|
| PR.DS-01.03 | Removable media protection | Mitigates | T1092 | Communication Through Removable Media |
Comments
This diagnostic statement focuses on restricting the use of removable media devices (e.g., USB drives, CDs, DVDs) to prevent unauthorized access, data leakage, or malicious activity.
|
| PR.DS-01.03 | Removable media protection | Mitigates | T1025 | Data from Removable Media |
Comments
This diagnostic statement focuses on restricting the use of removable media devices (e.g., USB drives, CDs, DVDs) to prevent unauthorized access, data leakage, or malicious activity.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1567.004 | Exfiltration Over Webhook |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1052.001 | Exfiltration over USB |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1052 | Exfiltration Over Physical Medium |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1025 | Data from Removable Media |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1005 | Data from Local System |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-01.02 | Data loss prevention | Mitigates | T1020.001 | Traffic Duplication |
Comments
The use of data loss prevention controls may mitigate the techniques related to data leakage and loss from local systems, automated exfiltration, and exfiltration over non-approved services.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This diagnostic statement provides protection from adversaries that try to manipulate and/or modify data at rest, which harms the integrity of data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1565 | Data Manipulation |
Comments
This diagnostic statement provides protection from adversaries that try to manipulate, modify and/or harm the integrity of data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561.002 | Disk Structure Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt disk data structures on a hard drive. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite while targeting critical systems
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561.001 | Disk Content Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt contents of storage device data. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1561 | Disk Wipe |
Comments
This diagnostic statement protects adversaries that can wipe/corrupt raw disk data on systems. Implementing data backup or disaster recovery plan can be used to restore organizational data that adversaries may have attempted to overwrite.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1490 | Inhibit System Recovery |
Comments
This diagnostic statement provides protection from adversaries that try to remove built in data and/or turn off services that are used to help with the recovery of corrupted systems. Ensuring backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery is a way to deny adversaries access to available backup and recovery options
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1486 | Data Encrypted for Impact |
Comments
This diagnostic statement provides protection from adversaries that may encrypt data on target systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. Implementing data backup or disaster recovery plan can be used to restore organizational data. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1485.001 | Lifecycle-Triggered Deletion |
Comments
This diagnostic statement provides protection from adversaries that may modify lifecycle policies of cloud storage bucket to destroy all objects stored within. Implementing data backup or disaster recovery plan can be used to restore organizational data.
|
| PR.DS-11.01 | Data backup and replication | Mitigates | T1485 | Data Destruction |
Comments
This diagnostic statement provides protection from adversaries that may try to destroy data and files on systems or on a network/network resource. Implementing data backup or disaster recovery plan can be used to restore organizational data.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1567 | Exfiltration Over Web Service |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1052 | Exfiltration Over Physical Medium |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1052.001 | Exfiltration over USB |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1025 | Data from Removable Media |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1005 | Data from Local System |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1040 | Network Sniffing |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1070 | Indicator Removal |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1565.001 | Stored Data Manipulation |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1565 | Data Manipulation |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1213 | Data from Information Repositories |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1602 | Data from Configuration Repository |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1530 | Data from Cloud Storage |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1020 | Automated Exfiltration |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| PR.DS-10.01 | Data-in-use protection | Mitigates | T1119 | Automated Collection |
Comments
This Diagnostic Statement describes mitigations related to protecting data-in-use, mentioning encryption, access control methods and authentication. Using encryption for data-in-use, alongside other safeguards such for restricting exfiltration of sensitive data aid with mitigating collection and exfiltration threats.
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| PR.DS-11.01 | Data backup and replication | 9 |
| PR.DS-02.01 | Data-in-transit protection | 6 |
| PR.DS-01.02 | Data loss prevention | 11 |
| PR.DS-01.03 | Removable media protection | 4 |
| PR.DS-10.01 | Data-in-use protection | 17 |
| PR.DS-01.01 | Data-at-rest protection | 12 |