CRI Profile Protect: Technology Infrastructure Resilience Capability Group

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversary deployment of a container.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can help to mitigate this technique.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.

This diagnostic statement protects against Data Destruction through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Lifecycle-Triggered Deletion through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Data Encrypted for Impact through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Defacement through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Internal Defacement through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against External Defacement through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Disk Wipe through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Disk Content Wipe through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Disk Structure Wipe through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Inhibit System Recovery through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Automated Exfiltration through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Traffic Duplication through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Data from Local System through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Data from Removable Media through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Alternative Protocol through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Asymmetric Encrypted Non-C2 Protocol through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Unencrypted Non-C2 Protocol through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over C2 Channel through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Physical Medium through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration over USB through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Web Service through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Exfiltration Over Webhook through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement protects against Transfer Data to Cloud Account through the use of failsafes, backup facilities, disaster recovery, and resilience strategies including resumption of critical services.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network filtering, defense-in-depth, and access isolation principles provides protection against adversaries trying to obtain unsecured credentials.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing secure network configuration, defense-in-depth, and access isolation principles provides protection against adversaries attempting to obtain credentials via APIs within a containers environment.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to isolate infrastructure and limit access through trusted third party relationships.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. The permissions required for execution of this technique vary by system configuration. Employing proper system isolation can protect critical network systems from potential exploitation.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing defense-in-depth and access isolation provides protection against adversaries attempting to stop services.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as blocking RDP traffic between network security zones provides protection against adversaries attempting to use RDP to expand access.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as Windows Firewall provides protection against adversaries attempting to exploit Distributed Component Object Model.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as blocking or restricting WinRM provides protection against adversaries attempting to exploit this service.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Blocking network traffic that is not necessary can mitigate, or at least alleviate, use of remote services to move laterally in an environment.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Blocking network traffic that is not necessary can mitigate, or at least alleviate, use of remote desktop to move laterally in an environment.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Configuring firewalls and proxies to limit outgoing traffic to only necessary ports and proper systems can mitigate use of this technique.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Configuring firewalls and proxies to limit outgoing traffic to only necessary ports and proper systems can mitigate use of this technique.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing measures such as denying direct access of broadcasts and multicast sniffing can prevent network sniffing attacks.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation can protect critical servers and devices from discovery and potential exploitation.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Denying direct remote access to internal systems to prevent adversaries from leveraging external-facing remote services to access and/or persist within a network.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Segmenting externally facing networks and systems appropriately to mitigate exploitation of remote services.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Segment externally facing servers and services to mitigate exploitation of public-facing applications.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Network firewall configurations that allow only necessary ports and traffic can mitigate exfiltration of data over alternate protocols.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation for sensitive domains can help prevent adversary exploitation of domain trust relationships.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to deny direct remote access to internal systems externally provides protection against adversaries attempting to deploy containers.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to isolate and secure systems hosting critical business and system processes.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to isolate and secure systems hosting critical business and system processes.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employ network segmentation to segregate traffic to provide protection against adversaries attempting to obtain data from configuration repositories.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Limit access to critical systems and domain controllers to provide protection against adversaries attempting to create accounts.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network segmentation to deny direct remote access to internal systems externally provides protection against adversaries attempting to discover resources in container environments.

This diagnostic statement protects against Build Image on Host through the use of network segmentation, firewalls, secure network configuration, defense-in-depth and access isolation principles. Employing defense-in-depth and access isolation principles provides protection against adversaries attempting to build image on host.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation limits access to critical systems and domain controllers.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing proper network segmentation limits access to critical systems and domain controllers.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Employing network filtering, defense-in-depth, and access isolation principles provides protection against adversaries attempting to obtain credentials and other sensitive data.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.

This diagnostic statement is for the implementation of network segmentation which helps prevent access to critical systems and sensitive information. Isolate infrastructure components and blocking network traffic that is not necessary can mitigate, or at least alleviate, the scope of AiTM activity.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic statement describes how the organization establishes and manages baseline measures of network activity. Supported by network monitoring tools and other controls to detect events and identify incidents. Mitigating mechanisms may include: Data Loss Prevention (DLP); Filtering Network Traffic; Limit Network Traffic; Network Intrusion Prevention Systems (NIPS); and Network Segmentation for these type of network-based techniques.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic and using ISP or third-party providers, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to exploit software vulnerabilities that can cause an application or system to crash. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to block availability of services to user by attempting to conduct DoS attacks. Implementing mitigation strategies, such as filtering network traffic, enables blocking IP addresses and protocols used for transport.

This diagnostic approach safeguards systems and network resources from adversaries seeking to disrupt availability by attempting to corrupt or wipe the disk data structures on a hard drive. Implementing mitigation strategies, such as data backup, enables the restoration of organizational plans and critical information.

This diagnostic approach safeguards systems and network resources from adversaries seeking to disrupt availability by attempting to erase contents of storage devices on systems and networks. Implementing mitigation strategies, such as data backup, enables the restoration of organizational plans and critical information.

This diagnostic approach safeguards systems and network resources from adversaries seeking to disrupt availability by attempting to render stored data on local and remote drives via encryption. Implementing mitigation strategies, such as data backup, enables the restoration of organizational plans and critical information.

This diagnostic approach safeguards systems and network resources from adversaries seeking to disrupt availability by attempting to wiping disk data on system and network resources. Implementing mitigation strategies, such as data backup, enables the restoration of organizational plans and critical information.

This diagnostic approach safeguards systems and network resources from adversaries seeking to disrupt availability by destroying data files. Implementing mitigation strategies, such as data backup, enables the restoration of organizational plans and critical information. Additionally, the use of multi-factor authentication serves as an effective measure to restrict unauthorized access to credentials, thereby reducing the risk of data destruction.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of remote services.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of alternate protocols to exfiltrate data.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of application layer protocols.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversary use of non-application layer protocols.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversaries from leveraging externally-facing remote services to initially access and/or persist within a network.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can mitigate adversaries from obtaining credentials through forced authentication.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Using network appliances to to only allow legitimate BITS traffic can mitigate adversary abuse of BITS Jobs.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can help to mitigate this technique.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic can mitigate adversary abuse of remote access software.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing IP-based restrictions for accessing cloud resources can mitigate adversary access to data in cloud storage.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing network-based filtering restrictions can mitigate data transfers to untrusted VPCs.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit access can mitigate adversary abuse of pre-OS boot mechanisms.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions on untrusted network sources can mitigate adversary abuse of TFTP boot (netbooting).

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Employing restrictions that limit network access and communications with services can prevent adversaries from finding stored credentials.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic that is not necessary within the environment can prevent leveraging for AiTM conditions.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit access can prevent RDP hijacking.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to block or filter network traffic to untrusted or known bad domains and resources can prevent tunnelling of network communications.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, protocols) aligned to security baselines. Employing extended ACLs to block unauthorized protocols can mitigate adversary access to data in configuration repositories.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversary abuse of container administration.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversaries from building container images on hosts.

This diagnostic statement provides protection through secure network device configurations (e.g., firewall rules, ports, and protocols) aligned to security baselines. Using network appliances to limit communications with container services can prevent adversaries from discovering resources in container environments.

This diagnostic statement protects against Data Obfuscation through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Junk Data through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Steganography through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Protocol or Service Impersonation through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Fallback Channels through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Remote Services through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Remote Desktop Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against SMB/Windows Admin Shares through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against VNC through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Scheduled Transfer through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Data Transfer Size Limits through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Exfiltration Over C2 Channel through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Network Service Discovery through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Exfiltration Over Alternative Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Exfiltration Over Symmetric Encrypted Non-C2 Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Exfiltration Over Asymmetric Encrypted Non-C2 Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Exfiltration Over Unencrypted Non-C2 Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Application Layer Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Web Protocols through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against File Transfer Protocols through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Mail Protocols through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against DNS through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Publish/Subscribe Protocols through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Proxy through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Internal Proxy through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against External Proxy through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Multi-hop Proxy through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Non-Application Layer Protocol through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Web Service through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Dead Drop Resolver through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Bidirectional Communication through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against One-Way Communication through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Multi-Stage Channels through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Ingress Tool Transfer through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Data Encoding through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Standard Encoding through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Non-Standard Encoding through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against External Remote Services through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Forced Authentication through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against BITS Jobs through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Hardware Additions through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against User Execution through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Malicious Link through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Malicious Image through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Traffic Signaling through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Port Knocking through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Socket Filters through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against System Binary Proxy Execution through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Verclsid through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Remote Access Software through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Template Injection through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Network Denial of Service through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Direct Network Flood through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Reflection Amplification through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Endpoint Denial of Service through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against OS Exhaustion Flood through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Service Exhaustion Flood through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Application Exhaustion Flood through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Application or System Exploitation through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Data from Cloud Storage through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Transfer Data to Cloud Account through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Pre-OS Boot through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against ROMMONkit through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against TFTP Boot through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Event Triggered Execution through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Accessibility Features through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Unsecured Credentials through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Cloud Instance Metadata API through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Container API through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Adversary-in-the-Middle through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against LLMNR/NBT-NS Poisoning and SMB Relay through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against ARP Cache Poisoning through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against DHCP Spoofing through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Evil Twin through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Remote Service Session Hijacking through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against RDP Hijacking through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Phishing through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Spearphishing Attachment through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Dynamic Resolution through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Domain Generation Algorithms through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Lateral Tool Transfer through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Non-Standard Port through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Protocol Tunneling through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Encrypted Channel through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Symmetric Cryptography through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Asymmetric Cryptography through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Network Boundary Bridging through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Network Address Translation Traversal through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Data from Configuration Repository through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against SNMP (MIB Dump) through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Network Device Configuration Dump through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Container Administration Command through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Deploy Container through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Build Image on Host through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement protects against Container and Resource Discovery through the use of secure network configurations, architecture, implementations of zero trust architecture, and segmentation.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement provides protections for wireless networks. Implementation of wireless network management measures such as network segmentation and access controls reduces the attack surface, restricts movement by adversaries, and protects data from compromise.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement implements security controls and restrictions for remote user access to systems. Remote user access control involves managing and securing how users remotely access systems, such as through encrypted connections and account use policies, which help prevent adversary access.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement provides protections for production environments. Measures such as network segmentation and access control reduce the attack surface, restrict movement by adversaries, and protect critical assets and data from compromise.

This diagnostic statement implements technical controls (e.g., VPN, antivirus software) to address the risks of end-user personal computing devices accessing the organization’s network and resources.

This diagnostic statement protects against Remote Services through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Remote Desktop Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against SMB/Windows Admin Shares through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against VNC through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Obfuscated Files or Information through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Software Packing through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Embedded Payloads through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Command Obfuscation through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against LNK Icon Smuggling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Encrypted/Encoded File through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Polymorphic Code through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Masquerading through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Masquerade File Type through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration Over Alternative Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration Over Symmetric Encrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration Over Asymmetric Encrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration Over Unencrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration Over Physical Medium through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exfiltration over USB through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Command and Scripting Interpreter through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against PowerShell through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Visual Basic through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Python through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Application Layer Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against DNS through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Publish/Subscribe Protocols through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Taint Shared Content through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Proxy through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Multi-hop Proxy through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Replication Through Removable Media through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Non-Application Layer Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against External Remote Services through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Forced Authentication through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Exploit Public-Facing Application through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against BITS Jobs through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Hardware Additions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Traffic Signaling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Port Knocking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Socket Filters through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against System Binary Proxy Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Verclsid through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Remote Access Software through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Template Injection through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Network Denial of Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Direct Network Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Reflection Amplification through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Endpoint Denial of Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against OS Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Service Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Application Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Application or System Exploitation through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Data from Cloud Storage through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Transfer Data to Cloud Account through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Pre-OS Boot through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against TFTP Boot through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Event Triggered Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Accessibility Features through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Boot or Logon Autostart Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Kernel Modules and Extensions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Unsecured Credentials through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Cloud Instance Metadata API through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Container API through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Adversary-in-the-Middle through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against LLMNR/NBT-NS Poisoning and SMB Relay through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against ARP Cache Poisoning through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against DHCP Spoofing through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Remote Service Session Hijacking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against RDP Hijacking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Hide Artifacts through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against File/Path Exclusions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Spearphishing Attachment through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Spearphishing via Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Lateral Tool Transfer through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Protocol Tunneling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Network Boundary Bridging through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Network Address Translation Traversal through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Data from Configuration Repository through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against SNMP (MIB Dump) through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Network Device Configuration Dump through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Container Administration Command through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Deploy Container through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Build Image on Host through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.

This diagnostic statement protects against Container and Resource Discovery through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.