Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1550.004 | Web Session Cookie |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, configure browsers or tasks to regularly delete persistent cookies to prevent the adversaries form using stolen session cookies to authenticate to web applications and services as legitmate users.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114.003 | Email Forwarding Rule |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114.002 | Remote Email Collection |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114.001 | Local Email Collection |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1114 | Email Collection |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, the use of encryption provides an added layer of security to sensitive information sent over email. Encryption using public key cryptography requires the adversary to obtain the private certificate along with an encryption key to decrypt messages.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565.002 | Transmitted Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, encrypt all important data flows to reduce the impact of tailored modifications on data in transit for mitigation.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565.001 | Stored Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, consider encrypting important information to reduce an adversary’s ability to perform tailored data modifications.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1565 | Data Manipulation |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, consider encrypting important information to reduce an adversary’s ability to perform tailored data modifications.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1213 | Data from Information Repositories |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, encrypt data stored at rest in databases for mitigation.
|
| DSP-08 | Data Privacy by Design and Default | mitigates | T1530 | Data from Cloud Storage |
Comments
Privacy by design and default is emphasized in this control, integrating privacy measures at every stage of the SDLC and across all components. This includes implementing controls for encrypting sensitive information to ensure the confidentiality and integrity of data, preventing unauthorized access or tampering. For this technique, encrypt data stored at rest in cloud storage for mitigation. Managed encryption keys can be rotated by most providers.
|