Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| TVM-05 | Detection Updates | mitigates | T1212 | Exploitation for Credential Access |
Comments
This control requires both CSP and CSC to independently define, implement, and regularly update detection tools, threat signatures, and indicators of compromise based from a threat intelligence platform/program ensuring effective and timely detection of threats across all cloud service models.
A centralized threat intelligence platform or program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. As it applies to mitigable techniques, developing a robust cyber threat intelligence capability to mitigate and determine what types and levels of threat may use software exploits and 0-days or N-days against a particular organization. For the impersonation, threat intelligence helps defenders and users be aware of and defend against common lures and active campaigns that have been used for impersonation.
|
| TVM-05 | Detection Updates | mitigates | T1211 | Exploitation for Defense Evasion |
Comments
This control requires both CSP and CSC to independently define, implement, and regularly update detection tools, threat signatures, and indicators of compromise based from a threat intelligence platform/program ensuring effective and timely detection of threats across all cloud service models.
A centralized threat intelligence platform or program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. As it applies to mitigable techniques, developing a robust cyber threat intelligence capability to mitigate and determine what types and levels of threat may use software exploits and 0-days or N-days against a particular organization. For the impersonation, threat intelligence helps defenders and users be aware of and defend against common lures and active campaigns that have been used for impersonation.
|
| TVM-05 | Detection Updates | mitigates | T1068 | Exploitation for Privilege Escalation |
Comments
This control requires both CSP and CSC to independently define, implement, and regularly update detection tools, threat signatures, and indicators of compromise based from a threat intelligence platform/program ensuring effective and timely detection of threats across all cloud service models.
A centralized threat intelligence platform or program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. As it applies to mitigable techniques, developing a robust cyber threat intelligence capability to mitigate and determine what types and levels of threat may use software exploits and 0-days or N-days against a particular organization. For the impersonation, threat intelligence helps defenders and users be aware of and defend against common lures and active campaigns that have been used for impersonation.
|
| TVM-05 | Detection Updates | mitigates | T1210 | Exploitation of Remote Services |
Comments
This control requires both CSP and CSC to independently define, implement, and regularly update detection tools, threat signatures, and indicators of compromise based from a threat intelligence platform/program ensuring effective and timely detection of threats across all cloud service models.
A centralized threat intelligence platform or program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. As it applies to mitigable techniques, developing a robust cyber threat intelligence capability to mitigate and determine what types and levels of threat may use software exploits and 0-days or N-days against a particular organization.
|
| TVM-05 | Detection Updates | mitigates | T1656 | Impersonation |
Comments
This control requires both CSP and CSC to independently define, implement, and regularly update detection tools, threat signatures, and indicators of compromise based from a threat intelligence platform/program ensuring effective and timely detection of threats across all cloud service models.
A centralized threat intelligence platform or program enables organizations to proactively identify, analyze, and act on cyber threats by leveraging internal and external data sources. As it applies to mitigable techniques, developing a robust cyber threat intelligence capability to mitigate and determine what types and levels of threat may use software exploits and 0-days or N-days against a particular organization. For the impersonation, threat intelligence helps defenders and users be aware of and defend against common lures and active campaigns that have been used for impersonation.
|