Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-05 | Endpoint Management | mitigates | T1204 | User Execution |
Comments
This control provides for the implementation of best practices for endpoint management. Malicious executables can be prevented from running by implementing application control, script blocking, and other execution prevention mechanisms.
|
| UEM-05 | Endpoint Management | mitigates | T1562.001 | Disable or Modify Tools |
Comments
This control provides for the implementation of best practices for endpoint management. Malicious modification or disabling of security tools can be mitigated by implementing application control, script blocking, and other execution prevention mechanisms.
|
| UEM-05 | Endpoint Management | mitigates | T1059 | Command and Scripting Interpreter |
Comments
This control provides for the implementation of best practices for endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.
|
| UEM-05 | Endpoint Management | mitigates | T1059.009 | Cloud API |
Comments
This control provides for the implementation of best practices for endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.
|
| UEM-05 | Endpoint Management | mitigates | T1080 | Taint Shared Content |
Comments
This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to taint content in shared storage locations.
|
| UEM-05 | Endpoint Management | mitigates | T1211 | Exploitation for Defense Evasion |
Comments
This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to bypass security features.
|
| UEM-05 | Endpoint Management | mitigates | T1552 | Unsecured Credentials |
Comments
This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits of public-facing applications.
|
| UEM-05 | Endpoint Management | mitigates | T1562 | Impair Defenses |
Comments
This control provides for the implementation of best practices for endpoint management. Malicious modification of preventative defenses and detection capabilities can be mitigated by implementing application control, script blocking, and other execution prevention mechanisms.
|
| UEM-05 | Endpoint Management | mitigates | T1490 | Inhibit System Recovery |
Comments
This control provides for the implementation of best practices for endpoint management. Proper security configurations, limited system access, and application control can help mitigate the risk of adversaries deleting or removing built-in data and turning off services designed to aid in the recovery of a corrupted system.
|
| UEM-05 | Endpoint Management | mitigates | T1136 | Create Account |
Comments
This control provides for the implementation of best practices for endpoint management. Proper security configurations and limited system access can help prevent adversaries from creating accounts to maintain access.
|
| UEM-05 | Endpoint Management | mitigates | T1098 | Account Manipulation |
Comments
This control provides for the implementation of best practices for endpoint management. Proper security configurations and limited system access can help prevent adversaries from manipulating accounts to maintain and/or elevate access.
|
| UEM-05 | Endpoint Management | mitigates | T1087 | Account Discovery |
Comments
This control provides for the implementation of best practices for endpoint management. Adjusting access to user lists can prevent abuse of system functionality and help prevent adversaries from getting a listing of valid accounts or usernames.
|
| UEM-05 | Endpoint Management | mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This control provides for the implementation of best practices for endpoint management. Adjusting system settings and hardening default configurations can mitigate adversary exploitation of elevation control mechanisms and prevent abuse of system functionality.
|
| UEM-05 | Endpoint Management | mitigates | T1550.004 | Web Session Cookie |
Comments
This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web cookies to help mitigate the risk of adversaries using stolen session cookies.
|
| UEM-05 | Endpoint Management | mitigates | T1535 | Unused/Unsupported Cloud Regions |
Comments
This control provides for the implementation of best practices for endpoint management. Cloud service providers may allow customers to deactivate unused regions to help mitigate the risk of adversaries creating resources in unused regions.
|
| UEM-05 | Endpoint Management | mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This control provides for the implementation of best practices for endpoint management. Configuring appropriate data sharing restrictions in cloud services can help mitigate the risk of adversaries exfiltrating data by transferring.
|
| UEM-05 | Endpoint Management | mitigates | T1666 | Modify Cloud Resource Hierarchy |
Comments
This control provides for the implementation of best practices for endpoint management. Securing resource groups and limiting permissions can help mitigate the risk of adversaries adding, deleting, or otherwise modifying hierarchical structures.
|
| UEM-05 | Endpoint Management | mitigates | T1562 | Impair Defenses |
Comments
This control provides for the implementation of best practices for endpoint management. Preventing insecure connections and ensuring proper permissions can help mitigate the risk of adversaries hindering or disabling preventative defenses.
|
| UEM-05 | Endpoint Management | mitigates | T1606.001 | Web Cookies |
Comments
This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web cookies.
|
| UEM-05 | Endpoint Management | mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This control provides for the implementation of best practices for endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.
|
| UEM-05 | Endpoint Management | mitigates | T1606 | Forge Web Credentials |
Comments
This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web credentials.
|
| UEM-05 | Endpoint Management | mitigates | T1213 | Data from Information Repositories |
Comments
This control provides for the implementation of best practices for endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.
|