Protect information from unauthorized disclosure on managed endpoint devices with storage encryption.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| UEM-08 | Storage Encryption | mitigates | T1552.004 | Private Keys |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.
|
| UEM-08 | Storage Encryption | mitigates | T1552 | Unsecured Credentials |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.
|
| UEM-08 | Storage Encryption | mitigates | T1649 | Steal or Forge Authentication Certificates |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. Ensuring certificates as well as associated private keys are appropriately secured and enforcing HTTPS can help prevent adversaries from stealing or forging certificates used for authentication.
|
| UEM-08 | Storage Encryption | mitigates | T1565.001 | Stored Data Manipulation |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
|
| UEM-08 | Storage Encryption | mitigates | T1565 | Data Manipulation |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.
|
| UEM-08 | Storage Encryption | mitigates | T1119 | Automated Collection |
Comments
This control provides for implementation of endpoint storage encryption. Encryption and off-system storage of sensitive information ensures the confidentiality of data and can help to mitigate adversary use of automated techniques for automatically collecting data and files.
|
| UEM-08 | Storage Encryption | mitigates | T1213 | Data from Information Repositories |
Comments
This control provides for implementation of endpoint storage encryption. Encrypting data stored at rest in information repositories ensures the confidentiality of data and can mitigate adversary access to information of value, such as sensitive documents or data that may aid their further objectives.
|
| UEM-08 | Storage Encryption | mitigates | T1530 | Data from Cloud Storage |
Comments
This control provides for implementation of endpoint storage encryption. Encrypting data stored at rest in cloud storage can mitigate adversary access to data from cloud storage.
|
| UEM-08 | Storage Encryption | mitigates | T1550.001 | Application Access Token |
Comments
This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, such as OAuth access tokens used in a cloud-based email service. File encryption across email communications containing sensitive information that may be obtained through access to email services can help prevent adversaries from stealing application access tokens.
|