The Business Continuity Management and Operational Resilience (BCR) domain focuses on safeguarding critical business processes, infrastructure, and services, minimizing the impact of disruptions, and ensuring business continuity in the face of potentially disruptive events. Implementation of cloud security controls in this domain is paramount for both CSPs and CSCs to ensure uninterrupted service delivery and maintain operational resilience.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| BCR-08 | Backup | mitigates | T1561.001 | Disk Content Wipe |
Comments
Adversaries may wipe, overwrite, or corrupt arbitrary portions of disk content on cloud storage objects or other cloud resources. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from disk wipe attacks.
|
| BCR-08 | Backup | mitigates | T1561.002 | Disk Structure Wipe |
Comments
Adversaries may wipe or corrupt disk data structures or overwrite critical data in disk structures on cloud storage objects or other cloud resources. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from disk wipe attacks.
|
| BCR-08 | Backup | mitigates | T1491.001 | Internal Defacement |
Comments
Adversaries may deface visual content through modifying data and files in cloud storage objects, including website files. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from defacement attacks.
|
| BCR-08 | Backup | mitigates | T1491.002 | External Defacement |
Comments
Adversaries may deface visual content through modifying data and files in cloud storage objects, including website files. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from defacement attacks.
|
| BCR-08 | Backup | mitigates | T1485.001 | Lifecycle-Triggered Deletion |
Comments
Adversaries may destroy, overwrite, or delete data and files in cloud storage buckets. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from data destruction attacks.
|
| BCR-08 | Backup | mitigates | T1486 | Data Encrypted for Impact |
Comments
Adversaries may encrypt data and files in cloud storage objects within compromised accounts and other cloud resources to render stored data inaccessible. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from data encryption attacks.
|
| BCR-08 | Backup | mitigates | T1491 | Defacement |
Comments
Adversaries may deface visual content through modifying data and files in cloud storage objects, including website files. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from defacement attacks.
|
| BCR-08 | Backup | mitigates | T1561 | Disk Wipe |
Comments
Adversaries may wipe, overwrite, or corrupt raw disk data on cloud storage objects or other cloud resources. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from disk wipe attacks.
|
| BCR-08 | Backup | mitigates | T1490 | Inhibit System Recovery |
Comments
Adversaries may delete or remove built-in data and turn off services designed to aid in recovery, disable versioning and backup policies and delete snapshots, database backups, machine images, and prior versions of objects designed to be used in disaster recovery scenarios. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from attacks intended to prevent recovery.
|
| BCR-08 | Backup | mitigates | T1485 | Data Destruction |
Comments
Adversaries may destroy, overwrite, or delete data and files in cloud storage objects and other cloud resources. Periodically backing up data stored in the cloud; ensuring backup confidentiality, integrity, and availability; and verifying data restoration from backup provides data protection and allows for quick recovery from data destruction attacks.
|