CSA CCM Universal Endpoint Management Capability Group

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. When possible, keys should be stored on separate cryptographic hardware instead of on the local system.

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality of data such as credentials, preventing unauthorized access. Ensuring certificates as well as associated private keys are appropriately secured and enforcing HTTPS can help prevent adversaries from stealing or forging certificates used for authentication.

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Encrypting important information reduces an adversary’s ability to perform tailored data modifications.

This control provides for implementation of endpoint storage encryption. Encryption and off-system storage of sensitive information ensures the confidentiality of data and can help to mitigate adversary use of automated techniques for automatically collecting data and files.

This control provides for implementation of endpoint storage encryption. Encrypting data stored at rest in information repositories ensures the confidentiality of data and can mitigate adversary access to information of value, such as sensitive documents or data that may aid their further objectives.

This control provides for implementation of endpoint storage encryption. Encrypting data stored at rest in cloud storage can mitigate adversary access to data from cloud storage.

This control provides for the implementation of best practices for endpoint management. Malicious executables can be prevented from running by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for endpoint management. Malicious modification or disabling of security tools can be mitigated by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to taint content in shared storage locations.

This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to bypass security features.

This control provides for the implementation of best practices for endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits of public-facing applications.

This control provides for the implementation of best practices for endpoint management. Malicious modification of preventative defenses and detection capabilities can be mitigated by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for endpoint management. Proper security configurations, limited system access, and application control can help mitigate the risk of adversaries deleting or removing built-in data and turning off services designed to aid in the recovery of a corrupted system.

This control provides for the implementation of best practices for endpoint management. Proper security configurations and limited system access can help prevent adversaries from creating accounts to maintain access.

This control provides for the implementation of best practices for endpoint management. Proper security configurations and limited system access can help prevent adversaries from manipulating accounts to maintain and/or elevate access.

This control provides for the implementation of best practices for endpoint management. Adjusting access to user lists can prevent abuse of system functionality and help prevent adversaries from getting a listing of valid accounts or usernames.

This control provides for the implementation of best practices for endpoint management. Adjusting system settings and hardening default configurations can mitigate adversary exploitation of elevation control mechanisms and prevent abuse of system functionality.

This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web cookies to help mitigate the risk of adversaries using stolen session cookies.

This control provides for the implementation of best practices for endpoint management. Cloud service providers may allow customers to deactivate unused regions to help mitigate the risk of adversaries creating resources in unused regions.

This control provides for the implementation of best practices for endpoint management. Configuring appropriate data sharing restrictions in cloud services can help mitigate the risk of adversaries exfiltrating data by transferring.

This control provides for the implementation of best practices for endpoint management. Securing resource groups and limiting permissions can help mitigate the risk of adversaries adding, deleting, or otherwise modifying hierarchical structures.

This control provides for the implementation of best practices for endpoint management. Preventing insecure connections and ensuring proper permissions can help mitigate the risk of adversaries hindering or disabling preventative defenses.

This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web cookies.

This control provides for the implementation of best practices for endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.

This control provides for the implementation of best practices for endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web credentials.

This control provides for the implementation of best practices for endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes how CSPs and CSCs must install, update, and properly configure endpoint and software-defined firewalls, regularly review and approve firewall rule changes, and monitor traffic for anomalies and malicious code. These mitigative actions help prevent unauthorized access, block threats, and ensure only approved firewall rules are active.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.

Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may exfiltrate data to a webhook endpoint rather than over their primary command and control channel. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations. Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel.

Adversaries may attempt to exfiltrate data over a USB connected physical device. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. Adversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). This may include custom or publicly available encoding/compression algorithms (such as base64) as well as embedding data within protocol headers and fields. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations. Adversaries may steal data by exfiltrating it over an asymmetrically encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.

Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Once established within a system or network, an adversary may use automated techniques for collecting internal data. Methods for performing this technique could include use of a Command and Scripting Interpreter to search for and copy information fitting set criteria such as file type, location, or name at specific time intervals. In cloud-based environments, adversaries may also use cloud APIs, data pipelines, command line interfaces, or extract, transform, and load (ETL) services to automatically collect data. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

Adversaries may search local system sources, such as file systems, configuration files, local databases, or virtual machine files, to find files of interest and sensitive data prior to Exfiltration. This control requires implementing data leakage prevention (DLP) capapbiltities on endpoint devices. This includes classifying and inventorying data, protecting sensitive information in transit and at rest, monitoring for unauthorized disclosures, and responding to policy violations.

This control provides for implementation of endpoint storage encryption. Encryption ensures the confidentiality and integrity of data, such as OAuth access tokens used in a cloud-based email service. File encryption across email communications containing sensitive information that may be obtained through access to email services can help prevent adversaries from stealing application access tokens.

This control provides for the implementation of best practices for third-party endpoint management. Several cloud service providers support content trust models that require container images be signed by trusted sources. Malicious images can be prevented from running by implementing application control, script blocking, and other runtime execution prevention mechanisms from untrusted sources .

This control provides for the implementation of best practices for third-party endpoint management. Malicious executables can be prevented from running by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for third-party endpoint management. Malicious modification or disabling of security tools can be mitigated by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for third-party endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for third-party endpoint management. The execution of unauthorized or malicious code on systems through abuse of command and script interpreters can be prevented by implementing application control, script blocking, and other execution prevention mechanisms.

This control provides for the implementation of best practices for third-party endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to taint content in shared storage locations.

This control provides for the implementation of best practices for third-party endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits to bypass security features.

This control provides for the implementation of best practices for third-party endpoint management. Endpoint exploit protection capabilities can be used to detect, block, and mitigate conditions indicative of exploits of public-facing applications.

This control provides for the implementation of best practices for third-party endpoint management. Proper security configurations, limited system access, and application control can help mitigate the risk of adversaries deleting or removing built-in data and turning off services designed to aid in the recovery of a corrupted system.

This control provides for the implementation of best practices for third-party endpoint management. Proper security configurations and limited system access can help prevent adversaries from creating accounts to maintain access.

This control provides for the implementation of best practices for third-party endpoint management. Proper security configurations and limited system access can help prevent adversaries from manipulating accounts to maintain and/or elevate access.

This control provides for the implementation of best practices for third-party endpoint management. Adjusting access to user lists can prevent abuse of system functionality and help prevent adversaries from getting a listing of valid accounts or usernames.

This control provides for the implementation of best practices for third-party endpoint management. Adjusting system settings and hardening default configurations can mitigate adversary exploitation of elevation control mechanisms and prevent abuse of system functionality.

This control provides for the implementation of best practices for third-party endpoint management. Configuring applications to delete persistent web cookies to help mitigate the risk of adversaries using stolen session cookies.

This control provides for the implementation of best practices for third-party endpoint management. Cloud service providers may allow customers to deactivate unused regions to help mitigate the risk of adversaries creating resources in unused regions.

This control provides for the implementation of best practices for third-party endpoint management. Configuring appropriate data sharing restrictions in cloud services can help mitigate the risk of adversaries exfiltrating data by transferring.

This control provides for the implementation of best practices for third-party endpoint management. Securing resource groups and limiting permissions can help mitigate the risk of adversaries adding, deleting, or otherwise modifying hierarchical structures.

This control provides for the implementation of best practices for third-party endpoint management. Preventing insecure connections and ensuring proper permissions can help mitigate the risk of adversaries hindering or disabling preventative defenses.

This control provides for the implementation of best practices for third-party endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web cookies.

This control provides for the implementation of best practices for third-party endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.

This control provides for the implementation of best practices for third-party endpoint management. Configuring applications to delete persistent web credentials and limiting privileges can help mitigate the risk of adversaries generating and using forged web credentials.

This control provides for the implementation of best practices for third-party endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.