Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| shielded_vm | Shielded VM | protect | significant | T1542 | Pre-OS Boot | Comments
This control is able to mitigate malicious modification of any portion of the pre-os boot process through a combination of Secure Boot to verify signatures of firmware, Measured Boot to establish a known good boot baseline, and Integrity Monitoring to measure subsequent boots to previously established baselines.
References
|
| shielded_vm | Shielded VM | protect | partial | T1014 | Rootkit | Comments
This control is able to mitigate the use of rootkits that target any portion of the boot process, such as malicious modification of the Master Boot Record or UEFI. This control does not mitigate rootkits that exist in the kernel or userland.
References
|
Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| shielded_vm | Shielded VM | 2 |