|
AC-04
|
Information Flow Enforcement
| Protects |
T1001
|
Data Obfuscation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001
|
Data Obfuscation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001
|
Data Obfuscation
|
|
CM-06
|
Configuration Settings
| Protects |
T1001
|
Data Obfuscation
|
|
SC-07
|
Boundary Protection
| Protects |
T1001
|
Data Obfuscation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001
|
Data Obfuscation
|
|
SI-04
|
System Monitoring
| Protects |
T1001
|
Data Obfuscation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.001
|
Junk Data
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.001
|
Junk Data
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.001
|
Junk Data
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.001
|
Junk Data
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.001
|
Junk Data
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.001
|
Junk Data
|
|
SI-04
|
System Monitoring
| Protects |
T1001.001
|
Junk Data
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.002
|
Steganography
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.002
|
Steganography
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.002
|
Steganography
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.002
|
Steganography
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.002
|
Steganography
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.002
|
Steganography
|
|
SI-04
|
System Monitoring
| Protects |
T1001.002
|
Steganography
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SI-04
|
System Monitoring
| Protects |
T1001.003
|
Protocol Impersonation
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-02
|
Account Management
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-03
|
Access Enforcement
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-05
|
Separation of Duties
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-06
|
Least Privilege
| Protects |
T1003
|
OS Credential Dumping
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-06
|
Configuration Settings
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-07
|
Least Functionality
| Protects |
T1003
|
OS Credential Dumping
|
|
CP-09
|
System Backup
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-04
|
Identifier Management
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-05
|
Authenticator Management
| Protects |
T1003
|
OS Credential Dumping
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003
|
OS Credential Dumping
|
|
SC-39
|
Process Isolation
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-12
|
Information Management and Retention
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-02
|
Flaw Remediation
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-04
|
System Monitoring
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1003.003
|
NTDS
|
|
AC-02
|
Account Management
| Protects |
T1003.003
|
NTDS
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.003
|
NTDS
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.003
|
NTDS
|
|
AC-06
|
Least Privilege
| Protects |
T1003.003
|
NTDS
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.003
|
NTDS
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.003
|
NTDS
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.003
|
NTDS
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.003
|
NTDS
|
|
CP-09
|
System Backup
| Protects |
T1003.003
|
NTDS
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.003
|
NTDS
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.003
|
NTDS
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.003
|
NTDS
|
|
SC-39
|
Process Isolation
| Protects |
T1003.003
|
NTDS
|
|
SI-12
|
Information Management and Retention
| Protects |
T1003.003
|
NTDS
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.003
|
NTDS
|
|
SI-04
|
System Monitoring
| Protects |
T1003.003
|
NTDS
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1003.003
|
NTDS
|
|
AC-02
|
Account Management
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-06
|
Least Privilege
| Protects |
T1003.004
|
LSA Secrets
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.004
|
LSA Secrets
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.004
|
LSA Secrets
|
|
SC-39
|
Process Isolation
| Protects |
T1003.004
|
LSA Secrets
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.004
|
LSA Secrets
|
|
SI-04
|
System Monitoring
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-02
|
Account Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-06
|
Least Privilege
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-07
|
Least Functionality
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-04
|
Identifier Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SC-39
|
Process Isolation
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SI-04
|
System Monitoring
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-02
|
Account Management
| Protects |
T1003.006
|
DCSync
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.006
|
DCSync
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003.006
|
DCSync
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.006
|
DCSync
|
|
AC-06
|
Least Privilege
| Protects |
T1003.006
|
DCSync
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.006
|
DCSync
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.006
|
DCSync
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.006
|
DCSync
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.006
|
DCSync
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.006
|
DCSync
|
|
IA-04
|
Identifier Management
| Protects |
T1003.006
|
DCSync
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.006
|
DCSync
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.006
|
DCSync
|
|
SC-39
|
Process Isolation
| Protects |
T1003.006
|
DCSync
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.006
|
DCSync
|
|
SI-04
|
System Monitoring
| Protects |
T1003.006
|
DCSync
|
|
AC-02
|
Account Management
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-06
|
Least Privilege
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SC-39
|
Process Isolation
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SI-04
|
System Monitoring
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1008
|
Fallback Channels
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1008
|
Fallback Channels
|
|
CM-02
|
Baseline Configuration
| Protects |
T1008
|
Fallback Channels
|
|
CM-06
|
Configuration Settings
| Protects |
T1008
|
Fallback Channels
|
|
CM-07
|
Least Functionality
| Protects |
T1008
|
Fallback Channels
|
|
SC-07
|
Boundary Protection
| Protects |
T1008
|
Fallback Channels
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1008
|
Fallback Channels
|
|
SI-04
|
System Monitoring
| Protects |
T1008
|
Fallback Channels
|
|
AC-17
|
Remote Access
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-02
|
Account Management
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-06
|
Least Privilege
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-07
|
Least Functionality
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-18
|
Mobile Code
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-03
|
Security Function Isolation
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SI-04
|
System Monitoring
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-17
|
Remote Access
| Protects |
T1021.004
|
SSH
|
|
AC-02
|
Account Management
| Protects |
T1021.004
|
SSH
|
|
AC-20
|
Use of External Systems
| Protects |
T1021.004
|
SSH
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.004
|
SSH
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.004
|
SSH
|
|
AC-06
|
Least Privilege
| Protects |
T1021.004
|
SSH
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1021.004
|
SSH
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.004
|
SSH
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.004
|
SSH
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.004
|
SSH
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.004
|
SSH
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.004
|
SSH
|
|
IA-05
|
Authenticator Management
| Protects |
T1021.004
|
SSH
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.004
|
SSH
|
|
SI-04
|
System Monitoring
| Protects |
T1021.004
|
SSH
|
|
AC-17
|
Remote Access
| Protects |
T1021.005
|
VNC
|
|
AC-02
|
Account Management
| Protects |
T1021.005
|
VNC
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.005
|
VNC
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.005
|
VNC
|
|
AC-06
|
Least Privilege
| Protects |
T1021.005
|
VNC
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1021.005
|
VNC
|
|
CA-08
|
Penetration Testing
| Protects |
T1021.005
|
VNC
|
|
CM-11
|
User-installed Software
| Protects |
T1021.005
|
VNC
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.005
|
VNC
|
|
CM-03
|
Configuration Change Control
| Protects |
T1021.005
|
VNC
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.005
|
VNC
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.005
|
VNC
|
|
CM-07
|
Least Functionality
| Protects |
T1021.005
|
VNC
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.005
|
VNC
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.005
|
VNC
|
|
IA-04
|
Identifier Management
| Protects |
T1021.005
|
VNC
|
|
IA-06
|
Authentication Feedback
| Protects |
T1021.005
|
VNC
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.005
|
VNC
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.005
|
VNC
|
|
SI-10
|
Information Input Validation
| Protects |
T1021.005
|
VNC
|
|
SI-15
|
Information Output Filtering
| Protects |
T1021.005
|
VNC
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1021.005
|
VNC
|
|
SI-04
|
System Monitoring
| Protects |
T1021.005
|
VNC
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1025
|
Data from Removable Media
|
|
AC-02
|
Account Management
| Protects |
T1025
|
Data from Removable Media
|
|
AC-23
|
Data Mining Protection
| Protects |
T1025
|
Data from Removable Media
|
|
AC-03
|
Access Enforcement
| Protects |
T1025
|
Data from Removable Media
|
|
AC-06
|
Least Privilege
| Protects |
T1025
|
Data from Removable Media
|
|
CM-12
|
Information Location
| Protects |
T1025
|
Data from Removable Media
|
|
CP-09
|
System Backup
| Protects |
T1025
|
Data from Removable Media
|
|
MP-07
|
Media Use
| Protects |
T1025
|
Data from Removable Media
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1025
|
Data from Removable Media
|
|
SC-13
|
Cryptographic Protection
| Protects |
T1025
|
Data from Removable Media
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1025
|
Data from Removable Media
|
|
SC-38
|
Operations Security
| Protects |
T1025
|
Data from Removable Media
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1025
|
Data from Removable Media
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1025
|
Data from Removable Media
|
|
SI-04
|
System Monitoring
| Protects |
T1025
|
Data from Removable Media
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.002
|
Software Packing
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.002
|
Software Packing
|
|
SI-04
|
System Monitoring
| Protects |
T1027.002
|
Software Packing
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.002
|
Software Packing
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-04
|
System Monitoring
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-04
|
System Monitoring
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-04
|
System Monitoring
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.009
|
Embedded Payloads
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1029
|
Scheduled Transfer
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1029
|
Scheduled Transfer
|
|
CM-02
|
Baseline Configuration
| Protects |
T1029
|
Scheduled Transfer
|
|
CM-06
|
Configuration Settings
| Protects |
T1029
|
Scheduled Transfer
|
|
SC-07
|
Boundary Protection
| Protects |
T1029
|
Scheduled Transfer
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1029
|
Scheduled Transfer
|
|
SI-04
|
System Monitoring
| Protects |
T1029
|
Scheduled Transfer
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-02
|
Baseline Configuration
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-06
|
Configuration Settings
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SC-07
|
Boundary Protection
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SI-04
|
System Monitoring
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.001
|
Invalid Code Signature
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.001
|
Invalid Code Signature
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1036.001
|
Invalid Code Signature
|
|
SI-04
|
System Monitoring
| Protects |
T1036.001
|
Invalid Code Signature
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1036.001
|
Invalid Code Signature
|
|
AC-02
|
Account Management
| Protects |
T1036.003
|
Rename System Utilities
|
|
AC-03
|
Access Enforcement
| Protects |
T1036.003
|
Rename System Utilities
|
|
AC-06
|
Least Privilege
| Protects |
T1036.003
|
Rename System Utilities
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036.003
|
Rename System Utilities
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.003
|
Rename System Utilities
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.003
|
Rename System Utilities
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1036.003
|
Rename System Utilities
|
|
SI-04
|
System Monitoring
| Protects |
T1036.003
|
Rename System Utilities
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036.007
|
Double File Extension
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.007
|
Double File Extension
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.007
|
Double File Extension
|
|
CM-07
|
Least Functionality
| Protects |
T1036.007
|
Double File Extension
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1036.007
|
Double File Extension
|
|
SI-04
|
System Monitoring
| Protects |
T1036.007
|
Double File Extension
|
|
AC-17
|
Remote Access
| Protects |
T1037.001
|
Logon Script (Windows)
|
|
CM-07
|
Least Functionality
| Protects |
T1037.001
|
Logon Script (Windows)
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.002
|
Login Hook
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.002
|
Login Hook
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.002
|
Login Hook
|
|
SI-04
|
System Monitoring
| Protects |
T1037.002
|
Login Hook
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.002
|
Login Hook
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.002
|
Login Hook
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.002
|
Login Hook
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.003
|
Network Logon Script
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.003
|
Network Logon Script
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.003
|
Network Logon Script
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-04
|
System Monitoring
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.003
|
Network Logon Script
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.004
|
RC Scripts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.004
|
RC Scripts
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.004
|
RC Scripts
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.004
|
RC Scripts
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.004
|
RC Scripts
|
|
SI-04
|
System Monitoring
| Protects |
T1037.004
|
RC Scripts
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.004
|
RC Scripts
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.005
|
Startup Items
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.005
|
Startup Items
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.005
|
Startup Items
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.005
|
Startup Items
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.005
|
Startup Items
|
|
SI-04
|
System Monitoring
| Protects |
T1037.005
|
Startup Items
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.005
|
Startup Items
|
|
AC-03
|
Access Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-02
|
Account Management
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-20
|
Use of External Systems
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-23
|
Data Mining Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-03
|
Access Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-06
|
Least Privilege
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-03
|
Information Exchange
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SR-04
|
Provenance
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-02
|
Account Management
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-20
|
Use of External Systems
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-23
|
Data Mining Protection
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-03
|
Access Enforcement
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-06
|
Least Privilege
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-02
|
Baseline Configuration
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-06
|
Configuration Settings
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-07
|
Least Functionality
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-08
|
System Component Inventory
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
MP-07
|
Media Use
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SI-04
|
System Monitoring
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SR-04
|
Provenance
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-02
|
Account Management
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-20
|
Use of External Systems
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-23
|
Data Mining Protection
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-03
|
Access Enforcement
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-06
|
Least Privilege
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-02
|
Baseline Configuration
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-06
|
Configuration Settings
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-07
|
Least Functionality
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-08
|
System Component Inventory
| Protects |
T1052.001
|
Exfiltration over USB
|
|
MP-07
|
Media Use
| Protects |
T1052.001
|
Exfiltration over USB
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SI-04
|
System Monitoring
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SR-04
|
Provenance
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-02
|
Account Management
| Protects |
T1053.003
|
Cron
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.003
|
Cron
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.003
|
Cron
|
|
AC-06
|
Least Privilege
| Protects |
T1053.003
|
Cron
|
|
CA-08
|
Penetration Testing
| Protects |
T1053.003
|
Cron
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.003
|
Cron
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.003
|
Cron
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.003
|
Cron
|
|
SI-04
|
System Monitoring
| Protects |
T1053.003
|
Cron
|
|
AC-02
|
Account Management
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-06
|
Least Privilege
| Protects |
T1053.007
|
Container Orchestration Job
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-02
|
Account Management
| Protects |
T1055
|
Process Injection
|
|
AC-03
|
Access Enforcement
| Protects |
T1055
|
Process Injection
|
|
AC-05
|
Separation of Duties
| Protects |
T1055
|
Process Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055
|
Process Injection
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1055
|
Process Injection
|
|
CM-06
|
Configuration Settings
| Protects |
T1055
|
Process Injection
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1055
|
Process Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055
|
Process Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055
|
Process Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055
|
Process Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055
|
Process Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055
|
Process Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.002
|
Portable Executable Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SC-18
|
Mobile Code
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SC-18
|
Mobile Code
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-04
|
System Monitoring
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
AC-06
|
Least Privilege
| Protects |
T1055.005
|
Thread Local Storage
|
|
SC-18
|
Mobile Code
| Protects |
T1055.005
|
Thread Local Storage
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-04
|
System Monitoring
| Protects |
T1055.005
|
Thread Local Storage
|
|
AC-02
|
Account Management
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-03
|
Access Enforcement
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-05
|
Separation of Duties
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-06
|
Least Privilege
| Protects |
T1055.008
|
Ptrace System Calls
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1055.008
|
Ptrace System Calls
|
|
CM-06
|
Configuration Settings
| Protects |
T1055.008
|
Ptrace System Calls
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SC-18
|
Mobile Code
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-04
|
System Monitoring
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-03
|
Access Enforcement
| Protects |
T1055.009
|
Proc Memory
|
|
AC-06
|
Least Privilege
| Protects |
T1055.009
|
Proc Memory
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1055.009
|
Proc Memory
|
|
SC-18
|
Mobile Code
| Protects |
T1055.009
|
Proc Memory
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-16
|
Memory Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.009
|
Proc Memory
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-04
|
System Monitoring
| Protects |
T1055.009
|
Proc Memory
|
|
AC-06
|
Least Privilege
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SC-18
|
Mobile Code
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-04
|
System Monitoring
| Protects |
T1055.013
|
Process Doppelgänging
|
|
AC-06
|
Least Privilege
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SC-18
|
Mobile Code
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.015
|
ListPlanting
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-04
|
System Monitoring
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1056.002
|
GUI Input Capture
|
|
AC-02
|
Account Management
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-03
|
Access Enforcement
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-05
|
Separation of Duties
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-06
|
Least Privilege
| Protects |
T1056.003
|
Web Portal Capture
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1056.003
|
Web Portal Capture
|
|
CM-06
|
Configuration Settings
| Protects |
T1056.003
|
Web Portal Capture
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-17
|
Remote Access
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-02
|
Account Management
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-03
|
Access Enforcement
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-05
|
Separation of Duties
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-06
|
Least Privilege
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CA-08
|
Penetration Testing
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-11
|
User-installed Software
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-06
|
Configuration Settings
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-07
|
Least Functionality
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-08
|
System Component Inventory
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SC-18
|
Mobile Code
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-10
|
Information Input Validation
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-16
|
Memory Protection
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-02
|
Flaw Remediation
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-04
|
System Monitoring
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-17
|
Remote Access
| Protects |
T1059.001
|
PowerShell
|
|
AC-02
|
Account Management
| Protects |
T1059.001
|
PowerShell
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.001
|
PowerShell
|
|
AC-05
|
Separation of Duties
| Protects |
T1059.001
|
PowerShell
|
|
AC-06
|
Least Privilege
| Protects |
T1059.001
|
PowerShell
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.001
|
PowerShell
|
