| AC-04 |
Information Flow Enforcement |
Protects |
T1001 |
Data Obfuscation |
| CA-07 |
Continuous Monitoring |
Protects |
T1001 |
Data Obfuscation |
| CM-02 |
Baseline Configuration |
Protects |
T1001 |
Data Obfuscation |
| CM-06 |
Configuration Settings |
Protects |
T1001 |
Data Obfuscation |
| SC-07 |
Boundary Protection |
Protects |
T1001 |
Data Obfuscation |
| SI-03 |
Malicious Code Protection |
Protects |
T1001 |
Data Obfuscation |
| SI-04 |
System Monitoring |
Protects |
T1001 |
Data Obfuscation |
| AC-04 |
Information Flow Enforcement |
Protects |
T1001.001 |
Junk Data |
| CA-07 |
Continuous Monitoring |
Protects |
T1001.001 |
Junk Data |
| CM-02 |
Baseline Configuration |
Protects |
T1001.001 |
Junk Data |
| CM-06 |
Configuration Settings |
Protects |
T1001.001 |
Junk Data |
| SC-07 |
Boundary Protection |
Protects |
T1001.001 |
Junk Data |
| SI-03 |
Malicious Code Protection |
Protects |
T1001.001 |
Junk Data |
| SI-04 |
System Monitoring |
Protects |
T1001.001 |
Junk Data |
| AC-04 |
Information Flow Enforcement |
Protects |
T1001.002 |
Steganography |
| CA-07 |
Continuous Monitoring |
Protects |
T1001.002 |
Steganography |
| CM-02 |
Baseline Configuration |
Protects |
T1001.002 |
Steganography |
| CM-06 |
Configuration Settings |
Protects |
T1001.002 |
Steganography |
| SC-07 |
Boundary Protection |
Protects |
T1001.002 |
Steganography |
| SI-03 |
Malicious Code Protection |
Protects |
T1001.002 |
Steganography |
| SI-04 |
System Monitoring |
Protects |
T1001.002 |
Steganography |
| AC-04 |
Information Flow Enforcement |
Protects |
T1001.003 |
Protocol Impersonation |
| CA-07 |
Continuous Monitoring |
Protects |
T1001.003 |
Protocol Impersonation |
| CM-02 |
Baseline Configuration |
Protects |
T1001.003 |
Protocol Impersonation |
| CM-06 |
Configuration Settings |
Protects |
T1001.003 |
Protocol Impersonation |
| SC-07 |
Boundary Protection |
Protects |
T1001.003 |
Protocol Impersonation |
| SI-03 |
Malicious Code Protection |
Protects |
T1001.003 |
Protocol Impersonation |
| SI-04 |
System Monitoring |
Protects |
T1001.003 |
Protocol Impersonation |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1003 |
OS Credential Dumping |
| AC-02 |
Account Management |
Protects |
T1003 |
OS Credential Dumping |
| AC-03 |
Access Enforcement |
Protects |
T1003 |
OS Credential Dumping |
| AC-04 |
Information Flow Enforcement |
Protects |
T1003 |
OS Credential Dumping |
| AC-05 |
Separation of Duties |
Protects |
T1003 |
OS Credential Dumping |
| AC-06 |
Least Privilege |
Protects |
T1003 |
OS Credential Dumping |
| CA-07 |
Continuous Monitoring |
Protects |
T1003 |
OS Credential Dumping |
| CM-02 |
Baseline Configuration |
Protects |
T1003 |
OS Credential Dumping |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003 |
OS Credential Dumping |
| CM-06 |
Configuration Settings |
Protects |
T1003 |
OS Credential Dumping |
| CM-07 |
Least Functionality |
Protects |
T1003 |
OS Credential Dumping |
| CP-09 |
System Backup |
Protects |
T1003 |
OS Credential Dumping |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003 |
OS Credential Dumping |
| IA-04 |
Identifier Management |
Protects |
T1003 |
OS Credential Dumping |
| IA-05 |
Authenticator Management |
Protects |
T1003 |
OS Credential Dumping |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003 |
OS Credential Dumping |
| SC-39 |
Process Isolation |
Protects |
T1003 |
OS Credential Dumping |
| SI-12 |
Information Management and Retention |
Protects |
T1003 |
OS Credential Dumping |
| SI-02 |
Flaw Remediation |
Protects |
T1003 |
OS Credential Dumping |
| SI-03 |
Malicious Code Protection |
Protects |
T1003 |
OS Credential Dumping |
| SI-04 |
System Monitoring |
Protects |
T1003 |
OS Credential Dumping |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1003 |
OS Credential Dumping |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1003.003 |
NTDS |
| AC-02 |
Account Management |
Protects |
T1003.003 |
NTDS |
| AC-03 |
Access Enforcement |
Protects |
T1003.003 |
NTDS |
| AC-05 |
Separation of Duties |
Protects |
T1003.003 |
NTDS |
| AC-06 |
Least Privilege |
Protects |
T1003.003 |
NTDS |
| CA-07 |
Continuous Monitoring |
Protects |
T1003.003 |
NTDS |
| CM-02 |
Baseline Configuration |
Protects |
T1003.003 |
NTDS |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003.003 |
NTDS |
| CM-06 |
Configuration Settings |
Protects |
T1003.003 |
NTDS |
| CP-09 |
System Backup |
Protects |
T1003.003 |
NTDS |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003.003 |
NTDS |
| IA-05 |
Authenticator Management |
Protects |
T1003.003 |
NTDS |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003.003 |
NTDS |
| SC-39 |
Process Isolation |
Protects |
T1003.003 |
NTDS |
| SI-12 |
Information Management and Retention |
Protects |
T1003.003 |
NTDS |
| SI-03 |
Malicious Code Protection |
Protects |
T1003.003 |
NTDS |
| SI-04 |
System Monitoring |
Protects |
T1003.003 |
NTDS |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1003.003 |
NTDS |
| AC-02 |
Account Management |
Protects |
T1003.004 |
LSA Secrets |
| AC-03 |
Access Enforcement |
Protects |
T1003.004 |
LSA Secrets |
| AC-05 |
Separation of Duties |
Protects |
T1003.004 |
LSA Secrets |
| AC-06 |
Least Privilege |
Protects |
T1003.004 |
LSA Secrets |
| CA-07 |
Continuous Monitoring |
Protects |
T1003.004 |
LSA Secrets |
| CM-02 |
Baseline Configuration |
Protects |
T1003.004 |
LSA Secrets |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003.004 |
LSA Secrets |
| CM-06 |
Configuration Settings |
Protects |
T1003.004 |
LSA Secrets |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003.004 |
LSA Secrets |
| IA-05 |
Authenticator Management |
Protects |
T1003.004 |
LSA Secrets |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003.004 |
LSA Secrets |
| SC-39 |
Process Isolation |
Protects |
T1003.004 |
LSA Secrets |
| SI-03 |
Malicious Code Protection |
Protects |
T1003.004 |
LSA Secrets |
| SI-04 |
System Monitoring |
Protects |
T1003.004 |
LSA Secrets |
| AC-02 |
Account Management |
Protects |
T1003.005 |
Cached Domain Credentials |
| AC-03 |
Access Enforcement |
Protects |
T1003.005 |
Cached Domain Credentials |
| AC-04 |
Information Flow Enforcement |
Protects |
T1003.005 |
Cached Domain Credentials |
| AC-05 |
Separation of Duties |
Protects |
T1003.005 |
Cached Domain Credentials |
| AC-06 |
Least Privilege |
Protects |
T1003.005 |
Cached Domain Credentials |
| CA-07 |
Continuous Monitoring |
Protects |
T1003.005 |
Cached Domain Credentials |
| CM-02 |
Baseline Configuration |
Protects |
T1003.005 |
Cached Domain Credentials |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003.005 |
Cached Domain Credentials |
| CM-06 |
Configuration Settings |
Protects |
T1003.005 |
Cached Domain Credentials |
| CM-07 |
Least Functionality |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-04 |
Identifier Management |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-05 |
Authenticator Management |
Protects |
T1003.005 |
Cached Domain Credentials |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003.005 |
Cached Domain Credentials |
| SC-39 |
Process Isolation |
Protects |
T1003.005 |
Cached Domain Credentials |
| SI-03 |
Malicious Code Protection |
Protects |
T1003.005 |
Cached Domain Credentials |
| SI-04 |
System Monitoring |
Protects |
T1003.005 |
Cached Domain Credentials |
| AC-02 |
Account Management |
Protects |
T1003.006 |
DCSync |
| AC-03 |
Access Enforcement |
Protects |
T1003.006 |
DCSync |
| AC-04 |
Information Flow Enforcement |
Protects |
T1003.006 |
DCSync |
| AC-05 |
Separation of Duties |
Protects |
T1003.006 |
DCSync |
| AC-06 |
Least Privilege |
Protects |
T1003.006 |
DCSync |
| CA-07 |
Continuous Monitoring |
Protects |
T1003.006 |
DCSync |
| CM-02 |
Baseline Configuration |
Protects |
T1003.006 |
DCSync |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003.006 |
DCSync |
| CM-06 |
Configuration Settings |
Protects |
T1003.006 |
DCSync |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003.006 |
DCSync |
| IA-04 |
Identifier Management |
Protects |
T1003.006 |
DCSync |
| IA-05 |
Authenticator Management |
Protects |
T1003.006 |
DCSync |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003.006 |
DCSync |
| SC-39 |
Process Isolation |
Protects |
T1003.006 |
DCSync |
| SI-03 |
Malicious Code Protection |
Protects |
T1003.006 |
DCSync |
| SI-04 |
System Monitoring |
Protects |
T1003.006 |
DCSync |
| AC-02 |
Account Management |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| AC-03 |
Access Enforcement |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| AC-05 |
Separation of Duties |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| AC-06 |
Least Privilege |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| CA-07 |
Continuous Monitoring |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| CM-02 |
Baseline Configuration |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| CM-05 |
Access Restrictions for Change |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| CM-06 |
Configuration Settings |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| IA-05 |
Authenticator Management |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| SC-28 |
Protection of Information at Rest |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| SC-39 |
Process Isolation |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| SI-03 |
Malicious Code Protection |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| SI-04 |
System Monitoring |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| AC-04 |
Information Flow Enforcement |
Protects |
T1008 |
Fallback Channels |
| CA-07 |
Continuous Monitoring |
Protects |
T1008 |
Fallback Channels |
| CM-02 |
Baseline Configuration |
Protects |
T1008 |
Fallback Channels |
| CM-06 |
Configuration Settings |
Protects |
T1008 |
Fallback Channels |
| CM-07 |
Least Functionality |
Protects |
T1008 |
Fallback Channels |
| SC-07 |
Boundary Protection |
Protects |
T1008 |
Fallback Channels |
| SI-03 |
Malicious Code Protection |
Protects |
T1008 |
Fallback Channels |
| SI-04 |
System Monitoring |
Protects |
T1008 |
Fallback Channels |
| AC-17 |
Remote Access |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-02 |
Account Management |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-03 |
Access Enforcement |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-04 |
Information Flow Enforcement |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-05 |
Separation of Duties |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-06 |
Least Privilege |
Protects |
T1021.003 |
Distributed Component Object Model |
| CM-02 |
Baseline Configuration |
Protects |
T1021.003 |
Distributed Component Object Model |
| CM-05 |
Access Restrictions for Change |
Protects |
T1021.003 |
Distributed Component Object Model |
| CM-06 |
Configuration Settings |
Protects |
T1021.003 |
Distributed Component Object Model |
| CM-07 |
Least Functionality |
Protects |
T1021.003 |
Distributed Component Object Model |
| CM-08 |
System Component Inventory |
Protects |
T1021.003 |
Distributed Component Object Model |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1021.003 |
Distributed Component Object Model |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.003 |
Distributed Component Object Model |
| SC-18 |
Mobile Code |
Protects |
T1021.003 |
Distributed Component Object Model |
| SC-03 |
Security Function Isolation |
Protects |
T1021.003 |
Distributed Component Object Model |
| SC-46 |
Cross Domain Policy Enforcement |
Protects |
T1021.003 |
Distributed Component Object Model |
| SC-07 |
Boundary Protection |
Protects |
T1021.003 |
Distributed Component Object Model |
| SI-03 |
Malicious Code Protection |
Protects |
T1021.003 |
Distributed Component Object Model |
| SI-04 |
System Monitoring |
Protects |
T1021.003 |
Distributed Component Object Model |
| AC-17 |
Remote Access |
Protects |
T1021.004 |
SSH |
| AC-02 |
Account Management |
Protects |
T1021.004 |
SSH |
| AC-20 |
Use of External Systems |
Protects |
T1021.004 |
SSH |
| AC-03 |
Access Enforcement |
Protects |
T1021.004 |
SSH |
| AC-05 |
Separation of Duties |
Protects |
T1021.004 |
SSH |
| AC-06 |
Least Privilege |
Protects |
T1021.004 |
SSH |
| AC-07 |
Unsuccessful Logon Attempts |
Protects |
T1021.004 |
SSH |
| CM-02 |
Baseline Configuration |
Protects |
T1021.004 |
SSH |
| CM-05 |
Access Restrictions for Change |
Protects |
T1021.004 |
SSH |
| CM-06 |
Configuration Settings |
Protects |
T1021.004 |
SSH |
| CM-08 |
System Component Inventory |
Protects |
T1021.004 |
SSH |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1021.004 |
SSH |
| IA-05 |
Authenticator Management |
Protects |
T1021.004 |
SSH |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.004 |
SSH |
| SI-04 |
System Monitoring |
Protects |
T1021.004 |
SSH |
| AC-17 |
Remote Access |
Protects |
T1021.005 |
VNC |
| AC-02 |
Account Management |
Protects |
T1021.005 |
VNC |
| AC-03 |
Access Enforcement |
Protects |
T1021.005 |
VNC |
| AC-04 |
Information Flow Enforcement |
Protects |
T1021.005 |
VNC |
| AC-06 |
Least Privilege |
Protects |
T1021.005 |
VNC |
| CA-07 |
Continuous Monitoring |
Protects |
T1021.005 |
VNC |
| CA-08 |
Penetration Testing |
Protects |
T1021.005 |
VNC |
| CM-11 |
User-installed Software |
Protects |
T1021.005 |
VNC |
| CM-02 |
Baseline Configuration |
Protects |
T1021.005 |
VNC |
| CM-03 |
Configuration Change Control |
Protects |
T1021.005 |
VNC |
| CM-05 |
Access Restrictions for Change |
Protects |
T1021.005 |
VNC |
| CM-06 |
Configuration Settings |
Protects |
T1021.005 |
VNC |
| CM-07 |
Least Functionality |
Protects |
T1021.005 |
VNC |
| CM-08 |
System Component Inventory |
Protects |
T1021.005 |
VNC |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1021.005 |
VNC |
| IA-04 |
Identifier Management |
Protects |
T1021.005 |
VNC |
| IA-06 |
Authentication Feedback |
Protects |
T1021.005 |
VNC |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.005 |
VNC |
| SC-07 |
Boundary Protection |
Protects |
T1021.005 |
VNC |
| SI-10 |
Information Input Validation |
Protects |
T1021.005 |
VNC |
| SI-15 |
Information Output Filtering |
Protects |
T1021.005 |
VNC |
| SI-03 |
Malicious Code Protection |
Protects |
T1021.005 |
VNC |
| SI-04 |
System Monitoring |
Protects |
T1021.005 |
VNC |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1025 |
Data from Removable Media |
| AC-02 |
Account Management |
Protects |
T1025 |
Data from Removable Media |
| AC-23 |
Data Mining Protection |
Protects |
T1025 |
Data from Removable Media |
| AC-03 |
Access Enforcement |
Protects |
T1025 |
Data from Removable Media |
| AC-06 |
Least Privilege |
Protects |
T1025 |
Data from Removable Media |
| CM-12 |
Information Location |
Protects |
T1025 |
Data from Removable Media |
| CP-09 |
System Backup |
Protects |
T1025 |
Data from Removable Media |
| MP-07 |
Media Use |
Protects |
T1025 |
Data from Removable Media |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1025 |
Data from Removable Media |
| SC-13 |
Cryptographic Protection |
Protects |
T1025 |
Data from Removable Media |
| SC-28 |
Protection of Information at Rest |
Protects |
T1025 |
Data from Removable Media |
| SC-38 |
Operations Security |
Protects |
T1025 |
Data from Removable Media |
| SC-41 |
Port and I/O Device Access |
Protects |
T1025 |
Data from Removable Media |
| SI-03 |
Malicious Code Protection |
Protects |
T1025 |
Data from Removable Media |
| SI-04 |
System Monitoring |
Protects |
T1025 |
Data from Removable Media |
| SI-02 |
Flaw Remediation |
Protects |
T1027.002 |
Software Packing |
| SI-03 |
Malicious Code Protection |
Protects |
T1027.002 |
Software Packing |
| SI-04 |
System Monitoring |
Protects |
T1027.002 |
Software Packing |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1027.002 |
Software Packing |
| SI-02 |
Flaw Remediation |
Protects |
T1027.007 |
Dynamic API Resolution |
| SI-03 |
Malicious Code Protection |
Protects |
T1027.007 |
Dynamic API Resolution |
| SI-04 |
System Monitoring |
Protects |
T1027.007 |
Dynamic API Resolution |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1027.007 |
Dynamic API Resolution |
| SI-02 |
Flaw Remediation |
Protects |
T1027.008 |
Stripped Payloads |
| SI-03 |
Malicious Code Protection |
Protects |
T1027.008 |
Stripped Payloads |
| SI-04 |
System Monitoring |
Protects |
T1027.008 |
Stripped Payloads |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1027.008 |
Stripped Payloads |
| SI-02 |
Flaw Remediation |
Protects |
T1027.009 |
Embedded Payloads |
| SI-03 |
Malicious Code Protection |
Protects |
T1027.009 |
Embedded Payloads |
| SI-04 |
System Monitoring |
Protects |
T1027.009 |
Embedded Payloads |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1027.009 |
Embedded Payloads |
| AC-04 |
Information Flow Enforcement |
Protects |
T1029 |
Scheduled Transfer |
| CA-07 |
Continuous Monitoring |
Protects |
T1029 |
Scheduled Transfer |
| CM-02 |
Baseline Configuration |
Protects |
T1029 |
Scheduled Transfer |
| CM-06 |
Configuration Settings |
Protects |
T1029 |
Scheduled Transfer |
| SC-07 |
Boundary Protection |
Protects |
T1029 |
Scheduled Transfer |
| SI-03 |
Malicious Code Protection |
Protects |
T1029 |
Scheduled Transfer |
| SI-04 |
System Monitoring |
Protects |
T1029 |
Scheduled Transfer |
| AC-04 |
Information Flow Enforcement |
Protects |
T1030 |
Data Transfer Size Limits |
| CA-07 |
Continuous Monitoring |
Protects |
T1030 |
Data Transfer Size Limits |
| CM-02 |
Baseline Configuration |
Protects |
T1030 |
Data Transfer Size Limits |
| CM-06 |
Configuration Settings |
Protects |
T1030 |
Data Transfer Size Limits |
| SC-07 |
Boundary Protection |
Protects |
T1030 |
Data Transfer Size Limits |
| SI-03 |
Malicious Code Protection |
Protects |
T1030 |
Data Transfer Size Limits |
| SI-04 |
System Monitoring |
Protects |
T1030 |
Data Transfer Size Limits |
| CM-02 |
Baseline Configuration |
Protects |
T1036.001 |
Invalid Code Signature |
| CM-06 |
Configuration Settings |
Protects |
T1036.001 |
Invalid Code Signature |
| IA-09 |
Service Identification and Authentication |
Protects |
T1036.001 |
Invalid Code Signature |
| SI-04 |
System Monitoring |
Protects |
T1036.001 |
Invalid Code Signature |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1036.001 |
Invalid Code Signature |
| AC-02 |
Account Management |
Protects |
T1036.003 |
Rename System Utilities |
| AC-03 |
Access Enforcement |
Protects |
T1036.003 |
Rename System Utilities |
| AC-06 |
Least Privilege |
Protects |
T1036.003 |
Rename System Utilities |
| CA-07 |
Continuous Monitoring |
Protects |
T1036.003 |
Rename System Utilities |
| CM-02 |
Baseline Configuration |
Protects |
T1036.003 |
Rename System Utilities |
| CM-06 |
Configuration Settings |
Protects |
T1036.003 |
Rename System Utilities |
| SI-03 |
Malicious Code Protection |
Protects |
T1036.003 |
Rename System Utilities |
| SI-04 |
System Monitoring |
Protects |
T1036.003 |
Rename System Utilities |
| CA-07 |
Continuous Monitoring |
Protects |
T1036.007 |
Double File Extension |
| CM-02 |
Baseline Configuration |
Protects |
T1036.007 |
Double File Extension |
| CM-06 |
Configuration Settings |
Protects |
T1036.007 |
Double File Extension |
| CM-07 |
Least Functionality |
Protects |
T1036.007 |
Double File Extension |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1036.007 |
Double File Extension |
| SI-04 |
System Monitoring |
Protects |
T1036.007 |
Double File Extension |
| AC-17 |
Remote Access |
Protects |
T1037.001 |
Logon Script (Windows) |
| CM-07 |
Least Functionality |
Protects |
T1037.001 |
Logon Script (Windows) |
| AC-03 |
Access Enforcement |
Protects |
T1037.002 |
Login Hook |
| CM-02 |
Baseline Configuration |
Protects |
T1037.002 |
Login Hook |
| SI-03 |
Malicious Code Protection |
Protects |
T1037.002 |
Login Hook |
| SI-04 |
System Monitoring |
Protects |
T1037.002 |
Login Hook |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1037.002 |
Login Hook |
| CM-06 |
Configuration Settings |
Protects |
T1037.002 |
Login Hook |
| CA-07 |
Continuous Monitoring |
Protects |
T1037.002 |
Login Hook |
| AC-03 |
Access Enforcement |
Protects |
T1037.003 |
Network Logon Script |
| CA-07 |
Continuous Monitoring |
Protects |
T1037.003 |
Network Logon Script |
| CM-02 |
Baseline Configuration |
Protects |
T1037.003 |
Network Logon Script |
| CM-06 |
Configuration Settings |
Protects |
T1037.003 |
Network Logon Script |
| SI-03 |
Malicious Code Protection |
Protects |
T1037.003 |
Network Logon Script |
| SI-04 |
System Monitoring |
Protects |
T1037.003 |
Network Logon Script |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1037.003 |
Network Logon Script |
| AC-03 |
Access Enforcement |
Protects |
T1037.004 |
RC Scripts |
| CA-07 |
Continuous Monitoring |
Protects |
T1037.004 |
RC Scripts |
| CM-02 |
Baseline Configuration |
Protects |
T1037.004 |
RC Scripts |
| CM-06 |
Configuration Settings |
Protects |
T1037.004 |
RC Scripts |
| SI-03 |
Malicious Code Protection |
Protects |
T1037.004 |
RC Scripts |
| SI-04 |
System Monitoring |
Protects |
T1037.004 |
RC Scripts |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1037.004 |
RC Scripts |
| AC-03 |
Access Enforcement |
Protects |
T1037.005 |
Startup Items |
| CA-07 |
Continuous Monitoring |
Protects |
T1037.005 |
Startup Items |
| CM-02 |
Baseline Configuration |
Protects |
T1037.005 |
Startup Items |
| CM-06 |
Configuration Settings |
Protects |
T1037.005 |
Startup Items |
| SI-03 |
Malicious Code Protection |
Protects |
T1037.005 |
Startup Items |
| SI-04 |
System Monitoring |
Protects |
T1037.005 |
Startup Items |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1037.005 |
Startup Items |
| AC-03 |
Access Enforcement |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| AC-04 |
Information Flow Enforcement |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| CA-07 |
Continuous Monitoring |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| CM-02 |
Baseline Configuration |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| CM-06 |
Configuration Settings |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| CM-07 |
Least Functionality |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SC-46 |
Cross Domain Policy Enforcement |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SC-07 |
Boundary Protection |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SI-10 |
Information Input Validation |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SI-15 |
Information Output Filtering |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SI-03 |
Malicious Code Protection |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| SI-04 |
System Monitoring |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-02 |
Account Management |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-20 |
Use of External Systems |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-23 |
Data Mining Protection |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-03 |
Access Enforcement |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-04 |
Information Flow Enforcement |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-06 |
Least Privilege |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| CA-03 |
Information Exchange |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| CA-07 |
Continuous Monitoring |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| CM-02 |
Baseline Configuration |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| CM-06 |
Configuration Settings |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| CM-07 |
Least Functionality |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SA-09 |
External System Services |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SC-28 |
Protection of Information at Rest |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SC-31 |
Covert Channel Analysis |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SC-46 |
Cross Domain Policy Enforcement |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SC-07 |
Boundary Protection |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SI-10 |
Information Input Validation |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SI-15 |
Information Output Filtering |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SI-03 |
Malicious Code Protection |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SI-04 |
System Monitoring |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SR-04 |
Provenance |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-02 |
Account Management |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-20 |
Use of External Systems |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-23 |
Data Mining Protection |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-03 |
Access Enforcement |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-06 |
Least Privilege |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| CA-07 |
Continuous Monitoring |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| CM-02 |
Baseline Configuration |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| CM-06 |
Configuration Settings |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| CM-07 |
Least Functionality |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| CM-08 |
System Component Inventory |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| MP-07 |
Media Use |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SC-28 |
Protection of Information at Rest |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SC-41 |
Port and I/O Device Access |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SI-03 |
Malicious Code Protection |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SI-04 |
System Monitoring |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SR-04 |
Provenance |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| AC-16 |
Security and Privacy Attributes |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-02 |
Account Management |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-20 |
Use of External Systems |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-23 |
Data Mining Protection |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-03 |
Access Enforcement |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-06 |
Least Privilege |
Protects |
T1052.001 |
Exfiltration over USB |
| CA-07 |
Continuous Monitoring |
Protects |
T1052.001 |
Exfiltration over USB |
| CM-02 |
Baseline Configuration |
Protects |
T1052.001 |
Exfiltration over USB |
| CM-06 |
Configuration Settings |
Protects |
T1052.001 |
Exfiltration over USB |
| CM-07 |
Least Functionality |
Protects |
T1052.001 |
Exfiltration over USB |
| CM-08 |
System Component Inventory |
Protects |
T1052.001 |
Exfiltration over USB |
| MP-07 |
Media Use |
Protects |
T1052.001 |
Exfiltration over USB |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1052.001 |
Exfiltration over USB |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1052.001 |
Exfiltration over USB |
| SC-28 |
Protection of Information at Rest |
Protects |
T1052.001 |
Exfiltration over USB |
| SC-41 |
Port and I/O Device Access |
Protects |
T1052.001 |
Exfiltration over USB |
| SI-03 |
Malicious Code Protection |
Protects |
T1052.001 |
Exfiltration over USB |
| SI-04 |
System Monitoring |
Protects |
T1052.001 |
Exfiltration over USB |
| SR-04 |
Provenance |
Protects |
T1052.001 |
Exfiltration over USB |
| AC-02 |
Account Management |
Protects |
T1053.003 |
Cron |
| AC-03 |
Access Enforcement |
Protects |
T1053.003 |
Cron |
| AC-05 |
Separation of Duties |
Protects |
T1053.003 |
Cron |
| AC-06 |
Least Privilege |
Protects |
T1053.003 |
Cron |
| CA-08 |
Penetration Testing |
Protects |
T1053.003 |
Cron |
| CM-05 |
Access Restrictions for Change |
Protects |
T1053.003 |
Cron |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1053.003 |
Cron |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.003 |
Cron |
| SI-04 |
System Monitoring |
Protects |
T1053.003 |
Cron |
| AC-02 |
Account Management |
Protects |
T1053.007 |
Container Orchestration Job |
| AC-03 |
Access Enforcement |
Protects |
T1053.007 |
Container Orchestration Job |
| AC-05 |
Separation of Duties |
Protects |
T1053.007 |
Container Orchestration Job |
| AC-06 |
Least Privilege |
Protects |
T1053.007 |
Container Orchestration Job |
| CM-05 |
Access Restrictions for Change |
Protects |
T1053.007 |
Container Orchestration Job |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1053.007 |
Container Orchestration Job |
| IA-08 |
Identification and Authentication (non-organizational Users) |
Protects |
T1053.007 |
Container Orchestration Job |
| AC-02 |
Account Management |
Protects |
T1055 |
Process Injection |
| AC-03 |
Access Enforcement |
Protects |
T1055 |
Process Injection |
| AC-05 |
Separation of Duties |
Protects |
T1055 |
Process Injection |
| AC-06 |
Least Privilege |
Protects |
T1055 |
Process Injection |
| CM-05 |
Access Restrictions for Change |
Protects |
T1055 |
Process Injection |
| CM-06 |
Configuration Settings |
Protects |
T1055 |
Process Injection |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1055 |
Process Injection |
| SC-18 |
Mobile Code |
Protects |
T1055 |
Process Injection |
| SC-07 |
Boundary Protection |
Protects |
T1055 |
Process Injection |
| SI-02 |
Flaw Remediation |
Protects |
T1055 |
Process Injection |
| SI-03 |
Malicious Code Protection |
Protects |
T1055 |
Process Injection |
| SI-04 |
System Monitoring |
Protects |
T1055 |
Process Injection |
| AC-06 |
Least Privilege |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| SC-18 |
Mobile Code |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| SC-07 |
Boundary Protection |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| SI-02 |
Flaw Remediation |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| SI-04 |
System Monitoring |
Protects |
T1055.001 |
Dynamic-link Library Injection |
| AC-06 |
Least Privilege |
Protects |
T1055.002 |
Portable Executable Injection |
| SC-18 |
Mobile Code |
Protects |
T1055.002 |
Portable Executable Injection |
| SC-07 |
Boundary Protection |
Protects |
T1055.002 |
Portable Executable Injection |
| SI-02 |
Flaw Remediation |
Protects |
T1055.002 |
Portable Executable Injection |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.002 |
Portable Executable Injection |
| SI-04 |
System Monitoring |
Protects |
T1055.002 |
Portable Executable Injection |
| AC-06 |
Least Privilege |
Protects |
T1055.003 |
Thread Execution Hijacking |
| SC-18 |
Mobile Code |
Protects |
T1055.003 |
Thread Execution Hijacking |
| SC-07 |
Boundary Protection |
Protects |
T1055.003 |
Thread Execution Hijacking |
| SI-02 |
Flaw Remediation |
Protects |
T1055.003 |
Thread Execution Hijacking |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.003 |
Thread Execution Hijacking |
| SI-04 |
System Monitoring |
Protects |
T1055.003 |
Thread Execution Hijacking |
| AC-06 |
Least Privilege |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| SC-18 |
Mobile Code |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| SC-07 |
Boundary Protection |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| SI-02 |
Flaw Remediation |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| SI-04 |
System Monitoring |
Protects |
T1055.004 |
Asynchronous Procedure Call |
| AC-06 |
Least Privilege |
Protects |
T1055.005 |
Thread Local Storage |
| SC-18 |
Mobile Code |
Protects |
T1055.005 |
Thread Local Storage |
| SC-07 |
Boundary Protection |
Protects |
T1055.005 |
Thread Local Storage |
| SI-02 |
Flaw Remediation |
Protects |
T1055.005 |
Thread Local Storage |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.005 |
Thread Local Storage |
| SI-04 |
System Monitoring |
Protects |
T1055.005 |
Thread Local Storage |
| AC-02 |
Account Management |
Protects |
T1055.008 |
Ptrace System Calls |
| AC-03 |
Access Enforcement |
Protects |
T1055.008 |
Ptrace System Calls |
| AC-05 |
Separation of Duties |
Protects |
T1055.008 |
Ptrace System Calls |
| AC-06 |
Least Privilege |
Protects |
T1055.008 |
Ptrace System Calls |
| CM-05 |
Access Restrictions for Change |
Protects |
T1055.008 |
Ptrace System Calls |
| CM-06 |
Configuration Settings |
Protects |
T1055.008 |
Ptrace System Calls |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1055.008 |
Ptrace System Calls |
| SC-18 |
Mobile Code |
Protects |
T1055.008 |
Ptrace System Calls |
| SC-07 |
Boundary Protection |
Protects |
T1055.008 |
Ptrace System Calls |
| SI-02 |
Flaw Remediation |
Protects |
T1055.008 |
Ptrace System Calls |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.008 |
Ptrace System Calls |
| SI-04 |
System Monitoring |
Protects |
T1055.008 |
Ptrace System Calls |
| AC-03 |
Access Enforcement |
Protects |
T1055.009 |
Proc Memory |
| AC-06 |
Least Privilege |
Protects |
T1055.009 |
Proc Memory |
| CA-07 |
Continuous Monitoring |
Protects |
T1055.009 |
Proc Memory |
| SC-18 |
Mobile Code |
Protects |
T1055.009 |
Proc Memory |
| SC-07 |
Boundary Protection |
Protects |
T1055.009 |
Proc Memory |
| SI-16 |
Memory Protection |
Protects |
T1055.009 |
Proc Memory |
| SI-02 |
Flaw Remediation |
Protects |
T1055.009 |
Proc Memory |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.009 |
Proc Memory |
| SI-04 |
System Monitoring |
Protects |
T1055.009 |
Proc Memory |
| AC-06 |
Least Privilege |
Protects |
T1055.011 |
Extra Window Memory Injection |
| SC-18 |
Mobile Code |
Protects |
T1055.011 |
Extra Window Memory Injection |
| SC-07 |
Boundary Protection |
Protects |
T1055.011 |
Extra Window Memory Injection |
| SI-02 |
Flaw Remediation |
Protects |
T1055.011 |
Extra Window Memory Injection |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.011 |
Extra Window Memory Injection |
| SI-04 |
System Monitoring |
Protects |
T1055.011 |
Extra Window Memory Injection |
| AC-06 |
Least Privilege |
Protects |
T1055.013 |
Process Doppelgänging |
| SC-18 |
Mobile Code |
Protects |
T1055.013 |
Process Doppelgänging |
| SC-07 |
Boundary Protection |
Protects |
T1055.013 |
Process Doppelgänging |
| SI-02 |
Flaw Remediation |
Protects |
T1055.013 |
Process Doppelgänging |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.013 |
Process Doppelgänging |
| SI-04 |
System Monitoring |
Protects |
T1055.013 |
Process Doppelgänging |
| AC-06 |
Least Privilege |
Protects |
T1055.014 |
VDSO Hijacking |
| SC-18 |
Mobile Code |
Protects |
T1055.014 |
VDSO Hijacking |
| SC-07 |
Boundary Protection |
Protects |
T1055.014 |
VDSO Hijacking |
| SI-02 |
Flaw Remediation |
Protects |
T1055.014 |
VDSO Hijacking |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.014 |
VDSO Hijacking |
| SI-04 |
System Monitoring |
Protects |
T1055.014 |
VDSO Hijacking |
| SI-03 |
Malicious Code Protection |
Protects |
T1055.015 |
ListPlanting |
| CA-07 |
Continuous Monitoring |
Protects |
T1056.002 |
GUI Input Capture |
| SI-03 |
Malicious Code Protection |
Protects |
T1056.002 |
GUI Input Capture |
| SI-04 |
System Monitoring |
Protects |
T1056.002 |
GUI Input Capture |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1056.002 |
GUI Input Capture |
| AC-02 |
Account Management |
Protects |
T1056.003 |
Web Portal Capture |
| AC-03 |
Access Enforcement |
Protects |
T1056.003 |
Web Portal Capture |
| AC-05 |
Separation of Duties |
Protects |
T1056.003 |
Web Portal Capture |
| AC-06 |
Least Privilege |
Protects |
T1056.003 |
Web Portal Capture |
| CM-05 |
Access Restrictions for Change |
Protects |
T1056.003 |
Web Portal Capture |
| CM-06 |
Configuration Settings |
Protects |
T1056.003 |
Web Portal Capture |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1056.003 |
Web Portal Capture |
| AC-17 |
Remote Access |
Protects |
T1059 |
Command and Scripting Interpreter |
| AC-02 |
Account Management |
Protects |
T1059 |
Command and Scripting Interpreter |
| AC-03 |
Access Enforcement |
Protects |
T1059 |
Command and Scripting Interpreter |
| AC-05 |
Separation of Duties |
Protects |
T1059 |
Command and Scripting Interpreter |
| AC-06 |
Least Privilege |
Protects |
T1059 |
Command and Scripting Interpreter |
| CA-07 |
Continuous Monitoring |
Protects |
T1059 |
Command and Scripting Interpreter |
| CA-08 |
Penetration Testing |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-11 |
User-installed Software |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-02 |
Baseline Configuration |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-05 |
Access Restrictions for Change |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-06 |
Configuration Settings |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-07 |
Least Functionality |
Protects |
T1059 |
Command and Scripting Interpreter |
| CM-08 |
System Component Inventory |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-02 |
Identification and Authentication (organizational Users) |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-08 |
Identification and Authentication (non-organizational Users) |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-09 |
Service Identification and Authentication |
Protects |
T1059 |
Command and Scripting Interpreter |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1059 |
Command and Scripting Interpreter |
| SC-18 |
Mobile Code |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-10 |
Information Input Validation |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-16 |
Memory Protection |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-02 |
Flaw Remediation |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-03 |
Malicious Code Protection |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-04 |
System Monitoring |
Protects |
T1059 |
Command and Scripting Interpreter |
| SI-07 |
Software, Firmware, and Information Integrity |
Protects |
T1059 |
Command and Scripting Interpreter |
| AC-17 |
Remote Access |
Protects |
T1059.001 |
PowerShell |
| AC-02 |
Account Management |
Protects |
T1059.001 |
PowerShell |
| AC-03 |
Access Enforcement |
Protects |
T1059.001 |
PowerShell |
| AC-05 |
Separation of Duties |
Protects |
T1059.001 |
PowerShell |
| AC-06 |
Least Privilege |
Protects |
T1059.001 |
PowerShell |
| CM-02 |
Baseline Configuration |
Protects |
T1059.001 |
PowerShell |
