NIST 800-53 MAPPINGS

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise

NIST 800-53 Mapping Methodology | Mapping Scope

SELECT VERSIONS

NIST 800-53 Version

ATT&CK Version

ATT&CK Domain

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
AC Access Control 1328 18
CA Security Assessment and Authorization 277 4
CM Configuration Management 1120 9
SC System and Communications Protection 513 31
SI System and Information Integrity 1085 12
CP Contingency Planning 65 5
IA Identification and Authentication 353 10
SA System and Services Acquisition 126 10
RA Risk Assessment 122 3
MP Media Protection 6 1
SR Supply Chain Risk Management 52 4

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-04 Information Flow Enforcement Protects T1001 Data Obfuscation
CA-07 Continuous Monitoring Protects T1001 Data Obfuscation
CM-02 Baseline Configuration Protects T1001 Data Obfuscation
CM-06 Configuration Settings Protects T1001 Data Obfuscation
SC-07 Boundary Protection Protects T1001 Data Obfuscation
SI-03 Malicious Code Protection Protects T1001 Data Obfuscation
SI-04 System Monitoring Protects T1001 Data Obfuscation
AC-04 Information Flow Enforcement Protects T1001.001 Junk Data
CA-07 Continuous Monitoring Protects T1001.001 Junk Data
CM-02 Baseline Configuration Protects T1001.001 Junk Data
CM-06 Configuration Settings Protects T1001.001 Junk Data
SC-07 Boundary Protection Protects T1001.001 Junk Data
SI-03 Malicious Code Protection Protects T1001.001 Junk Data
SI-04 System Monitoring Protects T1001.001 Junk Data
AC-04 Information Flow Enforcement Protects T1001.002 Steganography
CA-07 Continuous Monitoring Protects T1001.002 Steganography
CM-02 Baseline Configuration Protects T1001.002 Steganography
CM-06 Configuration Settings Protects T1001.002 Steganography
SC-07 Boundary Protection Protects T1001.002 Steganography
SI-03 Malicious Code Protection Protects T1001.002 Steganography
SI-04 System Monitoring Protects T1001.002 Steganography
AC-04 Information Flow Enforcement Protects T1001.003 Protocol Impersonation
CA-07 Continuous Monitoring Protects T1001.003 Protocol Impersonation
CM-02 Baseline Configuration Protects T1001.003 Protocol Impersonation
CM-06 Configuration Settings Protects T1001.003 Protocol Impersonation
SC-07 Boundary Protection Protects T1001.003 Protocol Impersonation
SI-03 Malicious Code Protection Protects T1001.003 Protocol Impersonation
SI-04 System Monitoring Protects T1001.003 Protocol Impersonation
AC-16 Security and Privacy Attributes Protects T1003 OS Credential Dumping
AC-02 Account Management Protects T1003 OS Credential Dumping
AC-03 Access Enforcement Protects T1003 OS Credential Dumping
AC-04 Information Flow Enforcement Protects T1003 OS Credential Dumping
AC-05 Separation of Duties Protects T1003 OS Credential Dumping
AC-06 Least Privilege Protects T1003 OS Credential Dumping
CA-07 Continuous Monitoring Protects T1003 OS Credential Dumping
CM-02 Baseline Configuration Protects T1003 OS Credential Dumping
CM-05 Access Restrictions for Change Protects T1003 OS Credential Dumping
CM-06 Configuration Settings Protects T1003 OS Credential Dumping
CM-07 Least Functionality Protects T1003 OS Credential Dumping
CP-09 System Backup Protects T1003 OS Credential Dumping
IA-02 Identification and Authentication (organizational Users) Protects T1003 OS Credential Dumping
IA-04 Identifier Management Protects T1003 OS Credential Dumping
IA-05 Authenticator Management Protects T1003 OS Credential Dumping
SC-28 Protection of Information at Rest Protects T1003 OS Credential Dumping
SC-39 Process Isolation Protects T1003 OS Credential Dumping
SI-12 Information Management and Retention Protects T1003 OS Credential Dumping
SI-02 Flaw Remediation Protects T1003 OS Credential Dumping
SI-03 Malicious Code Protection Protects T1003 OS Credential Dumping
SI-04 System Monitoring Protects T1003 OS Credential Dumping
SI-07 Software, Firmware, and Information Integrity Protects T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes Protects T1003.003 NTDS
AC-02 Account Management Protects T1003.003 NTDS
AC-03 Access Enforcement Protects T1003.003 NTDS
AC-05 Separation of Duties Protects T1003.003 NTDS
AC-06 Least Privilege Protects T1003.003 NTDS
CA-07 Continuous Monitoring Protects T1003.003 NTDS
CM-02 Baseline Configuration Protects T1003.003 NTDS
CM-05 Access Restrictions for Change Protects T1003.003 NTDS
CM-06 Configuration Settings Protects T1003.003 NTDS
CP-09 System Backup Protects T1003.003 NTDS
IA-02 Identification and Authentication (organizational Users) Protects T1003.003 NTDS
IA-05 Authenticator Management Protects T1003.003 NTDS
SC-28 Protection of Information at Rest Protects T1003.003 NTDS
SC-39 Process Isolation Protects T1003.003 NTDS
SI-12 Information Management and Retention Protects T1003.003 NTDS
SI-03 Malicious Code Protection Protects T1003.003 NTDS
SI-04 System Monitoring Protects T1003.003 NTDS
SI-07 Software, Firmware, and Information Integrity Protects T1003.003 NTDS
AC-02 Account Management Protects T1003.004 LSA Secrets
AC-03 Access Enforcement Protects T1003.004 LSA Secrets
AC-05 Separation of Duties Protects T1003.004 LSA Secrets
AC-06 Least Privilege Protects T1003.004 LSA Secrets
CA-07 Continuous Monitoring Protects T1003.004 LSA Secrets
CM-02 Baseline Configuration Protects T1003.004 LSA Secrets
CM-05 Access Restrictions for Change Protects T1003.004 LSA Secrets
CM-06 Configuration Settings Protects T1003.004 LSA Secrets
IA-02 Identification and Authentication (organizational Users) Protects T1003.004 LSA Secrets
IA-05 Authenticator Management Protects T1003.004 LSA Secrets
SC-28 Protection of Information at Rest Protects T1003.004 LSA Secrets
SC-39 Process Isolation Protects T1003.004 LSA Secrets
SI-03 Malicious Code Protection Protects T1003.004 LSA Secrets
SI-04 System Monitoring Protects T1003.004 LSA Secrets
AC-02 Account Management Protects T1003.005 Cached Domain Credentials
AC-03 Access Enforcement Protects T1003.005 Cached Domain Credentials
AC-04 Information Flow Enforcement Protects T1003.005 Cached Domain Credentials
AC-05 Separation of Duties Protects T1003.005 Cached Domain Credentials
AC-06 Least Privilege Protects T1003.005 Cached Domain Credentials
CA-07 Continuous Monitoring Protects T1003.005 Cached Domain Credentials
CM-02 Baseline Configuration Protects T1003.005 Cached Domain Credentials
CM-05 Access Restrictions for Change Protects T1003.005 Cached Domain Credentials
CM-06 Configuration Settings Protects T1003.005 Cached Domain Credentials
CM-07 Least Functionality Protects T1003.005 Cached Domain Credentials
IA-02 Identification and Authentication (organizational Users) Protects T1003.005 Cached Domain Credentials
IA-04 Identifier Management Protects T1003.005 Cached Domain Credentials
IA-05 Authenticator Management Protects T1003.005 Cached Domain Credentials
SC-28 Protection of Information at Rest Protects T1003.005 Cached Domain Credentials
SC-39 Process Isolation Protects T1003.005 Cached Domain Credentials
SI-03 Malicious Code Protection Protects T1003.005 Cached Domain Credentials
SI-04 System Monitoring Protects T1003.005 Cached Domain Credentials
AC-02 Account Management Protects T1003.006 DCSync
AC-03 Access Enforcement Protects T1003.006 DCSync
AC-04 Information Flow Enforcement Protects T1003.006 DCSync
AC-05 Separation of Duties Protects T1003.006 DCSync
AC-06 Least Privilege Protects T1003.006 DCSync
CA-07 Continuous Monitoring Protects T1003.006 DCSync
CM-02 Baseline Configuration Protects T1003.006 DCSync
CM-05 Access Restrictions for Change Protects T1003.006 DCSync
CM-06 Configuration Settings Protects T1003.006 DCSync
IA-02 Identification and Authentication (organizational Users) Protects T1003.006 DCSync
IA-04 Identifier Management Protects T1003.006 DCSync
IA-05 Authenticator Management Protects T1003.006 DCSync
SC-28 Protection of Information at Rest Protects T1003.006 DCSync
SC-39 Process Isolation Protects T1003.006 DCSync
SI-03 Malicious Code Protection Protects T1003.006 DCSync
SI-04 System Monitoring Protects T1003.006 DCSync
AC-02 Account Management Protects T1003.008 /etc/passwd and /etc/shadow
AC-03 Access Enforcement Protects T1003.008 /etc/passwd and /etc/shadow
AC-05 Separation of Duties Protects T1003.008 /etc/passwd and /etc/shadow
AC-06 Least Privilege Protects T1003.008 /etc/passwd and /etc/shadow
CA-07 Continuous Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
CM-02 Baseline Configuration Protects T1003.008 /etc/passwd and /etc/shadow
CM-05 Access Restrictions for Change Protects T1003.008 /etc/passwd and /etc/shadow
CM-06 Configuration Settings Protects T1003.008 /etc/passwd and /etc/shadow
IA-02 Identification and Authentication (organizational Users) Protects T1003.008 /etc/passwd and /etc/shadow
IA-05 Authenticator Management Protects T1003.008 /etc/passwd and /etc/shadow
SC-28 Protection of Information at Rest Protects T1003.008 /etc/passwd and /etc/shadow
SC-39 Process Isolation Protects T1003.008 /etc/passwd and /etc/shadow
SI-03 Malicious Code Protection Protects T1003.008 /etc/passwd and /etc/shadow
SI-04 System Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
AC-04 Information Flow Enforcement Protects T1008 Fallback Channels
CA-07 Continuous Monitoring Protects T1008 Fallback Channels
CM-02 Baseline Configuration Protects T1008 Fallback Channels
CM-06 Configuration Settings Protects T1008 Fallback Channels
CM-07 Least Functionality Protects T1008 Fallback Channels
SC-07 Boundary Protection Protects T1008 Fallback Channels
SI-03 Malicious Code Protection Protects T1008 Fallback Channels
SI-04 System Monitoring Protects T1008 Fallback Channels
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-02 Account Management Protects T1021.003 Distributed Component Object Model
AC-03 Access Enforcement Protects T1021.003 Distributed Component Object Model
AC-04 Information Flow Enforcement Protects T1021.003 Distributed Component Object Model
AC-05 Separation of Duties Protects T1021.003 Distributed Component Object Model
AC-06 Least Privilege Protects T1021.003 Distributed Component Object Model
CM-02 Baseline Configuration Protects T1021.003 Distributed Component Object Model
CM-05 Access Restrictions for Change Protects T1021.003 Distributed Component Object Model
CM-06 Configuration Settings Protects T1021.003 Distributed Component Object Model
CM-07 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-08 System Component Inventory Protects T1021.003 Distributed Component Object Model
IA-02 Identification and Authentication (organizational Users) Protects T1021.003 Distributed Component Object Model
RA-05 Vulnerability Monitoring and Scanning Protects T1021.003 Distributed Component Object Model
SC-18 Mobile Code Protects T1021.003 Distributed Component Object Model
SC-03 Security Function Isolation Protects T1021.003 Distributed Component Object Model
SC-46 Cross Domain Policy Enforcement Protects T1021.003 Distributed Component Object Model
SC-07 Boundary Protection Protects T1021.003 Distributed Component Object Model
SI-03 Malicious Code Protection Protects T1021.003 Distributed Component Object Model
SI-04 System Monitoring Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-02 Account Management Protects T1021.004 SSH
AC-20 Use of External Systems Protects T1021.004 SSH
AC-03 Access Enforcement Protects T1021.004 SSH
AC-05 Separation of Duties Protects T1021.004 SSH
AC-06 Least Privilege Protects T1021.004 SSH
AC-07 Unsuccessful Logon Attempts Protects T1021.004 SSH
CM-02 Baseline Configuration Protects T1021.004 SSH
CM-05 Access Restrictions for Change Protects T1021.004 SSH
CM-06 Configuration Settings Protects T1021.004 SSH
CM-08 System Component Inventory Protects T1021.004 SSH
IA-02 Identification and Authentication (organizational Users) Protects T1021.004 SSH
IA-05 Authenticator Management Protects T1021.004 SSH
RA-05 Vulnerability Monitoring and Scanning Protects T1021.004 SSH
SI-04 System Monitoring Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-02 Account Management Protects T1021.005 VNC
AC-03 Access Enforcement Protects T1021.005 VNC
AC-04 Information Flow Enforcement Protects T1021.005 VNC
AC-06 Least Privilege Protects T1021.005 VNC
CA-07 Continuous Monitoring Protects T1021.005 VNC
CA-08 Penetration Testing Protects T1021.005 VNC
CM-11 User-installed Software Protects T1021.005 VNC
CM-02 Baseline Configuration Protects T1021.005 VNC
CM-03 Configuration Change Control Protects T1021.005 VNC
CM-05 Access Restrictions for Change Protects T1021.005 VNC
CM-06 Configuration Settings Protects T1021.005 VNC
CM-07 Least Functionality Protects T1021.005 VNC
CM-08 System Component Inventory Protects T1021.005 VNC
IA-02 Identification and Authentication (organizational Users) Protects T1021.005 VNC
IA-04 Identifier Management Protects T1021.005 VNC
IA-06 Authentication Feedback Protects T1021.005 VNC
RA-05 Vulnerability Monitoring and Scanning Protects T1021.005 VNC
SC-07 Boundary Protection Protects T1021.005 VNC
SI-10 Information Input Validation Protects T1021.005 VNC
SI-15 Information Output Filtering Protects T1021.005 VNC
SI-03 Malicious Code Protection Protects T1021.005 VNC
SI-04 System Monitoring Protects T1021.005 VNC
AC-16 Security and Privacy Attributes Protects T1025 Data from Removable Media
AC-02 Account Management Protects T1025 Data from Removable Media
AC-23 Data Mining Protection Protects T1025 Data from Removable Media
AC-03 Access Enforcement Protects T1025 Data from Removable Media
AC-06 Least Privilege Protects T1025 Data from Removable Media
CM-12 Information Location Protects T1025 Data from Removable Media
CP-09 System Backup Protects T1025 Data from Removable Media
MP-07 Media Use Protects T1025 Data from Removable Media
SA-08 Security and Privacy Engineering Principles Protects T1025 Data from Removable Media
SC-13 Cryptographic Protection Protects T1025 Data from Removable Media
SC-28 Protection of Information at Rest Protects T1025 Data from Removable Media
SC-38 Operations Security Protects T1025 Data from Removable Media
SC-41 Port and I/O Device Access Protects T1025 Data from Removable Media
SI-03 Malicious Code Protection Protects T1025 Data from Removable Media
SI-04 System Monitoring Protects T1025 Data from Removable Media
SI-02 Flaw Remediation Protects T1027.002 Software Packing
SI-03 Malicious Code Protection Protects T1027.002 Software Packing
SI-04 System Monitoring Protects T1027.002 Software Packing
SI-07 Software, Firmware, and Information Integrity Protects T1027.002 Software Packing
SI-02 Flaw Remediation Protects T1027.007 Dynamic API Resolution
SI-03 Malicious Code Protection Protects T1027.007 Dynamic API Resolution
SI-04 System Monitoring Protects T1027.007 Dynamic API Resolution
SI-07 Software, Firmware, and Information Integrity Protects T1027.007 Dynamic API Resolution
SI-02 Flaw Remediation Protects T1027.008 Stripped Payloads
SI-03 Malicious Code Protection Protects T1027.008 Stripped Payloads
SI-04 System Monitoring Protects T1027.008 Stripped Payloads
SI-07 Software, Firmware, and Information Integrity Protects T1027.008 Stripped Payloads
SI-02 Flaw Remediation Protects T1027.009 Embedded Payloads
SI-03 Malicious Code Protection Protects T1027.009 Embedded Payloads
SI-04 System Monitoring Protects T1027.009 Embedded Payloads
SI-07 Software, Firmware, and Information Integrity Protects T1027.009 Embedded Payloads
AC-04 Information Flow Enforcement Protects T1029 Scheduled Transfer
CA-07 Continuous Monitoring Protects T1029 Scheduled Transfer
CM-02 Baseline Configuration Protects T1029 Scheduled Transfer
CM-06 Configuration Settings Protects T1029 Scheduled Transfer
SC-07 Boundary Protection Protects T1029 Scheduled Transfer
SI-03 Malicious Code Protection Protects T1029 Scheduled Transfer
SI-04 System Monitoring Protects T1029 Scheduled Transfer
AC-04 Information Flow Enforcement Protects T1030 Data Transfer Size Limits
CA-07 Continuous Monitoring Protects T1030 Data Transfer Size Limits
CM-02 Baseline Configuration Protects T1030 Data Transfer Size Limits
CM-06 Configuration Settings Protects T1030 Data Transfer Size Limits
SC-07 Boundary Protection Protects T1030 Data Transfer Size Limits
SI-03 Malicious Code Protection Protects T1030 Data Transfer Size Limits
SI-04 System Monitoring Protects T1030 Data Transfer Size Limits
CM-02 Baseline Configuration Protects T1036.001 Invalid Code Signature
CM-06 Configuration Settings Protects T1036.001 Invalid Code Signature
IA-09 Service Identification and Authentication Protects T1036.001 Invalid Code Signature
SI-04 System Monitoring Protects T1036.001 Invalid Code Signature
SI-07 Software, Firmware, and Information Integrity Protects T1036.001 Invalid Code Signature
AC-02 Account Management Protects T1036.003 Rename System Utilities
AC-03 Access Enforcement Protects T1036.003 Rename System Utilities
AC-06 Least Privilege Protects T1036.003 Rename System Utilities
CA-07 Continuous Monitoring Protects T1036.003 Rename System Utilities
CM-02 Baseline Configuration Protects T1036.003 Rename System Utilities
CM-06 Configuration Settings Protects T1036.003 Rename System Utilities
SI-03 Malicious Code Protection Protects T1036.003 Rename System Utilities
SI-04 System Monitoring Protects T1036.003 Rename System Utilities
CA-07 Continuous Monitoring Protects T1036.007 Double File Extension
CM-02 Baseline Configuration Protects T1036.007 Double File Extension
CM-06 Configuration Settings Protects T1036.007 Double File Extension
CM-07 Least Functionality Protects T1036.007 Double File Extension
IA-02 Identification and Authentication (organizational Users) Protects T1036.007 Double File Extension
SI-04 System Monitoring Protects T1036.007 Double File Extension
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
CM-07 Least Functionality Protects T1037.001 Logon Script (Windows)
AC-03 Access Enforcement Protects T1037.002 Login Hook
CM-02 Baseline Configuration Protects T1037.002 Login Hook
SI-03 Malicious Code Protection Protects T1037.002 Login Hook
SI-04 System Monitoring Protects T1037.002 Login Hook
SI-07 Software, Firmware, and Information Integrity Protects T1037.002 Login Hook
CM-06 Configuration Settings Protects T1037.002 Login Hook
CA-07 Continuous Monitoring Protects T1037.002 Login Hook
AC-03 Access Enforcement Protects T1037.003 Network Logon Script
CA-07 Continuous Monitoring Protects T1037.003 Network Logon Script
CM-02 Baseline Configuration Protects T1037.003 Network Logon Script
CM-06 Configuration Settings Protects T1037.003 Network Logon Script
SI-03 Malicious Code Protection Protects T1037.003 Network Logon Script
SI-04 System Monitoring Protects T1037.003 Network Logon Script
SI-07 Software, Firmware, and Information Integrity Protects T1037.003 Network Logon Script
AC-03 Access Enforcement Protects T1037.004 RC Scripts
CA-07 Continuous Monitoring Protects T1037.004 RC Scripts
CM-02 Baseline Configuration Protects T1037.004 RC Scripts
CM-06 Configuration Settings Protects T1037.004 RC Scripts
SI-03 Malicious Code Protection Protects T1037.004 RC Scripts
SI-04 System Monitoring Protects T1037.004 RC Scripts
SI-07 Software, Firmware, and Information Integrity Protects T1037.004 RC Scripts
AC-03 Access Enforcement Protects T1037.005 Startup Items
CA-07 Continuous Monitoring Protects T1037.005 Startup Items
CM-02 Baseline Configuration Protects T1037.005 Startup Items
CM-06 Configuration Settings Protects T1037.005 Startup Items
SI-03 Malicious Code Protection Protects T1037.005 Startup Items
SI-04 System Monitoring Protects T1037.005 Startup Items
SI-07 Software, Firmware, and Information Integrity Protects T1037.005 Startup Items
AC-03 Access Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-04 Information Flow Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-07 Boundary Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-03 Malicious Code Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-04 System Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-16 Security and Privacy Attributes Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-02 Account Management Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-20 Use of External Systems Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-23 Data Mining Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-03 Access Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-04 Information Flow Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-06 Least Privilege Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-03 Information Exchange Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SA-08 Security and Privacy Engineering Principles Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SA-09 External System Services Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-28 Protection of Information at Rest Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-31 Covert Channel Analysis Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-07 Boundary Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-03 Malicious Code Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-04 System Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SR-04 Provenance Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-16 Security and Privacy Attributes Protects T1052 Exfiltration Over Physical Medium
AC-02 Account Management Protects T1052 Exfiltration Over Physical Medium
AC-20 Use of External Systems Protects T1052 Exfiltration Over Physical Medium
AC-23 Data Mining Protection Protects T1052 Exfiltration Over Physical Medium
AC-03 Access Enforcement Protects T1052 Exfiltration Over Physical Medium
AC-06 Least Privilege Protects T1052 Exfiltration Over Physical Medium
CA-07 Continuous Monitoring Protects T1052 Exfiltration Over Physical Medium
CM-02 Baseline Configuration Protects T1052 Exfiltration Over Physical Medium
CM-06 Configuration Settings Protects T1052 Exfiltration Over Physical Medium
CM-07 Least Functionality Protects T1052 Exfiltration Over Physical Medium
CM-08 System Component Inventory Protects T1052 Exfiltration Over Physical Medium
MP-07 Media Use Protects T1052 Exfiltration Over Physical Medium
RA-05 Vulnerability Monitoring and Scanning Protects T1052 Exfiltration Over Physical Medium
SA-08 Security and Privacy Engineering Principles Protects T1052 Exfiltration Over Physical Medium
SC-28 Protection of Information at Rest Protects T1052 Exfiltration Over Physical Medium
SC-41 Port and I/O Device Access Protects T1052 Exfiltration Over Physical Medium
SI-03 Malicious Code Protection Protects T1052 Exfiltration Over Physical Medium
SI-04 System Monitoring Protects T1052 Exfiltration Over Physical Medium
SR-04 Provenance Protects T1052 Exfiltration Over Physical Medium
AC-16 Security and Privacy Attributes Protects T1052.001 Exfiltration over USB
AC-02 Account Management Protects T1052.001 Exfiltration over USB
AC-20 Use of External Systems Protects T1052.001 Exfiltration over USB
AC-23 Data Mining Protection Protects T1052.001 Exfiltration over USB
AC-03 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-06 Least Privilege Protects T1052.001 Exfiltration over USB
CA-07 Continuous Monitoring Protects T1052.001 Exfiltration over USB
CM-02 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-06 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-07 Least Functionality Protects T1052.001 Exfiltration over USB
CM-08 System Component Inventory Protects T1052.001 Exfiltration over USB
MP-07 Media Use Protects T1052.001 Exfiltration over USB
RA-05 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
SA-08 Security and Privacy Engineering Principles Protects T1052.001 Exfiltration over USB
SC-28 Protection of Information at Rest Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SI-03 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-04 System Monitoring Protects T1052.001 Exfiltration over USB
SR-04 Provenance Protects T1052.001 Exfiltration over USB
AC-02 Account Management Protects T1053.003 Cron
AC-03 Access Enforcement Protects T1053.003 Cron
AC-05 Separation of Duties Protects T1053.003 Cron
AC-06 Least Privilege Protects T1053.003 Cron
CA-08 Penetration Testing Protects T1053.003 Cron
CM-05 Access Restrictions for Change Protects T1053.003 Cron
IA-02 Identification and Authentication (organizational Users) Protects T1053.003 Cron
RA-05 Vulnerability Monitoring and Scanning Protects T1053.003 Cron
SI-04 System Monitoring Protects T1053.003 Cron
AC-02 Account Management Protects T1053.007 Container Orchestration Job
AC-03 Access Enforcement Protects T1053.007 Container Orchestration Job
AC-05 Separation of Duties Protects T1053.007 Container Orchestration Job
AC-06 Least Privilege Protects T1053.007 Container Orchestration Job
CM-05 Access Restrictions for Change Protects T1053.007 Container Orchestration Job
IA-02 Identification and Authentication (organizational Users) Protects T1053.007 Container Orchestration Job
IA-08 Identification and Authentication (non-organizational Users) Protects T1053.007 Container Orchestration Job
AC-02 Account Management Protects T1055 Process Injection
AC-03 Access Enforcement Protects T1055 Process Injection
AC-05 Separation of Duties Protects T1055 Process Injection
AC-06 Least Privilege Protects T1055 Process Injection
CM-05 Access Restrictions for Change Protects T1055 Process Injection
CM-06 Configuration Settings Protects T1055 Process Injection
IA-02 Identification and Authentication (organizational Users) Protects T1055 Process Injection
SC-18 Mobile Code Protects T1055 Process Injection
SC-07 Boundary Protection Protects T1055 Process Injection
SI-02 Flaw Remediation Protects T1055 Process Injection
SI-03 Malicious Code Protection Protects T1055 Process Injection
SI-04 System Monitoring Protects T1055 Process Injection
AC-06 Least Privilege Protects T1055.001 Dynamic-link Library Injection
SC-18 Mobile Code Protects T1055.001 Dynamic-link Library Injection
SC-07 Boundary Protection Protects T1055.001 Dynamic-link Library Injection
SI-02 Flaw Remediation Protects T1055.001 Dynamic-link Library Injection
SI-03 Malicious Code Protection Protects T1055.001 Dynamic-link Library Injection
SI-04 System Monitoring Protects T1055.001 Dynamic-link Library Injection
AC-06 Least Privilege Protects T1055.002 Portable Executable Injection
SC-18 Mobile Code Protects T1055.002 Portable Executable Injection
SC-07 Boundary Protection Protects T1055.002 Portable Executable Injection
SI-02 Flaw Remediation Protects T1055.002 Portable Executable Injection
SI-03 Malicious Code Protection Protects T1055.002 Portable Executable Injection
SI-04 System Monitoring Protects T1055.002 Portable Executable Injection
AC-06 Least Privilege Protects T1055.003 Thread Execution Hijacking
SC-18 Mobile Code Protects T1055.003 Thread Execution Hijacking
SC-07 Boundary Protection Protects T1055.003 Thread Execution Hijacking
SI-02 Flaw Remediation Protects T1055.003 Thread Execution Hijacking
SI-03 Malicious Code Protection Protects T1055.003 Thread Execution Hijacking
SI-04 System Monitoring Protects T1055.003 Thread Execution Hijacking
AC-06 Least Privilege Protects T1055.004 Asynchronous Procedure Call
SC-18 Mobile Code Protects T1055.004 Asynchronous Procedure Call
SC-07 Boundary Protection Protects T1055.004 Asynchronous Procedure Call
SI-02 Flaw Remediation Protects T1055.004 Asynchronous Procedure Call
SI-03 Malicious Code Protection Protects T1055.004 Asynchronous Procedure Call
SI-04 System Monitoring Protects T1055.004 Asynchronous Procedure Call
AC-06 Least Privilege Protects T1055.005 Thread Local Storage
SC-18 Mobile Code Protects T1055.005 Thread Local Storage
SC-07 Boundary Protection Protects T1055.005 Thread Local Storage
SI-02 Flaw Remediation Protects T1055.005 Thread Local Storage
SI-03 Malicious Code Protection Protects T1055.005 Thread Local Storage
SI-04 System Monitoring Protects T1055.005 Thread Local Storage
AC-02 Account Management Protects T1055.008 Ptrace System Calls
AC-03 Access Enforcement Protects T1055.008 Ptrace System Calls
AC-05 Separation of Duties Protects T1055.008 Ptrace System Calls
AC-06 Least Privilege Protects T1055.008 Ptrace System Calls
CM-05 Access Restrictions for Change Protects T1055.008 Ptrace System Calls
CM-06 Configuration Settings Protects T1055.008 Ptrace System Calls
IA-02 Identification and Authentication (organizational Users) Protects T1055.008 Ptrace System Calls
SC-18 Mobile Code Protects T1055.008 Ptrace System Calls
SC-07 Boundary Protection Protects T1055.008 Ptrace System Calls
SI-02 Flaw Remediation Protects T1055.008 Ptrace System Calls
SI-03 Malicious Code Protection Protects T1055.008 Ptrace System Calls
SI-04 System Monitoring Protects T1055.008 Ptrace System Calls
AC-03 Access Enforcement Protects T1055.009 Proc Memory
AC-06 Least Privilege Protects T1055.009 Proc Memory
CA-07 Continuous Monitoring Protects T1055.009 Proc Memory
SC-18 Mobile Code Protects T1055.009 Proc Memory
SC-07 Boundary Protection Protects T1055.009 Proc Memory
SI-16 Memory Protection Protects T1055.009 Proc Memory
SI-02 Flaw Remediation Protects T1055.009 Proc Memory
SI-03 Malicious Code Protection Protects T1055.009 Proc Memory
SI-04 System Monitoring Protects T1055.009 Proc Memory
AC-06 Least Privilege Protects T1055.011 Extra Window Memory Injection
SC-18 Mobile Code Protects T1055.011 Extra Window Memory Injection
SC-07 Boundary Protection Protects T1055.011 Extra Window Memory Injection
SI-02 Flaw Remediation Protects T1055.011 Extra Window Memory Injection
SI-03 Malicious Code Protection Protects T1055.011 Extra Window Memory Injection
SI-04 System Monitoring Protects T1055.011 Extra Window Memory Injection
AC-06 Least Privilege Protects T1055.013 Process Doppelgänging
SC-18 Mobile Code Protects T1055.013 Process Doppelgänging
SC-07 Boundary Protection Protects T1055.013 Process Doppelgänging
SI-02 Flaw Remediation Protects T1055.013 Process Doppelgänging
SI-03 Malicious Code Protection Protects T1055.013 Process Doppelgänging
SI-04 System Monitoring Protects T1055.013 Process Doppelgänging
AC-06 Least Privilege Protects T1055.014 VDSO Hijacking
SC-18 Mobile Code Protects T1055.014 VDSO Hijacking
SC-07 Boundary Protection Protects T1055.014 VDSO Hijacking
SI-02 Flaw Remediation Protects T1055.014 VDSO Hijacking
SI-03 Malicious Code Protection Protects T1055.014 VDSO Hijacking
SI-04 System Monitoring Protects T1055.014 VDSO Hijacking
SI-03 Malicious Code Protection Protects T1055.015 ListPlanting
CA-07 Continuous Monitoring Protects T1056.002 GUI Input Capture
SI-03 Malicious Code Protection Protects T1056.002 GUI Input Capture
SI-04 System Monitoring Protects T1056.002 GUI Input Capture
SI-07 Software, Firmware, and Information Integrity Protects T1056.002 GUI Input Capture
AC-02 Account Management Protects T1056.003 Web Portal Capture
AC-03 Access Enforcement Protects T1056.003 Web Portal Capture
AC-05 Separation of Duties Protects T1056.003 Web Portal Capture
AC-06 Least Privilege Protects T1056.003 Web Portal Capture
CM-05 Access Restrictions for Change Protects T1056.003 Web Portal Capture
CM-06 Configuration Settings Protects T1056.003 Web Portal Capture
IA-02 Identification and Authentication (organizational Users) Protects T1056.003 Web Portal Capture
AC-17 Remote Access Protects T1059 Command and Scripting Interpreter
AC-02 Account Management Protects T1059 Command and Scripting Interpreter
AC-03 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-05 Separation of Duties Protects T1059 Command and Scripting Interpreter
AC-06 Least Privilege Protects T1059 Command and Scripting Interpreter
CA-07 Continuous Monitoring Protects T1059 Command and Scripting Interpreter
CA-08 Penetration Testing Protects T1059 Command and Scripting Interpreter
CM-11 User-installed Software Protects T1059 Command and Scripting Interpreter
CM-02 Baseline Configuration Protects T1059 Command and Scripting Interpreter
CM-05 Access Restrictions for Change Protects T1059 Command and Scripting Interpreter
CM-06 Configuration Settings Protects T1059 Command and Scripting Interpreter
CM-07 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-08 System Component Inventory Protects T1059 Command and Scripting Interpreter
IA-02 Identification and Authentication (organizational Users) Protects T1059 Command and Scripting Interpreter
IA-08 Identification and Authentication (non-organizational Users) Protects T1059 Command and Scripting Interpreter
IA-09 Service Identification and Authentication Protects T1059 Command and Scripting Interpreter
RA-05 Vulnerability Monitoring and Scanning Protects T1059 Command and Scripting Interpreter
SC-18 Mobile Code Protects T1059 Command and Scripting Interpreter
SI-10 Information Input Validation Protects T1059 Command and Scripting Interpreter
SI-16 Memory Protection Protects T1059 Command and Scripting Interpreter
SI-02 Flaw Remediation Protects T1059 Command and Scripting Interpreter
SI-03 Malicious Code Protection Protects T1059 Command and Scripting Interpreter
SI-04 System Monitoring Protects T1059 Command and Scripting Interpreter
SI-07 Software, Firmware, and Information Integrity Protects T1059 Command and Scripting Interpreter
AC-17 Remote Access Protects T1059.001 PowerShell
AC-02 Account Management Protects T1059.001 PowerShell
AC-03 Access Enforcement Protects T1059.001 PowerShell
AC-05 Separation of Duties Protects T1059.001 PowerShell
AC-06 Least Privilege Protects T1059.001 PowerShell
CM-02 Baseline Configuration Protects T1059.001 PowerShell
CM-05 Access Restrictions for Change Protects T1059.001 PowerShell
CM-06 Configuration Settings Protects T1059.001 PowerShell
CM-08 System Component Inventory Protects T1059.001 PowerShell
IA-02 Identification and Authentication (organizational Users) Protects T1059.001 PowerShell
IA-08 Identification and Authentication (non-organizational Users) Protects T1059.001 PowerShell
IA-09 Service Identification and Authentication Protects T1059.001 PowerShell
RA-05 Vulnerability Monitoring and Scanning Protects T1059.001 PowerShell
SI-10 Information Input Validation Protects T1059.001 PowerShell
SI-16 Memory Protection Protects T1059.001 PowerShell
SI-02 Flaw Remediation Protects T1059.001 PowerShell
SI-03 Malicious Code Protection Protects T1059.001 PowerShell
SI-04 System Monitoring Protects T1059.001 PowerShell
SI-07 Software, Firmware, and Information Integrity Protects T1059.001 PowerShell
AC-17 Remote Access Protects T1059.002 AppleScript
AC-02 Account Management Protects T1059.002 AppleScript
AC-03 Access Enforcement Protects T1059.002 AppleScript
AC-06 Least Privilege Protects T1059.002 AppleScript
CM-02 Baseline Configuration Protects T1059.002 AppleScript
CM-06 Configuration Settings Protects T1059.002 AppleScript
IA-09 Service Identification and Authentication Protects T1059.002 AppleScript
SI-10 Information Input Validation Protects T1059.002 AppleScript
SI-16 Memory Protection Protects T1059.002 AppleScript
SI-03 Malicious Code Protection Protects T1059.002 AppleScript
SI-04 System Monitoring Protects T1059.002 AppleScript
SI-07 Software, Firmware, and Information Integrity Protects T1059.002 AppleScript
SR-11 Component Authenticity Protects T1059.002 AppleScript
SR-04 Provenance Protects T1059.002 AppleScript
SR-05 Acquisition Strategies, Tools, and Methods Protects T1059.002 AppleScript
SR-06 Supplier Assessments and Reviews Protects T1059.002 AppleScript
AC-17 Remote Access Protects T1059.003 Windows Command Shell
AC-02 Account Management Protects T1059.003 Windows Command Shell
AC-03 Access Enforcement Protects T1059.003 Windows Command Shell
AC-06 Least Privilege Protects T1059.003 Windows Command Shell
CM-02 Baseline Configuration Protects T1059.003 Windows Command Shell
CM-06 Configuration Settings Protects T1059.003 Windows Command Shell
SI-10 Information Input Validation Protects T1059.003 Windows Command Shell
SI-16 Memory Protection Protects T1059.003 Windows Command Shell
SI-03 Malicious Code Protection Protects T1059.003 Windows Command Shell
SI-04 System Monitoring Protects T1059.003 Windows Command Shell
SI-07 Software, Firmware, and Information Integrity Protects T1059.003 Windows Command Shell
AC-17 Remote Access Protects T1059.004 Unix Shell
AC-02 Account Management Protects T1059.004 Unix Shell
AC-03 Access Enforcement Protects T1059.004 Unix Shell
AC-06 Least Privilege Protects T1059.004 Unix Shell
CM-02 Baseline Configuration Protects T1059.004 Unix Shell
CM-06 Configuration Settings Protects T1059.004 Unix Shell
SI-10 Information Input Validation Protects T1059.004 Unix Shell
SI-16 Memory Protection Protects T1059.004 Unix Shell
SI-03 Malicious Code Protection Protects T1059.004 Unix Shell
SI-04 System Monitoring Protects T1059.004 Unix Shell
SI-07 Software, Firmware, and Information Integrity Protects T1059.004 Unix Shell
AC-17 Remote Access Protects T1059.005 Visual Basic
AC-02 Account Management Protects T1059.005 Visual Basic
AC-03 Access Enforcement Protects T1059.005 Visual Basic
AC-06 Least Privilege Protects T1059.005 Visual Basic
CA-07 Continuous Monitoring Protects T1059.005 Visual Basic
CM-02 Baseline Configuration Protects T1059.005 Visual Basic
CM-06 Configuration Settings Protects T1059.005 Visual Basic
CM-07 Least Functionality Protects T1059.005 Visual Basic
CM-08 System Component Inventory Protects T1059.005 Visual Basic
RA-05 Vulnerability Monitoring and Scanning Protects T1059.005 Visual Basic
SC-18 Mobile Code Protects T1059.005 Visual Basic
SI-10 Information Input Validation Protects T1059.005 Visual Basic
SI-16 Memory Protection Protects T1059.005 Visual Basic
SI-02 Flaw Remediation Protects T1059.005 Visual Basic
SI-03 Malicious Code Protection Protects T1059.005 Visual Basic
SI-04 System Monitoring Protects T1059.005 Visual Basic
SI-07 Software, Firmware, and Information Integrity Protects T1059.005 Visual Basic
AC-17 Remote Access Protects T1059.006 Python
AC-02 Account Management Protects T1059.006 Python
AC-03 Access Enforcement Protects T1059.006 Python
AC-06 Least Privilege Protects T1059.006 Python
CM-11 User-installed Software Protects T1059.006 Python
CM-02 Baseline Configuration Protects T1059.006 Python
CM-03 Configuration Change Control Protects T1059.006 Python
CM-05 Access Restrictions for Change Protects T1059.006 Python
CM-06 Configuration Settings Protects T1059.006 Python
SI-10 Information Input Validation Protects T1059.006 Python
SI-16 Memory Protection Protects T1059.006 Python
SI-02 Flaw Remediation Protects T1059.006 Python
SI-03 Malicious Code Protection Protects T1059.006 Python
SI-04 System Monitoring Protects T1059.006 Python
SI-07 Software, Firmware, and Information Integrity Protects T1059.006 Python
AC-17 Remote Access Protects T1059.007 JavaScript
AC-02 Account Management Protects T1059.007 JavaScript
AC-03 Access Enforcement Protects T1059.007 JavaScript
AC-06 Least Privilege Protects T1059.007 JavaScript
CA-07 Continuous Monitoring Protects T1059.007 JavaScript
CM-02 Baseline Configuration Protects T1059.007 JavaScript
CM-06 Configuration Settings Protects T1059.007 JavaScript
CM-07 Least Functionality Protects T1059.007 JavaScript
CM-08 System Component Inventory Protects T1059.007 JavaScript
RA-05 Vulnerability Monitoring and Scanning Protects T1059.007 JavaScript
SC-18 Mobile Code Protects T1059.007 JavaScript
SI-10 Information Input Validation Protects T1059.007 JavaScript
SI-16 Memory Protection Protects T1059.007 JavaScript
SI-03 Malicious Code Protection Protects T1059.007 JavaScript
SI-04 System Monitoring Protects T1059.007 JavaScript
SI-07 Software, Firmware, and Information Integrity Protects T1059.007 JavaScript
AC-17 Remote Access Protects T1059.008 Network Device CLI
AC-02 Account Management Protects T1059.008 Network Device CLI
AC-03 Access Enforcement Protects T1059.008 Network Device CLI
AC-05 Separation of Duties Protects T1059.008 Network Device CLI
AC-06 Least Privilege Protects T1059.008 Network Device CLI
CM-02 Baseline Configuration Protects T1059.008 Network Device CLI
CM-05 Access Restrictions for Change Protects T1059.008 Network Device CLI
CM-06 Configuration Settings Protects T1059.008 Network Device CLI
IA-02 Identification and Authentication (organizational Users) Protects T1059.008 Network Device CLI
IA-08 Identification and Authentication (non-organizational Users) Protects T1059.008 Network Device CLI
SI-10 Information Input Validation Protects T1059.008 Network Device CLI
SI-16 Memory Protection Protects T1059.008 Network Device CLI
SI-03 Malicious Code Protection Protects T1059.008 Network Device CLI
SI-04 System Monitoring Protects T1059.008 Network Device CLI
SI-07 Software, Firmware, and Information Integrity Protects T1059.008 Network Device CLI
AC-16 Security and Privacy Attributes Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-02 Account Management Protects T1070.002 Clear Linux or Mac System Logs
AC-03 Access Enforcement Protects T1070.002 Clear Linux or Mac System Logs
AC-05 Separation of Duties Protects T1070.002 Clear Linux or Mac System Logs
AC-06 Least Privilege Protects T1070.002 Clear Linux or Mac System Logs
CA-07 Continuous Monitoring Protects T1070.002 Clear Linux or Mac System Logs
CM-02 Baseline Configuration Protects T1070.002 Clear Linux or Mac System Logs
CM-06 Configuration Settings Protects T1070.002 Clear Linux or Mac System Logs
CP-06 Alternate Storage Site Protects T1070.002 Clear Linux or Mac System Logs
CP-07 Alternate Processing Site Protects T1070.002 Clear Linux or Mac System Logs
CP-09 System Backup Protects T1070.002 Clear Linux or Mac System Logs
SC-36 Distributed Processing and Storage Protects T1070.002 Clear Linux or Mac System Logs
SC-04 Information in Shared System Resources Protects T1070.002 Clear Linux or Mac System Logs
SI-12 Information Management and Retention Protects T1070.002 Clear Linux or Mac System Logs
SI-23 Information Fragmentation Protects T1070.002 Clear Linux or Mac System Logs
SI-03 Malicious Code Protection Protects T1070.002 Clear Linux or Mac System Logs
SI-04 System Monitoring Protects T1070.002 Clear Linux or Mac System Logs
SI-07 Software, Firmware, and Information Integrity Protects T1070.002 Clear Linux or Mac System Logs
AC-04 Information Flow Enforcement Protects T1071.003 Mail Protocols
CA-07 Continuous Monitoring Protects T1071.003 Mail Protocols
CM-02 Baseline Configuration Protects T1071.003 Mail Protocols
CM-06 Configuration Settings Protects T1071.003 Mail Protocols
CM-07 Least Functionality Protects T1071.003 Mail Protocols
SC-10 Network Disconnect Protects T1071.003 Mail Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.003 Mail Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.003 Mail Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.003 Mail Protocols
SC-23 Session Authenticity Protects T1071.003 Mail Protocols
SC-31 Covert Channel Analysis Protects T1071.003 Mail Protocols
SC-37 Out-of-band Channels Protects T1071.003 Mail Protocols
SC-07 Boundary Protection Protects T1071.003 Mail Protocols
SI-03 Malicious Code Protection Protects T1071.003 Mail Protocols
SI-04 System Monitoring Protects T1071.003 Mail Protocols
AC-03 Access Enforcement Protects T1071.004 DNS
AC-04 Information Flow Enforcement Protects T1071.004 DNS
CA-07 Continuous Monitoring Protects T1071.004 DNS
CM-02 Baseline Configuration Protects T1071.004 DNS
CM-06 Configuration Settings Protects T1071.004 DNS
CM-07 Least Functionality Protects T1071.004 DNS
SC-10 Network Disconnect Protects T1071.004 DNS
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.004 DNS
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.004 DNS
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.004 DNS
SC-23 Session Authenticity Protects T1071.004 DNS
SC-31 Covert Channel Analysis Protects T1071.004 DNS
SC-37 Out-of-band Channels Protects T1071.004 DNS
SC-07 Boundary Protection Protects T1071.004 DNS
SI-10 Information Input Validation Protects T1071.004 DNS
SI-15 Information Output Filtering Protects T1071.004 DNS
SI-03 Malicious Code Protection Protects T1071.004 DNS
SI-04 System Monitoring Protects T1071.004 DNS
AC-02 Account Management Protects T1078.001 Default Accounts
AC-05 Separation of Duties Protects T1078.001 Default Accounts
AC-06 Least Privilege Protects T1078.001 Default Accounts
CA-07 Continuous Monitoring Protects T1078.001 Default Accounts
SA-10 Developer Configuration Management Protects T1078.001 Default Accounts
SA-11 Developer Testing and Evaluation Protects T1078.001 Default Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.001 Default Accounts
SA-16 Developer-provided Training Protects T1078.001 Default Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.001 Default Accounts
SA-03 System Development Life Cycle Protects T1078.001 Default Accounts
SA-04 Acquisition Process Protects T1078.001 Default Accounts
SA-08 Security and Privacy Engineering Principles Protects T1078.001 Default Accounts
SC-28 Protection of Information at Rest Protects T1078.001 Default Accounts
SI-04 System Monitoring Protects T1078.001 Default Accounts
AC-02 Account Management Protects T1078.002 Domain Accounts
AC-20 Use of External Systems Protects T1078.002 Domain Accounts
AC-03 Access Enforcement Protects T1078.002 Domain Accounts
AC-05 Separation of Duties Protects T1078.002 Domain Accounts
AC-06 Least Privilege Protects T1078.002 Domain Accounts
AC-07 Unsuccessful Logon Attempts Protects T1078.002 Domain Accounts
CM-05 Access Restrictions for Change Protects T1078.002 Domain Accounts
CM-06 Configuration Settings Protects T1078.002 Domain Accounts
IA-12 Identity Proofing Protects T1078.002 Domain Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1078.002 Domain Accounts
IA-05 Authenticator Management Protects T1078.002 Domain Accounts
SI-04 System Monitoring Protects T1078.002 Domain Accounts
AC-02 Account Management Protects T1078.003 Local Accounts
AC-03 Access Enforcement Protects T1078.003 Local Accounts
AC-05 Separation of Duties Protects T1078.003 Local Accounts
AC-06 Least Privilege Protects T1078.003 Local Accounts
CA-07 Continuous Monitoring Protects T1078.003 Local Accounts
CM-05 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-06 Configuration Settings Protects T1078.003 Local Accounts
IA-12 Identity Proofing Protects T1078.003 Local Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1078.003 Local Accounts
SA-10 Developer Configuration Management Protects T1078.003 Local Accounts
SA-11 Developer Testing and Evaluation Protects T1078.003 Local Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.003 Local Accounts
SA-16 Developer-provided Training Protects T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.003 Local Accounts
SA-03 System Development Life Cycle Protects T1078.003 Local Accounts
SA-04 Acquisition Process Protects T1078.003 Local Accounts
SA-08 Security and Privacy Engineering Principles Protects T1078.003 Local Accounts
SC-28 Protection of Information at Rest Protects T1078.003 Local Accounts
SI-04 System Monitoring Protects T1078.003 Local Accounts
CM-06 Configuration Settings Protects T1087.001 Local Account
CM-07 Least Functionality Protects T1087.001 Local Account
SI-04 System Monitoring Protects T1087.001 Local Account
AC-02 Account Management Protects T1087.004 Cloud Account
AC-03 Access Enforcement Protects T1087.004 Cloud Account
AC-05 Separation of Duties Protects T1087.004 Cloud Account
AC-06 Least Privilege Protects T1087.004 Cloud Account
IA-02 Identification and Authentication (organizational Users) Protects T1087.004 Cloud Account
IA-08 Identification and Authentication (non-organizational Users) Protects T1087.004 Cloud Account
AC-03 Access Enforcement Protects T1090 Proxy
AC-04 Information Flow Enforcement Protects T1090 Proxy
CA-07 Continuous Monitoring Protects T1090 Proxy
CM-02 Baseline Configuration Protects T1090 Proxy
CM-06 Configuration Settings Protects T1090 Proxy
CM-07 Least Functionality Protects T1090 Proxy
SC-07 Boundary Protection Protects T1090 Proxy
SC-08 Transmission Confidentiality and Integrity Protects T1090 Proxy
SI-10 Information Input Validation Protects T1090 Proxy
SI-15 Information Output Filtering Protects T1090 Proxy
SI-03 Malicious Code Protection Protects T1090 Proxy
SI-04 System Monitoring Protects T1090 Proxy
AC-04 Information Flow Enforcement Protects T1090.001 Internal Proxy
CA-07 Continuous Monitoring Protects T1090.001 Internal Proxy
CM-02 Baseline Configuration Protects T1090.001 Internal Proxy
CM-06 Configuration Settings Protects T1090.001 Internal Proxy
CM-07 Least Functionality Protects T1090.001 Internal Proxy
SC-07 Boundary Protection Protects T1090.001 Internal Proxy
SI-03 Malicious Code Protection Protects T1090.001 Internal Proxy
SI-04 System Monitoring Protects T1090.001 Internal Proxy
AC-04 Information Flow Enforcement Protects T1090.002 External Proxy
CA-07 Continuous Monitoring Protects T1090.002 External Proxy
CM-02 Baseline Configuration Protects T1090.002 External Proxy
CM-06 Configuration Settings Protects T1090.002 External Proxy
CM-07 Least Functionality Protects T1090.002 External Proxy
SC-07 Boundary Protection Protects T1090.002 External Proxy
SI-03 Malicious Code Protection Protects T1090.002 External Proxy
SI-04 System Monitoring Protects T1090.002 External Proxy
AC-03 Access Enforcement Protects T1090.003 Multi-hop Proxy
AC-04 Information Flow Enforcement Protects T1090.003 Multi-hop Proxy
CA-07 Continuous Monitoring Protects T1090.003 Multi-hop Proxy
CM-06 Configuration Settings Protects T1090.003 Multi-hop Proxy
CM-07 Least Functionality Protects T1090.003 Multi-hop Proxy
SC-07 Boundary Protection Protects T1090.003 Multi-hop Proxy
SI-10 Information Input Validation Protects T1090.003 Multi-hop Proxy
SI-15 Information Output Filtering Protects T1090.003 Multi-hop Proxy
SC-08 Transmission Confidentiality and Integrity Protects T1090.004 Domain Fronting
CM-02 Baseline Configuration Protects T1092 Communication Through Removable Media
CM-06 Configuration Settings Protects T1092 Communication Through Removable Media
CM-07 Least Functionality Protects T1092 Communication Through Removable Media
CM-08 System Component Inventory Protects T1092 Communication Through Removable Media
MP-07 Media Use Protects T1092 Communication Through Removable Media
RA-05 Vulnerability Monitoring and Scanning Protects T1092 Communication Through Removable Media
SI-03 Malicious Code Protection Protects T1092 Communication Through Removable Media
SI-04 System Monitoring Protects T1092 Communication Through Removable Media
AC-02 Account Management Protects T1098.002 Additional Email Delegate Permissions
AC-03 Access Enforcement Protects T1098.002 Additional Email Delegate Permissions
AC-05 Separation of Duties Protects T1098.002 Additional Email Delegate Permissions
AC-06 Least Privilege Protects T1098.002 Additional Email Delegate Permissions
CM-05 Access Restrictions for Change Protects T1098.002 Additional Email Delegate Permissions
CM-06 Configuration Settings Protects T1098.002 Additional Email Delegate Permissions
IA-02 Identification and Authentication (organizational Users) Protects T1098.002 Additional Email Delegate Permissions
IA-05 Authenticator Management Protects T1098.002 Additional Email Delegate Permissions
SI-04 System Monitoring Protects T1098.002 Additional Email Delegate Permissions
SI-07 Software, Firmware, and Information Integrity Protects T1098.002 Additional Email Delegate Permissions
AC-20 Use of External Systems Protects T1098.002 Additional Email Delegate Permissions
AC-04 Information Flow Enforcement Protects T1102 Web Service
CA-07 Continuous Monitoring Protects T1102 Web Service
CM-02 Baseline Configuration Protects T1102 Web Service
CM-06 Configuration Settings Protects T1102 Web Service
CM-07 Least Functionality Protects T1102 Web Service
SC-07 Boundary Protection Protects T1102 Web Service
SI-03 Malicious Code Protection Protects T1102 Web Service
SI-04 System Monitoring Protects T1102 Web Service
AC-04 Information Flow Enforcement Protects T1102.001 Dead Drop Resolver
CA-07 Continuous Monitoring Protects T1102.001 Dead Drop Resolver
CM-02 Baseline Configuration Protects T1102.001 Dead Drop Resolver
CM-06 Configuration Settings Protects T1102.001 Dead Drop Resolver
CM-07 Least Functionality Protects T1102.001 Dead Drop Resolver
SC-07 Boundary Protection Protects T1102.001 Dead Drop Resolver
SI-03 Malicious Code Protection Protects T1102.001 Dead Drop Resolver
SI-04 System Monitoring Protects T1102.001 Dead Drop Resolver
AC-04 Information Flow Enforcement Protects T1102.002 Bidirectional Communication
CA-07 Continuous Monitoring Protects T1102.002 Bidirectional Communication
CM-02 Baseline Configuration Protects T1102.002 Bidirectional Communication
CM-06 Configuration Settings Protects T1102.002 Bidirectional Communication
CM-07 Least Functionality Protects T1102.002 Bidirectional Communication
SC-07 Boundary Protection Protects T1102.002 Bidirectional Communication
SI-03 Malicious Code Protection Protects T1102.002 Bidirectional Communication
SI-04 System Monitoring Protects T1102.002 Bidirectional Communication
AC-04 Information Flow Enforcement Protects T1102.003 One-Way Communication
CA-07 Continuous Monitoring Protects T1102.003 One-Way Communication
CM-02 Baseline Configuration Protects T1102.003 One-Way Communication
CM-06 Configuration Settings Protects T1102.003 One-Way Communication
CM-07 Least Functionality Protects T1102.003 One-Way Communication
SC-07 Boundary Protection Protects T1102.003 One-Way Communication
SI-03 Malicious Code Protection Protects T1102.003 One-Way Communication
SI-04 System Monitoring Protects T1102.003 One-Way Communication
AC-04 Information Flow Enforcement Protects T1104 Multi-Stage Channels
CA-07 Continuous Monitoring Protects T1104 Multi-Stage Channels
CM-02 Baseline Configuration Protects T1104 Multi-Stage Channels
CM-06 Configuration Settings Protects T1104 Multi-Stage Channels
CM-07 Least Functionality Protects T1104 Multi-Stage Channels
SC-07 Boundary Protection Protects T1104 Multi-Stage Channels
SI-03 Malicious Code Protection Protects T1104 Multi-Stage Channels
SI-04 System Monitoring Protects T1104 Multi-Stage Channels
AC-02 Account Management Protects T1110.001 Password Guessing
AC-20 Use of External Systems Protects T1110.001 Password Guessing
AC-03 Access Enforcement Protects T1110.001 Password Guessing
AC-05 Separation of Duties Protects T1110.001 Password Guessing
AC-06 Least Privilege Protects T1110.001 Password Guessing
AC-07 Unsuccessful Logon Attempts Protects T1110.001 Password Guessing
CA-07 Continuous Monitoring Protects T1110.001 Password Guessing
CM-02 Baseline Configuration Protects T1110.001 Password Guessing
CM-06 Configuration Settings Protects T1110.001 Password Guessing
IA-11 Re-authentication Protects T1110.001 Password Guessing
IA-02 Identification and Authentication (organizational Users) Protects T1110.001 Password Guessing
IA-04 Identifier Management Protects T1110.001 Password Guessing
IA-05 Authenticator Management Protects T1110.001 Password Guessing
SI-04 System Monitoring Protects T1110.001 Password Guessing
AC-02 Account Management Protects T1110.002 Password Cracking
AC-20 Use of External Systems Protects T1110.002 Password Cracking
AC-03 Access Enforcement Protects T1110.002 Password Cracking
AC-05 Separation of Duties Protects T1110.002 Password Cracking
AC-06 Least Privilege Protects T1110.002 Password Cracking
AC-07 Unsuccessful Logon Attempts Protects T1110.002 Password Cracking
CA-07 Continuous Monitoring Protects T1110.002 Password Cracking
CM-02 Baseline Configuration Protects T1110.002 Password Cracking
CM-06 Configuration Settings Protects T1110.002 Password Cracking
IA-11 Re-authentication Protects T1110.002 Password Cracking
IA-02 Identification and Authentication (organizational Users) Protects T1110.002 Password Cracking
IA-04 Identifier Management Protects T1110.002 Password Cracking
IA-05 Authenticator Management Protects T1110.002 Password Cracking
SI-04 System Monitoring Protects T1110.002 Password Cracking
AC-02 Account Management Protects T1110.003 Password Spraying
AC-20 Use of External Systems Protects T1110.003 Password Spraying
AC-03 Access Enforcement Protects T1110.003 Password Spraying
AC-05 Separation of Duties Protects T1110.003 Password Spraying
AC-06 Least Privilege Protects T1110.003 Password Spraying
AC-07 Unsuccessful Logon Attempts Protects T1110.003 Password Spraying
CA-07 Continuous Monitoring Protects T1110.003 Password Spraying
CM-02 Baseline Configuration Protects T1110.003 Password Spraying
CM-06 Configuration Settings Protects T1110.003 Password Spraying
IA-11 Re-authentication Protects T1110.003 Password Spraying
IA-02 Identification and Authentication (organizational Users) Protects T1110.003 Password Spraying
IA-04 Identifier Management Protects T1110.003 Password Spraying
IA-05 Authenticator Management Protects T1110.003 Password Spraying
SI-04 System Monitoring Protects T1110.003 Password Spraying
AC-02 Account Management Protects T1110.004 Credential Stuffing
AC-20 Use of External Systems Protects T1110.004 Credential Stuffing
AC-03 Access Enforcement Protects T1110.004 Credential Stuffing
AC-05 Separation of Duties Protects T1110.004 Credential Stuffing
AC-06 Least Privilege Protects T1110.004 Credential Stuffing
AC-07 Unsuccessful Logon Attempts Protects T1110.004 Credential Stuffing
CA-07 Continuous Monitoring Protects T1110.004 Credential Stuffing
CM-02 Baseline Configuration Protects T1110.004 Credential Stuffing
CM-06 Configuration Settings Protects T1110.004 Credential Stuffing
IA-11 Re-authentication Protects T1110.004 Credential Stuffing
IA-02 Identification and Authentication (organizational Users) Protects T1110.004 Credential Stuffing
IA-04 Identifier Management Protects T1110.004 Credential Stuffing
IA-05 Authenticator Management Protects T1110.004 Credential Stuffing
SI-04 System Monitoring Protects T1110.004 Credential Stuffing
AC-16 Security and Privacy Attributes Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-20 Use of External Systems Protects T1114.001 Local Email Collection
AC-04 Information Flow Enforcement Protects T1114.001 Local Email Collection
SI-12 Information Management and Retention Protects T1114.001 Local Email Collection
SI-04 System Monitoring Protects T1114.001 Local Email Collection
SI-07 Software, Firmware, and Information Integrity Protects T1114.001 Local Email Collection
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-17 Remote Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1119 Automated Collection
CM-02 Baseline Configuration Protects T1119 Automated Collection
CM-06 Configuration Settings Protects T1119 Automated Collection
CM-08 System Component Inventory Protects T1119 Automated Collection
CP-06 Alternate Storage Site Protects T1119 Automated Collection
CP-07 Alternate Processing Site Protects T1119 Automated Collection
CP-09 System Backup Protects T1119 Automated Collection
SC-36 Distributed Processing and Storage Protects T1119 Automated Collection
SC-04 Information in Shared System Resources Protects T1119 Automated Collection
SI-12 Information Management and Retention Protects T1119 Automated Collection
SI-23 Information Fragmentation Protects T1119 Automated Collection
SI-04 System Monitoring Protects T1119 Automated Collection
SI-07 Software, Firmware, and Information Integrity Protects T1119 Automated Collection
CM-02 Baseline Configuration Protects T1127 Trusted Developer Utilities Proxy Execution
CM-06 Configuration Settings Protects T1127 Trusted Developer Utilities Proxy Execution
CM-07 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-08 System Component Inventory Protects T1127 Trusted Developer Utilities Proxy Execution
RA-05 Vulnerability Monitoring and Scanning Protects T1127 Trusted Developer Utilities Proxy Execution
SI-10 Information Input Validation Protects T1127 Trusted Developer Utilities Proxy Execution
SI-04 System Monitoring Protects T1127 Trusted Developer Utilities Proxy Execution
SI-07 Software, Firmware, and Information Integrity Protects T1127 Trusted Developer Utilities Proxy Execution
CM-02 Baseline Configuration Protects T1127.001 MSBuild
CM-06 Configuration Settings Protects T1127.001 MSBuild
CM-08 System Component Inventory Protects T1127.001 MSBuild
RA-05 Vulnerability Monitoring and Scanning Protects T1127.001 MSBuild
SI-04 System Monitoring Protects T1127.001 MSBuild
AC-04 Information Flow Enforcement Protects T1132.002 Non-Standard Encoding
CA-07 Continuous Monitoring Protects T1132.002 Non-Standard Encoding
CM-02 Baseline Configuration Protects T1132.002 Non-Standard Encoding
CM-06 Configuration Settings Protects T1132.002 Non-Standard Encoding
SC-07 Boundary Protection Protects T1132.002 Non-Standard Encoding
SI-03 Malicious Code Protection Protects T1132.002 Non-Standard Encoding
SI-04 System Monitoring Protects T1132.002 Non-Standard Encoding
AC-20 Use of External Systems Protects T1134.005 SID-History Injection
AC-03 Access Enforcement Protects T1134.005 SID-History Injection
AC-04 Information Flow Enforcement Protects T1134.005 SID-History Injection
AC-05 Separation of Duties Protects T1134.005 SID-History Injection
AC-06 Least Privilege Protects T1134.005 SID-History Injection
CM-02 Baseline Configuration Protects T1134.005 SID-History Injection
CM-06 Configuration Settings Protects T1134.005 SID-History Injection
SA-11 Developer Testing and Evaluation Protects T1134.005 SID-History Injection
SA-17 Developer Security and Privacy Architecture and Design Protects T1134.005 SID-History Injection
SA-04 Acquisition Process Protects T1134.005 SID-History Injection
SA-08 Security and Privacy Engineering Principles Protects T1134.005 SID-History Injection
SC-03 Security Function Isolation Protects T1134.005 SID-History Injection
AC-02 Account Management Protects T1136.002 Domain Account
AC-20 Use of External Systems Protects T1136.002 Domain Account
AC-03 Access Enforcement Protects T1136.002 Domain Account
AC-04 Information Flow Enforcement Protects T1136.002 Domain Account
AC-05 Separation of Duties Protects T1136.002 Domain Account
AC-06 Least Privilege Protects T1136.002 Domain Account
CM-05 Access Restrictions for Change Protects T1136.002 Domain Account
CM-06 Configuration Settings Protects T1136.002 Domain Account
CM-07 Least Functionality Protects T1136.002 Domain Account
IA-02 Identification and Authentication (organizational Users) Protects T1136.002 Domain Account
IA-05 Authenticator Management Protects T1136.002 Domain Account
SC-46 Cross Domain Policy Enforcement Protects T1136.002 Domain Account
SC-07 Boundary Protection Protects T1136.002 Domain Account
SI-04 System Monitoring Protects T1136.002 Domain Account
SI-07 Software, Firmware, and Information Integrity Protects T1136.002 Domain Account
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137 Office Application Startup
AC-06 Least Privilege Protects T1137 Office Application Startup
CM-02 Baseline Configuration Protects T1137 Office Application Startup
CM-06 Configuration Settings Protects T1137 Office Application Startup
CM-08 System Component Inventory Protects T1137 Office Application Startup
RA-05 Vulnerability Monitoring and Scanning Protects T1137 Office Application Startup
SC-18 Mobile Code Protects T1137 Office Application Startup
SC-44 Detonation Chambers Protects T1137 Office Application Startup
SI-02 Flaw Remediation Protects T1137 Office Application Startup
SI-03 Malicious Code Protection Protects T1137 Office Application Startup
SI-04 System Monitoring Protects T1137 Office Application Startup
SI-08 Spam Protection Protects T1137 Office Application Startup
AC-06 Least Privilege Protects T1137.001 Office Template Macros
CM-02 Baseline Configuration Protects T1137.001 Office Template Macros
CM-06 Configuration Settings Protects T1137.001 Office Template Macros
CM-08 System Component Inventory Protects T1137.001 Office Template Macros
RA-05 Vulnerability Monitoring and Scanning Protects T1137.001 Office Template Macros
SC-18 Mobile Code Protects T1137.001 Office Template Macros
SC-44 Detonation Chambers Protects T1137.001 Office Template Macros
SI-03 Malicious Code Protection Protects T1137.001 Office Template Macros
SI-04 System Monitoring Protects T1137.001 Office Template Macros
SI-08 Spam Protection Protects T1137.001 Office Template Macros
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-14 Permitted Actions Without Identification or Authentication Protects T1137.002 Office Test
AC-17 Remote Access Protects T1137.002 Office Test
AC-06 Least Privilege Protects T1137.002 Office Test
CM-02 Baseline Configuration Protects T1137.002 Office Test
CM-05 Access Restrictions for Change Protects T1137.002 Office Test
CM-06 Configuration Settings Protects T1137.002 Office Test
SC-18 Mobile Code Protects T1137.002 Office Test
SC-44 Detonation Chambers Protects T1137.002 Office Test
SI-08 Spam Protection Protects T1137.002 Office Test
AC-06 Least Privilege Protects T1137.003 Outlook Forms
CM-02 Baseline Configuration Protects T1137.003 Outlook Forms
CM-06 Configuration Settings Protects T1137.003 Outlook Forms
SC-18 Mobile Code Protects T1137.003 Outlook Forms
SC-44 Detonation Chambers Protects T1137.003 Outlook Forms
SI-02 Flaw Remediation Protects T1137.003 Outlook Forms
SI-08 Spam Protection Protects T1137.003 Outlook Forms
AC-06 Least Privilege Protects T1137.004 Outlook Home Page
CM-02 Baseline Configuration Protects T1137.004 Outlook Home Page
CM-06 Configuration Settings Protects T1137.004 Outlook Home Page
SC-18 Mobile Code Protects T1137.004 Outlook Home Page
SC-44 Detonation Chambers Protects T1137.004 Outlook Home Page
SI-02 Flaw Remediation Protects T1137.004 Outlook Home Page
SI-08 Spam Protection Protects T1137.004 Outlook Home Page
AC-06 Least Privilege Protects T1137.005 Outlook Rules
CM-02 Baseline Configuration Protects T1137.005 Outlook Rules
CM-06 Configuration Settings Protects T1137.005 Outlook Rules
SC-18 Mobile Code Protects T1137.005 Outlook Rules
SC-44 Detonation Chambers Protects T1137.005 Outlook Rules
SI-02 Flaw Remediation Protects T1137.005 Outlook Rules
SI-08 Spam Protection Protects T1137.005 Outlook Rules
AC-06 Least Privilege Protects T1137.006 Add-ins
CM-02 Baseline Configuration Protects T1137.006 Add-ins
CM-06 Configuration Settings Protects T1137.006 Add-ins
SC-18 Mobile Code Protects T1137.006 Add-ins
SC-44 Detonation Chambers Protects T1137.006 Add-ins
SI-08 Spam Protection Protects T1137.006 Add-ins
AC-06 Least Privilege Protects T1176 Browser Extensions
CA-07 Continuous Monitoring Protects T1176 Browser Extensions
CA-08 Penetration Testing Protects T1176 Browser Extensions
CM-11 User-installed Software Protects T1176 Browser Extensions
CM-02 Baseline Configuration Protects T1176 Browser Extensions
CM-03 Configuration Change Control Protects T1176 Browser Extensions
CM-05 Access Restrictions for Change Protects T1176 Browser Extensions
CM-06 Configuration Settings Protects T1176 Browser Extensions
CM-07 Least Functionality Protects T1176 Browser Extensions
RA-05 Vulnerability Monitoring and Scanning Protects T1176 Browser Extensions
SC-07 Boundary Protection Protects T1176 Browser Extensions
SI-10 Information Input Validation Protects T1176 Browser Extensions
SI-03 Malicious Code Protection Protects T1176 Browser Extensions
SI-04 System Monitoring Protects T1176 Browser Extensions
SI-07 Software, Firmware, and Information Integrity Protects T1176 Browser Extensions
AC-10 Concurrent Session Control Protects T1185 Browser Session Hijacking
AC-12 Session Termination Protects T1185 Browser Session Hijacking
AC-02 Account Management Protects T1185 Browser Session Hijacking
AC-03 Access Enforcement Protects T1185 Browser Session Hijacking
AC-05 Separation of Duties Protects T1185 Browser Session Hijacking
AC-06 Least Privilege Protects T1185 Browser Session Hijacking
CA-07 Continuous Monitoring Protects T1185 Browser Session Hijacking
CM-02 Baseline Configuration Protects T1185 Browser Session Hijacking
CM-05 Access Restrictions for Change Protects T1185 Browser Session Hijacking
IA-02 Identification and Authentication (organizational Users) Protects T1185 Browser Session Hijacking
SC-23 Session Authenticity Protects T1185 Browser Session Hijacking
SI-03 Malicious Code Protection Protects T1185 Browser Session Hijacking
SI-04 System Monitoring Protects T1185 Browser Session Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1185 Browser Session Hijacking
CA-02 Control Assessments Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-07 Continuous Monitoring Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-07 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-10 Threat Hunting Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-05 Vulnerability Monitoring and Scanning Protects T1195.001 Compromise Software Dependencies and Development Tools
SA-22 Unsupported System Components Protects T1195.001 Compromise Software Dependencies and Development Tools
SI-02 Flaw Remediation Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-02 Control Assessments Protects T1195.002 Compromise Software Supply Chain
CA-07 Continuous Monitoring Protects T1195.002 Compromise Software Supply Chain
CM-11 User-installed Software Protects T1195.002 Compromise Software Supply Chain
CM-07 Least Functionality Protects T1195.002 Compromise Software Supply Chain
RA-10 Threat Hunting Protects T1195.002 Compromise Software Supply Chain
RA-05 Vulnerability Monitoring and Scanning Protects T1195.002 Compromise Software Supply Chain
SA-22 Unsupported System Components Protects T1195.002 Compromise Software Supply Chain
SI-02 Flaw Remediation Protects T1195.002 Compromise Software Supply Chain
CA-08 Penetration Testing Protects T1195.003 Compromise Hardware Supply Chain
CM-03 Configuration Change Control Protects T1195.003 Compromise Hardware Supply Chain
CM-05 Access Restrictions for Change Protects T1195.003 Compromise Hardware Supply Chain
CM-08 System Component Inventory Protects T1195.003 Compromise Hardware Supply Chain
IA-07 Cryptographic Module Authentication Protects T1195.003 Compromise Hardware Supply Chain
RA-09 Criticality Analysis Protects T1195.003 Compromise Hardware Supply Chain
SA-10 Developer Configuration Management Protects T1195.003 Compromise Hardware Supply Chain
SA-11 Developer Testing and Evaluation Protects T1195.003 Compromise Hardware Supply Chain
SC-34 Non-modifiable Executable Programs Protects T1195.003 Compromise Hardware Supply Chain
SI-02 Flaw Remediation Protects T1195.003 Compromise Hardware Supply Chain
SI-07 Software, Firmware, and Information Integrity Protects T1195.003 Compromise Hardware Supply Chain
AC-03 Access Enforcement Protects T1199 Trusted Relationship
AC-04 Information Flow Enforcement Protects T1199 Trusted Relationship
AC-06 Least Privilege Protects T1199 Trusted Relationship
AC-08 System Use Notification Protects T1199 Trusted Relationship
CM-06 Configuration Settings Protects T1199 Trusted Relationship
CM-07 Least Functionality Protects T1199 Trusted Relationship
SC-46 Cross Domain Policy Enforcement Protects T1199 Trusted Relationship
SC-07 Boundary Protection Protects T1199 Trusted Relationship
CA-07 Continuous Monitoring Protects T1201 Password Policy Discovery
CM-02 Baseline Configuration Protects T1201 Password Policy Discovery
CM-06 Configuration Settings Protects T1201 Password Policy Discovery
SI-03 Malicious Code Protection Protects T1201 Password Policy Discovery
SI-04 System Monitoring Protects T1201 Password Policy Discovery
AC-04 Information Flow Enforcement Protects T1203 Exploitation for Client Execution
AC-06 Least Privilege Protects T1203 Exploitation for Client Execution
CA-07 Continuous Monitoring Protects T1203 Exploitation for Client Execution
CM-08 System Component Inventory Protects T1203 Exploitation for Client Execution
SC-18 Mobile Code Protects T1203 Exploitation for Client Execution
SC-02 Separation of System and User Functionality Protects T1203 Exploitation for Client Execution
SC-29 Heterogeneity Protects T1203 Exploitation for Client Execution
SC-03 Security Function Isolation Protects T1203 Exploitation for Client Execution
SC-30 Concealment and Misdirection Protects T1203 Exploitation for Client Execution
SC-39 Process Isolation Protects T1203 Exploitation for Client Execution
SC-44 Detonation Chambers Protects T1203 Exploitation for Client Execution
SC-07 Boundary Protection Protects T1203 Exploitation for Client Execution
SI-03 Malicious Code Protection Protects T1203 Exploitation for Client Execution
SI-04 System Monitoring Protects T1203 Exploitation for Client Execution
SI-07 Software, Firmware, and Information Integrity Protects T1203 Exploitation for Client Execution
AC-04 Information Flow Enforcement Protects T1204 User Execution
CA-07 Continuous Monitoring Protects T1204 User Execution
CM-02 Baseline Configuration Protects T1204 User Execution
CM-06 Configuration Settings Protects T1204 User Execution
CM-07 Least Functionality Protects T1204 User Execution
SC-44 Detonation Chambers Protects T1204 User Execution
SC-07 Boundary Protection Protects T1204 User Execution
SI-10 Information Input Validation Protects T1204 User Execution
SI-02 Flaw Remediation Protects T1204 User Execution
SI-03 Malicious Code Protection Protects T1204 User Execution
SI-04 System Monitoring Protects T1204 User Execution
SI-07 Software, Firmware, and Information Integrity Protects T1204 User Execution
SI-08 Spam Protection Protects T1204 User Execution
AC-04 Information Flow Enforcement Protects T1204.001 Malicious Link
CA-07 Continuous Monitoring Protects T1204.001 Malicious Link
CM-02 Baseline Configuration Protects T1204.001 Malicious Link
CM-06 Configuration Settings Protects T1204.001 Malicious Link
CM-07 Least Functionality Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-07 Boundary Protection Protects T1204.001 Malicious Link
SI-02 Flaw Remediation Protects T1204.001 Malicious Link
SI-03 Malicious Code Protection Protects T1204.001 Malicious Link
SI-04 System Monitoring Protects T1204.001 Malicious Link
SI-08 Spam Protection Protects T1204.001 Malicious Link
AC-04 Information Flow Enforcement Protects T1204.002 Malicious File
CA-07 Continuous Monitoring Protects T1204.002 Malicious File
CM-02 Baseline Configuration Protects T1204.002 Malicious File
CM-06 Configuration Settings Protects T1204.002 Malicious File
CM-07 Least Functionality Protects T1204.002 Malicious File
SC-44 Detonation Chambers Protects T1204.002 Malicious File
SC-07 Boundary Protection Protects T1204.002 Malicious File
SI-10 Information Input Validation Protects T1204.002 Malicious File
SI-03 Malicious Code Protection Protects T1204.002 Malicious File
SI-04 System Monitoring Protects T1204.002 Malicious File
SI-07 Software, Firmware, and Information Integrity Protects T1204.002 Malicious File
SI-08 Spam Protection Protects T1204.002 Malicious File
AC-04 Information Flow Enforcement Protects T1204.003 Malicious Image
CA-07 Continuous Monitoring Protects T1204.003 Malicious Image
CA-08 Penetration Testing Protects T1204.003 Malicious Image
CM-02 Baseline Configuration Protects T1204.003 Malicious Image
CM-06 Configuration Settings Protects T1204.003 Malicious Image
CM-07 Least Functionality Protects T1204.003 Malicious Image
RA-05 Vulnerability Monitoring and Scanning Protects T1204.003 Malicious Image
SC-44 Detonation Chambers Protects T1204.003 Malicious Image
SC-07 Boundary Protection Protects T1204.003 Malicious Image
SI-02 Flaw Remediation Protects T1204.003 Malicious Image
SI-03 Malicious Code Protection Protects T1204.003 Malicious Image
SI-04 System Monitoring Protects T1204.003 Malicious Image
SI-07 Software, Firmware, and Information Integrity Protects T1204.003 Malicious Image
SI-08 Spam Protection Protects T1204.003 Malicious Image
SR-11 Component Authenticity Protects T1204.003 Malicious Image
SR-04 Provenance Protects T1204.003 Malicious Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1204.003 Malicious Image
SR-06 Supplier Assessments and Reviews Protects T1204.003 Malicious Image
AC-03 Access Enforcement Protects T1205 Traffic Signaling
AC-04 Information Flow Enforcement Protects T1205 Traffic Signaling
CA-07 Continuous Monitoring Protects T1205 Traffic Signaling
CM-02 Baseline Configuration Protects T1205 Traffic Signaling
CM-06 Configuration Settings Protects T1205 Traffic Signaling
CM-07 Least Functionality Protects T1205 Traffic Signaling
SC-07 Boundary Protection Protects T1205 Traffic Signaling
SI-15 Information Output Filtering Protects T1205 Traffic Signaling
SI-04 System Monitoring Protects T1205 Traffic Signaling
AC-03 Access Enforcement Protects T1205.001 Port Knocking
AC-04 Information Flow Enforcement Protects T1205.001 Port Knocking
CA-07 Continuous Monitoring Protects T1205.001 Port Knocking
CM-06 Configuration Settings Protects T1205.001 Port Knocking
CM-07 Least Functionality Protects T1205.001 Port Knocking
SC-07 Boundary Protection Protects T1205.001 Port Knocking
SI-15 Information Output Filtering Protects T1205.001 Port Knocking
SI-04 System Monitoring Protects T1205.001 Port Knocking
AC-04 Information Flow Enforcement Protects T1205.002 Socket Filters
SI-04 System Monitoring Protects T1205.002 Socket Filters
AC-02 Account Management Protects T1210 Exploitation of Remote Services
AC-03 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-04 Information Flow Enforcement Protects T1210 Exploitation of Remote Services
AC-05 Separation of Duties Protects T1210 Exploitation of Remote Services
AC-06 Least Privilege Protects T1210 Exploitation of Remote Services
CA-02 Control Assessments Protects T1210 Exploitation of Remote Services
CA-07 Continuous Monitoring Protects T1210 Exploitation of Remote Services
CA-08 Penetration Testing Protects T1210 Exploitation of Remote Services
CM-02 Baseline Configuration Protects T1210 Exploitation of Remote Services
CM-05 Access Restrictions for Change Protects T1210 Exploitation of Remote Services
CM-06 Configuration Settings Protects T1210 Exploitation of Remote Services
CM-07 Least Functionality Protects T1210 Exploitation of Remote Services
CM-08 System Component Inventory Protects T1210 Exploitation of Remote Services
IA-02 Identification and Authentication (organizational Users) Protects T1210 Exploitation of Remote Services
IA-08 Identification and Authentication (non-organizational Users) Protects T1210 Exploitation of Remote Services
RA-10 Threat Hunting Protects T1210 Exploitation of Remote Services
RA-05 Vulnerability Monitoring and Scanning Protects T1210 Exploitation of Remote Services
SC-18 Mobile Code Protects T1210 Exploitation of Remote Services
SC-02 Separation of System and User Functionality Protects T1210 Exploitation of Remote Services
SC-26 Decoys Protects T1210 Exploitation of Remote Services
SC-29 Heterogeneity Protects T1210 Exploitation of Remote Services
SC-03 Security Function Isolation Protects T1210 Exploitation of Remote Services
SC-30 Concealment and Misdirection Protects T1210 Exploitation of Remote Services
SC-35 External Malicious Code Identification Protects T1210 Exploitation of Remote Services
SC-39 Process Isolation Protects T1210 Exploitation of Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1210 Exploitation of Remote Services
SC-07 Boundary Protection Protects T1210 Exploitation of Remote Services
SI-02 Flaw Remediation Protects T1210 Exploitation of Remote Services
SI-03 Malicious Code Protection Protects T1210 Exploitation of Remote Services
SI-04 System Monitoring Protects T1210 Exploitation of Remote Services
SI-05 Security Alerts, Advisories, and Directives Protects T1210 Exploitation of Remote Services
SI-07 Software, Firmware, and Information Integrity Protects T1210 Exploitation of Remote Services
AC-16 Security and Privacy Attributes Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-02 Account Management Protects T1213 Data from Information Repositories
AC-21 Information Sharing Protects T1213 Data from Information Repositories
AC-23 Data Mining Protection Protects T1213 Data from Information Repositories
AC-03 Access Enforcement Protects T1213 Data from Information Repositories
AC-04 Information Flow Enforcement Protects T1213 Data from Information Repositories
AC-05 Separation of Duties Protects T1213 Data from Information Repositories
AC-06 Least Privilege Protects T1213 Data from Information Repositories
CA-07 Continuous Monitoring Protects T1213 Data from Information Repositories
CA-08 Penetration Testing Protects T1213 Data from Information Repositories
CM-02 Baseline Configuration Protects T1213 Data from Information Repositories
CM-03 Configuration Change Control Protects T1213 Data from Information Repositories
CM-05 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-06 Configuration Settings Protects T1213 Data from Information Repositories
CM-07 Least Functionality Protects T1213 Data from Information Repositories
CM-08 System Component Inventory Protects T1213 Data from Information Repositories
IA-02 Identification and Authentication (organizational Users) Protects T1213 Data from Information Repositories
IA-04 Identifier Management Protects T1213 Data from Information Repositories
IA-08 Identification and Authentication (non-organizational Users) Protects T1213 Data from Information Repositories
RA-05 Vulnerability Monitoring and Scanning Protects T1213 Data from Information Repositories
SC-28 Protection of Information at Rest Protects T1213 Data from Information Repositories
SI-04 System Monitoring Protects T1213 Data from Information Repositories
SI-07 Software, Firmware, and Information Integrity Protects T1213 Data from Information Repositories
AC-16 Security and Privacy Attributes Protects T1213.001 Confluence
AC-17 Remote Access Protects T1213.001 Confluence
AC-02 Account Management Protects T1213.001 Confluence
AC-21 Information Sharing Protects T1213.001 Confluence
AC-23 Data Mining Protection Protects T1213.001 Confluence
AC-03 Access Enforcement Protects T1213.001 Confluence
AC-04 Information Flow Enforcement Protects T1213.001 Confluence
AC-05 Separation of Duties Protects T1213.001 Confluence
AC-06 Least Privilege Protects T1213.001 Confluence
CA-07 Continuous Monitoring Protects T1213.001 Confluence
CA-08 Penetration Testing Protects T1213.001 Confluence
CM-02 Baseline Configuration Protects T1213.001 Confluence
CM-03 Configuration Change Control Protects T1213.001 Confluence
CM-05 Access Restrictions for Change Protects T1213.001 Confluence
CM-06 Configuration Settings Protects T1213.001 Confluence
CM-07 Least Functionality Protects T1213.001 Confluence
CM-08 System Component Inventory Protects T1213.001 Confluence
IA-02 Identification and Authentication (organizational Users) Protects T1213.001 Confluence
IA-04 Identifier Management Protects T1213.001 Confluence
IA-08 Identification and Authentication (non-organizational Users) Protects T1213.001 Confluence
RA-05 Vulnerability Monitoring and Scanning Protects T1213.001 Confluence
SC-28 Protection of Information at Rest Protects T1213.001 Confluence
SI-04 System Monitoring Protects T1213.001 Confluence
SI-07 Software, Firmware, and Information Integrity Protects T1213.001 Confluence
AC-16 Security and Privacy Attributes Protects T1213.002 Sharepoint
AC-17 Remote Access Protects T1213.002 Sharepoint
AC-02 Account Management Protects T1213.002 Sharepoint
AC-21 Information Sharing Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1213.002 Sharepoint
AC-03 Access Enforcement Protects T1213.002 Sharepoint
AC-04 Information Flow Enforcement Protects T1213.002 Sharepoint
AC-05 Separation of Duties Protects T1213.002 Sharepoint
AC-06 Least Privilege Protects T1213.002 Sharepoint
CA-07 Continuous Monitoring Protects T1213.002 Sharepoint
CA-08 Penetration Testing Protects T1213.002 Sharepoint
CM-02 Baseline Configuration Protects T1213.002 Sharepoint
CM-03 Configuration Change Control Protects T1213.002 Sharepoint
CM-05 Access Restrictions for Change Protects T1213.002 Sharepoint
CM-06 Configuration Settings Protects T1213.002 Sharepoint
CM-07 Least Functionality Protects T1213.002 Sharepoint
CM-08 System Component Inventory Protects T1213.002 Sharepoint
IA-02 Identification and Authentication (organizational Users) Protects T1213.002 Sharepoint
IA-04 Identifier Management Protects T1213.002 Sharepoint
IA-08 Identification and Authentication (non-organizational Users) Protects T1213.002 Sharepoint
RA-05 Vulnerability Monitoring and Scanning Protects T1213.002 Sharepoint
SC-28 Protection of Information at Rest Protects T1213.002 Sharepoint
SI-04 System Monitoring Protects T1213.002 Sharepoint
SI-07 Software, Firmware, and Information Integrity Protects T1213.002 Sharepoint
AC-02 Account Management Protects T1213.003 Code Repositories
AC-03 Access Enforcement Protects T1213.003 Code Repositories
AC-05 Separation of Duties Protects T1213.003 Code Repositories
AC-06 Least Privilege Protects T1213.003 Code Repositories
CA-07 Continuous Monitoring Protects T1213.003 Code Repositories
IA-02 Identification and Authentication (organizational Users) Protects T1213.003 Code Repositories
IA-09 Service Identification and Authentication Protects T1213.003 Code Repositories
RA-05 Vulnerability Monitoring and Scanning Protects T1213.003 Code Repositories
SA-10 Developer Configuration Management Protects T1213.003 Code Repositories
SA-11 Developer Testing and Evaluation Protects T1213.003 Code Repositories
SA-15 Development Process, Standards, and Tools Protects T1213.003 Code Repositories
SA-03 System Development Life Cycle Protects T1213.003 Code Repositories
SA-08 Security and Privacy Engineering Principles Protects T1213.003 Code Repositories
SI-02 Flaw Remediation Protects T1213.003 Code Repositories
CM-02 Baseline Configuration Protects T1216 System Script Proxy Execution
CM-06 Configuration Settings Protects T1216 System Script Proxy Execution
CM-07 Least Functionality Protects T1216 System Script Proxy Execution
SI-10 Information Input Validation Protects T1216 System Script Proxy Execution
SI-04 System Monitoring Protects T1216 System Script Proxy Execution
SI-07 Software, Firmware, and Information Integrity Protects T1216 System Script Proxy Execution
CM-02 Baseline Configuration Protects T1216.001 PubPrn
CM-06 Configuration Settings Protects T1216.001 PubPrn
CM-07 Least Functionality Protects T1216.001 PubPrn
SI-10 Information Input Validation Protects T1216.001 PubPrn
SI-04 System Monitoring Protects T1216.001 PubPrn
SI-07 Software, Firmware, and Information Integrity Protects T1216.001 PubPrn
AC-02 Account Management Protects T1218 System Binary Proxy Execution
AC-06 Least Privilege Protects T1218 System Binary Proxy Execution
CA-07 Continuous Monitoring Protects T1218 System Binary Proxy Execution
CM-11 User-installed Software Protects T1218 System Binary Proxy Execution
CM-02 Baseline Configuration Protects T1218 System Binary Proxy Execution
CM-05 Access Restrictions for Change Protects T1218 System Binary Proxy Execution
CM-06 Configuration Settings Protects T1218 System Binary Proxy Execution
CM-07 Least Functionality Protects T1218 System Binary Proxy Execution
CM-08 System Component Inventory Protects T1218 System Binary Proxy Execution
IA-02 Identification and Authentication (organizational Users) Protects T1218 System Binary Proxy Execution
RA-05 Vulnerability Monitoring and Scanning Protects T1218 System Binary Proxy Execution
SI-10 Information Input Validation Protects T1218 System Binary Proxy Execution
SI-16 Memory Protection Protects T1218 System Binary Proxy Execution
SI-03 Malicious Code Protection Protects T1218 System Binary Proxy Execution
SI-04 System Monitoring Protects T1218 System Binary Proxy Execution
SI-07 Software, Firmware, and Information Integrity Protects T1218 System Binary Proxy Execution
AC-03 Access Enforcement Protects T1218 System Binary Proxy Execution
AC-05 Separation of Duties Protects T1218 System Binary Proxy Execution
CM-11 User-installed Software Protects T1218.001 Compiled HTML File
CM-02 Baseline Configuration Protects T1218.001 Compiled HTML File
CM-06 Configuration Settings Protects T1218.001 Compiled HTML File
CM-07 Least Functionality Protects T1218.001 Compiled HTML File
SC-18 Mobile Code Protects T1218.001 Compiled HTML File
SI-10 Information Input Validation Protects T1218.001 Compiled HTML File
SI-16 Memory Protection Protects T1218.001 Compiled HTML File
SI-03 Malicious Code Protection Protects T1218.001 Compiled HTML File
SI-04 System Monitoring Protects T1218.001 Compiled HTML File
SI-07 Software, Firmware, and Information Integrity Protects T1218.001 Compiled HTML File
AC-03 Access Enforcement Protects T1218.002 Control Panel
CA-07 Continuous Monitoring Protects T1218.002 Control Panel
CM-11 User-installed Software Protects T1218.002 Control Panel
CM-02 Baseline Configuration Protects T1218.002 Control Panel
CM-06 Configuration Settings Protects T1218.002 Control Panel
CM-07 Least Functionality Protects T1218.002 Control Panel
SI-10 Information Input Validation Protects T1218.002 Control Panel
SI-16 Memory Protection Protects T1218.002 Control Panel
SI-03 Malicious Code Protection Protects T1218.002 Control Panel
SI-04 System Monitoring Protects T1218.002 Control Panel
SI-07 Software, Firmware, and Information Integrity Protects T1218.002 Control Panel
CM-11 User-installed Software Protects T1218.003 CMSTP
CM-02 Baseline Configuration Protects T1218.003 CMSTP
CM-06 Configuration Settings Protects T1218.003 CMSTP
CM-07 Least Functionality Protects T1218.003 CMSTP
CM-08 System Component Inventory Protects T1218.003 CMSTP
RA-05 Vulnerability Monitoring and Scanning Protects T1218.003 CMSTP
SI-10 Information Input Validation Protects T1218.003 CMSTP
SI-16 Memory Protection Protects T1218.003 CMSTP
SI-03 Malicious Code Protection Protects T1218.003 CMSTP
SI-04 System Monitoring Protects T1218.003 CMSTP
SI-07 Software, Firmware, and Information Integrity Protects T1218.003 CMSTP
CM-11 User-installed Software Protects T1218.004 InstallUtil
CM-02 Baseline Configuration Protects T1218.004 InstallUtil
CM-06 Configuration Settings Protects T1218.004 InstallUtil
CM-07 Least Functionality Protects T1218.004 InstallUtil
CM-08 System Component Inventory Protects T1218.004 InstallUtil
RA-05 Vulnerability Monitoring and Scanning Protects T1218.004 InstallUtil
SI-10 Information Input Validation Protects T1218.004 InstallUtil
SI-16 Memory Protection Protects T1218.004 InstallUtil
SI-03 Malicious Code Protection Protects T1218.004 InstallUtil
SI-04 System Monitoring Protects T1218.004 InstallUtil
SI-07 Software, Firmware, and Information Integrity Protects T1218.004 InstallUtil
CM-11 User-installed Software Protects T1218.005 Mshta
CM-02 Baseline Configuration Protects T1218.005 Mshta
CM-06 Configuration Settings Protects T1218.005 Mshta
CM-07 Least Functionality Protects T1218.005 Mshta
CM-08 System Component Inventory Protects T1218.005 Mshta
RA-05 Vulnerability Monitoring and Scanning Protects T1218.005 Mshta
SI-10 Information Input Validation Protects T1218.005 Mshta
SI-16 Memory Protection Protects T1218.005 Mshta
SI-03 Malicious Code Protection Protects T1218.005 Mshta
SI-04 System Monitoring Protects T1218.005 Mshta
SI-07 Software, Firmware, and Information Integrity Protects T1218.005 Mshta
AC-02 Account Management Protects T1218.007 Msiexec
AC-03 Access Enforcement Protects T1218.007 Msiexec
AC-05 Separation of Duties Protects T1218.007 Msiexec
AC-06 Least Privilege Protects T1218.007 Msiexec
CM-02 Baseline Configuration Protects T1218.007 Msiexec
CM-05 Access Restrictions for Change Protects T1218.007 Msiexec
CM-06 Configuration Settings Protects T1218.007 Msiexec
CM-07 Least Functionality Protects T1218.007 Msiexec
IA-02 Identification and Authentication (organizational Users) Protects T1218.007 Msiexec
CM-11 User-installed Software Protects T1218.008 Odbcconf
CM-02 Baseline Configuration Protects T1218.008 Odbcconf
CM-06 Configuration Settings Protects T1218.008 Odbcconf
CM-07 Least Functionality Protects T1218.008 Odbcconf
CM-08 System Component Inventory Protects T1218.008 Odbcconf
RA-05 Vulnerability Monitoring and Scanning Protects T1218.008 Odbcconf
SI-10 Information Input Validation Protects T1218.008 Odbcconf
SI-16 Memory Protection Protects T1218.008 Odbcconf
SI-03 Malicious Code Protection Protects T1218.008 Odbcconf
SI-04 System Monitoring Protects T1218.008 Odbcconf
SI-07 Software, Firmware, and Information Integrity Protects T1218.008 Odbcconf
CM-11 User-installed Software Protects T1218.009 Regsvcs/Regasm
CM-02 Baseline Configuration Protects T1218.009 Regsvcs/Regasm
CM-06 Configuration Settings Protects T1218.009 Regsvcs/Regasm
CM-07 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-08 System Component Inventory Protects T1218.009 Regsvcs/Regasm
RA-05 Vulnerability Monitoring and Scanning Protects T1218.009 Regsvcs/Regasm
SI-10 Information Input Validation Protects T1218.009 Regsvcs/Regasm
SI-16 Memory Protection Protects T1218.009 Regsvcs/Regasm
SI-03 Malicious Code Protection Protects T1218.009 Regsvcs/Regasm
SI-04 System Monitoring Protects T1218.009 Regsvcs/Regasm
SI-07 Software, Firmware, and Information Integrity Protects T1218.009 Regsvcs/Regasm
CA-07 Continuous Monitoring Protects T1218.010 Regsvr32
SI-10 Information Input Validation Protects T1218.010 Regsvr32
SI-04 System Monitoring Protects T1218.010 Regsvr32
SI-07 Software, Firmware, and Information Integrity Protects T1218.010 Regsvr32
CA-07 Continuous Monitoring Protects T1218.011 Rundll32
SI-10 Information Input Validation Protects T1218.011 Rundll32
SI-04 System Monitoring Protects T1218.011 Rundll32
SI-07 Software, Firmware, and Information Integrity Protects T1218.011 Rundll32
AC-03 Access Enforcement Protects T1218.012 Verclsid
AC-04 Information Flow Enforcement Protects T1218.012 Verclsid
CA-07 Continuous Monitoring Protects T1218.012 Verclsid
CM-11 User-installed Software Protects T1218.012 Verclsid
CM-02 Baseline Configuration Protects T1218.012 Verclsid
CM-06 Configuration Settings Protects T1218.012 Verclsid
CM-07 Least Functionality Protects T1218.012 Verclsid
CM-08 System Component Inventory Protects T1218.012 Verclsid
RA-05 Vulnerability Monitoring and Scanning Protects T1218.012 Verclsid
SC-07 Boundary Protection Protects T1218.012 Verclsid
SI-10 Information Input Validation Protects T1218.012 Verclsid
SI-15 Information Output Filtering Protects T1218.012 Verclsid
SI-16 Memory Protection Protects T1218.012 Verclsid
SI-03 Malicious Code Protection Protects T1218.012 Verclsid
SI-04 System Monitoring Protects T1218.012 Verclsid
SI-07 Software, Firmware, and Information Integrity Protects T1218.012 Verclsid
CM-11 User-installed Software Protects T1218.013 Mavinject
CM-02 Baseline Configuration Protects T1218.013 Mavinject
CM-06 Configuration Settings Protects T1218.013 Mavinject
CM-07 Least Functionality Protects T1218.013 Mavinject
CM-08 System Component Inventory Protects T1218.013 Mavinject
RA-05 Vulnerability Monitoring and Scanning Protects T1218.013 Mavinject
SI-10 Information Input Validation Protects T1218.013 Mavinject
SI-16 Memory Protection Protects T1218.013 Mavinject
SI-03 Malicious Code Protection Protects T1218.013 Mavinject
SI-04 System Monitoring Protects T1218.013 Mavinject
SI-07 Software, Firmware, and Information Integrity Protects T1218.013 Mavinject
CM-11 User-installed Software Protects T1218.014 MMC
CM-02 Baseline Configuration Protects T1218.014 MMC
CM-06 Configuration Settings Protects T1218.014 MMC
CM-07 Least Functionality Protects T1218.014 MMC
CM-08 System Component Inventory Protects T1218.014 MMC
RA-05 Vulnerability Monitoring and Scanning Protects T1218.014 MMC
SI-10 Information Input Validation Protects T1218.014 MMC
SI-16 Memory Protection Protects T1218.014 MMC
SI-03 Malicious Code Protection Protects T1218.014 MMC
SI-04 System Monitoring Protects T1218.014 MMC
SI-07 Software, Firmware, and Information Integrity Protects T1218.014 MMC
CM-02 Baseline Configuration Protects T1220 XSL Script Processing
CM-06 Configuration Settings Protects T1220 XSL Script Processing
CM-07 Least Functionality Protects T1220 XSL Script Processing
SI-10 Information Input Validation Protects T1220 XSL Script Processing
SI-04 System Monitoring Protects T1220 XSL Script Processing
SI-07 Software, Firmware, and Information Integrity Protects T1220 XSL Script Processing
CA-07 Continuous Monitoring Protects T1221 Template Injection
CM-02 Baseline Configuration Protects T1221 Template Injection
CM-06 Configuration Settings Protects T1221 Template Injection
CM-07 Least Functionality Protects T1221 Template Injection
CM-08 System Component Inventory Protects T1221 Template Injection
RA-05 Vulnerability Monitoring and Scanning Protects T1221 Template Injection
SC-44 Detonation Chambers Protects T1221 Template Injection
SC-07 Boundary Protection Protects T1221 Template Injection
SI-10 Information Input Validation Protects T1221 Template Injection
SI-02 Flaw Remediation Protects T1221 Template Injection
SI-03 Malicious Code Protection Protects T1221 Template Injection
SI-04 System Monitoring Protects T1221 Template Injection
SI-07 Software, Firmware, and Information Integrity Protects T1221 Template Injection
SI-08 Spam Protection Protects T1221 Template Injection
AC-16 Security and Privacy Attributes Protects T1222 File and Directory Permissions Modification
AC-02 Account Management Protects T1222 File and Directory Permissions Modification
AC-03 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-05 Separation of Duties Protects T1222 File and Directory Permissions Modification
AC-06 Least Privilege Protects T1222 File and Directory Permissions Modification
CA-07 Continuous Monitoring Protects T1222 File and Directory Permissions Modification
CM-05 Access Restrictions for Change Protects T1222 File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222 File and Directory Permissions Modification
IA-02 Identification and Authentication (organizational Users) Protects T1222 File and Directory Permissions Modification
SI-04 System Monitoring Protects T1222 File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity Protects T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.001 Windows File and Directory Permissions Modification
AC-02 Account Management Protects T1222.001 Windows File and Directory Permissions Modification
AC-03 Access Enforcement Protects T1222.001 Windows File and Directory Permissions Modification
AC-05 Separation of Duties Protects T1222.001 Windows File and Directory Permissions Modification
AC-06 Least Privilege Protects T1222.001 Windows File and Directory Permissions Modification
CA-07 Continuous Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
CM-05 Access Restrictions for Change Protects T1222.001 Windows File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222.001 Windows File and Directory Permissions Modification
IA-02 Identification and Authentication (organizational Users) Protects T1222.001 Windows File and Directory Permissions Modification
SI-04 System Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity Protects T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-02 Account Management Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-03 Access Enforcement Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-05 Separation of Duties Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-06 Least Privilege Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CA-07 Continuous Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-05 Access Restrictions for Change Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222.002 Linux and Mac File and Directory Permissions Modification
IA-02 Identification and Authentication (organizational Users) Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-04 System Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-04 Information Flow Enforcement Protects T1482 Domain Trust Discovery
CA-08 Penetration Testing Protects T1482 Domain Trust Discovery
CM-06 Configuration Settings Protects T1482 Domain Trust Discovery
CM-07 Least Functionality Protects T1482 Domain Trust Discovery
RA-05 Vulnerability Monitoring and Scanning Protects T1482 Domain Trust Discovery
SA-17 Developer Security and Privacy Architecture and Design Protects T1482 Domain Trust Discovery
SA-08 Security and Privacy Engineering Principles Protects T1482 Domain Trust Discovery
SC-46 Cross Domain Policy Enforcement Protects T1482 Domain Trust Discovery
SC-07 Boundary Protection Protects T1482 Domain Trust Discovery
AC-02 Account Management Protects T1484 Domain Policy Modification
AC-03 Access Enforcement Protects T1484 Domain Policy Modification
AC-04 Information Flow Enforcement Protects T1484 Domain Policy Modification
AC-05 Separation of Duties Protects T1484 Domain Policy Modification
AC-06 Least Privilege Protects T1484 Domain Policy Modification
CA-08 Penetration Testing Protects T1484 Domain Policy Modification
CM-02 Baseline Configuration Protects T1484 Domain Policy Modification
CM-05 Access Restrictions for Change Protects T1484 Domain Policy Modification
CM-06 Configuration Settings Protects T1484 Domain Policy Modification
CM-07 Least Functionality Protects T1484 Domain Policy Modification
IA-02 Identification and Authentication (organizational Users) Protects T1484 Domain Policy Modification
RA-05 Vulnerability Monitoring and Scanning Protects T1484 Domain Policy Modification
SI-04 System Monitoring Protects T1484 Domain Policy Modification
AC-03 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-06 Least Privilege Protects T1486 Data Encrypted for Impact
CM-02 Baseline Configuration Protects T1486 Data Encrypted for Impact
CP-10 System Recovery and Reconstitution Protects T1486 Data Encrypted for Impact
CP-02 Contingency Plan Protects T1486 Data Encrypted for Impact
CP-06 Alternate Storage Site Protects T1486 Data Encrypted for Impact
CP-07 Alternate Processing Site Protects T1486 Data Encrypted for Impact
CP-09 System Backup Protects T1486 Data Encrypted for Impact
SI-03 Malicious Code Protection Protects T1486 Data Encrypted for Impact
SI-04 System Monitoring Protects T1486 Data Encrypted for Impact
SI-07 Software, Firmware, and Information Integrity Protects T1486 Data Encrypted for Impact
AC-02 Account Management Protects T1489 Service Stop
AC-03 Access Enforcement Protects T1489 Service Stop
AC-04 Information Flow Enforcement Protects T1489 Service Stop
AC-05 Separation of Duties Protects T1489 Service Stop
AC-06 Least Privilege Protects T1489 Service Stop
CA-07 Continuous Monitoring Protects T1489 Service Stop
CM-05 Access Restrictions for Change Protects T1489 Service Stop
CM-06 Configuration Settings Protects T1489 Service Stop
CM-07 Least Functionality Protects T1489 Service Stop
IA-02 Identification and Authentication (organizational Users) Protects T1489 Service Stop
SC-46 Cross Domain Policy Enforcement Protects T1489 Service Stop
SC-07 Boundary Protection Protects T1489 Service Stop
SI-04 System Monitoring Protects T1489 Service Stop
AC-03 Access Enforcement Protects T1491 Defacement
AC-06 Least Privilege Protects T1491 Defacement
CM-02 Baseline Configuration Protects T1491 Defacement
CP-10 System Recovery and Reconstitution Protects T1491 Defacement
CP-02 Contingency Plan Protects T1491 Defacement
CP-07 Alternate Processing Site Protects T1491 Defacement
CP-09 System Backup Protects T1491 Defacement
SI-03 Malicious Code Protection Protects T1491 Defacement
SI-04 System Monitoring Protects T1491 Defacement
SI-07 Software, Firmware, and Information Integrity Protects T1491 Defacement
AC-03 Access Enforcement Protects T1491.001 Internal Defacement
AC-06 Least Privilege Protects T1491.001 Internal Defacement
CM-02 Baseline Configuration Protects T1491.001 Internal Defacement
CP-10 System Recovery and Reconstitution Protects T1491.001 Internal Defacement
CP-02 Contingency Plan Protects T1491.001 Internal Defacement
CP-07 Alternate Processing Site Protects T1491.001 Internal Defacement
CP-09 System Backup Protects T1491.001 Internal Defacement
SI-03 Malicious Code Protection Protects T1491.001 Internal Defacement
SI-04 System Monitoring Protects T1491.001 Internal Defacement
SI-07 Software, Firmware, and Information Integrity Protects T1491.001 Internal Defacement
AC-03 Access Enforcement Protects T1491.002 External Defacement
AC-06 Least Privilege Protects T1491.002 External Defacement
CM-02 Baseline Configuration Protects T1491.002 External Defacement
CP-10 System Recovery and Reconstitution Protects T1491.002 External Defacement
CP-02 Contingency Plan Protects T1491.002 External Defacement
CP-07 Alternate Processing Site Protects T1491.002 External Defacement
CP-09 System Backup Protects T1491.002 External Defacement
SI-03 Malicious Code Protection Protects T1491.002 External Defacement
SI-04 System Monitoring Protects T1491.002 External Defacement
SI-07 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement
AC-02 Account Management Protects T1495 Firmware Corruption
AC-03 Access Enforcement Protects T1495 Firmware Corruption
AC-05 Separation of Duties Protects T1495 Firmware Corruption
AC-06 Least Privilege Protects T1495 Firmware Corruption
CA-08 Penetration Testing Protects T1495 Firmware Corruption
CM-03 Configuration Change Control Protects T1495 Firmware Corruption
CM-05 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-06 Configuration Settings Protects T1495 Firmware Corruption
CM-08 System Component Inventory Protects T1495 Firmware Corruption
IA-02 Identification and Authentication (organizational Users) Protects T1495 Firmware Corruption
IA-07 Cryptographic Module Authentication Protects T1495 Firmware Corruption
RA-09 Criticality Analysis Protects T1495 Firmware Corruption
SA-10 Developer Configuration Management Protects T1495 Firmware Corruption
SA-11 Developer Testing and Evaluation Protects T1495 Firmware Corruption
SI-02 Flaw Remediation Protects T1495 Firmware Corruption
SI-07 Software, Firmware, and Information Integrity Protects T1495 Firmware Corruption
AC-03 Access Enforcement Protects T1498 Network Denial of Service
AC-04 Information Flow Enforcement Protects T1498 Network Denial of Service
CA-07 Continuous Monitoring Protects T1498 Network Denial of Service
CM-06 Configuration Settings Protects T1498 Network Denial of Service
CM-07 Least Functionality Protects T1498 Network Denial of Service
SC-07 Boundary Protection Protects T1498 Network Denial of Service
SI-10 Information Input Validation Protects T1498 Network Denial of Service
SI-15 Information Output Filtering Protects T1498 Network Denial of Service
AC-03 Access Enforcement Protects T1498.001 Direct Network Flood
AC-04 Information Flow Enforcement Protects T1498.001 Direct Network Flood
CA-07 Continuous Monitoring Protects T1498.001 Direct Network Flood
CM-06 Configuration Settings Protects T1498.001 Direct Network Flood
CM-07 Least Functionality Protects T1498.001 Direct Network Flood
SC-07 Boundary Protection Protects T1498.001 Direct Network Flood
SI-10 Information Input Validation Protects T1498.001 Direct Network Flood
SI-15 Information Output Filtering Protects T1498.001 Direct Network Flood
AC-03 Access Enforcement Protects T1498.002 Reflection Amplification
AC-04 Information Flow Enforcement Protects T1498.002 Reflection Amplification
CA-07 Continuous Monitoring Protects T1498.002 Reflection Amplification
CM-06 Configuration Settings Protects T1498.002 Reflection Amplification
CM-07 Least Functionality Protects T1498.002 Reflection Amplification
SC-07 Boundary Protection Protects T1498.002 Reflection Amplification
SI-10 Information Input Validation Protects T1498.002 Reflection Amplification
SI-15 Information Output Filtering Protects T1498.002 Reflection Amplification
AC-03 Access Enforcement Protects T1499.003 Application Exhaustion Flood
AC-04 Information Flow Enforcement Protects T1499.003 Application Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499.003 Application Exhaustion Flood
CM-06 Configuration Settings Protects T1499.003 Application Exhaustion Flood
CM-07 Least Functionality Protects T1499.003 Application Exhaustion Flood
SC-07 Boundary Protection Protects T1499.003 Application Exhaustion Flood
SI-10 Information Input Validation Protects T1499.003 Application Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.003 Application Exhaustion Flood
SI-04 System Monitoring Protects T1499.003 Application Exhaustion Flood
AC-03 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-04 Information Flow Enforcement Protects T1499.004 Application or System Exploitation
CA-07 Continuous Monitoring Protects T1499.004 Application or System Exploitation
CM-06 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-07 Least Functionality Protects T1499.004 Application or System Exploitation
SC-07 Boundary Protection Protects T1499.004 Application or System Exploitation
SI-10 Information Input Validation Protects T1499.004 Application or System Exploitation
SI-15 Information Output Filtering Protects T1499.004 Application or System Exploitation
SI-04 System Monitoring Protects T1499.004 Application or System Exploitation
AC-16 Security and Privacy Attributes Protects T1505 Server Software Component
AC-02 Account Management Protects T1505 Server Software Component
AC-03 Access Enforcement Protects T1505 Server Software Component
AC-05 Separation of Duties Protects T1505 Server Software Component
AC-06 Least Privilege Protects T1505 Server Software Component
CA-08 Penetration Testing Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1505 Server Software Component
CM-02 Baseline Configuration Protects T1505 Server Software Component
CM-05 Access Restrictions for Change Protects T1505 Server Software Component
CM-06 Configuration Settings Protects T1505 Server Software Component
CM-08 System Component Inventory Protects T1505 Server Software Component
IA-02 Identification and Authentication (organizational Users) Protects T1505 Server Software Component
RA-05 Vulnerability Monitoring and Scanning Protects T1505 Server Software Component
SA-10 Developer Configuration Management Protects T1505 Server Software Component
SA-11 Developer Testing and Evaluation Protects T1505 Server Software Component
SC-16 Transmission of Security and Privacy Attributes Protects T1505 Server Software Component
SI-14 Non-persistence Protects T1505 Server Software Component
SI-04 System Monitoring Protects T1505 Server Software Component
SI-07 Software, Firmware, and Information Integrity Protects T1505 Server Software Component
SR-11 Component Authenticity Protects T1505 Server Software Component
SR-04 Provenance Protects T1505 Server Software Component
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505 Server Software Component
SR-06 Supplier Assessments and Reviews Protects T1505 Server Software Component
CA-08 Penetration Testing Protects T1505.001 SQL Stored Procedures
CM-11 User-installed Software Protects T1505.001 SQL Stored Procedures
CM-02 Baseline Configuration Protects T1505.001 SQL Stored Procedures
CM-06 Configuration Settings Protects T1505.001 SQL Stored Procedures
CM-08 System Component Inventory Protects T1505.001 SQL Stored Procedures
RA-05 Vulnerability Monitoring and Scanning Protects T1505.001 SQL Stored Procedures
SA-10 Developer Configuration Management Protects T1505.001 SQL Stored Procedures
SA-11 Developer Testing and Evaluation Protects T1505.001 SQL Stored Procedures
SI-14 Non-persistence Protects T1505.001 SQL Stored Procedures
SI-07 Software, Firmware, and Information Integrity Protects T1505.001 SQL Stored Procedures
SR-11 Component Authenticity Protects T1505.001 SQL Stored Procedures
SR-04 Provenance Protects T1505.001 SQL Stored Procedures
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.001 SQL Stored Procedures
SR-06 Supplier Assessments and Reviews Protects T1505.001 SQL Stored Procedures
AC-16 Security and Privacy Attributes Protects T1505.002 Transport Agent
AC-02 Account Management Protects T1505.002 Transport Agent
AC-03 Access Enforcement Protects T1505.002 Transport Agent
AC-05 Separation of Duties Protects T1505.002 Transport Agent
AC-06 Least Privilege Protects T1505.002 Transport Agent
CA-08 Penetration Testing Protects T1505.002 Transport Agent
CM-11 User-installed Software Protects T1505.002 Transport Agent
CM-02 Baseline Configuration Protects T1505.002 Transport Agent
CM-05 Access Restrictions for Change Protects T1505.002 Transport Agent
CM-06 Configuration Settings Protects T1505.002 Transport Agent
CM-08 System Component Inventory Protects T1505.002 Transport Agent
IA-02 Identification and Authentication (organizational Users) Protects T1505.002 Transport Agent
RA-05 Vulnerability Monitoring and Scanning Protects T1505.002 Transport Agent
SA-10 Developer Configuration Management Protects T1505.002 Transport Agent
SA-11 Developer Testing and Evaluation Protects T1505.002 Transport Agent
SC-16 Transmission of Security and Privacy Attributes Protects T1505.002 Transport Agent
SI-14 Non-persistence Protects T1505.002 Transport Agent
SI-04 System Monitoring Protects T1505.002 Transport Agent
SI-07 Software, Firmware, and Information Integrity Protects T1505.002 Transport Agent
SR-11 Component Authenticity Protects T1505.002 Transport Agent
SR-04 Provenance Protects T1505.002 Transport Agent
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.002 Transport Agent
SR-06 Supplier Assessments and Reviews Protects T1505.002 Transport Agent
AC-02 Account Management Protects T1505.003 Web Shell
AC-03 Access Enforcement Protects T1505.003 Web Shell
AC-05 Separation of Duties Protects T1505.003 Web Shell
AC-06 Least Privilege Protects T1505.003 Web Shell
CM-02 Baseline Configuration Protects T1505.003 Web Shell
CM-06 Configuration Settings Protects T1505.003 Web Shell
RA-05 Vulnerability Monitoring and Scanning Protects T1505.003 Web Shell
SI-04 System Monitoring Protects T1505.003 Web Shell
AC-17 Remote Access Protects T1505.004 IIS Components
AC-03 Access Enforcement Protects T1505.004 IIS Components
AC-04 Information Flow Enforcement Protects T1505.004 IIS Components
AC-06 Least Privilege Protects T1505.004 IIS Components
CA-08 Penetration Testing Protects T1505.004 IIS Components
CM-11 User-installed Software Protects T1505.004 IIS Components
CM-02 Baseline Configuration Protects T1505.004 IIS Components
CM-06 Configuration Settings Protects T1505.004 IIS Components
CM-07 Least Functionality Protects T1505.004 IIS Components
CM-08 System Component Inventory Protects T1505.004 IIS Components
IA-02 Identification and Authentication (organizational Users) Protects T1505.004 IIS Components
RA-05 Vulnerability Monitoring and Scanning Protects T1505.004 IIS Components
SA-10 Developer Configuration Management Protects T1505.004 IIS Components
SA-11 Developer Testing and Evaluation Protects T1505.004 IIS Components
SC-07 Boundary Protection Protects T1505.004 IIS Components
SI-14 Non-persistence Protects T1505.004 IIS Components
SI-16 Memory Protection Protects T1505.004 IIS Components
SI-03 Malicious Code Protection Protects T1505.004 IIS Components
SI-04 System Monitoring Protects T1505.004 IIS Components
SI-07 Software, Firmware, and Information Integrity Protects T1505.004 IIS Components
SR-11 Component Authenticity Protects T1505.004 IIS Components
SR-04 Provenance Protects T1505.004 IIS Components
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.004 IIS Components
SR-06 Supplier Assessments and Reviews Protects T1505.004 IIS Components
AC-12 Session Termination Protects T1505.005 Terminal Services DLL
AC-17 Remote Access Protects T1505.005 Terminal Services DLL
AC-02 Account Management Protects T1505.005 Terminal Services DLL
AC-20 Use of External Systems Protects T1505.005 Terminal Services DLL
AC-03 Access Enforcement Protects T1505.005 Terminal Services DLL
AC-05 Separation of Duties Protects T1505.005 Terminal Services DLL
AC-06 Least Privilege Protects T1505.005 Terminal Services DLL
CM-02 Baseline Configuration Protects T1505.005 Terminal Services DLL
CM-06 Configuration Settings Protects T1505.005 Terminal Services DLL
RA-05 Vulnerability Monitoring and Scanning Protects T1505.005 Terminal Services DLL
SI-04 System Monitoring Protects T1505.005 Terminal Services DLL
AC-02 Account Management Protects T1525 Implant Internal Image
AC-03 Access Enforcement Protects T1525 Implant Internal Image
AC-05 Separation of Duties Protects T1525 Implant Internal Image
AC-06 Least Privilege Protects T1525 Implant Internal Image
CA-08 Penetration Testing Protects T1525 Implant Internal Image
CM-02 Baseline Configuration Protects T1525 Implant Internal Image
CM-05 Access Restrictions for Change Protects T1525 Implant Internal Image
CM-06 Configuration Settings Protects T1525 Implant Internal Image
CM-07 Least Functionality Protects T1525 Implant Internal Image
IA-02 Identification and Authentication (organizational Users) Protects T1525 Implant Internal Image
IA-09 Service Identification and Authentication Protects T1525 Implant Internal Image
RA-05 Vulnerability Monitoring and Scanning Protects T1525 Implant Internal Image
SI-02 Flaw Remediation Protects T1525 Implant Internal Image
SI-03 Malicious Code Protection Protects T1525 Implant Internal Image
SI-04 System Monitoring Protects T1525 Implant Internal Image
SI-07 Software, Firmware, and Information Integrity Protects T1525 Implant Internal Image
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token
AC-02 Account Management Protects T1528 Steal Application Access Token
AC-03 Access Enforcement Protects T1528 Steal Application Access Token
AC-04 Information Flow Enforcement Protects T1528 Steal Application Access Token
AC-05 Separation of Duties Protects T1528 Steal Application Access Token
AC-06 Least Privilege Protects T1528 Steal Application Access Token
CA-07 Continuous Monitoring Protects T1528 Steal Application Access Token
CA-08 Penetration Testing Protects T1528 Steal Application Access Token
CM-02 Baseline Configuration Protects T1528 Steal Application Access Token
CM-05 Access Restrictions for Change Protects T1528 Steal Application Access Token
CM-06 Configuration Settings Protects T1528 Steal Application Access Token
IA-02 Identification and Authentication (organizational Users) Protects T1528 Steal Application Access Token
IA-04 Identifier Management Protects T1528 Steal Application Access Token
IA-05 Authenticator Management Protects T1528 Steal Application Access Token
IA-08 Identification and Authentication (non-organizational Users) Protects T1528 Steal Application Access Token
RA-05 Vulnerability Monitoring and Scanning Protects T1528 Steal Application Access Token
SA-11 Developer Testing and Evaluation Protects T1528 Steal Application Access Token
SA-15 Development Process, Standards, and Tools Protects T1528 Steal Application Access Token
SI-04 System Monitoring Protects T1528 Steal Application Access Token
SC-23 Session Authenticity Protects T1535 Unused/Unsupported Cloud Regions
AC-16 Security and Privacy Attributes Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-02 Account Management Protects T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems Protects T1537 Transfer Data to Cloud Account
AC-03 Access Enforcement Protects T1537 Transfer Data to Cloud Account
AC-04 Information Flow Enforcement Protects T1537 Transfer Data to Cloud Account
AC-05 Separation of Duties Protects T1537 Transfer Data to Cloud Account
AC-06 Least Privilege Protects T1537 Transfer Data to Cloud Account
CA-07 Continuous Monitoring Protects T1537 Transfer Data to Cloud Account
CM-05 Access Restrictions for Change Protects T1537 Transfer Data to Cloud Account
CM-06 Configuration Settings Protects T1537 Transfer Data to Cloud Account
CM-07 Least Functionality Protects T1537 Transfer Data to Cloud Account
IA-02 Identification and Authentication (organizational Users) Protects T1537 Transfer Data to Cloud Account
IA-03 Device Identification and Authentication Protects T1537 Transfer Data to Cloud Account
IA-04 Identifier Management Protects T1537 Transfer Data to Cloud Account
IA-08 Identification and Authentication (non-organizational Users) Protects T1537 Transfer Data to Cloud Account
SC-07 Boundary Protection Protects T1537 Transfer Data to Cloud Account
SI-10 Information Input Validation Protects T1537 Transfer Data to Cloud Account
SI-15 Information Output Filtering Protects T1537 Transfer Data to Cloud Account
SI-04 System Monitoring Protects T1537 Transfer Data to Cloud Account
AC-02 Account Management Protects T1538 Cloud Service Dashboard
AC-03 Access Enforcement Protects T1538 Cloud Service Dashboard
AC-05 Separation of Duties Protects T1538 Cloud Service Dashboard
AC-06 Least Privilege Protects T1538 Cloud Service Dashboard
IA-02 Identification and Authentication (organizational Users) Protects T1538 Cloud Service Dashboard
IA-08 Identification and Authentication (non-organizational Users) Protects T1538 Cloud Service Dashboard
AC-02 Account Management Protects T1542 Pre-OS Boot
AC-03 Access Enforcement Protects T1542 Pre-OS Boot
AC-05 Separation of Duties Protects T1542 Pre-OS Boot
AC-06 Least Privilege Protects T1542 Pre-OS Boot
CA-08 Penetration Testing Protects T1542 Pre-OS Boot
CM-03 Configuration Change Control Protects T1542 Pre-OS Boot
CM-05 Access Restrictions for Change Protects T1542 Pre-OS Boot
CM-06 Configuration Settings Protects T1542 Pre-OS Boot
CM-08 System Component Inventory Protects T1542 Pre-OS Boot
IA-02 Identification and Authentication (organizational Users) Protects T1542 Pre-OS Boot
IA-07 Cryptographic Module Authentication Protects T1542 Pre-OS Boot
IA-08 Identification and Authentication (non-organizational Users) Protects T1542 Pre-OS Boot
RA-09 Criticality Analysis Protects T1542 Pre-OS Boot
SA-10 Developer Configuration Management Protects T1542 Pre-OS Boot
SA-11 Developer Testing and Evaluation Protects T1542 Pre-OS Boot
SC-34 Non-modifiable Executable Programs Protects T1542 Pre-OS Boot
SC-07 Boundary Protection Protects T1542 Pre-OS Boot
SI-02 Flaw Remediation Protects T1542 Pre-OS Boot
SI-07 Software, Firmware, and Information Integrity Protects T1542 Pre-OS Boot
AC-03 Access Enforcement Protects T1542.004 ROMMONkit
AC-06 Least Privilege Protects T1542.004 ROMMONkit
CA-07 Continuous Monitoring Protects T1542.004 ROMMONkit
CA-08 Penetration Testing Protects T1542.004 ROMMONkit
CM-02 Baseline Configuration Protects T1542.004 ROMMONkit
CM-03 Configuration Change Control Protects T1542.004 ROMMONkit
CM-05 Access Restrictions for Change Protects T1542.004 ROMMONkit
CM-06 Configuration Settings Protects T1542.004 ROMMONkit
CM-07 Least Functionality Protects T1542.004 ROMMONkit
CM-08 System Component Inventory Protects T1542.004 ROMMONkit
IA-07 Cryptographic Module Authentication Protects T1542.004 ROMMONkit
RA-05 Vulnerability Monitoring and Scanning Protects T1542.004 ROMMONkit
RA-09 Criticality Analysis Protects T1542.004 ROMMONkit
SA-10 Developer Configuration Management Protects T1542.004 ROMMONkit
SA-11 Developer Testing and Evaluation Protects T1542.004 ROMMONkit
SC-34 Non-modifiable Executable Programs Protects T1542.004 ROMMONkit
SC-07 Boundary Protection Protects T1542.004 ROMMONkit
SI-02 Flaw Remediation Protects T1542.004 ROMMONkit
SI-04 System Monitoring Protects T1542.004 ROMMONkit
SI-07 Software, Firmware, and Information Integrity Protects T1542.004 ROMMONkit
AC-02 Account Management Protects T1542.005 TFTP Boot
AC-03 Access Enforcement Protects T1542.005 TFTP Boot
AC-05 Separation of Duties Protects T1542.005 TFTP Boot
AC-06 Least Privilege Protects T1542.005 TFTP Boot
CA-07 Continuous Monitoring Protects T1542.005 TFTP Boot
CA-08 Penetration Testing Protects T1542.005 TFTP Boot
CM-02 Baseline Configuration Protects T1542.005 TFTP Boot
CM-03 Configuration Change Control Protects T1542.005 TFTP Boot
CM-05 Access Restrictions for Change Protects T1542.005 TFTP Boot
CM-06 Configuration Settings Protects T1542.005 TFTP Boot
CM-07 Least Functionality Protects T1542.005 TFTP Boot
CM-08 System Component Inventory Protects T1542.005 TFTP Boot
IA-02 Identification and Authentication (organizational Users) Protects T1542.005 TFTP Boot
IA-07 Cryptographic Module Authentication Protects T1542.005 TFTP Boot
IA-08 Identification and Authentication (non-organizational Users) Protects T1542.005 TFTP Boot
RA-05 Vulnerability Monitoring and Scanning Protects T1542.005 TFTP Boot
RA-09 Criticality Analysis Protects T1542.005 TFTP Boot
SA-10 Developer Configuration Management Protects T1542.005 TFTP Boot
SA-11 Developer Testing and Evaluation Protects T1542.005 TFTP Boot
SC-34 Non-modifiable Executable Programs Protects T1542.005 TFTP Boot
SC-07 Boundary Protection Protects T1542.005 TFTP Boot
SI-02 Flaw Remediation Protects T1542.005 TFTP Boot
SI-04 System Monitoring Protects T1542.005 TFTP Boot
SI-07 Software, Firmware, and Information Integrity Protects T1542.005 TFTP Boot
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-02 Account Management Protects T1543 Create or Modify System Process
AC-03 Access Enforcement Protects T1543 Create or Modify System Process
AC-05 Separation of Duties Protects T1543 Create or Modify System Process
AC-06 Least Privilege Protects T1543 Create or Modify System Process
CA-07 Continuous Monitoring Protects T1543 Create or Modify System Process
CA-08 Penetration Testing Protects T1543 Create or Modify System Process
CM-11 User-installed Software Protects T1543 Create or Modify System Process
CM-02 Baseline Configuration Protects T1543 Create or Modify System Process
CM-03 Configuration Change Control Protects T1543 Create or Modify System Process
CM-05 Access Restrictions for Change Protects T1543 Create or Modify System Process
CM-06 Configuration Settings Protects T1543 Create or Modify System Process
CM-07 Least Functionality Protects T1543 Create or Modify System Process
IA-02 Identification and Authentication (organizational Users) Protects T1543 Create or Modify System Process
IA-04 Identifier Management Protects T1543 Create or Modify System Process
RA-05 Vulnerability Monitoring and Scanning Protects T1543 Create or Modify System Process
SA-22 Unsupported System Components Protects T1543 Create or Modify System Process
SI-16 Memory Protection Protects T1543 Create or Modify System Process
SI-03 Malicious Code Protection Protects T1543 Create or Modify System Process
SI-04 System Monitoring Protects T1543 Create or Modify System Process
SI-07 Software, Firmware, and Information Integrity Protects T1543 Create or Modify System Process
AC-02 Account Management Protects T1543.001 Launch Agent
AC-03 Access Enforcement Protects T1543.001 Launch Agent
AC-05 Separation of Duties Protects T1543.001 Launch Agent
AC-06 Least Privilege Protects T1543.001 Launch Agent
CM-11 User-installed Software Protects T1543.001 Launch Agent
CM-02 Baseline Configuration Protects T1543.001 Launch Agent
CM-05 Access Restrictions for Change Protects T1543.001 Launch Agent
IA-02 Identification and Authentication (organizational Users) Protects T1543.001 Launch Agent
AC-02 Account Management Protects T1543.004 Launch Daemon
AC-03 Access Enforcement Protects T1543.004 Launch Daemon
AC-05 Separation of Duties Protects T1543.004 Launch Daemon
AC-06 Least Privilege Protects T1543.004 Launch Daemon
CM-11 User-installed Software Protects T1543.004 Launch Daemon
CM-02 Baseline Configuration Protects T1543.004 Launch Daemon
CM-05 Access Restrictions for Change Protects T1543.004 Launch Daemon
IA-02 Identification and Authentication (organizational Users) Protects T1543.004 Launch Daemon
CM-02 Baseline Configuration Protects T1546 Event Triggered Execution
CM-06 Configuration Settings Protects T1546 Event Triggered Execution
IA-09 Service Identification and Authentication Protects T1546 Event Triggered Execution
SI-07 Software, Firmware, and Information Integrity Protects T1546 Event Triggered Execution
CM-02 Baseline Configuration Protects T1546.002 Screensaver
CM-06 Configuration Settings Protects T1546.002 Screensaver
CM-07 Least Functionality Protects T1546.002 Screensaver
CM-08 System Component Inventory Protects T1546.002 Screensaver
RA-05 Vulnerability Monitoring and Scanning Protects T1546.002 Screensaver
SI-10 Information Input Validation Protects T1546.002 Screensaver
SI-03 Malicious Code Protection Protects T1546.002 Screensaver
SI-04 System Monitoring Protects T1546.002 Screensaver
SI-07 Software, Firmware, and Information Integrity Protects T1546.002 Screensaver
AC-02 Account Management Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-03 Access Enforcement Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-05 Separation of Duties Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-06 Least Privilege Protects T1546.003 Windows Management Instrumentation Event Subscription
CA-07 Continuous Monitoring Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-02 Baseline Configuration Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-05 Access Restrictions for Change Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-06 Configuration Settings Protects T1546.003 Windows Management Instrumentation Event Subscription
IA-02 Identification and Authentication (organizational Users) Protects T1546.003 Windows Management Instrumentation Event Subscription
SI-14 Non-persistence Protects T1546.003 Windows Management Instrumentation Event Subscription
SI-03 Malicious Code Protection Protects T1546.003 Windows Management Instrumentation Event Subscription
SI-04 System Monitoring Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-03 Access Enforcement Protects T1546.004 Unix Shell Configuration Modification
AC-06 Least Privilege Protects T1546.004 Unix Shell Configuration Modification
CA-07 Continuous Monitoring Protects T1546.004 Unix Shell Configuration Modification
CM-02 Baseline Configuration Protects T1546.004 Unix Shell Configuration Modification
CM-06 Configuration Settings Protects T1546.004 Unix Shell Configuration Modification
SI-03 Malicious Code Protection Protects T1546.004 Unix Shell Configuration Modification
SI-04 System Monitoring Protects T1546.004 Unix Shell Configuration Modification
SI-07 Software, Firmware, and Information Integrity Protects T1546.004 Unix Shell Configuration Modification
CM-02 Baseline Configuration Protects T1546.006 LC_LOAD_DYLIB Addition
CM-06 Configuration Settings Protects T1546.006 LC_LOAD_DYLIB Addition
CM-07 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-08 System Component Inventory Protects T1546.006 LC_LOAD_DYLIB Addition
IA-09 Service Identification and Authentication Protects T1546.006 LC_LOAD_DYLIB Addition
SI-10 Information Input Validation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-02 Flaw Remediation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-03 Malicious Code Protection Protects T1546.006 LC_LOAD_DYLIB Addition
SI-04 System Monitoring Protects T1546.006 LC_LOAD_DYLIB Addition
SI-07 Software, Firmware, and Information Integrity Protects T1546.006 LC_LOAD_DYLIB Addition
SR-11 Component Authenticity Protects T1546.006 LC_LOAD_DYLIB Addition
SR-04 Provenance Protects T1546.006 LC_LOAD_DYLIB Addition
SR-05 Acquisition Strategies, Tools, and Methods Protects T1546.006 LC_LOAD_DYLIB Addition
SR-06 Supplier Assessments and Reviews Protects T1546.006 LC_LOAD_DYLIB Addition
CM-10 Software Usage Restrictions Protects T1546.008 Accessibility Features
CM-06 Configuration Settings Protects T1546.008 Accessibility Features
CM-07 Least Functionality Protects T1546.008 Accessibility Features
SI-10 Information Input Validation Protects T1546.008 Accessibility Features
SI-04 System Monitoring Protects T1546.008 Accessibility Features
SI-07 Software, Firmware, and Information Integrity Protects T1546.008 Accessibility Features
CM-07 Least Functionality Protects T1546.009 AppCert DLLs
SI-10 Information Input Validation Protects T1546.009 AppCert DLLs
SI-07 Software, Firmware, and Information Integrity Protects T1546.009 AppCert DLLs
CM-02 Baseline Configuration Protects T1546.010 AppInit DLLs
CM-07 Least Functionality Protects T1546.010 AppInit DLLs
SI-10 Information Input Validation Protects T1546.010 AppInit DLLs
SI-02 Flaw Remediation Protects T1546.010 AppInit DLLs
SI-07 Software, Firmware, and Information Integrity Protects T1546.010 AppInit DLLs
AC-06 Least Privilege Protects T1546.011 Application Shimming
SI-02 Flaw Remediation Protects T1546.011 Application Shimming
AC-03 Access Enforcement Protects T1546.013 PowerShell Profile
AC-06 Least Privilege Protects T1546.013 PowerShell Profile
CA-07 Continuous Monitoring Protects T1546.013 PowerShell Profile
CM-10 Software Usage Restrictions Protects T1546.013 PowerShell Profile
CM-02 Baseline Configuration Protects T1546.013 PowerShell Profile
CM-06 Configuration Settings Protects T1546.013 PowerShell Profile
IA-09 Service Identification and Authentication Protects T1546.013 PowerShell Profile
SI-03 Malicious Code Protection Protects T1546.013 PowerShell Profile
SI-04 System Monitoring Protects T1546.013 PowerShell Profile
SI-07 Software, Firmware, and Information Integrity Protects T1546.013 PowerShell Profile
CM-02 Baseline Configuration Protects T1546.014 Emond
CM-06 Configuration Settings Protects T1546.014 Emond
CM-08 System Component Inventory Protects T1546.014 Emond
RA-05 Vulnerability Monitoring and Scanning Protects T1546.014 Emond
SI-03 Malicious Code Protection Protects T1546.014 Emond
SI-04 System Monitoring Protects T1546.014 Emond
AC-06 Least Privilege Protects T1546.016 Installer Packages
CA-07 Continuous Monitoring Protects T1546.016 Installer Packages
CM-05 Access Restrictions for Change Protects T1546.016 Installer Packages
CM-06 Configuration Settings Protects T1546.016 Installer Packages
SI-02 Flaw Remediation Protects T1546.016 Installer Packages
SI-03 Malicious Code Protection Protects T1546.016 Installer Packages
SI-04 System Monitoring Protects T1546.016 Installer Packages
CM-06 Configuration Settings Protects T1547.002 Authentication Package
SC-39 Process Isolation Protects T1547.002 Authentication Package
SI-03 Malicious Code Protection Protects T1547.002 Authentication Package
SI-04 System Monitoring Protects T1547.002 Authentication Package
SI-07 Software, Firmware, and Information Integrity Protects T1547.002 Authentication Package
AC-17 Remote Access Protects T1547.003 Time Providers
AC-03 Access Enforcement Protects T1547.003 Time Providers
AC-04 Information Flow Enforcement Protects T1547.003 Time Providers
AC-06 Least Privilege Protects T1547.003 Time Providers
CA-07 Continuous Monitoring Protects T1547.003 Time Providers
CM-02 Baseline Configuration Protects T1547.003 Time Providers
CM-05 Access Restrictions for Change Protects T1547.003 Time Providers
CM-06 Configuration Settings Protects T1547.003 Time Providers
SI-04 System Monitoring Protects T1547.003 Time Providers
SI-07 Software, Firmware, and Information Integrity Protects T1547.003 Time Providers
AC-17 Remote Access Protects T1547.004 Winlogon Helper DLL
AC-02 Account Management Protects T1547.004 Winlogon Helper DLL
AC-03 Access Enforcement Protects T1547.004 Winlogon Helper DLL
AC-05 Separation of Duties Protects T1547.004 Winlogon Helper DLL
AC-06 Least Privilege Protects T1547.004 Winlogon Helper DLL
CM-05 Access Restrictions for Change Protects T1547.004 Winlogon Helper DLL
CM-07 Least Functionality Protects T1547.004 Winlogon Helper DLL
IA-02 Identification and Authentication (organizational Users) Protects T1547.004 Winlogon Helper DLL
SI-10 Information Input Validation Protects T1547.004 Winlogon Helper DLL
SI-14 Non-persistence Protects T1547.004 Winlogon Helper DLL
SI-16 Memory Protection Protects T1547.004 Winlogon Helper DLL
SI-04 System Monitoring Protects T1547.004 Winlogon Helper DLL
SI-07 Software, Firmware, and Information Integrity Protects T1547.004 Winlogon Helper DLL
CM-06 Configuration Settings Protects T1547.005 Security Support Provider
SC-39 Process Isolation Protects T1547.005 Security Support Provider
SI-03 Malicious Code Protection Protects T1547.005 Security Support Provider
SI-04 System Monitoring Protects T1547.005 Security Support Provider
SI-07 Software, Firmware, and Information Integrity Protects T1547.005 Security Support Provider
AC-02 Account Management Protects T1547.006 Kernel Modules and Extensions
AC-03 Access Enforcement Protects T1547.006 Kernel Modules and Extensions
AC-05 Separation of Duties Protects T1547.006 Kernel Modules and Extensions
AC-06 Least Privilege Protects T1547.006 Kernel Modules and Extensions
CM-05 Access Restrictions for Change Protects T1547.006 Kernel Modules and Extensions
CM-06 Configuration Settings Protects T1547.006 Kernel Modules and Extensions
CM-07 Least Functionality Protects T1547.006 Kernel Modules and Extensions
IA-02 Identification and Authentication (organizational Users) Protects T1547.006 Kernel Modules and Extensions
IA-04 Identifier Management Protects T1547.006 Kernel Modules and Extensions
IA-08 Identification and Authentication (non-organizational Users) Protects T1547.006 Kernel Modules and Extensions
RA-05 Vulnerability Monitoring and Scanning Protects T1547.006 Kernel Modules and Extensions
SI-10 Information Input Validation Protects T1547.006 Kernel Modules and Extensions
SI-14 Non-persistence Protects T1547.006 Kernel Modules and Extensions
SI-16 Memory Protection Protects T1547.006 Kernel Modules and Extensions
SI-02 Flaw Remediation Protects T1547.006 Kernel Modules and Extensions
SI-03 Malicious Code Protection Protects T1547.006 Kernel Modules and Extensions
SI-04 System Monitoring Protects T1547.006 Kernel Modules and Extensions
SI-07 Software, Firmware, and Information Integrity Protects T1547.006 Kernel Modules and Extensions
AC-16 Security and Privacy Attributes Protects T1547.007 Re-opened Applications
AC-03 Access Enforcement Protects T1547.007 Re-opened Applications
CM-02 Baseline Configuration Protects T1547.007 Re-opened Applications
CM-03 Configuration Change Control Protects T1547.007 Re-opened Applications
CM-05 Access Restrictions for Change Protects T1547.007 Re-opened Applications
CM-06 Configuration Settings Protects T1547.007 Re-opened Applications
CM-07 Least Functionality Protects T1547.007 Re-opened Applications
CM-08 System Component Inventory Protects T1547.007 Re-opened Applications
RA-05 Vulnerability Monitoring and Scanning Protects T1547.007 Re-opened Applications
SI-03 Malicious Code Protection Protects T1547.007 Re-opened Applications
SI-04 System Monitoring Protects T1547.007 Re-opened Applications
CM-02 Baseline Configuration Protects T1547.008 LSASS Driver
CM-06 Configuration Settings Protects T1547.008 LSASS Driver
RA-05 Vulnerability Monitoring and Scanning Protects T1547.008 LSASS Driver
SC-39 Process Isolation Protects T1547.008 LSASS Driver
SI-03 Malicious Code Protection Protects T1547.008 LSASS Driver
SI-04 System Monitoring Protects T1547.008 LSASS Driver
SI-07 Software, Firmware, and Information Integrity Protects T1547.008 LSASS Driver
AC-17 Remote Access Protects T1547.009 Shortcut Modification
AC-02 Account Management Protects T1547.009 Shortcut Modification
AC-03 Access Enforcement Protects T1547.009 Shortcut Modification
AC-05 Separation of Duties Protects T1547.009 Shortcut Modification
AC-06 Least Privilege Protects T1547.009 Shortcut Modification
CM-05 Access Restrictions for Change Protects T1547.009 Shortcut Modification
IA-02 Identification and Authentication (organizational Users) Protects T1547.009 Shortcut Modification
SI-04 System Monitoring Protects T1547.009 Shortcut Modification
AC-02 Account Management Protects T1548.002 Bypass User Account Control
AC-03 Access Enforcement Protects T1548.002 Bypass User Account Control
AC-05 Separation of Duties Protects T1548.002 Bypass User Account Control
AC-06 Least Privilege Protects T1548.002 Bypass User Account Control
CA-08 Penetration Testing Protects T1548.002 Bypass User Account Control
CM-02 Baseline Configuration Protects T1548.002 Bypass User Account Control
CM-05 Access Restrictions for Change Protects T1548.002 Bypass User Account Control
CM-06 Configuration Settings Protects T1548.002 Bypass User Account Control
IA-02 Identification and Authentication (organizational Users) Protects T1548.002 Bypass User Account Control
RA-05 Vulnerability Monitoring and Scanning Protects T1548.002 Bypass User Account Control
SI-02 Flaw Remediation Protects T1548.002 Bypass User Account Control
SI-04 System Monitoring Protects T1548.002 Bypass User Account Control
AC-16 Security and Privacy Attributes Protects T1548.003 Sudo and Sudo Caching
AC-02 Account Management Protects T1548.003 Sudo and Sudo Caching
AC-03 Access Enforcement Protects T1548.003 Sudo and Sudo Caching
AC-05 Separation of Duties Protects T1548.003 Sudo and Sudo Caching
AC-06 Least Privilege Protects T1548.003 Sudo and Sudo Caching
CA-07 Continuous Monitoring Protects T1548.003 Sudo and Sudo Caching
CM-02 Baseline Configuration Protects T1548.003 Sudo and Sudo Caching
CM-05 Access Restrictions for Change Protects T1548.003 Sudo and Sudo Caching
CM-06 Configuration Settings Protects T1548.003 Sudo and Sudo Caching
CM-07 Least Functionality Protects T1548.003 Sudo and Sudo Caching
IA-02 Identification and Authentication (organizational Users) Protects T1548.003 Sudo and Sudo Caching
RA-05 Vulnerability Monitoring and Scanning Protects T1548.003 Sudo and Sudo Caching
SI-04 System Monitoring Protects T1548.003 Sudo and Sudo Caching
CM-02 Baseline Configuration Protects T1548.004 Elevated Execution with Prompt
CM-06 Configuration Settings Protects T1548.004 Elevated Execution with Prompt
CM-07 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-08 System Component Inventory Protects T1548.004 Elevated Execution with Prompt
SC-18 Mobile Code Protects T1548.004 Elevated Execution with Prompt
SC-34 Non-modifiable Executable Programs Protects T1548.004 Elevated Execution with Prompt
SI-12 Information Management and Retention Protects T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection Protects T1548.004 Elevated Execution with Prompt
SI-03 Malicious Code Protection Protects T1548.004 Elevated Execution with Prompt
SI-04 System Monitoring Protects T1548.004 Elevated Execution with Prompt
SI-07 Software, Firmware, and Information Integrity Protects T1548.004 Elevated Execution with Prompt
AC-02 Account Management Protects T1550 Use Alternate Authentication Material
AC-03 Access Enforcement Protects T1550 Use Alternate Authentication Material
AC-05 Separation of Duties Protects T1550 Use Alternate Authentication Material
AC-06 Least Privilege Protects T1550 Use Alternate Authentication Material
CM-05 Access Restrictions for Change Protects T1550 Use Alternate Authentication Material
CM-06 Configuration Settings Protects T1550 Use Alternate Authentication Material
IA-02 Identification and Authentication (organizational Users) Protects T1550 Use Alternate Authentication Material
AC-02 Account Management Protects T1550.002 Pass the Hash
AC-03 Access Enforcement Protects T1550.002 Pass the Hash
AC-05 Separation of Duties Protects T1550.002 Pass the Hash
AC-06 Least Privilege Protects T1550.002 Pass the Hash
CM-05 Access Restrictions for Change Protects T1550.002 Pass the Hash
CM-06 Configuration Settings Protects T1550.002 Pass the Hash
IA-02 Identification and Authentication (organizational Users) Protects T1550.002 Pass the Hash
SI-02 Flaw Remediation Protects T1550.002 Pass the Hash
AC-02 Account Management Protects T1550.003 Pass the Ticket
AC-03 Access Enforcement Protects T1550.003 Pass the Ticket
AC-05 Separation of Duties Protects T1550.003 Pass the Ticket
AC-06 Least Privilege Protects T1550.003 Pass the Ticket
CA-07 Continuous Monitoring Protects T1550.003 Pass the Ticket
CM-02 Baseline Configuration Protects T1550.003 Pass the Ticket
CM-05 Access Restrictions for Change Protects T1550.003 Pass the Ticket
CM-06 Configuration Settings Protects T1550.003 Pass the Ticket
IA-02 Identification and Authentication (organizational Users) Protects T1550.003 Pass the Ticket
IA-05 Authenticator Management Protects T1550.003 Pass the Ticket
SI-04 System Monitoring Protects T1550.003 Pass the Ticket
SC-23 Session Authenticity Protects T1550.004 Web Session Cookie
SC-08 Transmission Confidentiality and Integrity Protects T1550.004 Web Session Cookie
SI-07 Software, Firmware, and Information Integrity Protects T1550.004 Web Session Cookie
CM-06 Configuration Settings Protects T1552.003 Bash History
CM-07 Least Functionality Protects T1552.003 Bash History
SC-28 Protection of Information at Rest Protects T1552.003 Bash History
SI-04 System Monitoring Protects T1552.003 Bash History
AC-02 Account Management Protects T1552.006 Group Policy Preferences
AC-05 Separation of Duties Protects T1552.006 Group Policy Preferences
AC-06 Least Privilege Protects T1552.006 Group Policy Preferences
CA-08 Penetration Testing Protects T1552.006 Group Policy Preferences
CM-02 Baseline Configuration Protects T1552.006 Group Policy Preferences
CM-06 Configuration Settings Protects T1552.006 Group Policy Preferences
IA-02 Identification and Authentication (organizational Users) Protects T1552.006 Group Policy Preferences
IA-05 Authenticator Management Protects T1552.006 Group Policy Preferences
RA-05 Vulnerability Monitoring and Scanning Protects T1552.006 Group Policy Preferences
SA-11 Developer Testing and Evaluation Protects T1552.006 Group Policy Preferences
SA-15 Development Process, Standards, and Tools Protects T1552.006 Group Policy Preferences
SI-02 Flaw Remediation Protects T1552.006 Group Policy Preferences
SI-04 System Monitoring Protects T1552.006 Group Policy Preferences
AC-17 Remote Access Protects T1552.007 Container API
AC-02 Account Management Protects T1552.007 Container API
AC-23 Data Mining Protection Protects T1552.007 Container API
AC-03 Access Enforcement Protects T1552.007 Container API
AC-04 Information Flow Enforcement Protects T1552.007 Container API
AC-05 Separation of Duties Protects T1552.007 Container API
AC-06 Least Privilege Protects T1552.007 Container API
CM-05 Access Restrictions for Change Protects T1552.007 Container API
CM-06 Configuration Settings Protects T1552.007 Container API
CM-07 Least Functionality Protects T1552.007 Container API
IA-02 Identification and Authentication (organizational Users) Protects T1552.007 Container API
SC-46 Cross Domain Policy Enforcement Protects T1552.007 Container API
SC-07 Boundary Protection Protects T1552.007 Container API
SC-08 Transmission Confidentiality and Integrity Protects T1552.007 Container API
AC-06 Least Privilege Protects T1553 Subvert Trust Controls
CA-08 Penetration Testing Protects T1553 Subvert Trust Controls
CM-10 Software Usage Restrictions Protects T1553 Subvert Trust Controls
CM-02 Baseline Configuration Protects T1553 Subvert Trust Controls
CM-03 Configuration Change Control Protects T1553 Subvert Trust Controls
CM-05 Access Restrictions for Change Protects T1553 Subvert Trust Controls
CM-06 Configuration Settings Protects T1553 Subvert Trust Controls
CM-07 Least Functionality Protects T1553 Subvert Trust Controls
CM-08 System Component Inventory Protects T1553 Subvert Trust Controls
IA-07 Cryptographic Module Authentication Protects T1553 Subvert Trust Controls
IA-09 Service Identification and Authentication Protects T1553 Subvert Trust Controls
RA-09 Criticality Analysis Protects T1553 Subvert Trust Controls
SA-10 Developer Configuration Management Protects T1553 Subvert Trust Controls
SA-11 Developer Testing and Evaluation Protects T1553 Subvert Trust Controls
SC-34 Non-modifiable Executable Programs Protects T1553 Subvert Trust Controls
SI-10 Information Input Validation Protects T1553 Subvert Trust Controls
SI-02 Flaw Remediation Protects T1553 Subvert Trust Controls
SI-04 System Monitoring Protects T1553 Subvert Trust Controls
SI-07 Software, Firmware, and Information Integrity Protects T1553 Subvert Trust Controls
CM-02 Baseline Configuration Protects T1553.001 Gatekeeper Bypass
CM-06 Configuration Settings Protects T1553.001 Gatekeeper Bypass
CM-07 Least Functionality Protects T1553.001 Gatekeeper Bypass
SI-10 Information Input Validation Protects T1553.001 Gatekeeper Bypass
SI-04 System Monitoring Protects T1553.001 Gatekeeper Bypass
SI-07 Software, Firmware, and Information Integrity Protects T1553.001 Gatekeeper Bypass
AC-03 Access Enforcement Protects T1553.003 SIP and Trust Provider Hijacking
AC-06 Least Privilege Protects T1553.003 SIP and Trust Provider Hijacking
CA-07 Continuous Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
CM-02 Baseline Configuration Protects T1553.003 SIP and Trust Provider Hijacking
CM-06 Configuration Settings Protects T1553.003 SIP and Trust Provider Hijacking
CM-07 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
SI-10 Information Input Validation Protects T1553.003 SIP and Trust Provider Hijacking
SI-03 Malicious Code Protection Protects T1553.003 SIP and Trust Provider Hijacking
SI-04 System Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1553.003 SIP and Trust Provider Hijacking
CM-10 Software Usage Restrictions Protects T1553.004 Install Root Certificate
CM-06 Configuration Settings Protects T1553.004 Install Root Certificate
CM-07 Least Functionality Protects T1553.004 Install Root Certificate
IA-09 Service Identification and Authentication Protects T1553.004 Install Root Certificate
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1553.004 Install Root Certificate
SI-04 System Monitoring Protects T1553.004 Install Root Certificate
AC-06 Least Privilege Protects T1553.006 Code Signing Policy Modification
CA-08 Penetration Testing Protects T1553.006 Code Signing Policy Modification
CM-03 Configuration Change Control Protects T1553.006 Code Signing Policy Modification
CM-05 Access Restrictions for Change Protects T1553.006 Code Signing Policy Modification
CM-07 Least Functionality Protects T1553.006 Code Signing Policy Modification
CM-08 System Component Inventory Protects T1553.006 Code Signing Policy Modification
IA-07 Cryptographic Module Authentication Protects T1553.006 Code Signing Policy Modification
RA-09 Criticality Analysis Protects T1553.006 Code Signing Policy Modification
SA-10 Developer Configuration Management Protects T1553.006 Code Signing Policy Modification
SA-11 Developer Testing and Evaluation Protects T1553.006 Code Signing Policy Modification
SC-34 Non-modifiable Executable Programs Protects T1553.006 Code Signing Policy Modification
SI-02 Flaw Remediation Protects T1553.006 Code Signing Policy Modification
SI-07 Software, Firmware, and Information Integrity Protects T1553.006 Code Signing Policy Modification
CA-07 Continuous Monitoring Protects T1555.001 Keychain
IA-05 Authenticator Management Protects T1555.001 Keychain
SI-04 System Monitoring Protects T1555.001 Keychain
CA-07 Continuous Monitoring Protects T1555.002 Securityd Memory
IA-05 Authenticator Management Protects T1555.002 Securityd Memory
SI-04 System Monitoring Protects T1555.002 Securityd Memory
CM-02 Baseline Configuration Protects T1555.004 Windows Credential Manager
CM-06 Configuration Settings Protects T1555.004 Windows Credential Manager
CM-07 Least Functionality Protects T1555.004 Windows Credential Manager
IA-05 Authenticator Management Protects T1555.004 Windows Credential Manager
SI-04 System Monitoring Protects T1555.004 Windows Credential Manager
CM-02 Baseline Configuration Protects T1555.005 Password Managers
CM-06 Configuration Settings Protects T1555.005 Password Managers
IA-02 Identification and Authentication (organizational Users) Protects T1555.005 Password Managers
IA-05 Authenticator Management Protects T1555.005 Password Managers
SI-02 Flaw Remediation Protects T1555.005 Password Managers
SI-04 System Monitoring Protects T1555.005 Password Managers
AC-02 Account Management Protects T1556.001 Domain Controller Authentication
AC-20 Use of External Systems Protects T1556.001 Domain Controller Authentication
AC-03 Access Enforcement Protects T1556.001 Domain Controller Authentication
AC-05 Separation of Duties Protects T1556.001 Domain Controller Authentication
AC-06 Least Privilege Protects T1556.001 Domain Controller Authentication
AC-07 Unsuccessful Logon Attempts Protects T1556.001 Domain Controller Authentication
CA-07 Continuous Monitoring Protects T1556.001 Domain Controller Authentication
CM-05 Access Restrictions for Change Protects T1556.001 Domain Controller Authentication
CM-06 Configuration Settings Protects T1556.001 Domain Controller Authentication
IA-02 Identification and Authentication (organizational Users) Protects T1556.001 Domain Controller Authentication
IA-05 Authenticator Management Protects T1556.001 Domain Controller Authentication
SC-39 Process Isolation Protects T1556.001 Domain Controller Authentication
SI-04 System Monitoring Protects T1556.001 Domain Controller Authentication
SI-07 Software, Firmware, and Information Integrity Protects T1556.001 Domain Controller Authentication
CM-06 Configuration Settings Protects T1556.002 Password Filter DLL
CM-07 Least Functionality Protects T1556.002 Password Filter DLL
SI-04 System Monitoring Protects T1556.002 Password Filter DLL
AC-02 Account Management Protects T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems Protects T1556.003 Pluggable Authentication Modules
AC-03 Access Enforcement Protects T1556.003 Pluggable Authentication Modules
AC-05 Separation of Duties Protects T1556.003 Pluggable Authentication Modules
AC-06 Least Privilege Protects T1556.003 Pluggable Authentication Modules
AC-07 Unsuccessful Logon Attempts Protects T1556.003 Pluggable Authentication Modules
CM-05 Access Restrictions for Change Protects T1556.003 Pluggable Authentication Modules
CM-06 Configuration Settings Protects T1556.003 Pluggable Authentication Modules
IA-02 Identification and Authentication (organizational Users) Protects T1556.003 Pluggable Authentication Modules
IA-05 Authenticator Management Protects T1556.003 Pluggable Authentication Modules
SI-04 System Monitoring Protects T1556.003 Pluggable Authentication Modules
SI-07 Software, Firmware, and Information Integrity Protects T1556.003 Pluggable Authentication Modules
AC-02 Account Management Protects T1556.004 Network Device Authentication
AC-20 Use of External Systems Protects T1556.004 Network Device Authentication
AC-03 Access Enforcement Protects T1556.004 Network Device Authentication
AC-05 Separation of Duties Protects T1556.004 Network Device Authentication
AC-06 Least Privilege Protects T1556.004 Network Device Authentication
AC-07 Unsuccessful Logon Attempts Protects T1556.004 Network Device Authentication
CM-02 Baseline Configuration Protects T1556.004 Network Device Authentication
CM-05 Access Restrictions for Change Protects T1556.004 Network Device Authentication
CM-06 Configuration Settings Protects T1556.004 Network Device Authentication
IA-02 Identification and Authentication (organizational Users) Protects T1556.004 Network Device Authentication
IA-05 Authenticator Management Protects T1556.004 Network Device Authentication
SI-04 System Monitoring Protects T1556.004 Network Device Authentication
SI-07 Software, Firmware, and Information Integrity Protects T1556.004 Network Device Authentication
AC-02 Account Management Protects T1556.005 Reversible Encryption
AC-05 Separation of Duties Protects T1556.005 Reversible Encryption
AC-06 Least Privilege Protects T1556.005 Reversible Encryption
IA-05 Authenticator Management Protects T1556.005 Reversible Encryption
AC-02 Account Management Protects T1556.006 Multi-Factor Authentication
AC-03 Access Enforcement Protects T1556.006 Multi-Factor Authentication
AC-06 Least Privilege Protects T1556.006 Multi-Factor Authentication
IA-11 Re-authentication Protects T1556.006 Multi-Factor Authentication
IA-02 Identification and Authentication (organizational Users) Protects T1556.006 Multi-Factor Authentication
AC-02 Account Management Protects T1556.007 Hybrid Identity
AC-03 Access Enforcement Protects T1556.007 Hybrid Identity
AC-06 Least Privilege Protects T1556.007 Hybrid Identity
IA-11 Re-authentication Protects T1556.007 Hybrid Identity
IA-02 Identification and Authentication (organizational Users) Protects T1556.007 Hybrid Identity
AC-03 Access Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-04 Information Flow Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CA-07 Continuous Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-02 Baseline Configuration Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-06 Configuration Settings Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-07 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-08 System Component Inventory Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-23 Session Authenticity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-46 Cross Domain Policy Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-07 Boundary Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-08 Transmission Confidentiality and Integrity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-10 Information Input Validation Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-15 Information Output Filtering Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-03 Malicious Code Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-04 System Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-16 Security and Privacy Attributes Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-18 Wireless Access Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems Protects T1557.002 ARP Cache Poisoning
AC-03 Access Enforcement Protects T1557.002 ARP Cache Poisoning
AC-04 Information Flow Enforcement Protects T1557.002 ARP Cache Poisoning
CA-07 Continuous Monitoring Protects T1557.002 ARP Cache Poisoning
CM-02 Baseline Configuration Protects T1557.002 ARP Cache Poisoning
CM-06 Configuration Settings Protects T1557.002 ARP Cache Poisoning
CM-07 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-08 System Component Inventory Protects T1557.002 ARP Cache Poisoning
SC-23 Session Authenticity Protects T1557.002 ARP Cache Poisoning
SC-04 Information in Shared System Resources Protects T1557.002 ARP Cache Poisoning
SC-07 Boundary Protection Protects T1557.002 ARP Cache Poisoning
SC-08 Transmission Confidentiality and Integrity Protects T1557.002 ARP Cache Poisoning
SI-10 Information Input Validation Protects T1557.002 ARP Cache Poisoning
SI-12 Information Management and Retention Protects T1557.002 ARP Cache Poisoning
SI-15 Information Output Filtering Protects T1557.002 ARP Cache Poisoning
SI-03 Malicious Code Protection Protects T1557.002 ARP Cache Poisoning
SI-04 System Monitoring Protects T1557.002 ARP Cache Poisoning
SI-07 Software, Firmware, and Information Integrity Protects T1557.002 ARP Cache Poisoning
AC-03 Access Enforcement Protects T1557.003 DHCP Spoofing
AC-04 Information Flow Enforcement Protects T1557.003 DHCP Spoofing
CA-07 Continuous Monitoring Protects T1557.003 DHCP Spoofing
CM-02 Baseline Configuration Protects T1557.003 DHCP Spoofing
CM-06 Configuration Settings Protects T1557.003 DHCP Spoofing
CM-07 Least Functionality Protects T1557.003 DHCP Spoofing
CM-08 System Component Inventory Protects T1557.003 DHCP Spoofing
SC-23 Session Authenticity Protects T1557.003 DHCP Spoofing
SC-46 Cross Domain Policy Enforcement Protects T1557.003 DHCP Spoofing
SC-07 Boundary Protection Protects T1557.003 DHCP Spoofing
SC-08 Transmission Confidentiality and Integrity Protects T1557.003 DHCP Spoofing
SI-10 Information Input Validation Protects T1557.003 DHCP Spoofing
SI-15 Information Output Filtering Protects T1557.003 DHCP Spoofing
SI-03 Malicious Code Protection Protects T1557.003 DHCP Spoofing
SI-04 System Monitoring Protects T1557.003 DHCP Spoofing
AC-16 Security and Privacy Attributes Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-02 Account Management Protects T1558 Steal or Forge Kerberos Tickets
AC-03 Access Enforcement Protects T1558 Steal or Forge Kerberos Tickets
AC-05 Separation of Duties Protects T1558 Steal or Forge Kerberos Tickets
AC-06 Least Privilege Protects T1558 Steal or Forge Kerberos Tickets
CA-07 Continuous Monitoring Protects T1558 Steal or Forge Kerberos Tickets
CM-02 Baseline Configuration Protects T1558 Steal or Forge Kerberos Tickets
CM-05 Access Restrictions for Change Protects T1558 Steal or Forge Kerberos Tickets
CM-06 Configuration Settings Protects T1558 Steal or Forge Kerberos Tickets
IA-02 Identification and Authentication (organizational Users) Protects T1558 Steal or Forge Kerberos Tickets
IA-05 Authenticator Management Protects T1558 Steal or Forge Kerberos Tickets
SC-04 Information in Shared System Resources Protects T1558 Steal or Forge Kerberos Tickets
SI-12 Information Management and Retention Protects T1558 Steal or Forge Kerberos Tickets
SI-03 Malicious Code Protection Protects T1558 Steal or Forge Kerberos Tickets
SI-04 System Monitoring Protects T1558 Steal or Forge Kerberos Tickets
SI-07 Software, Firmware, and Information Integrity Protects T1558 Steal or Forge Kerberos Tickets
AC-02 Account Management Protects T1558.001 Golden Ticket
AC-03 Access Enforcement Protects T1558.001 Golden Ticket
AC-05 Separation of Duties Protects T1558.001 Golden Ticket
AC-06 Least Privilege Protects T1558.001 Golden Ticket
CM-02 Baseline Configuration Protects T1558.001 Golden Ticket
CM-05 Access Restrictions for Change Protects T1558.001 Golden Ticket
CM-06 Configuration Settings Protects T1558.001 Golden Ticket
IA-02 Identification and Authentication (organizational Users) Protects T1558.001 Golden Ticket
IA-05 Authenticator Management Protects T1558.001 Golden Ticket
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-02 Account Management Protects T1558.002 Silver Ticket
AC-03 Access Enforcement Protects T1558.002 Silver Ticket
AC-05 Separation of Duties Protects T1558.002 Silver Ticket
AC-06 Least Privilege Protects T1558.002 Silver Ticket
CA-07 Continuous Monitoring Protects T1558.002 Silver Ticket
CM-02 Baseline Configuration Protects T1558.002 Silver Ticket
CM-05 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-06 Configuration Settings Protects T1558.002 Silver Ticket
IA-02 Identification and Authentication (organizational Users) Protects T1558.002 Silver Ticket
IA-05 Authenticator Management Protects T1558.002 Silver Ticket
SC-04 Information in Shared System Resources Protects T1558.002 Silver Ticket
SI-12 Information Management and Retention Protects T1558.002 Silver Ticket
SI-03 Malicious Code Protection Protects T1558.002 Silver Ticket
SI-04 System Monitoring Protects T1558.002 Silver Ticket
SI-07 Software, Firmware, and Information Integrity Protects T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-18 Wireless Access Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-02 Account Management Protects T1558.003 Kerberoasting
AC-03 Access Enforcement Protects T1558.003 Kerberoasting
AC-05 Separation of Duties Protects T1558.003 Kerberoasting
AC-06 Least Privilege Protects T1558.003 Kerberoasting
CA-07 Continuous Monitoring Protects T1558.003 Kerberoasting
CM-02 Baseline Configuration Protects T1558.003 Kerberoasting
CM-05 Access Restrictions for Change Protects T1558.003 Kerberoasting
CM-06 Configuration Settings Protects T1558.003 Kerberoasting
IA-02 Identification and Authentication (organizational Users) Protects T1558.003 Kerberoasting
IA-05 Authenticator Management Protects T1558.003 Kerberoasting
SC-04 Information in Shared System Resources Protects T1558.003 Kerberoasting
SI-12 Information Management and Retention Protects T1558.003 Kerberoasting
SI-03 Malicious Code Protection Protects T1558.003 Kerberoasting
SI-04 System Monitoring Protects T1558.003 Kerberoasting
SI-07 Software, Firmware, and Information Integrity Protects T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-18 Wireless Access Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-02 Account Management Protects T1558.004 AS-REP Roasting
AC-03 Access Enforcement Protects T1558.004 AS-REP Roasting
CA-07 Continuous Monitoring Protects T1558.004 AS-REP Roasting
CA-08 Penetration Testing Protects T1558.004 AS-REP Roasting
CM-02 Baseline Configuration Protects T1558.004 AS-REP Roasting
CM-06 Configuration Settings Protects T1558.004 AS-REP Roasting
IA-02 Identification and Authentication (organizational Users) Protects T1558.004 AS-REP Roasting
IA-05 Authenticator Management Protects T1558.004 AS-REP Roasting
RA-05 Vulnerability Monitoring and Scanning Protects T1558.004 AS-REP Roasting
SA-11 Developer Testing and Evaluation Protects T1558.004 AS-REP Roasting
SA-15 Development Process, Standards, and Tools Protects T1558.004 AS-REP Roasting
SC-04 Information in Shared System Resources Protects T1558.004 AS-REP Roasting
SI-12 Information Management and Retention Protects T1558.004 AS-REP Roasting
SI-03 Malicious Code Protection Protects T1558.004 AS-REP Roasting
SI-04 System Monitoring Protects T1558.004 AS-REP Roasting
SI-07 Software, Firmware, and Information Integrity Protects T1558.004 AS-REP Roasting
AC-02 Account Management Protects T1559 Inter-Process Communication
AC-03 Access Enforcement Protects T1559 Inter-Process Communication
AC-04 Information Flow Enforcement Protects T1559 Inter-Process Communication
AC-05 Separation of Duties Protects T1559 Inter-Process Communication
AC-06 Least Privilege Protects T1559 Inter-Process Communication
CM-10 Software Usage Restrictions Protects T1559 Inter-Process Communication
CM-02 Baseline Configuration Protects T1559 Inter-Process Communication
CM-05 Access Restrictions for Change Protects T1559 Inter-Process Communication
CM-06 Configuration Settings Protects T1559 Inter-Process Communication
CM-07 Least Functionality Protects T1559 Inter-Process Communication
CM-08 System Component Inventory Protects T1559 Inter-Process Communication
IA-02 Identification and Authentication (organizational Users) Protects T1559 Inter-Process Communication
RA-05 Vulnerability Monitoring and Scanning Protects T1559 Inter-Process Communication
SC-18 Mobile Code Protects T1559 Inter-Process Communication
SC-03 Security Function Isolation Protects T1559 Inter-Process Communication
SC-07 Boundary Protection Protects T1559 Inter-Process Communication
SI-02 Flaw Remediation Protects T1559 Inter-Process Communication
SI-03 Malicious Code Protection Protects T1559 Inter-Process Communication
SI-04 System Monitoring Protects T1559 Inter-Process Communication
AC-02 Account Management Protects T1559.001 Component Object Model
AC-03 Access Enforcement Protects T1559.001 Component Object Model
AC-04 Information Flow Enforcement Protects T1559.001 Component Object Model
AC-05 Separation of Duties Protects T1559.001 Component Object Model
AC-06 Least Privilege Protects T1559.001 Component Object Model
CM-02 Baseline Configuration Protects T1559.001 Component Object Model
CM-05 Access Restrictions for Change Protects T1559.001 Component Object Model
CM-06 Configuration Settings Protects T1559.001 Component Object Model
IA-02 Identification and Authentication (organizational Users) Protects T1559.001 Component Object Model
SC-18 Mobile Code Protects T1559.001 Component Object Model
SC-03 Security Function Isolation Protects T1559.001 Component Object Model
SC-07 Boundary Protection Protects T1559.001 Component Object Model
SI-03 Malicious Code Protection Protects T1559.001 Component Object Model
AC-04 Information Flow Enforcement Protects T1559.002 Dynamic Data Exchange
AC-06 Least Privilege Protects T1559.002 Dynamic Data Exchange
CM-10 Software Usage Restrictions Protects T1559.002 Dynamic Data Exchange
CM-02 Baseline Configuration Protects T1559.002 Dynamic Data Exchange
CM-06 Configuration Settings Protects T1559.002 Dynamic Data Exchange
CM-07 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-08 System Component Inventory Protects T1559.002 Dynamic Data Exchange
RA-05 Vulnerability Monitoring and Scanning Protects T1559.002 Dynamic Data Exchange
SC-18 Mobile Code Protects T1559.002 Dynamic Data Exchange
SC-03 Security Function Isolation Protects T1559.002 Dynamic Data Exchange
SC-07 Boundary Protection Protects T1559.002 Dynamic Data Exchange
SI-02 Flaw Remediation Protects T1559.002 Dynamic Data Exchange
SI-03 Malicious Code Protection Protects T1559.002 Dynamic Data Exchange
SI-04 System Monitoring Protects T1559.002 Dynamic Data Exchange
CM-05 Access Restrictions for Change Protects T1559.003 XPC Services
CM-06 Configuration Settings Protects T1559.003 XPC Services
CM-07 Least Functionality Protects T1559.003 XPC Services
SA-10 Developer Configuration Management Protects T1559.003 XPC Services
SA-11 Developer Testing and Evaluation Protects T1559.003 XPC Services
SA-08 Security and Privacy Engineering Principles Protects T1559.003 XPC Services
SI-04 System Monitoring Protects T1559.003 XPC Services
CA-08 Penetration Testing Protects T1560 Archive Collected Data
RA-05 Vulnerability Monitoring and Scanning Protects T1560 Archive Collected Data
SC-07 Boundary Protection Protects T1560 Archive Collected Data
SI-03 Malicious Code Protection Protects T1560 Archive Collected Data
SI-04 System Monitoring Protects T1560 Archive Collected Data
CM-02 Baseline Configuration Protects T1562.003 Impair Command History Logging
CM-06 Configuration Settings Protects T1562.003 Impair Command History Logging
CM-07 Least Functionality Protects T1562.003 Impair Command History Logging
SI-04 System Monitoring Protects T1562.003 Impair Command History Logging
AC-02 Account Management Protects T1562.009 Safe Mode Boot
AC-03 Access Enforcement Protects T1562.009 Safe Mode Boot
AC-05 Separation of Duties Protects T1562.009 Safe Mode Boot
AC-06 Least Privilege Protects T1562.009 Safe Mode Boot
CM-10 Software Usage Restrictions Protects T1562.009 Safe Mode Boot
CM-05 Access Restrictions for Change Protects T1562.009 Safe Mode Boot
CM-06 Configuration Settings Protects T1562.009 Safe Mode Boot
CM-07 Least Functionality Protects T1562.009 Safe Mode Boot
IA-02 Identification and Authentication (organizational Users) Protects T1562.009 Safe Mode Boot
IA-09 Service Identification and Authentication Protects T1562.009 Safe Mode Boot
SC-23 Session Authenticity Protects T1562.009 Safe Mode Boot
SC-08 Transmission Confidentiality and Integrity Protects T1562.009 Safe Mode Boot
SI-07 Software, Firmware, and Information Integrity Protects T1562.009 Safe Mode Boot
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-02 Account Management Protects T1563 Remote Service Session Hijacking
AC-03 Access Enforcement Protects T1563 Remote Service Session Hijacking
AC-04 Information Flow Enforcement Protects T1563 Remote Service Session Hijacking
AC-05 Separation of Duties Protects T1563 Remote Service Session Hijacking
AC-06 Least Privilege Protects T1563 Remote Service Session Hijacking
CA-08 Penetration Testing Protects T1563 Remote Service Session Hijacking
CM-02 Baseline Configuration Protects T1563 Remote Service Session Hijacking
CM-05 Access Restrictions for Change Protects T1563 Remote Service Session Hijacking
CM-06 Configuration Settings Protects T1563 Remote Service Session Hijacking
CM-07 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-08 System Component Inventory Protects T1563 Remote Service Session Hijacking
IA-02 Identification and Authentication (organizational Users) Protects T1563 Remote Service Session Hijacking
IA-04 Identifier Management Protects T1563 Remote Service Session Hijacking
IA-06 Authentication Feedback Protects T1563 Remote Service Session Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1563 Remote Service Session Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1563 Remote Service Session Hijacking
SC-07 Boundary Protection Protects T1563 Remote Service Session Hijacking
SI-04 System Monitoring Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-02 Account Management Protects T1563.001 SSH Hijacking
AC-03 Access Enforcement Protects T1563.001 SSH Hijacking
AC-05 Separation of Duties Protects T1563.001 SSH Hijacking
AC-06 Least Privilege Protects T1563.001 SSH Hijacking
CA-07 Continuous Monitoring Protects T1563.001 SSH Hijacking
CM-02 Baseline Configuration Protects T1563.001 SSH Hijacking
CM-05 Access Restrictions for Change Protects T1563.001 SSH Hijacking
CM-06 Configuration Settings Protects T1563.001 SSH Hijacking
CM-07 Least Functionality Protects T1563.001 SSH Hijacking
CM-08 System Component Inventory Protects T1563.001 SSH Hijacking
IA-02 Identification and Authentication (organizational Users) Protects T1563.001 SSH Hijacking
IA-05 Authenticator Management Protects T1563.001 SSH Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1563.001 SSH Hijacking
SC-12 Cryptographic Key Establishment and Management Protects T1563.001 SSH Hijacking
SC-23 Session Authenticity Protects T1563.001 SSH Hijacking
SI-04 System Monitoring Protects T1563.001 SSH Hijacking
AC-11 Device Lock Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-02 Account Management Protects T1563.002 RDP Hijacking
AC-03 Access Enforcement Protects T1563.002 RDP Hijacking
AC-04 Information Flow Enforcement Protects T1563.002 RDP Hijacking
AC-05 Separation of Duties Protects T1563.002 RDP Hijacking
AC-06 Least Privilege Protects T1563.002 RDP Hijacking
CM-02 Baseline Configuration Protects T1563.002 RDP Hijacking
CM-05 Access Restrictions for Change Protects T1563.002 RDP Hijacking
CM-06 Configuration Settings Protects T1563.002 RDP Hijacking
CM-07 Least Functionality Protects T1563.002 RDP Hijacking
CM-08 System Component Inventory Protects T1563.002 RDP Hijacking
IA-02 Identification and Authentication (organizational Users) Protects T1563.002 RDP Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1563.002 RDP Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1563.002 RDP Hijacking
SC-07 Boundary Protection Protects T1563.002 RDP Hijacking
SI-04 System Monitoring Protects T1563.002 RDP Hijacking
CM-06 Configuration Settings Protects T1564.002 Hidden Users
CM-07 Least Functionality Protects T1564.002 Hidden Users
SI-04 System Monitoring Protects T1564.002 Hidden Users
CM-07 Least Functionality Protects T1564.003 Hidden Window
SI-10 Information Input Validation Protects T1564.003 Hidden Window
SI-07 Software, Firmware, and Information Integrity Protects T1564.003 Hidden Window
AC-16 Security and Privacy Attributes Protects T1564.004 NTFS File Attributes
AC-03 Access Enforcement Protects T1564.004 NTFS File Attributes
CA-07 Continuous Monitoring Protects T1564.004 NTFS File Attributes
SI-03 Malicious Code Protection Protects T1564.004 NTFS File Attributes
SI-04 System Monitoring Protects T1564.004 NTFS File Attributes
SI-07 Software, Firmware, and Information Integrity Protects T1564.004 NTFS File Attributes
CM-02 Baseline Configuration Protects T1564.006 Run Virtual Instance
CM-06 Configuration Settings Protects T1564.006 Run Virtual Instance
CM-07 Least Functionality Protects T1564.006 Run Virtual Instance
CM-08 System Component Inventory Protects T1564.006 Run Virtual Instance
SI-10 Information Input Validation Protects T1564.006 Run Virtual Instance
SI-04 System Monitoring Protects T1564.006 Run Virtual Instance
SI-07 Software, Firmware, and Information Integrity Protects T1564.006 Run Virtual Instance
CM-02 Baseline Configuration Protects T1564.007 VBA Stomping
CM-06 Configuration Settings Protects T1564.007 VBA Stomping
CM-08 System Component Inventory Protects T1564.007 VBA Stomping
SI-04 System Monitoring Protects T1564.007 VBA Stomping
CM-11 User-installed Software Protects T1564.009 Resource Forking
CM-02 Baseline Configuration Protects T1564.009 Resource Forking
CM-06 Configuration Settings Protects T1564.009 Resource Forking
CM-07 Least Functionality Protects T1564.009 Resource Forking
SA-10 Developer Configuration Management Protects T1564.009 Resource Forking
SC-04 Information in Shared System Resources Protects T1564.009 Resource Forking
SC-44 Detonation Chambers Protects T1564.009 Resource Forking
SC-06 Resource Availability Protects T1564.009 Resource Forking
SI-10 Information Input Validation Protects T1564.009 Resource Forking
SI-15 Information Output Filtering Protects T1564.009 Resource Forking
SI-03 Malicious Code Protection Protects T1564.009 Resource Forking
SI-04 System Monitoring Protects T1564.009 Resource Forking
SI-07 Software, Firmware, and Information Integrity Protects T1564.009 Resource Forking
SI-07 Software, Firmware, and Information Integrity Protects T1564.010 Process Argument Spoofing
CA-07 Continuous Monitoring Protects T1564.010 Process Argument Spoofing
SI-04 System Monitoring Protects T1564.010 Process Argument Spoofing
AC-16 Security and Privacy Attributes Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565 Data Manipulation
AC-18 Wireless Access Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-20 Use of External Systems Protects T1565 Data Manipulation
AC-03 Access Enforcement Protects T1565 Data Manipulation
AC-04 Information Flow Enforcement Protects T1565 Data Manipulation
CA-07 Continuous Monitoring Protects T1565 Data Manipulation
CM-02 Baseline Configuration Protects T1565 Data Manipulation
CM-06 Configuration Settings Protects T1565 Data Manipulation
CM-07 Least Functionality Protects T1565 Data Manipulation
CM-08 System Component Inventory Protects T1565 Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565 Data Manipulation
CP-06 Alternate Storage Site Protects T1565 Data Manipulation
CP-07 Alternate Processing Site Protects T1565 Data Manipulation
CP-09 System Backup Protects T1565 Data Manipulation
SC-28 Protection of Information at Rest Protects T1565 Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565 Data Manipulation
SC-04 Information in Shared System Resources Protects T1565 Data Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1565 Data Manipulation
SC-07 Boundary Protection Protects T1565 Data Manipulation
SI-12 Information Management and Retention Protects T1565 Data Manipulation
SI-16 Memory Protection Protects T1565 Data Manipulation
SI-23 Information Fragmentation Protects T1565 Data Manipulation
SI-04 System Monitoring Protects T1565 Data Manipulation
SI-07 Software, Firmware, and Information Integrity Protects T1565 Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-03 Access Enforcement Protects T1565.001 Stored Data Manipulation
CA-07 Continuous Monitoring Protects T1565.001 Stored Data Manipulation
CM-02 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-06 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-08 System Component Inventory Protects T1565.001 Stored Data Manipulation
CP-10 System Recovery and Reconstitution Protects T1565.001 Stored Data Manipulation
CP-06 Alternate Storage Site Protects T1565.001 Stored Data Manipulation
CP-07 Alternate Processing Site Protects T1565.001 Stored Data Manipulation
CP-09 System Backup Protects T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565.001 Stored Data Manipulation
SC-04 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-07 Boundary Protection Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-23 Information Fragmentation Protects T1565.001 Stored Data Manipulation
SI-04 System Monitoring Protects T1565.001 Stored Data Manipulation
SI-07 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems Protects T1565.002 Transmitted Data Manipulation
CM-02 Baseline Configuration Protects T1565.002 Transmitted Data Manipulation
CM-06 Configuration Settings Protects T1565.002 Transmitted Data Manipulation
CM-08 System Component Inventory Protects T1565.002 Transmitted Data Manipulation
SC-04 Information in Shared System Resources Protects T1565.002 Transmitted Data Manipulation
SI-12 Information Management and Retention Protects T1565.002 Transmitted Data Manipulation
SI-04 System Monitoring Protects T1565.002 Transmitted Data Manipulation
SI-07 Software, Firmware, and Information Integrity Protects T1565.002 Transmitted Data Manipulation
AC-03 Access Enforcement Protects T1565.003 Runtime Data Manipulation
AC-04 Information Flow Enforcement Protects T1565.003 Runtime Data Manipulation
CA-07 Continuous Monitoring Protects T1565.003 Runtime Data Manipulation
CM-06 Configuration Settings Protects T1565.003 Runtime Data Manipulation
CM-07 Least Functionality Protects T1565.003 Runtime Data Manipulation
CP-09 System Backup Protects T1565.003 Runtime Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.003 Runtime Data Manipulation
SC-04 Information in Shared System Resources Protects T1565.003 Runtime Data Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1565.003 Runtime Data Manipulation
SC-07 Boundary Protection Protects T1565.003 Runtime Data Manipulation
SI-16 Memory Protection Protects T1565.003 Runtime Data Manipulation
SI-04 System Monitoring Protects T1565.003 Runtime Data Manipulation
SI-07 Software, Firmware, and Information Integrity Protects T1565.003 Runtime Data Manipulation
AC-04 Information Flow Enforcement Protects T1566.001 Spearphishing Attachment
CA-07 Continuous Monitoring Protects T1566.001 Spearphishing Attachment
CM-02 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-06 Configuration Settings Protects T1566.001 Spearphishing Attachment
IA-09 Service Identification and Authentication Protects T1566.001 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.001 Spearphishing Attachment
SC-07 Boundary Protection Protects T1566.001 Spearphishing Attachment
SI-02 Flaw Remediation Protects T1566.001 Spearphishing Attachment
SI-03 Malicious Code Protection Protects T1566.001 Spearphishing Attachment
SI-04 System Monitoring Protects T1566.001 Spearphishing Attachment
SI-08 Spam Protection Protects T1566.001 Spearphishing Attachment
AC-04 Information Flow Enforcement Protects T1566.003 Spearphishing via Service
CA-07 Continuous Monitoring Protects T1566.003 Spearphishing via Service
SC-44 Detonation Chambers Protects T1566.003 Spearphishing via Service
SC-07 Boundary Protection Protects T1566.003 Spearphishing via Service
SI-02 Flaw Remediation Protects T1566.003 Spearphishing via Service
SI-03 Malicious Code Protection Protects T1566.003 Spearphishing via Service
SI-04 System Monitoring Protects T1566.003 Spearphishing via Service
SI-08 Spam Protection Protects T1566.003 Spearphishing via Service
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-04 Information Flow Enforcement Protects T1567.001 Exfiltration to Code Repository
SC-07 Boundary Protection Protects T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-04 Information Flow Enforcement Protects T1567.002 Exfiltration to Cloud Storage
SC-07 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
AC-04 Information Flow Enforcement Protects T1568 Dynamic Resolution
CA-07 Continuous Monitoring Protects T1568 Dynamic Resolution
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568 Dynamic Resolution
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568 Dynamic Resolution
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568 Dynamic Resolution
SC-07 Boundary Protection Protects T1568 Dynamic Resolution
SI-03 Malicious Code Protection Protects T1568 Dynamic Resolution
SI-04 System Monitoring Protects T1568 Dynamic Resolution
AC-04 Information Flow Enforcement Protects T1568.002 Domain Generation Algorithms
CA-07 Continuous Monitoring Protects T1568.002 Domain Generation Algorithms
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568.002 Domain Generation Algorithms
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568.002 Domain Generation Algorithms
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568.002 Domain Generation Algorithms
SC-07 Boundary Protection Protects T1568.002 Domain Generation Algorithms
SI-03 Malicious Code Protection Protects T1568.002 Domain Generation Algorithms
SI-04 System Monitoring Protects T1568.002 Domain Generation Algorithms
AC-02 Account Management Protects T1569 System Services
AC-03 Access Enforcement Protects T1569 System Services
AC-05 Separation of Duties Protects T1569 System Services
AC-06 Least Privilege Protects T1569 System Services
CA-07 Continuous Monitoring Protects T1569 System Services
CM-11 User-installed Software Protects T1569 System Services
CM-02 Baseline Configuration Protects T1569 System Services
CM-05 Access Restrictions for Change Protects T1569 System Services
CM-06 Configuration Settings Protects T1569 System Services
CM-07 Least Functionality Protects T1569 System Services
IA-02 Identification and Authentication (organizational Users) Protects T1569 System Services
SI-03 Malicious Code Protection Protects T1569 System Services
SI-04 System Monitoring Protects T1569 System Services
SI-07 Software, Firmware, and Information Integrity Protects T1569 System Services
AC-02 Account Management Protects T1569.001 Launchctl
AC-03 Access Enforcement Protects T1569.001 Launchctl
AC-05 Separation of Duties Protects T1569.001 Launchctl
AC-06 Least Privilege Protects T1569.001 Launchctl
CM-11 User-installed Software Protects T1569.001 Launchctl
CM-05 Access Restrictions for Change Protects T1569.001 Launchctl
IA-02 Identification and Authentication (organizational Users) Protects T1569.001 Launchctl
AC-03 Access Enforcement Protects T1572 Protocol Tunneling
AC-04 Information Flow Enforcement Protects T1572 Protocol Tunneling
CA-07 Continuous Monitoring Protects T1572 Protocol Tunneling
CM-02 Baseline Configuration Protects T1572 Protocol Tunneling
CM-06 Configuration Settings Protects T1572 Protocol Tunneling
CM-07 Least Functionality Protects T1572 Protocol Tunneling
SC-07 Boundary Protection Protects T1572 Protocol Tunneling
SI-10 Information Input Validation Protects T1572 Protocol Tunneling
SI-15 Information Output Filtering Protects T1572 Protocol Tunneling
SI-03 Malicious Code Protection Protects T1572 Protocol Tunneling
SI-04 System Monitoring Protects T1572 Protocol Tunneling
AC-04 Information Flow Enforcement Protects T1573 Encrypted Channel
CA-07 Continuous Monitoring Protects T1573 Encrypted Channel
CM-02 Baseline Configuration Protects T1573 Encrypted Channel
CM-06 Configuration Settings Protects T1573 Encrypted Channel
CM-07 Least Functionality Protects T1573 Encrypted Channel
SC-12 Cryptographic Key Establishment and Management Protects T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes Protects T1573 Encrypted Channel
SC-23 Session Authenticity Protects T1573 Encrypted Channel
SC-07 Boundary Protection Protects T1573 Encrypted Channel
SI-03 Malicious Code Protection Protects T1573 Encrypted Channel
SI-04 System Monitoring Protects T1573 Encrypted Channel
AC-04 Information Flow Enforcement Protects T1573.001 Symmetric Cryptography
CA-07 Continuous Monitoring Protects T1573.001 Symmetric Cryptography
CM-02 Baseline Configuration Protects T1573.001 Symmetric Cryptography
CM-06 Configuration Settings Protects T1573.001 Symmetric Cryptography
CM-07 Least Functionality Protects T1573.001 Symmetric Cryptography
SC-12 Cryptographic Key Establishment and Management Protects T1573.001 Symmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes Protects T1573.001 Symmetric Cryptography
SC-23 Session Authenticity Protects T1573.001 Symmetric Cryptography
SC-07 Boundary Protection Protects T1573.001 Symmetric Cryptography
SI-03 Malicious Code Protection Protects T1573.001 Symmetric Cryptography
SI-04 System Monitoring Protects T1573.001 Symmetric Cryptography
AC-04 Information Flow Enforcement Protects T1573.002 Asymmetric Cryptography
CA-07 Continuous Monitoring Protects T1573.002 Asymmetric Cryptography
CM-02 Baseline Configuration Protects T1573.002 Asymmetric Cryptography
CM-06 Configuration Settings Protects T1573.002 Asymmetric Cryptography
CM-07 Least Functionality Protects T1573.002 Asymmetric Cryptography
SC-12 Cryptographic Key Establishment and Management Protects T1573.002 Asymmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes Protects T1573.002 Asymmetric Cryptography
SC-23 Session Authenticity Protects T1573.002 Asymmetric Cryptography
SC-07 Boundary Protection Protects T1573.002 Asymmetric Cryptography
SI-03 Malicious Code Protection Protects T1573.002 Asymmetric Cryptography
SI-04 System Monitoring Protects T1573.002 Asymmetric Cryptography
AC-02 Account Management Protects T1574 Hijack Execution Flow
AC-03 Access Enforcement Protects T1574 Hijack Execution Flow
AC-04 Information Flow Enforcement Protects T1574 Hijack Execution Flow
AC-05 Separation of Duties Protects T1574 Hijack Execution Flow
AC-06 Least Privilege Protects T1574 Hijack Execution Flow
CA-07 Continuous Monitoring Protects T1574 Hijack Execution Flow
CA-08 Penetration Testing Protects T1574 Hijack Execution Flow
CM-02 Baseline Configuration Protects T1574 Hijack Execution Flow
CM-05 Access Restrictions for Change Protects T1574 Hijack Execution Flow
CM-06 Configuration Settings Protects T1574 Hijack Execution Flow
CM-07 Least Functionality Protects T1574 Hijack Execution Flow
CM-08 System Component Inventory Protects T1574 Hijack Execution Flow
IA-02 Identification and Authentication (organizational Users) Protects T1574 Hijack Execution Flow
RA-05 Vulnerability Monitoring and Scanning Protects T1574 Hijack Execution Flow
SI-10 Information Input Validation Protects T1574 Hijack Execution Flow
SI-02 Flaw Remediation Protects T1574 Hijack Execution Flow
SI-03 Malicious Code Protection Protects T1574 Hijack Execution Flow
SI-04 System Monitoring Protects T1574 Hijack Execution Flow
SI-07 Software, Firmware, and Information Integrity Protects T1574 Hijack Execution Flow
CA-08 Penetration Testing Protects T1574.001 DLL Search Order Hijacking
CM-02 Baseline Configuration Protects T1574.001 DLL Search Order Hijacking
CM-06 Configuration Settings Protects T1574.001 DLL Search Order Hijacking
CM-07 Least Functionality Protects T1574.001 DLL Search Order Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1574.001 DLL Search Order Hijacking
SI-10 Information Input Validation Protects T1574.001 DLL Search Order Hijacking
SI-03 Malicious Code Protection Protects T1574.001 DLL Search Order Hijacking
SI-04 System Monitoring Protects T1574.001 DLL Search Order Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1574.001 DLL Search Order Hijacking
SA-10 Developer Configuration Management Protects T1574.002 DLL Side-Loading
SA-11 Developer Testing and Evaluation Protects T1574.002 DLL Side-Loading
SA-15 Development Process, Standards, and Tools Protects T1574.002 DLL Side-Loading
SA-16 Developer-provided Training Protects T1574.002 DLL Side-Loading
SA-17 Developer Security and Privacy Architecture and Design Protects T1574.002 DLL Side-Loading
SA-03 System Development Life Cycle Protects T1574.002 DLL Side-Loading
SA-04 Acquisition Process Protects T1574.002 DLL Side-Loading
SA-08 Security and Privacy Engineering Principles Protects T1574.002 DLL Side-Loading
SI-02 Flaw Remediation Protects T1574.002 DLL Side-Loading
AC-02 Account Management Protects T1574.004 Dylib Hijacking
AC-03 Access Enforcement Protects T1574.004 Dylib Hijacking
AC-04 Information Flow Enforcement Protects T1574.004 Dylib Hijacking
AC-05 Separation of Duties Protects T1574.004 Dylib Hijacking
AC-06 Least Privilege Protects T1574.004 Dylib Hijacking
CA-07 Continuous Monitoring Protects T1574.004 Dylib Hijacking
CM-02 Baseline Configuration Protects T1574.004 Dylib Hijacking
CM-06 Configuration Settings Protects T1574.004 Dylib Hijacking
CM-08 System Component Inventory Protects T1574.004 Dylib Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1574.004 Dylib Hijacking
SI-03 Malicious Code Protection Protects T1574.004 Dylib Hijacking
SI-04 System Monitoring Protects T1574.004 Dylib Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1574.004 Dylib Hijacking
AC-02 Account Management Protects T1574.005 Executable Installer File Permissions Weakness
AC-03 Access Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-04 Information Flow Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-05 Separation of Duties Protects T1574.005 Executable Installer File Permissions Weakness
AC-06 Least Privilege Protects T1574.005 Executable Installer File Permissions Weakness
CA-08 Penetration Testing Protects T1574.005 Executable Installer File Permissions Weakness
CM-02 Baseline Configuration Protects T1574.005 Executable Installer File Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.005 Executable Installer File Permissions Weakness
CM-06 Configuration Settings Protects T1574.005 Executable Installer File Permissions Weakness
IA-02 Identification and Authentication (organizational Users) Protects T1574.005 Executable Installer File Permissions Weakness
RA-05 Vulnerability Monitoring and Scanning Protects T1574.005 Executable Installer File Permissions Weakness
SI-04 System Monitoring Protects T1574.005 Executable Installer File Permissions Weakness
CM-06 Configuration Settings Protects T1574.006 Dynamic Linker Hijacking
CM-07 Least Functionality Protects T1574.006 Dynamic Linker Hijacking
SI-10 Information Input Validation Protects T1574.006 Dynamic Linker Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1574.006 Dynamic Linker Hijacking
AC-02 Account Management Protects T1574.008 Path Interception by Search Order Hijacking
AC-03 Access Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-04 Information Flow Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-05 Separation of Duties Protects T1574.008 Path Interception by Search Order Hijacking
AC-06 Least Privilege Protects T1574.008 Path Interception by Search Order Hijacking
CA-07 Continuous Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
CA-08 Penetration Testing Protects T1574.008 Path Interception by Search Order Hijacking
CM-02 Baseline Configuration Protects T1574.008 Path Interception by Search Order Hijacking
CM-06 Configuration Settings Protects T1574.008 Path Interception by Search Order Hijacking
CM-07 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-08 System Component Inventory Protects T1574.008 Path Interception by Search Order Hijacking
RA-05 Vulnerability Monitoring and Scanning Protects T1574.008 Path Interception by Search Order Hijacking
SI-10 Information Input Validation Protects T1574.008 Path Interception by Search Order Hijacking
SI-03 Malicious Code Protection Protects T1574.008 Path Interception by Search Order Hijacking
SI-04 System Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
SI-07 Software, Firmware, and Information Integrity Protects T1574.008 Path Interception by Search Order Hijacking
AC-02 Account Management Protects T1574.009 Path Interception by Unquoted Path
AC-03 Access Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-04 Information Flow Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-05 Separation of Duties Protects T1574.009 Path Interception by Unquoted Path
AC-06 Least Privilege Protects T1574.009 Path Interception by Unquoted Path
CA-07 Continuous Monitoring Protects T1574.009 Path Interception by Unquoted Path
CA-08 Penetration Testing Protects T1574.009 Path Interception by Unquoted Path
CM-02 Baseline Configuration Protects T1574.009 Path Interception by Unquoted Path
CM-06 Configuration Settings Protects T1574.009 Path Interception by Unquoted Path
CM-07 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-08 System Component Inventory Protects T1574.009 Path Interception by Unquoted Path
RA-05 Vulnerability Monitoring and Scanning Protects T1574.009 Path Interception by Unquoted Path
SI-10 Information Input Validation Protects T1574.009 Path Interception by Unquoted Path
SI-03 Malicious Code Protection Protects T1574.009 Path Interception by Unquoted Path
SI-04 System Monitoring Protects T1574.009 Path Interception by Unquoted Path
SI-07 Software, Firmware, and Information Integrity Protects T1574.009 Path Interception by Unquoted Path
AC-02 Account Management Protects T1574.010 Services File Permissions Weakness
AC-03 Access Enforcement Protects T1574.010 Services File Permissions Weakness
AC-04 Information Flow Enforcement Protects T1574.010 Services File Permissions Weakness
AC-05 Separation of Duties Protects T1574.010 Services File Permissions Weakness
AC-06 Least Privilege Protects T1574.010 Services File Permissions Weakness
CA-08 Penetration Testing Protects T1574.010 Services File Permissions Weakness
CM-02 Baseline Configuration Protects T1574.010 Services File Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.010 Services File Permissions Weakness
CM-06 Configuration Settings Protects T1574.010 Services File Permissions Weakness
IA-02 Identification and Authentication (organizational Users) Protects T1574.010 Services File Permissions Weakness
RA-05 Vulnerability Monitoring and Scanning Protects T1574.010 Services File Permissions Weakness
SI-04 System Monitoring Protects T1574.010 Services File Permissions Weakness
AC-06 Least Privilege Protects T1574.011 Services Registry Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.011 Services Registry Permissions Weakness
AC-02 Account Management Protects T1574.012 COR_PROFILER
AC-03 Access Enforcement Protects T1574.012 COR_PROFILER
AC-05 Separation of Duties Protects T1574.012 COR_PROFILER
AC-06 Least Privilege Protects T1574.012 COR_PROFILER
CM-05 Access Restrictions for Change Protects T1574.012 COR_PROFILER
CM-07 Least Functionality Protects T1574.012 COR_PROFILER
IA-02 Identification and Authentication (organizational Users) Protects T1574.012 COR_PROFILER
SI-10 Information Input Validation Protects T1574.012 COR_PROFILER
SI-07 Software, Firmware, and Information Integrity Protects T1574.012 COR_PROFILER
SI-07 Software, Firmware, and Information Integrity Protects T1574.013 KernelCallbackTable
CA-07 Continuous Monitoring Protects T1574.013 KernelCallbackTable
CA-08 Penetration Testing Protects T1574.013 KernelCallbackTable
SI-10 Information Input Validation Protects T1574.013 KernelCallbackTable
SI-02 Flaw Remediation Protects T1574.013 KernelCallbackTable
SI-03 Malicious Code Protection Protects T1574.013 KernelCallbackTable
SI-04 System Monitoring Protects T1574.013 KernelCallbackTable
AC-02 Account Management Protects T1578.001 Create Snapshot
AC-03 Access Enforcement Protects T1578.001 Create Snapshot
AC-05 Separation of Duties Protects T1578.001 Create Snapshot
AC-06 Least Privilege Protects T1578.001 Create Snapshot
CA-08 Penetration Testing Protects T1578.001 Create Snapshot
CM-05 Access Restrictions for Change Protects T1578.001 Create Snapshot
IA-02 Identification and Authentication (organizational Users) Protects T1578.001 Create Snapshot
IA-04 Identifier Management Protects T1578.001 Create Snapshot
IA-06 Authentication Feedback Protects T1578.001 Create Snapshot
RA-05 Vulnerability Monitoring and Scanning Protects T1578.001 Create Snapshot
SI-04 System Monitoring Protects T1578.001 Create Snapshot
AC-02 Account Management Protects T1578.002 Create Cloud Instance
AC-03 Access Enforcement Protects T1578.002 Create Cloud Instance
AC-05 Separation of Duties Protects T1578.002 Create Cloud Instance
AC-06 Least Privilege Protects T1578.002 Create Cloud Instance
CA-08 Penetration Testing Protects T1578.002 Create Cloud Instance
CM-05 Access Restrictions for Change Protects T1578.002 Create Cloud Instance
IA-02 Identification and Authentication (organizational Users) Protects T1578.002 Create Cloud Instance
IA-04 Identifier Management Protects T1578.002 Create Cloud Instance
IA-06 Authentication Feedback Protects T1578.002 Create Cloud Instance
RA-05 Vulnerability Monitoring and Scanning Protects T1578.002 Create Cloud Instance
SI-04 System Monitoring Protects T1578.002 Create Cloud Instance
AC-02 Account Management Protects T1578.003 Delete Cloud Instance
AC-03 Access Enforcement Protects T1578.003 Delete Cloud Instance
AC-05 Separation of Duties Protects T1578.003 Delete Cloud Instance
AC-06 Least Privilege Protects T1578.003 Delete Cloud Instance
CA-08 Penetration Testing Protects T1578.003 Delete Cloud Instance
CM-05 Access Restrictions for Change Protects T1578.003 Delete Cloud Instance
IA-02 Identification and Authentication (organizational Users) Protects T1578.003 Delete Cloud Instance
IA-04 Identifier Management Protects T1578.003 Delete Cloud Instance
IA-06 Authentication Feedback Protects T1578.003 Delete Cloud Instance
RA-05 Vulnerability Monitoring and Scanning Protects T1578.003 Delete Cloud Instance
SI-04 System Monitoring Protects T1578.003 Delete Cloud Instance
AC-02 Account Management Protects T1580 Cloud Infrastructure Discovery
AC-03 Access Enforcement Protects T1580 Cloud Infrastructure Discovery
AC-05 Separation of Duties Protects T1580 Cloud Infrastructure Discovery
AC-06 Least Privilege Protects T1580 Cloud Infrastructure Discovery
IA-02 Identification and Authentication (organizational Users) Protects T1580 Cloud Infrastructure Discovery
AC-20 Use of External Systems Protects T1583.007 Serverless
SC-07 Boundary Protection Protects T1583.007 Serverless
AC-20 Use of External Systems Protects T1584.004 Server
SC-07 Boundary Protection Protects T1584.004 Server
AC-02 Account Management Protects T1585.003 Cloud Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1585.003 Cloud Accounts
AC-02 Account Management Protects T1586.003 Cloud Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1586.003 Cloud Accounts
CM-08 System Component Inventory Protects T1593.003 Code Repositories
SC-04 Information in Shared System Resources Protects T1595.003 Wordlist Scanning
AC-04 Information Flow Enforcement Protects T1598.001 Spearphishing Service
CA-07 Continuous Monitoring Protects T1598.001 Spearphishing Service
SC-44 Detonation Chambers Protects T1598.001 Spearphishing Service
SC-07 Boundary Protection Protects T1598.001 Spearphishing Service
SI-03 Malicious Code Protection Protects T1598.001 Spearphishing Service
SI-04 System Monitoring Protects T1598.001 Spearphishing Service
SI-08 Spam Protection Protects T1598.001 Spearphishing Service
AC-04 Information Flow Enforcement Protects T1598.002 Spearphishing Attachment
CA-07 Continuous Monitoring Protects T1598.002 Spearphishing Attachment
CM-02 Baseline Configuration Protects T1598.002 Spearphishing Attachment
CM-06 Configuration Settings Protects T1598.002 Spearphishing Attachment
IA-09 Service Identification and Authentication Protects T1598.002 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.002 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1598.002 Spearphishing Attachment
SC-07 Boundary Protection Protects T1598.002 Spearphishing Attachment
SI-03 Malicious Code Protection Protects T1598.002 Spearphishing Attachment
SI-04 System Monitoring Protects T1598.002 Spearphishing Attachment
SI-08 Spam Protection Protects T1598.002 Spearphishing Attachment
AC-02 Account Management Protects T1599 Network Boundary Bridging
AC-03 Access Enforcement Protects T1599 Network Boundary Bridging
AC-04 Information Flow Enforcement Protects T1599 Network Boundary Bridging
AC-05 Separation of Duties Protects T1599 Network Boundary Bridging
AC-06 Least Privilege Protects T1599 Network Boundary Bridging
CA-07 Continuous Monitoring Protects T1599 Network Boundary Bridging
CM-02 Baseline Configuration Protects T1599 Network Boundary Bridging
CM-05 Access Restrictions for Change Protects T1599 Network Boundary Bridging
CM-06 Configuration Settings Protects T1599 Network Boundary Bridging
CM-07 Least Functionality Protects T1599 Network Boundary Bridging
IA-02 Identification and Authentication (organizational Users) Protects T1599 Network Boundary Bridging
IA-05 Authenticator Management Protects T1599 Network Boundary Bridging
SC-28 Protection of Information at Rest Protects T1599 Network Boundary Bridging
SC-07 Boundary Protection Protects T1599 Network Boundary Bridging
SI-10 Information Input Validation Protects T1599 Network Boundary Bridging
SI-15 Information Output Filtering Protects T1599 Network Boundary Bridging
SI-04 System Monitoring Protects T1599 Network Boundary Bridging
SI-07 Software, Firmware, and Information Integrity Protects T1599 Network Boundary Bridging
AC-02 Account Management Protects T1599.001 Network Address Translation Traversal
AC-03 Access Enforcement Protects T1599.001 Network Address Translation Traversal
AC-04 Information Flow Enforcement Protects T1599.001 Network Address Translation Traversal
AC-05 Separation of Duties Protects T1599.001 Network Address Translation Traversal
AC-06 Least Privilege Protects T1599.001 Network Address Translation Traversal
CA-07 Continuous Monitoring Protects T1599.001 Network Address Translation Traversal
CM-02 Baseline Configuration Protects T1599.001 Network Address Translation Traversal
CM-05 Access Restrictions for Change Protects T1599.001 Network Address Translation Traversal
CM-06 Configuration Settings Protects T1599.001 Network Address Translation Traversal
CM-07 Least Functionality Protects T1599.001 Network Address Translation Traversal
IA-02 Identification and Authentication (organizational Users) Protects T1599.001 Network Address Translation Traversal
IA-05 Authenticator Management Protects T1599.001 Network Address Translation Traversal
SC-28 Protection of Information at Rest Protects T1599.001 Network Address Translation Traversal
SC-07 Boundary Protection Protects T1599.001 Network Address Translation Traversal
SI-10 Information Input Validation Protects T1599.001 Network Address Translation Traversal
SI-15 Information Output Filtering Protects T1599.001 Network Address Translation Traversal
SI-04 System Monitoring Protects T1599.001 Network Address Translation Traversal
SI-07 Software, Firmware, and Information Integrity Protects T1599.001 Network Address Translation Traversal
AC-02 Account Management Protects T1601 Modify System Image
AC-03 Access Enforcement Protects T1601 Modify System Image
AC-04 Information Flow Enforcement Protects T1601 Modify System Image
AC-05 Separation of Duties Protects T1601 Modify System Image
AC-06 Least Privilege Protects T1601 Modify System Image
CA-08 Penetration Testing Protects T1601 Modify System Image
CM-02 Baseline Configuration Protects T1601 Modify System Image
CM-03 Configuration Change Control Protects T1601 Modify System Image
CM-05 Access Restrictions for Change Protects T1601 Modify System Image
CM-06 Configuration Settings Protects T1601 Modify System Image
CM-07 Least Functionality Protects T1601 Modify System Image
CM-08 System Component Inventory Protects T1601 Modify System Image
IA-02 Identification and Authentication (organizational Users) Protects T1601 Modify System Image
IA-05 Authenticator Management Protects T1601 Modify System Image
IA-07 Cryptographic Module Authentication Protects T1601 Modify System Image
RA-09 Criticality Analysis Protects T1601 Modify System Image
SA-10 Developer Configuration Management Protects T1601 Modify System Image
SA-11 Developer Testing and Evaluation Protects T1601 Modify System Image
SC-34 Non-modifiable Executable Programs Protects T1601 Modify System Image
SI-02 Flaw Remediation Protects T1601 Modify System Image
SI-04 System Monitoring Protects T1601 Modify System Image
SI-07 Software, Firmware, and Information Integrity Protects T1601 Modify System Image
SR-11 Component Authenticity Protects T1601 Modify System Image
SR-04 Provenance Protects T1601 Modify System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601 Modify System Image
SR-06 Supplier Assessments and Reviews Protects T1601 Modify System Image
AC-02 Account Management Protects T1601.001 Patch System Image
AC-03 Access Enforcement Protects T1601.001 Patch System Image
AC-04 Information Flow Enforcement Protects T1601.001 Patch System Image
AC-05 Separation of Duties Protects T1601.001 Patch System Image
AC-06 Least Privilege Protects T1601.001 Patch System Image
CA-08 Penetration Testing Protects T1601.001 Patch System Image
CM-02 Baseline Configuration Protects T1601.001 Patch System Image
CM-03 Configuration Change Control Protects T1601.001 Patch System Image
CM-05 Access Restrictions for Change Protects T1601.001 Patch System Image
CM-06 Configuration Settings Protects T1601.001 Patch System Image
CM-07 Least Functionality Protects T1601.001 Patch System Image
CM-08 System Component Inventory Protects T1601.001 Patch System Image
IA-02 Identification and Authentication (organizational Users) Protects T1601.001 Patch System Image
IA-05 Authenticator Management Protects T1601.001 Patch System Image
IA-07 Cryptographic Module Authentication Protects T1601.001 Patch System Image
RA-09 Criticality Analysis Protects T1601.001 Patch System Image
SA-10 Developer Configuration Management Protects T1601.001 Patch System Image
SA-11 Developer Testing and Evaluation Protects T1601.001 Patch System Image
SC-34 Non-modifiable Executable Programs Protects T1601.001 Patch System Image
SI-02 Flaw Remediation Protects T1601.001 Patch System Image
SI-04 System Monitoring Protects T1601.001 Patch System Image
SI-07 Software, Firmware, and Information Integrity Protects T1601.001 Patch System Image
SR-11 Component Authenticity Protects T1601.001 Patch System Image
SR-04 Provenance Protects T1601.001 Patch System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601.001 Patch System Image
SR-06 Supplier Assessments and Reviews Protects T1601.001 Patch System Image
AC-02 Account Management Protects T1601.002 Downgrade System Image
AC-03 Access Enforcement Protects T1601.002 Downgrade System Image
AC-04 Information Flow Enforcement Protects T1601.002 Downgrade System Image
AC-05 Separation of Duties Protects T1601.002 Downgrade System Image
AC-06 Least Privilege Protects T1601.002 Downgrade System Image
CA-08 Penetration Testing Protects T1601.002 Downgrade System Image
CM-02 Baseline Configuration Protects T1601.002 Downgrade System Image
CM-03 Configuration Change Control Protects T1601.002 Downgrade System Image
CM-05 Access Restrictions for Change Protects T1601.002 Downgrade System Image
CM-06 Configuration Settings Protects T1601.002 Downgrade System Image
CM-07 Least Functionality Protects T1601.002 Downgrade System Image
CM-08 System Component Inventory Protects T1601.002 Downgrade System Image
IA-02 Identification and Authentication (organizational Users) Protects T1601.002 Downgrade System Image
IA-05 Authenticator Management Protects T1601.002 Downgrade System Image
IA-07 Cryptographic Module Authentication Protects T1601.002 Downgrade System Image
RA-09 Criticality Analysis Protects T1601.002 Downgrade System Image
SA-10 Developer Configuration Management Protects T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation Protects T1601.002 Downgrade System Image
SC-34 Non-modifiable Executable Programs Protects T1601.002 Downgrade System Image
SI-02 Flaw Remediation Protects T1601.002 Downgrade System Image
SI-04 System Monitoring Protects T1601.002 Downgrade System Image
SI-07 Software, Firmware, and Information Integrity Protects T1601.002 Downgrade System Image
SR-11 Component Authenticity Protects T1601.002 Downgrade System Image
SR-04 Provenance Protects T1601.002 Downgrade System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601.002 Downgrade System Image
SR-06 Supplier Assessments and Reviews Protects T1601.002 Downgrade System Image
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-03 Access Enforcement Protects T1602 Data from Configuration Repository
AC-04 Information Flow Enforcement Protects T1602 Data from Configuration Repository
CA-07 Continuous Monitoring Protects T1602 Data from Configuration Repository
CM-02 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-06 Configuration Settings Protects T1602 Data from Configuration Repository
CM-07 Least Functionality Protects T1602 Data from Configuration Repository
CM-08 System Component Inventory Protects T1602 Data from Configuration Repository
IA-03 Device Identification and Authentication Protects T1602 Data from Configuration Repository
IA-04 Identifier Management Protects T1602 Data from Configuration Repository
SC-28 Protection of Information at Rest Protects T1602 Data from Configuration Repository
SC-03 Security Function Isolation Protects T1602 Data from Configuration Repository
SC-04 Information in Shared System Resources Protects T1602 Data from Configuration Repository
SC-07 Boundary Protection Protects T1602 Data from Configuration Repository
SC-08 Transmission Confidentiality and Integrity Protects T1602 Data from Configuration Repository
SI-10 Information Input Validation Protects T1602 Data from Configuration Repository
SI-12 Information Management and Retention Protects T1602 Data from Configuration Repository
SI-15 Information Output Filtering Protects T1602 Data from Configuration Repository
SI-03 Malicious Code Protection Protects T1602 Data from Configuration Repository
SI-04 System Monitoring Protects T1602 Data from Configuration Repository
SI-07 Software, Firmware, and Information Integrity Protects T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-03 Access Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-04 Information Flow Enforcement Protects T1602.001 SNMP (MIB Dump)
CA-07 Continuous Monitoring Protects T1602.001 SNMP (MIB Dump)
CM-02 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-06 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-07 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-08 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
IA-03 Device Identification and Authentication Protects T1602.001 SNMP (MIB Dump)
IA-04 Identifier Management Protects T1602.001 SNMP (MIB Dump)
SC-28 Protection of Information at Rest Protects T1602.001 SNMP (MIB Dump)
SC-03 Security Function Isolation Protects T1602.001 SNMP (MIB Dump)
SC-04 Information in Shared System Resources Protects T1602.001 SNMP (MIB Dump)
SC-07 Boundary Protection Protects T1602.001 SNMP (MIB Dump)
SC-08 Transmission Confidentiality and Integrity Protects T1602.001 SNMP (MIB Dump)
SI-10 Information Input Validation Protects T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention Protects T1602.001 SNMP (MIB Dump)
SI-15 Information Output Filtering Protects T1602.001 SNMP (MIB Dump)
SI-03 Malicious Code Protection Protects T1602.001 SNMP (MIB Dump)
SI-04 System Monitoring Protects T1602.001 SNMP (MIB Dump)
SI-07 Software, Firmware, and Information Integrity Protects T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-03 Access Enforcement Protects T1602.002 Network Device Configuration Dump
AC-04 Information Flow Enforcement Protects T1602.002 Network Device Configuration Dump
CA-07 Continuous Monitoring Protects T1602.002 Network Device Configuration Dump
CM-02 Baseline Configuration Protects T1602.002 Network Device Configuration Dump
CM-06 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-07 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-08 System Component Inventory Protects T1602.002 Network Device Configuration Dump
IA-03 Device Identification and Authentication Protects T1602.002 Network Device Configuration Dump
IA-04 Identifier Management Protects T1602.002 Network Device Configuration Dump
SC-28 Protection of Information at Rest Protects T1602.002 Network Device Configuration Dump
SC-03 Security Function Isolation Protects T1602.002 Network Device Configuration Dump
SC-04 Information in Shared System Resources Protects T1602.002 Network Device Configuration Dump
SC-07 Boundary Protection Protects T1602.002 Network Device Configuration Dump
SC-08 Transmission Confidentiality and Integrity Protects T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation Protects T1602.002 Network Device Configuration Dump
SI-12 Information Management and Retention Protects T1602.002 Network Device Configuration Dump
SI-15 Information Output Filtering Protects T1602.002 Network Device Configuration Dump
SI-03 Malicious Code Protection Protects T1602.002 Network Device Configuration Dump
SI-04 System Monitoring Protects T1602.002 Network Device Configuration Dump
SI-07 Software, Firmware, and Information Integrity Protects T1602.002 Network Device Configuration Dump
AC-02 Account Management Protects T1606.001 Web Cookies
AC-03 Access Enforcement Protects T1606.001 Web Cookies
AC-06 Least Privilege Protects T1606.001 Web Cookies
SI-02 Flaw Remediation Protects T1606.001 Web Cookies
AC-02 Account Management Protects T1606.002 SAML Tokens
AC-03 Access Enforcement Protects T1606.002 SAML Tokens
AC-06 Least Privilege Protects T1606.002 SAML Tokens
AC-17 Remote Access Protects T1610 Deploy Container
AC-02 Account Management Protects T1610 Deploy Container
AC-03 Access Enforcement Protects T1610 Deploy Container
AC-06 Least Privilege Protects T1610 Deploy Container
CM-06 Configuration Settings Protects T1610 Deploy Container
CM-07 Least Functionality Protects T1610 Deploy Container
IA-02 Identification and Authentication (organizational Users) Protects T1610 Deploy Container
SC-07 Boundary Protection Protects T1610 Deploy Container
SI-04 System Monitoring Protects T1610 Deploy Container
AC-17 Remote Access Protects T1613 Container and Resource Discovery
AC-02 Account Management Protects T1613 Container and Resource Discovery
AC-03 Access Enforcement Protects T1613 Container and Resource Discovery
AC-06 Least Privilege Protects T1613 Container and Resource Discovery
CM-06 Configuration Settings Protects T1613 Container and Resource Discovery
CM-07 Least Functionality Protects T1613 Container and Resource Discovery
IA-02 Identification and Authentication (organizational Users) Protects T1613 Container and Resource Discovery
SC-43 Usage Restrictions Protects T1613 Container and Resource Discovery
SC-07 Boundary Protection Protects T1613 Container and Resource Discovery
SI-04 System Monitoring Protects T1613 Container and Resource Discovery
AC-17 Remote Access Protects T1619 Cloud Storage Object Discovery
AC-02 Account Management Protects T1619 Cloud Storage Object Discovery
AC-03 Access Enforcement Protects T1619 Cloud Storage Object Discovery
AC-05 Separation of Duties Protects T1619 Cloud Storage Object Discovery
AC-06 Least Privilege Protects T1619 Cloud Storage Object Discovery
CM-05 Access Restrictions for Change Protects T1619 Cloud Storage Object Discovery
IA-02 Identification and Authentication (organizational Users) Protects T1619 Cloud Storage Object Discovery
AC-03 Access Enforcement Protects T1622 Debugger Evasion
AC-04 Information Flow Enforcement Protects T1622 Debugger Evasion
CA-07 Continuous Monitoring Protects T1622 Debugger Evasion
CM-02 Baseline Configuration Protects T1622 Debugger Evasion
CM-06 Configuration Settings Protects T1622 Debugger Evasion
CM-07 Least Functionality Protects T1622 Debugger Evasion
CM-08 System Component Inventory Protects T1622 Debugger Evasion
SC-23 Session Authenticity Protects T1622 Debugger Evasion
SC-46 Cross Domain Policy Enforcement Protects T1622 Debugger Evasion
SC-07 Boundary Protection Protects T1622 Debugger Evasion
SC-08 Transmission Confidentiality and Integrity Protects T1622 Debugger Evasion
SI-10 Information Input Validation Protects T1622 Debugger Evasion
SI-15 Information Output Filtering Protects T1622 Debugger Evasion
SI-03 Malicious Code Protection Protects T1622 Debugger Evasion
SI-04 System Monitoring Protects T1622 Debugger Evasion
SI-07 Software, Firmware, and Information Integrity Protects T1647 Plist File Modification
AC-16 Security and Privacy Attributes Protects T1647 Plist File Modification
AC-17 Remote Access Protects T1647 Plist File Modification
AC-03 Access Enforcement Protects T1647 Plist File Modification
AC-06 Least Privilege Protects T1647 Plist File Modification
CA-07 Continuous Monitoring Protects T1647 Plist File Modification
CM-02 Baseline Configuration Protects T1647 Plist File Modification
CM-03 Configuration Change Control Protects T1647 Plist File Modification
CM-05 Access Restrictions for Change Protects T1647 Plist File Modification
CM-06 Configuration Settings Protects T1647 Plist File Modification
CM-07 Least Functionality Protects T1647 Plist File Modification
SA-10 Developer Configuration Management Protects T1647 Plist File Modification
SA-11 Developer Testing and Evaluation Protects T1647 Plist File Modification
SA-08 Security and Privacy Engineering Principles Protects T1647 Plist File Modification
SI-04 System Monitoring Protects T1647 Plist File Modification
AC-02 Account Management Protects T1648 Serverless Execution
AC-03 Access Enforcement Protects T1648 Serverless Execution
AC-06 Least Privilege Protects T1648 Serverless Execution
CM-06 Configuration Settings Protects T1648 Serverless Execution
CM-07 Least Functionality Protects T1648 Serverless Execution
IA-02 Identification and Authentication (organizational Users) Protects T1648 Serverless Execution
SC-07 Boundary Protection Protects T1648 Serverless Execution
SI-04 System Monitoring Protects T1648 Serverless Execution
AC-02 Account Management Protects T1654 Log Enumeration
IA-02 Identification and Authentication (organizational Users) Protects T1649 Steal or Forge Authentication Certificates
IA-05 Authenticator Management Protects T1649 Steal or Forge Authentication Certificates
AC-02 Account Management Protects T1621 Multi-Factor Authentication Request Generation
AC-06 Least Privilege Protects T1621 Multi-Factor Authentication Request Generation
CM-05 Access Restrictions for Change Protects T1621 Multi-Factor Authentication Request Generation
IA-02 Identification and Authentication (organizational Users) Protects T1621 Multi-Factor Authentication Request Generation
IA-03 Device Identification and Authentication Protects T1621 Multi-Factor Authentication Request Generation
IA-05 Authenticator Management Protects T1621 Multi-Factor Authentication Request Generation
AC-17 Remote Access Protects T1612 Build Image on Host
AC-02 Account Management Protects T1612 Build Image on Host
AC-03 Access Enforcement Protects T1612 Build Image on Host
AC-06 Least Privilege Protects T1612 Build Image on Host
CA-08 Penetration Testing Protects T1612 Build Image on Host
CM-06 Configuration Settings Protects T1612 Build Image on Host
CM-07 Least Functionality Protects T1612 Build Image on Host
RA-05 Vulnerability Monitoring and Scanning Protects T1612 Build Image on Host
SA-11 Developer Testing and Evaluation Protects T1612 Build Image on Host
SC-07 Boundary Protection Protects T1612 Build Image on Host
SI-04 System Monitoring Protects T1612 Build Image on Host
AC-02 Account Management Protects T1606 Forge Web Credentials
AC-03 Access Enforcement Protects T1606 Forge Web Credentials
AC-05 Separation of Duties Protects T1606 Forge Web Credentials
AC-06 Least Privilege Protects T1606 Forge Web Credentials
SC-17 Public Key Infrastructure Certificates Protects T1606 Forge Web Credentials
SI-02 Flaw Remediation Protects T1606 Forge Web Credentials
AC-04 Information Flow Enforcement Protects T1598.003 Spearphishing Link
CA-07 Continuous Monitoring Protects T1598.003 Spearphishing Link
CM-02 Baseline Configuration Protects T1598.003 Spearphishing Link
CM-06 Configuration Settings Protects T1598.003 Spearphishing Link
IA-09 Service Identification and Authentication Protects T1598.003 Spearphishing Link
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.003 Spearphishing Link
SC-44 Detonation Chambers Protects T1598.003 Spearphishing Link
SC-07 Boundary Protection Protects T1598.003 Spearphishing Link
SI-03 Malicious Code Protection Protects T1598.003 Spearphishing Link
SI-04 System Monitoring Protects T1598.003 Spearphishing Link
SI-08 Spam Protection Protects T1598.003 Spearphishing Link
AC-04 Information Flow Enforcement Protects T1598 Phishing for Information
CA-07 Continuous Monitoring Protects T1598 Phishing for Information
CM-02 Baseline Configuration Protects T1598 Phishing for Information
CM-06 Configuration Settings Protects T1598 Phishing for Information
IA-09 Service Identification and Authentication Protects T1598 Phishing for Information
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598 Phishing for Information
SC-44 Detonation Chambers Protects T1598 Phishing for Information
SC-07 Boundary Protection Protects T1598 Phishing for Information
SI-03 Malicious Code Protection Protects T1598 Phishing for Information
SI-04 System Monitoring Protects T1598 Phishing for Information
SI-08 Spam Protection Protects T1598 Phishing for Information
AC-02 Account Management Protects T1574.007 Path Interception by PATH Environment Variable
AC-03 Access Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-04 Information Flow Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-05 Separation of Duties Protects T1574.007 Path Interception by PATH Environment Variable
AC-06 Least Privilege Protects T1574.007 Path Interception by PATH Environment Variable
CA-07 Continuous Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
CA-08 Penetration Testing Protects T1574.007 Path Interception by PATH Environment Variable
CM-02 Baseline Configuration Protects T1574.007 Path Interception by PATH Environment Variable
CM-06 Configuration Settings Protects T1574.007 Path Interception by PATH Environment Variable
CM-07 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-08 System Component Inventory Protects T1574.007 Path Interception by PATH Environment Variable
RA-05 Vulnerability Monitoring and Scanning Protects T1574.007 Path Interception by PATH Environment Variable
SI-10 Information Input Validation Protects T1574.007 Path Interception by PATH Environment Variable
SI-03 Malicious Code Protection Protects T1574.007 Path Interception by PATH Environment Variable
SI-04 System Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
SI-07 Software, Firmware, and Information Integrity Protects T1574.007 Path Interception by PATH Environment Variable
AC-04 Information Flow Enforcement Protects T1571 Non-Standard Port
CA-07 Continuous Monitoring Protects T1571 Non-Standard Port
CM-02 Baseline Configuration Protects T1571 Non-Standard Port
CM-06 Configuration Settings Protects T1571 Non-Standard Port
CM-07 Least Functionality Protects T1571 Non-Standard Port
SC-07 Boundary Protection Protects T1571 Non-Standard Port
SI-03 Malicious Code Protection Protects T1571 Non-Standard Port
SI-04 System Monitoring Protects T1571 Non-Standard Port
AC-03 Access Enforcement Protects T1570 Lateral Tool Transfer
AC-04 Information Flow Enforcement Protects T1570 Lateral Tool Transfer
CA-07 Continuous Monitoring Protects T1570 Lateral Tool Transfer
CM-02 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-06 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-07 Least Functionality Protects T1570 Lateral Tool Transfer
SC-07 Boundary Protection Protects T1570 Lateral Tool Transfer
SI-10 Information Input Validation Protects T1570 Lateral Tool Transfer
SI-15 Information Output Filtering Protects T1570 Lateral Tool Transfer
SI-03 Malicious Code Protection Protects T1570 Lateral Tool Transfer
SI-04 System Monitoring Protects T1570 Lateral Tool Transfer
AC-04 Information Flow Enforcement Protects T1566.002 Spearphishing Link
CA-07 Continuous Monitoring Protects T1566.002 Spearphishing Link
CM-02 Baseline Configuration Protects T1566.002 Spearphishing Link
CM-06 Configuration Settings Protects T1566.002 Spearphishing Link
IA-09 Service Identification and Authentication Protects T1566.002 Spearphishing Link
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.002 Spearphishing Link
SC-44 Detonation Chambers Protects T1566.002 Spearphishing Link
SC-07 Boundary Protection Protects T1566.002 Spearphishing Link
SI-03 Malicious Code Protection Protects T1566.002 Spearphishing Link
SI-04 System Monitoring Protects T1566.002 Spearphishing Link
SI-08 Spam Protection Protects T1566.002 Spearphishing Link
AC-04 Information Flow Enforcement Protects T1566 Phishing
CA-07 Continuous Monitoring Protects T1566 Phishing
CM-02 Baseline Configuration Protects T1566 Phishing
CM-06 Configuration Settings Protects T1566 Phishing
IA-09 Service Identification and Authentication Protects T1566 Phishing
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566 Phishing
SC-07 Boundary Protection Protects T1566 Phishing
SI-02 Flaw Remediation Protects T1566 Phishing
SI-03 Malicious Code Protection Protects T1566 Phishing
SI-04 System Monitoring Protects T1566 Phishing
SI-08 Spam Protection Protects T1566 Phishing
AC-04 Information Flow Enforcement Protects T1564.008 Email Hiding Rules
CM-03 Configuration Change Control Protects T1564.008 Email Hiding Rules
CM-05 Access Restrictions for Change Protects T1564.008 Email Hiding Rules
CM-07 Least Functionality Protects T1564.008 Email Hiding Rules
SI-03 Malicious Code Protection Protects T1564.008 Email Hiding Rules
SI-04 System Monitoring Protects T1564.008 Email Hiding Rules
SI-07 Software, Firmware, and Information Integrity Protects T1564.008 Email Hiding Rules
CM-03 Configuration Change Control Protects T1562.008 Disable or Modify Cloud Logs
AC-03 Access Enforcement Protects T1562.008 Disable or Modify Cloud Logs
AC-05 Separation of Duties Protects T1562.008 Disable or Modify Cloud Logs
AC-06 Least Privilege Protects T1562.008 Disable or Modify Cloud Logs
CM-05 Access Restrictions for Change Protects T1562.008 Disable or Modify Cloud Logs
IA-02 Identification and Authentication (organizational Users) Protects T1562.008 Disable or Modify Cloud Logs
AC-02 Account Management Protects T1562.008 Disable or Modify Cloud Logs
AC-02 Account Management Protects T1562.007 Disable or Modify Cloud Firewall
AC-03 Access Enforcement Protects T1562.007 Disable or Modify Cloud Firewall
AC-05 Separation of Duties Protects T1562.007 Disable or Modify Cloud Firewall
AC-06 Least Privilege Protects T1562.007 Disable or Modify Cloud Firewall
CM-05 Access Restrictions for Change Protects T1562.007 Disable or Modify Cloud Firewall
IA-02 Identification and Authentication (organizational Users) Protects T1562.007 Disable or Modify Cloud Firewall
AC-02 Account Management Protects T1562.006 Indicator Blocking
AC-03 Access Enforcement Protects T1562.006 Indicator Blocking
AC-05 Separation of Duties Protects T1562.006 Indicator Blocking
AC-06 Least Privilege Protects T1562.006 Indicator Blocking
CA-07 Continuous Monitoring Protects T1562.006 Indicator Blocking
CM-10 Software Usage Restrictions Protects T1562.006 Indicator Blocking
CM-02 Baseline Configuration Protects T1562.006 Indicator Blocking
CM-05 Access Restrictions for Change Protects T1562.006 Indicator Blocking
CM-06 Configuration Settings Protects T1562.006 Indicator Blocking
CM-07 Least Functionality Protects T1562.006 Indicator Blocking
IA-02 Identification and Authentication (organizational Users) Protects T1562.006 Indicator Blocking
IA-09 Service Identification and Authentication Protects T1562.006 Indicator Blocking
SC-23 Session Authenticity Protects T1562.006 Indicator Blocking
SC-08 Transmission Confidentiality and Integrity Protects T1562.006 Indicator Blocking
SI-03 Malicious Code Protection Protects T1562.006 Indicator Blocking
SI-04 System Monitoring Protects T1562.006 Indicator Blocking
SI-07 Software, Firmware, and Information Integrity Protects T1562.006 Indicator Blocking
AC-02 Account Management Protects T1562.002 Disable Windows Event Logging
AC-03 Access Enforcement Protects T1562.002 Disable Windows Event Logging
AC-05 Separation of Duties Protects T1562.002 Disable Windows Event Logging
AC-06 Least Privilege Protects T1562.002 Disable Windows Event Logging
CA-07 Continuous Monitoring Protects T1562.002 Disable Windows Event Logging
CM-02 Baseline Configuration Protects T1562.002 Disable Windows Event Logging
CM-05 Access Restrictions for Change Protects T1562.002 Disable Windows Event Logging
CM-06 Configuration Settings Protects T1562.002 Disable Windows Event Logging
CM-07 Least Functionality Protects T1562.002 Disable Windows Event Logging
IA-02 Identification and Authentication (organizational Users) Protects T1562.002 Disable Windows Event Logging
SI-03 Malicious Code Protection Protects T1562.002 Disable Windows Event Logging
SI-04 System Monitoring Protects T1562.002 Disable Windows Event Logging
SI-07 Software, Firmware, and Information Integrity Protects T1562.002 Disable Windows Event Logging
AC-02 Account Management Protects T1562.001 Disable or Modify Tools
AC-03 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-05 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-06 Least Privilege Protects T1562.001 Disable or Modify Tools
CA-07 Continuous Monitoring Protects T1562.001 Disable or Modify Tools
CM-02 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-05 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-06 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-07 Least Functionality Protects T1562.001 Disable or Modify Tools
IA-02 Identification and Authentication (organizational Users) Protects T1562.001 Disable or Modify Tools
SI-03 Malicious Code Protection Protects T1562.001 Disable or Modify Tools
SI-04 System Monitoring Protects T1562.001 Disable or Modify Tools
SI-07 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
SC-08 Transmission Confidentiality and Integrity Protects T1562 Impair Defenses
AC-03 Access Enforcement Protects T1561.002 Disk Structure Wipe
AC-06 Least Privilege Protects T1561.002 Disk Structure Wipe
CM-02 Baseline Configuration Protects T1561.002 Disk Structure Wipe
CP-10 System Recovery and Reconstitution Protects T1561.002 Disk Structure Wipe
CP-02 Contingency Plan Protects T1561.002 Disk Structure Wipe
CP-07 Alternate Processing Site Protects T1561.002 Disk Structure Wipe
CP-09 System Backup Protects T1561.002 Disk Structure Wipe
SI-03 Malicious Code Protection Protects T1561.002 Disk Structure Wipe
SI-04 System Monitoring Protects T1561.002 Disk Structure Wipe
SI-07 Software, Firmware, and Information Integrity Protects T1561.002 Disk Structure Wipe
AC-03 Access Enforcement Protects T1561.001 Disk Content Wipe
AC-06 Least Privilege Protects T1561.001 Disk Content Wipe
CM-02 Baseline Configuration Protects T1561.001 Disk Content Wipe
CP-10 System Recovery and Reconstitution Protects T1561.001 Disk Content Wipe
CP-02 Contingency Plan Protects T1561.001 Disk Content Wipe
CP-07 Alternate Processing Site Protects T1561.001 Disk Content Wipe
CP-09 System Backup Protects T1561.001 Disk Content Wipe
SI-03 Malicious Code Protection Protects T1561.001 Disk Content Wipe
SI-04 System Monitoring Protects T1561.001 Disk Content Wipe
SI-07 Software, Firmware, and Information Integrity Protects T1561.001 Disk Content Wipe
AC-03 Access Enforcement Protects T1561 Disk Wipe
AC-06 Least Privilege Protects T1561 Disk Wipe
CM-02 Baseline Configuration Protects T1561 Disk Wipe
CP-10 System Recovery and Reconstitution Protects T1561 Disk Wipe
CP-02 Contingency Plan Protects T1561 Disk Wipe
CP-07 Alternate Processing Site Protects T1561 Disk Wipe
CP-09 System Backup Protects T1561 Disk Wipe
SI-03 Malicious Code Protection Protects T1561 Disk Wipe
SI-04 System Monitoring Protects T1561 Disk Wipe
SI-07 Software, Firmware, and Information Integrity Protects T1561 Disk Wipe
CA-08 Penetration Testing Protects T1560.001 Archive via Utility
RA-05 Vulnerability Monitoring and Scanning Protects T1560.001 Archive via Utility
SC-07 Boundary Protection Protects T1560.001 Archive via Utility
SI-03 Malicious Code Protection Protects T1560.001 Archive via Utility
SI-04 System Monitoring Protects T1560.001 Archive via Utility
AC-16 Security and Privacy Attributes Protects T1557 Adversary-in-the-Middle
AC-17 Remote Access Protects T1557 Adversary-in-the-Middle
AC-18 Wireless Access Protects T1557 Adversary-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1557 Adversary-in-the-Middle
AC-20 Use of External Systems Protects T1557 Adversary-in-the-Middle
AC-03 Access Enforcement Protects T1557 Adversary-in-the-Middle
AC-04 Information Flow Enforcement Protects T1557 Adversary-in-the-Middle
CA-07 Continuous Monitoring Protects T1557 Adversary-in-the-Middle
CM-02 Baseline Configuration Protects T1557 Adversary-in-the-Middle
CM-06 Configuration Settings Protects T1557 Adversary-in-the-Middle
CM-07 Least Functionality Protects T1557 Adversary-in-the-Middle
CM-08 System Component Inventory Protects T1557 Adversary-in-the-Middle
RA-05 Vulnerability Monitoring and Scanning Protects T1557 Adversary-in-the-Middle
SC-23 Session Authenticity Protects T1557 Adversary-in-the-Middle
SC-04 Information in Shared System Resources Protects T1557 Adversary-in-the-Middle
SC-46 Cross Domain Policy Enforcement Protects T1557 Adversary-in-the-Middle
SC-07 Boundary Protection Protects T1557 Adversary-in-the-Middle
SC-08 Transmission Confidentiality and Integrity Protects T1557 Adversary-in-the-Middle
SI-10 Information Input Validation Protects T1557 Adversary-in-the-Middle
SI-12 Information Management and Retention Protects T1557 Adversary-in-the-Middle
SI-15 Information Output Filtering Protects T1557 Adversary-in-the-Middle
SI-03 Malicious Code Protection Protects T1557 Adversary-in-the-Middle
SI-04 System Monitoring Protects T1557 Adversary-in-the-Middle
SI-07 Software, Firmware, and Information Integrity Protects T1557 Adversary-in-the-Middle
CA-08 Penetration Testing Protects T1554 Compromise Client Software Binary
CM-02 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-06 Configuration Settings Protects T1554 Compromise Client Software Binary
IA-09 Service Identification and Authentication Protects T1554 Compromise Client Software Binary
SI-07 Software, Firmware, and Information Integrity Protects T1554 Compromise Client Software Binary
SR-11 Component Authenticity Protects T1554 Compromise Client Software Binary
SR-04 Provenance Protects T1554 Compromise Client Software Binary
SR-05 Acquisition Strategies, Tools, and Methods Protects T1554 Compromise Client Software Binary
SR-06 Supplier Assessments and Reviews Protects T1554 Compromise Client Software Binary
CM-02 Baseline Configuration Protects T1553.005 Mark-of-the-Web Bypass
CM-06 Configuration Settings Protects T1553.005 Mark-of-the-Web Bypass
CM-07 Least Functionality Protects T1553.005 Mark-of-the-Web Bypass
SI-10 Information Input Validation Protects T1553.005 Mark-of-the-Web Bypass
SI-04 System Monitoring Protects T1553.005 Mark-of-the-Web Bypass
SI-07 Software, Firmware, and Information Integrity Protects T1553.005 Mark-of-the-Web Bypass
AC-16 Security and Privacy Attributes Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1552.004 Private Keys
AC-18 Wireless Access Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-02 Account Management Protects T1552.004 Private Keys
AC-20 Use of External Systems Protects T1552.004 Private Keys
CA-07 Continuous Monitoring Protects T1552.004 Private Keys
CA-08 Penetration Testing Protects T1552.004 Private Keys
CM-02 Baseline Configuration Protects T1552.004 Private Keys
CM-06 Configuration Settings Protects T1552.004 Private Keys
IA-02 Identification and Authentication (organizational Users) Protects T1552.004 Private Keys
IA-05 Authenticator Management Protects T1552.004 Private Keys
RA-05 Vulnerability Monitoring and Scanning Protects T1552.004 Private Keys
SA-11 Developer Testing and Evaluation Protects T1552.004 Private Keys
SA-15 Development Process, Standards, and Tools Protects T1552.004 Private Keys
SC-12 Cryptographic Key Establishment and Management Protects T1552.004 Private Keys
SC-28 Protection of Information at Rest Protects T1552.004 Private Keys
SC-04 Information in Shared System Resources Protects T1552.004 Private Keys
SC-07 Boundary Protection Protects T1552.004 Private Keys
SI-12 Information Management and Retention Protects T1552.004 Private Keys
SI-04 System Monitoring Protects T1552.004 Private Keys
SI-07 Software, Firmware, and Information Integrity Protects T1552.004 Private Keys
AC-16 Security and Privacy Attributes Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-20 Use of External Systems Protects T1550.001 Application Access Token
CA-08 Penetration Testing Protects T1550.001 Application Access Token
CM-10 Software Usage Restrictions Protects T1550.001 Application Access Token
CM-11 User-installed Software Protects T1550.001 Application Access Token
CM-02 Baseline Configuration Protects T1550.001 Application Access Token
CM-06 Configuration Settings Protects T1550.001 Application Access Token
IA-02 Identification and Authentication (organizational Users) Protects T1550.001 Application Access Token
IA-04 Identifier Management Protects T1550.001 Application Access Token
SC-28 Protection of Information at Rest Protects T1550.001 Application Access Token
SC-08 Transmission Confidentiality and Integrity Protects T1550.001 Application Access Token
SI-12 Information Management and Retention Protects T1550.001 Application Access Token
SI-04 System Monitoring Protects T1550.001 Application Access Token
SI-07 Software, Firmware, and Information Integrity Protects T1550.001 Application Access Token
CM-06 Configuration Settings Protects T1548.001 Setuid and Setgid
CM-07 Least Functionality Protects T1548.001 Setuid and Setgid
SI-04 System Monitoring Protects T1548.001 Setuid and Setgid
AC-17 Remote Access Protects T1547.013 XDG Autostart Entries
AC-02 Account Management Protects T1547.013 XDG Autostart Entries
AC-03 Access Enforcement Protects T1547.013 XDG Autostart Entries
AC-05 Separation of Duties Protects T1547.013 XDG Autostart Entries
AC-06 Least Privilege Protects T1547.013 XDG Autostart Entries
CA-07 Continuous Monitoring Protects T1547.013 XDG Autostart Entries
CM-11 User-installed Software Protects T1547.013 XDG Autostart Entries
CM-02 Baseline Configuration Protects T1547.013 XDG Autostart Entries
CM-03 Configuration Change Control Protects T1547.013 XDG Autostart Entries
CM-05 Access Restrictions for Change Protects T1547.013 XDG Autostart Entries
CM-06 Configuration Settings Protects T1547.013 XDG Autostart Entries
IA-02 Identification and Authentication (organizational Users) Protects T1547.013 XDG Autostart Entries
SI-03 Malicious Code Protection Protects T1547.013 XDG Autostart Entries
SI-04 System Monitoring Protects T1547.013 XDG Autostart Entries
SI-07 Software, Firmware, and Information Integrity Protects T1547.013 XDG Autostart Entries
AC-17 Remote Access Protects T1547.012 Print Processors
AC-02 Account Management Protects T1547.012 Print Processors
AC-03 Access Enforcement Protects T1547.012 Print Processors
AC-05 Separation of Duties Protects T1547.012 Print Processors
AC-06 Least Privilege Protects T1547.012 Print Processors
CM-05 Access Restrictions for Change Protects T1547.012 Print Processors
IA-02 Identification and Authentication (organizational Users) Protects T1547.012 Print Processors
SI-04 System Monitoring Protects T1547.012 Print Processors
AC-02 Account Management Protects T1543.002 Systemd Service
AC-03 Access Enforcement Protects T1543.002 Systemd Service
AC-05 Separation of Duties Protects T1543.002 Systemd Service
AC-06 Least Privilege Protects T1543.002 Systemd Service
CA-07 Continuous Monitoring Protects T1543.002 Systemd Service
CM-11 User-installed Software Protects T1543.002 Systemd Service
CM-02 Baseline Configuration Protects T1543.002 Systemd Service
CM-03 Configuration Change Control Protects T1543.002 Systemd Service
CM-05 Access Restrictions for Change Protects T1543.002 Systemd Service
CM-06 Configuration Settings Protects T1543.002 Systemd Service
IA-02 Identification and Authentication (organizational Users) Protects T1543.002 Systemd Service
SA-22 Unsupported System Components Protects T1543.002 Systemd Service
SI-16 Memory Protection Protects T1543.002 Systemd Service
SI-03 Malicious Code Protection Protects T1543.002 Systemd Service
SI-04 System Monitoring Protects T1543.002 Systemd Service
SI-07 Software, Firmware, and Information Integrity Protects T1543.002 Systemd Service
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage
AC-17 Remote Access Protects T1530 Data from Cloud Storage
AC-18 Wireless Access Protects T1530 Data from Cloud Storage
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage
AC-02 Account Management Protects T1530 Data from Cloud Storage
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage
AC-03 Access Enforcement Protects T1530 Data from Cloud Storage
AC-04 Information Flow Enforcement Protects T1530 Data from Cloud Storage
AC-05 Separation of Duties Protects T1530 Data from Cloud Storage
AC-06 Least Privilege Protects T1530 Data from Cloud Storage
AC-07 Unsuccessful Logon Attempts Protects T1530 Data from Cloud Storage
CA-07 Continuous Monitoring Protects T1530 Data from Cloud Storage
CA-08 Penetration Testing Protects T1530 Data from Cloud Storage
CM-02 Baseline Configuration Protects T1530 Data from Cloud Storage
CM-05 Access Restrictions for Change Protects T1530 Data from Cloud Storage
CM-06 Configuration Settings Protects T1530 Data from Cloud Storage
CM-07 Least Functionality Protects T1530 Data from Cloud Storage
CM-08 System Component Inventory Protects T1530 Data from Cloud Storage
IA-02 Identification and Authentication (organizational Users) Protects T1530 Data from Cloud Storage
IA-03 Device Identification and Authentication Protects T1530 Data from Cloud Storage
IA-04 Identifier Management Protects T1530 Data from Cloud Storage
IA-05 Authenticator Management Protects T1530 Data from Cloud Storage
IA-06 Authentication Feedback Protects T1530 Data from Cloud Storage
IA-08 Identification and Authentication (non-organizational Users) Protects T1530 Data from Cloud Storage
RA-05 Vulnerability Monitoring and Scanning Protects T1530 Data from Cloud Storage
SC-28 Protection of Information at Rest Protects T1530 Data from Cloud Storage
SC-04 Information in Shared System Resources Protects T1530 Data from Cloud Storage
SC-07 Boundary Protection Protects T1530 Data from Cloud Storage
SI-10 Information Input Validation Protects T1530 Data from Cloud Storage
SI-12 Information Management and Retention Protects T1530 Data from Cloud Storage
SI-15 Information Output Filtering Protects T1530 Data from Cloud Storage
SI-04 System Monitoring Protects T1530 Data from Cloud Storage
SI-07 Software, Firmware, and Information Integrity Protects T1530 Data from Cloud Storage
AC-17 Remote Access Protects T1219 Remote Access Software
AC-03 Access Enforcement Protects T1219 Remote Access Software
AC-04 Information Flow Enforcement Protects T1219 Remote Access Software
CA-07 Continuous Monitoring Protects T1219 Remote Access Software
CM-02 Baseline Configuration Protects T1219 Remote Access Software
CM-06 Configuration Settings Protects T1219 Remote Access Software
CM-07 Least Functionality Protects T1219 Remote Access Software
SC-07 Boundary Protection Protects T1219 Remote Access Software
SI-10 Information Input Validation Protects T1219 Remote Access Software
SI-15 Information Output Filtering Protects T1219 Remote Access Software
SI-03 Malicious Code Protection Protects T1219 Remote Access Software
SI-04 System Monitoring Protects T1219 Remote Access Software
SI-07 Software, Firmware, and Information Integrity Protects T1219 Remote Access Software
AC-04 Information Flow Enforcement Protects T1211 Exploitation for Defense Evasion
AC-06 Least Privilege Protects T1211 Exploitation for Defense Evasion
CA-07 Continuous Monitoring Protects T1211 Exploitation for Defense Evasion
CA-08 Penetration Testing Protects T1211 Exploitation for Defense Evasion
CM-02 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-06 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-08 System Component Inventory Protects T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting Protects T1211 Exploitation for Defense Evasion
RA-05 Vulnerability Monitoring and Scanning Protects T1211 Exploitation for Defense Evasion
SC-18 Mobile Code Protects T1211 Exploitation for Defense Evasion
SC-02 Separation of System and User Functionality Protects T1211 Exploitation for Defense Evasion
SC-26 Decoys Protects T1211 Exploitation for Defense Evasion
SC-29 Heterogeneity Protects T1211 Exploitation for Defense Evasion
SC-03 Security Function Isolation Protects T1211 Exploitation for Defense Evasion
SC-30 Concealment and Misdirection Protects T1211 Exploitation for Defense Evasion
SC-35 External Malicious Code Identification Protects T1211 Exploitation for Defense Evasion
SC-39 Process Isolation Protects T1211 Exploitation for Defense Evasion
SC-07 Boundary Protection Protects T1211 Exploitation for Defense Evasion
SI-02 Flaw Remediation Protects T1211 Exploitation for Defense Evasion
SI-03 Malicious Code Protection Protects T1211 Exploitation for Defense Evasion
SI-04 System Monitoring Protects T1211 Exploitation for Defense Evasion
SI-05 Security Alerts, Advisories, and Directives Protects T1211 Exploitation for Defense Evasion
SI-07 Software, Firmware, and Information Integrity Protects T1211 Exploitation for Defense Evasion
AC-02 Account Management Protects T1190 Exploit Public-Facing Application
AC-03 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-04 Information Flow Enforcement Protects T1190 Exploit Public-Facing Application
AC-05 Separation of Duties Protects T1190 Exploit Public-Facing Application
AC-06 Least Privilege Protects T1190 Exploit Public-Facing Application
CA-02 Control Assessments Protects T1190 Exploit Public-Facing Application
CA-07 Continuous Monitoring Protects T1190 Exploit Public-Facing Application
CM-05 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-06 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-07 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-08 System Component Inventory Protects T1190 Exploit Public-Facing Application
IA-02 Identification and Authentication (organizational Users) Protects T1190 Exploit Public-Facing Application
IA-08 Identification and Authentication (non-organizational Users) Protects T1190 Exploit Public-Facing Application
RA-10 Threat Hunting Protects T1190 Exploit Public-Facing Application
RA-05 Vulnerability Monitoring and Scanning Protects T1190 Exploit Public-Facing Application
SA-08 Security and Privacy Engineering Principles Protects T1190 Exploit Public-Facing Application
SC-18 Mobile Code Protects T1190 Exploit Public-Facing Application
SC-02 Separation of System and User Functionality Protects T1190 Exploit Public-Facing Application
SC-29 Heterogeneity Protects T1190 Exploit Public-Facing Application
SC-03 Security Function Isolation Protects T1190 Exploit Public-Facing Application
SC-30 Concealment and Misdirection Protects T1190 Exploit Public-Facing Application
SC-39 Process Isolation Protects T1190 Exploit Public-Facing Application
SC-46 Cross Domain Policy Enforcement Protects T1190 Exploit Public-Facing Application
SC-07 Boundary Protection Protects T1190 Exploit Public-Facing Application
SI-10 Information Input Validation Protects T1190 Exploit Public-Facing Application
SI-02 Flaw Remediation Protects T1190 Exploit Public-Facing Application
SI-03 Malicious Code Protection Protects T1190 Exploit Public-Facing Application
SI-04 System Monitoring Protects T1190 Exploit Public-Facing Application
SI-07 Software, Firmware, and Information Integrity Protects T1190 Exploit Public-Facing Application
AC-04 Information Flow Enforcement Protects T1189 Drive-by Compromise
AC-06 Least Privilege Protects T1189 Drive-by Compromise
CA-07 Continuous Monitoring Protects T1189 Drive-by Compromise
CM-02 Baseline Configuration Protects T1189 Drive-by Compromise
CM-06 Configuration Settings Protects T1189 Drive-by Compromise
CM-08 System Component Inventory Protects T1189 Drive-by Compromise
SA-22 Unsupported System Components Protects T1189 Drive-by Compromise
SC-18 Mobile Code Protects T1189 Drive-by Compromise
SC-02 Separation of System and User Functionality Protects T1189 Drive-by Compromise
SC-29 Heterogeneity Protects T1189 Drive-by Compromise
SC-03 Security Function Isolation Protects T1189 Drive-by Compromise
SC-30 Concealment and Misdirection Protects T1189 Drive-by Compromise
SC-39 Process Isolation Protects T1189 Drive-by Compromise
SC-07 Boundary Protection Protects T1189 Drive-by Compromise
SI-02 Flaw Remediation Protects T1189 Drive-by Compromise
SI-03 Malicious Code Protection Protects T1189 Drive-by Compromise
SI-04 System Monitoring Protects T1189 Drive-by Compromise
SI-07 Software, Firmware, and Information Integrity Protects T1189 Drive-by Compromise
SI-03 Malicious Code Protection Protects T1129 Shared Modules
CM-02 Baseline Configuration Protects T1129 Shared Modules
CM-07 Least Functionality Protects T1129 Shared Modules
SI-10 Information Input Validation Protects T1129 Shared Modules
SI-04 System Monitoring Protects T1129 Shared Modules
SI-07 Software, Firmware, and Information Integrity Protects T1129 Shared Modules
AC-16 Security and Privacy Attributes Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-20 Use of External Systems Protects T1114.003 Email Forwarding Rule
AC-04 Information Flow Enforcement Protects T1114.003 Email Forwarding Rule
CM-06 Configuration Settings Protects T1114.003 Email Forwarding Rule
SC-43 Usage Restrictions Protects T1114.003 Email Forwarding Rule
SC-07 Boundary Protection Protects T1114.003 Email Forwarding Rule
SI-12 Information Management and Retention Protects T1114.003 Email Forwarding Rule
SI-04 System Monitoring Protects T1114.003 Email Forwarding Rule
SI-07 Software, Firmware, and Information Integrity Protects T1114.003 Email Forwarding Rule
SA-10 Developer Configuration Management Protects T1072 Software Deployment Tools
SA-09 External System Services Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1111 Multi-Factor Authentication Interception
CA-07 Continuous Monitoring Protects T1111 Multi-Factor Authentication Interception
CM-02 Baseline Configuration Protects T1111 Multi-Factor Authentication Interception
CM-06 Configuration Settings Protects T1111 Multi-Factor Authentication Interception
IA-02 Identification and Authentication (organizational Users) Protects T1111 Multi-Factor Authentication Interception
IA-05 Authenticator Management Protects T1111 Multi-Factor Authentication Interception
SI-03 Malicious Code Protection Protects T1111 Multi-Factor Authentication Interception
SI-04 System Monitoring Protects T1111 Multi-Factor Authentication Interception
AC-04 Information Flow Enforcement Protects T1105 Ingress Tool Transfer
CA-07 Continuous Monitoring Protects T1105 Ingress Tool Transfer
CM-02 Baseline Configuration Protects T1105 Ingress Tool Transfer
CM-06 Configuration Settings Protects T1105 Ingress Tool Transfer
CM-07 Least Functionality Protects T1105 Ingress Tool Transfer
SC-07 Boundary Protection Protects T1105 Ingress Tool Transfer
SI-03 Malicious Code Protection Protects T1105 Ingress Tool Transfer
SI-04 System Monitoring Protects T1105 Ingress Tool Transfer
AC-02 Account Management Protects T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems Protects T1098.001 Additional Cloud Credentials
AC-03 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-04 Information Flow Enforcement Protects T1098.001 Additional Cloud Credentials
AC-05 Separation of Duties Protects T1098.001 Additional Cloud Credentials
AC-06 Least Privilege Protects T1098.001 Additional Cloud Credentials
CM-05 Access Restrictions for Change Protects T1098.001 Additional Cloud Credentials
CM-06 Configuration Settings Protects T1098.001 Additional Cloud Credentials
CM-07 Least Functionality Protects T1098.001 Additional Cloud Credentials
IA-02 Identification and Authentication (organizational Users) Protects T1098.001 Additional Cloud Credentials
IA-05 Authenticator Management Protects T1098.001 Additional Cloud Credentials
SC-46 Cross Domain Policy Enforcement Protects T1098.001 Additional Cloud Credentials
SC-07 Boundary Protection Protects T1098.001 Additional Cloud Credentials
SI-04 System Monitoring Protects T1098.001 Additional Cloud Credentials
SI-07 Software, Firmware, and Information Integrity Protects T1098.001 Additional Cloud Credentials
AC-03 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-04 Information Flow Enforcement Protects T1095 Non-Application Layer Protocol
CA-07 Continuous Monitoring Protects T1095 Non-Application Layer Protocol
CM-02 Baseline Configuration Protects T1095 Non-Application Layer Protocol
CM-06 Configuration Settings Protects T1095 Non-Application Layer Protocol
CM-07 Least Functionality Protects T1095 Non-Application Layer Protocol
SC-07 Boundary Protection Protects T1095 Non-Application Layer Protocol
SI-10 Information Input Validation Protects T1095 Non-Application Layer Protocol
SI-15 Information Output Filtering Protects T1095 Non-Application Layer Protocol
SI-03 Malicious Code Protection Protects T1095 Non-Application Layer Protocol
SI-04 System Monitoring Protects T1095 Non-Application Layer Protocol
CM-06 Configuration Settings Protects T1087 Account Discovery
CM-07 Least Functionality Protects T1087 Account Discovery
SI-04 System Monitoring Protects T1087 Account Discovery
AC-02 Account Management Protects T1070.009 Clear Persistence
AC-03 Access Enforcement Protects T1070.009 Clear Persistence
AC-05 Separation of Duties Protects T1070.009 Clear Persistence
AC-06 Least Privilege Protects T1070.009 Clear Persistence
CA-07 Continuous Monitoring Protects T1070.009 Clear Persistence
CM-02 Baseline Configuration Protects T1070.009 Clear Persistence
CM-06 Configuration Settings Protects T1070.009 Clear Persistence
SI-03 Malicious Code Protection Protects T1070.009 Clear Persistence
SI-04 System Monitoring Protects T1070.009 Clear Persistence
SI-07 Software, Firmware, and Information Integrity Protects T1070.009 Clear Persistence
AC-16 Security and Privacy Attributes Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-18 Wireless Access Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-02 Account Management Protects T1070.001 Clear Windows Event Logs
AC-03 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-05 Separation of Duties Protects T1070.001 Clear Windows Event Logs
AC-06 Least Privilege Protects T1070.001 Clear Windows Event Logs
CA-07 Continuous Monitoring Protects T1070.001 Clear Windows Event Logs
CM-02 Baseline Configuration Protects T1070.001 Clear Windows Event Logs
CM-06 Configuration Settings Protects T1070.001 Clear Windows Event Logs
CP-06 Alternate Storage Site Protects T1070.001 Clear Windows Event Logs
CP-07 Alternate Processing Site Protects T1070.001 Clear Windows Event Logs
CP-09 System Backup Protects T1070.001 Clear Windows Event Logs
SC-36 Distributed Processing and Storage Protects T1070.001 Clear Windows Event Logs
SC-04 Information in Shared System Resources Protects T1070.001 Clear Windows Event Logs
SI-12 Information Management and Retention Protects T1070.001 Clear Windows Event Logs
SI-23 Information Fragmentation Protects T1070.001 Clear Windows Event Logs
SI-03 Malicious Code Protection Protects T1070.001 Clear Windows Event Logs
SI-04 System Monitoring Protects T1070.001 Clear Windows Event Logs
SI-07 Software, Firmware, and Information Integrity Protects T1070.001 Clear Windows Event Logs
AC-03 Access Enforcement Protects T1005 Data from Local System
AC-06 Least Privilege Protects T1005 Data from Local System
CM-12 Information Location Protects T1005 Data from Local System
CP-09 System Backup Protects T1005 Data from Local System
SA-08 Security and Privacy Engineering Principles Protects T1005 Data from Local System
SC-13 Cryptographic Protection Protects T1005 Data from Local System
SC-28 Protection of Information at Rest Protects T1005 Data from Local System
SC-38 Operations Security Protects T1005 Data from Local System
SI-03 Malicious Code Protection Protects T1005 Data from Local System
SI-04 System Monitoring Protects T1005 Data from Local System
AC-17 Remote Access Protects T1552.002 Credentials in Registry
AC-02 Account Management Protects T1552.002 Credentials in Registry
AC-03 Access Enforcement Protects T1552.002 Credentials in Registry
AC-05 Separation of Duties Protects T1552.002 Credentials in Registry
AC-06 Least Privilege Protects T1552.002 Credentials in Registry
CA-07 Continuous Monitoring Protects T1552.002 Credentials in Registry
CA-08 Penetration Testing Protects T1552.002 Credentials in Registry
CM-05 Access Restrictions for Change Protects T1552.002 Credentials in Registry
CM-06 Configuration Settings Protects T1552.002 Credentials in Registry
IA-02 Identification and Authentication (organizational Users) Protects T1552.002 Credentials in Registry
IA-05 Authenticator Management Protects T1552.002 Credentials in Registry
RA-05 Vulnerability Monitoring and Scanning Protects T1552.002 Credentials in Registry
SA-11 Developer Testing and Evaluation Protects T1552.002 Credentials in Registry
SA-15 Development Process, Standards, and Tools Protects T1552.002 Credentials in Registry
SC-12 Cryptographic Key Establishment and Management Protects T1552.002 Credentials in Registry
SC-28 Protection of Information at Rest Protects T1552.002 Credentials in Registry
SC-04 Information in Shared System Resources Protects T1552.002 Credentials in Registry
SI-04 System Monitoring Protects T1552.002 Credentials in Registry
AC-02 Account Management Protects T1552.001 Credentials In Files
AC-04 Information Flow Enforcement Protects T1552.001 Credentials In Files
AC-05 Separation of Duties Protects T1552.001 Credentials In Files
AC-06 Least Privilege Protects T1552.001 Credentials In Files
CA-07 Continuous Monitoring Protects T1552.001 Credentials In Files
CA-08 Penetration Testing Protects T1552.001 Credentials In Files
CM-02 Baseline Configuration Protects T1552.001 Credentials In Files
CM-06 Configuration Settings Protects T1552.001 Credentials In Files
IA-02 Identification and Authentication (organizational Users) Protects T1552.001 Credentials In Files
IA-05 Authenticator Management Protects T1552.001 Credentials In Files
RA-05 Vulnerability Monitoring and Scanning Protects T1552.001 Credentials In Files
SA-11 Developer Testing and Evaluation Protects T1552.001 Credentials In Files
SA-15 Development Process, Standards, and Tools Protects T1552.001 Credentials In Files
SC-12 Cryptographic Key Establishment and Management Protects T1552.001 Credentials In Files
SC-28 Protection of Information at Rest Protects T1552.001 Credentials In Files
SC-04 Information in Shared System Resources Protects T1552.001 Credentials In Files
SC-07 Boundary Protection Protects T1552.001 Credentials In Files
SI-04 System Monitoring Protects T1552.001 Credentials In Files
SI-07 Software, Firmware, and Information Integrity Protects T1542.003 Bootkit
AC-02 Account Management Protects T1542.003 Bootkit
AC-03 Access Enforcement Protects T1542.003 Bootkit
AC-05 Separation of Duties Protects T1542.003 Bootkit
AC-06 Least Privilege Protects T1542.003 Bootkit
CA-08 Penetration Testing Protects T1542.003 Bootkit
CM-03 Configuration Change Control Protects T1542.003 Bootkit
CM-05 Access Restrictions for Change Protects T1542.003 Bootkit
CM-06 Configuration Settings Protects T1542.003 Bootkit
CM-08 System Component Inventory Protects T1542.003 Bootkit
IA-02 Identification and Authentication (organizational Users) Protects T1542.003 Bootkit
IA-07 Cryptographic Module Authentication Protects T1542.003 Bootkit
IA-08 Identification and Authentication (non-organizational Users) Protects T1542.003 Bootkit
RA-09 Criticality Analysis Protects T1542.003 Bootkit
SA-10 Developer Configuration Management Protects T1542.003 Bootkit
SA-11 Developer Testing and Evaluation Protects T1542.003 Bootkit
SC-34 Non-modifiable Executable Programs Protects T1542.003 Bootkit
SI-02 Flaw Remediation Protects T1542.003 Bootkit
AC-03 Access Enforcement Protects T1499.002 Service Exhaustion Flood
AC-04 Information Flow Enforcement Protects T1499.002 Service Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499.002 Service Exhaustion Flood
CM-06 Configuration Settings Protects T1499.002 Service Exhaustion Flood
CM-07 Least Functionality Protects T1499.002 Service Exhaustion Flood
SC-07 Boundary Protection Protects T1499.002 Service Exhaustion Flood
SI-10 Information Input Validation Protects T1499.002 Service Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.002 Service Exhaustion Flood
SI-04 System Monitoring Protects T1499.002 Service Exhaustion Flood
AC-03 Access Enforcement Protects T1499.001 OS Exhaustion Flood
AC-04 Information Flow Enforcement Protects T1499.001 OS Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499.001 OS Exhaustion Flood
CM-06 Configuration Settings Protects T1499.001 OS Exhaustion Flood
CM-07 Least Functionality Protects T1499.001 OS Exhaustion Flood
SC-07 Boundary Protection Protects T1499.001 OS Exhaustion Flood
SI-10 Information Input Validation Protects T1499.001 OS Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.001 OS Exhaustion Flood
SI-04 System Monitoring Protects T1499.001 OS Exhaustion Flood
AC-03 Access Enforcement Protects T1499 Endpoint Denial of Service
AC-04 Information Flow Enforcement Protects T1499 Endpoint Denial of Service
CA-07 Continuous Monitoring Protects T1499 Endpoint Denial of Service
CM-06 Configuration Settings Protects T1499 Endpoint Denial of Service
CM-07 Least Functionality Protects T1499 Endpoint Denial of Service
SC-07 Boundary Protection Protects T1499 Endpoint Denial of Service
SI-10 Information Input Validation Protects T1499 Endpoint Denial of Service
SI-15 Information Output Filtering Protects T1499 Endpoint Denial of Service
SI-04 System Monitoring Protects T1499 Endpoint Denial of Service
AC-03 Access Enforcement Protects T1485 Data Destruction
AC-06 Least Privilege Protects T1485 Data Destruction
CM-02 Baseline Configuration Protects T1485 Data Destruction
CP-10 System Recovery and Reconstitution Protects T1485 Data Destruction
CP-02 Contingency Plan Protects T1485 Data Destruction
CP-07 Alternate Processing Site Protects T1485 Data Destruction
CP-09 System Backup Protects T1485 Data Destruction
SI-03 Malicious Code Protection Protects T1485 Data Destruction
SI-04 System Monitoring Protects T1485 Data Destruction
SI-07 Software, Firmware, and Information Integrity Protects T1485 Data Destruction
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-03 Access Enforcement Protects T1200 Hardware Additions
AC-06 Least Privilege Protects T1200 Hardware Additions
MP-07 Media Use Protects T1200 Hardware Additions
SC-41 Port and I/O Device Access Protects T1200 Hardware Additions
AC-02 Account Management Protects T1197 BITS Jobs
AC-03 Access Enforcement Protects T1197 BITS Jobs
AC-04 Information Flow Enforcement Protects T1197 BITS Jobs
AC-05 Separation of Duties Protects T1197 BITS Jobs
AC-06 Least Privilege Protects T1197 BITS Jobs
CA-07 Continuous Monitoring Protects T1197 BITS Jobs
CM-05 Access Restrictions for Change Protects T1197 BITS Jobs
CM-06 Configuration Settings Protects T1197 BITS Jobs
CM-07 Least Functionality Protects T1197 BITS Jobs
IA-02 Identification and Authentication (organizational Users) Protects T1197 BITS Jobs
SC-07 Boundary Protection Protects T1197 BITS Jobs
SI-10 Information Input Validation Protects T1197 BITS Jobs
SI-15 Information Output Filtering Protects T1197 BITS Jobs
SI-04 System Monitoring Protects T1197 BITS Jobs
CA-02 Control Assessments Protects T1195 Supply Chain Compromise
CA-07 Continuous Monitoring Protects T1195 Supply Chain Compromise
CM-11 User-installed Software Protects T1195 Supply Chain Compromise
CM-07 Least Functionality Protects T1195 Supply Chain Compromise
RA-10 Threat Hunting Protects T1195 Supply Chain Compromise
RA-05 Vulnerability Monitoring and Scanning Protects T1195 Supply Chain Compromise
SA-22 Unsupported System Components Protects T1195 Supply Chain Compromise
SI-02 Flaw Remediation Protects T1195 Supply Chain Compromise
AC-03 Access Enforcement Protects T1187 Forced Authentication
AC-04 Information Flow Enforcement Protects T1187 Forced Authentication
CA-07 Continuous Monitoring Protects T1187 Forced Authentication
CM-02 Baseline Configuration Protects T1187 Forced Authentication
CM-06 Configuration Settings Protects T1187 Forced Authentication
CM-07 Least Functionality Protects T1187 Forced Authentication
SC-07 Boundary Protection Protects T1187 Forced Authentication
SI-10 Information Input Validation Protects T1187 Forced Authentication
SI-15 Information Output Filtering Protects T1187 Forced Authentication
SI-04 System Monitoring Protects T1187 Forced Authentication
AC-02 Account Management Protects T1136 Create Account
AC-20 Use of External Systems Protects T1136 Create Account
AC-03 Access Enforcement Protects T1136 Create Account
AC-04 Information Flow Enforcement Protects T1136 Create Account
AC-05 Separation of Duties Protects T1136 Create Account
AC-06 Least Privilege Protects T1136 Create Account
CM-05 Access Restrictions for Change Protects T1136 Create Account
CM-06 Configuration Settings Protects T1136 Create Account
CM-07 Least Functionality Protects T1136 Create Account
IA-02 Identification and Authentication (organizational Users) Protects T1136 Create Account
IA-05 Authenticator Management Protects T1136 Create Account
SC-46 Cross Domain Policy Enforcement Protects T1136 Create Account
SC-07 Boundary Protection Protects T1136 Create Account
SI-04 System Monitoring Protects T1136 Create Account
SI-07 Software, Firmware, and Information Integrity Protects T1136 Create Account
CM-06 Configuration Settings Protects T1135 Network Share Discovery
CM-07 Least Functionality Protects T1135 Network Share Discovery
SI-04 System Monitoring Protects T1135 Network Share Discovery
AC-02 Account Management Protects T1134 Access Token Manipulation
AC-03 Access Enforcement Protects T1134 Access Token Manipulation
AC-05 Separation of Duties Protects T1134 Access Token Manipulation
AC-06 Least Privilege Protects T1134 Access Token Manipulation
CM-05 Access Restrictions for Change Protects T1134 Access Token Manipulation
CM-06 Configuration Settings Protects T1134 Access Token Manipulation
IA-02 Identification and Authentication (organizational Users) Protects T1134 Access Token Manipulation
AC-04 Information Flow Enforcement Protects T1132 Data Encoding
CA-07 Continuous Monitoring Protects T1132 Data Encoding
CM-02 Baseline Configuration Protects T1132 Data Encoding
CM-06 Configuration Settings Protects T1132 Data Encoding
SC-07 Boundary Protection Protects T1132 Data Encoding
SI-03 Malicious Code Protection Protects T1132 Data Encoding
SI-04 System Monitoring Protects T1132 Data Encoding
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-17 Remote Access Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114 Email Collection
AC-03 Access Enforcement Protects T1114 Email Collection
AC-04 Information Flow Enforcement Protects T1114 Email Collection
CM-02 Baseline Configuration Protects T1114 Email Collection
CM-06 Configuration Settings Protects T1114 Email Collection
IA-02 Identification and Authentication (organizational Users) Protects T1114 Email Collection
IA-05 Authenticator Management Protects T1114 Email Collection
SC-07 Boundary Protection Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-04 System Monitoring Protects T1114 Email Collection
SI-07 Software, Firmware, and Information Integrity Protects T1114 Email Collection
AC-02 Account Management Protects T1110 Brute Force
AC-20 Use of External Systems Protects T1110 Brute Force
AC-03 Access Enforcement Protects T1110 Brute Force
AC-05 Separation of Duties Protects T1110 Brute Force
AC-06 Least Privilege Protects T1110 Brute Force
AC-07 Unsuccessful Logon Attempts Protects T1110 Brute Force
CA-07 Continuous Monitoring Protects T1110 Brute Force
CM-02 Baseline Configuration Protects T1110 Brute Force
CM-06 Configuration Settings Protects T1110 Brute Force
IA-11 Re-authentication Protects T1110 Brute Force
IA-02 Identification and Authentication (organizational Users) Protects T1110 Brute Force
IA-04 Identifier Management Protects T1110 Brute Force
IA-05 Authenticator Management Protects T1110 Brute Force
SI-04 System Monitoring Protects T1110 Brute Force
AC-03 Access Enforcement Protects T1091 Replication Through Removable Media
AC-06 Least Privilege Protects T1091 Replication Through Removable Media
CM-02 Baseline Configuration Protects T1091 Replication Through Removable Media
CM-06 Configuration Settings Protects T1091 Replication Through Removable Media
CM-08 System Component Inventory Protects T1091 Replication Through Removable Media
MP-07 Media Use Protects T1091 Replication Through Removable Media
RA-05 Vulnerability Monitoring and Scanning Protects T1091 Replication Through Removable Media
SC-41 Port and I/O Device Access Protects T1091 Replication Through Removable Media
SI-03 Malicious Code Protection Protects T1091 Replication Through Removable Media
SI-04 System Monitoring Protects T1091 Replication Through Removable Media
AC-02 Account Management Protects T1070.003 Clear Command History
AC-03 Access Enforcement Protects T1070.003 Clear Command History
AC-05 Separation of Duties Protects T1070.003 Clear Command History
AC-06 Least Privilege Protects T1070.003 Clear Command History
CA-07 Continuous Monitoring Protects T1070.003 Clear Command History
CM-02 Baseline Configuration Protects T1070.003 Clear Command History
CM-06 Configuration Settings Protects T1070.003 Clear Command History
SI-03 Malicious Code Protection Protects T1070.003 Clear Command History
SI-04 System Monitoring Protects T1070.003 Clear Command History
SI-07 Software, Firmware, and Information Integrity Protects T1070.003 Clear Command History
AC-04 Information Flow Enforcement Protects T1046 Network Service Discovery
CA-07 Continuous Monitoring Protects T1046 Network Service Discovery
CM-02 Baseline Configuration Protects T1046 Network Service Discovery
CM-06 Configuration Settings Protects T1046 Network Service Discovery
CM-07 Least Functionality Protects T1046 Network Service Discovery
CM-08 System Component Inventory Protects T1046 Network Service Discovery
RA-05 Vulnerability Monitoring and Scanning Protects T1046 Network Service Discovery
SC-46 Cross Domain Policy Enforcement Protects T1046 Network Service Discovery
SI-03 Malicious Code Protection Protects T1046 Network Service Discovery
SI-04 System Monitoring Protects T1046 Network Service Discovery
SC-07 Boundary Protection Protects T1046 Network Service Discovery
AC-16 Security and Privacy Attributes Protects T1041 Exfiltration Over C2 Channel
AC-02 Account Management Protects T1041 Exfiltration Over C2 Channel
AC-20 Use of External Systems Protects T1041 Exfiltration Over C2 Channel
AC-23 Data Mining Protection Protects T1041 Exfiltration Over C2 Channel
AC-03 Access Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-04 Information Flow Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-06 Least Privilege Protects T1041 Exfiltration Over C2 Channel
CA-03 Information Exchange Protects T1041 Exfiltration Over C2 Channel
CA-07 Continuous Monitoring Protects T1041 Exfiltration Over C2 Channel
SA-08 Security and Privacy Engineering Principles Protects T1041 Exfiltration Over C2 Channel
SA-09 External System Services Protects T1041 Exfiltration Over C2 Channel
SC-13 Cryptographic Protection Protects T1041 Exfiltration Over C2 Channel
SC-28 Protection of Information at Rest Protects T1041 Exfiltration Over C2 Channel
SC-31 Covert Channel Analysis Protects T1041 Exfiltration Over C2 Channel
SC-07 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SI-03 Malicious Code Protection Protects T1041 Exfiltration Over C2 Channel
SI-04 System Monitoring Protects T1041 Exfiltration Over C2 Channel
SR-04 Provenance Protects T1041 Exfiltration Over C2 Channel
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-03 Access Enforcement Protects T1037 Boot or Logon Initialization Scripts
CA-07 Continuous Monitoring Protects T1037 Boot or Logon Initialization Scripts
CM-02 Baseline Configuration Protects T1037 Boot or Logon Initialization Scripts
CM-06 Configuration Settings Protects T1037 Boot or Logon Initialization Scripts
CM-07 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
SI-03 Malicious Code Protection Protects T1037 Boot or Logon Initialization Scripts
SI-04 System Monitoring Protects T1037 Boot or Logon Initialization Scripts
SI-07 Software, Firmware, and Information Integrity Protects T1037 Boot or Logon Initialization Scripts
AC-02 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-04 Information Flow Enforcement Protects T1068 Exploitation for Privilege Escalation
AC-06 Least Privilege Protects T1068 Exploitation for Privilege Escalation
CA-07 Continuous Monitoring Protects T1068 Exploitation for Privilege Escalation
CA-08 Penetration Testing Protects T1068 Exploitation for Privilege Escalation
CM-02 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-06 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-07 Least Functionality Protects T1068 Exploitation for Privilege Escalation
CM-08 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
RA-10 Threat Hunting Protects T1068 Exploitation for Privilege Escalation
RA-05 Vulnerability Monitoring and Scanning Protects T1068 Exploitation for Privilege Escalation
SC-18 Mobile Code Protects T1068 Exploitation for Privilege Escalation
SC-02 Separation of System and User Functionality Protects T1068 Exploitation for Privilege Escalation
SC-03 Security Function Isolation Protects T1068 Exploitation for Privilege Escalation
SC-30 Concealment and Misdirection Protects T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation Protects T1068 Exploitation for Privilege Escalation
SC-07 Boundary Protection Protects T1068 Exploitation for Privilege Escalation
SI-02 Flaw Remediation Protects T1068 Exploitation for Privilege Escalation
SI-03 Malicious Code Protection Protects T1068 Exploitation for Privilege Escalation
SI-04 System Monitoring Protects T1068 Exploitation for Privilege Escalation
SI-05 Security Alerts, Advisories, and Directives Protects T1068 Exploitation for Privilege Escalation
SI-07 Software, Firmware, and Information Integrity Protects T1068 Exploitation for Privilege Escalation
AC-02 Account Management Protects T1542.001 System Firmware
AC-03 Access Enforcement Protects T1542.001 System Firmware
AC-05 Separation of Duties Protects T1542.001 System Firmware
AC-06 Least Privilege Protects T1542.001 System Firmware
CM-03 Configuration Change Control Protects T1542.001 System Firmware
CM-05 Access Restrictions for Change Protects T1542.001 System Firmware
CM-06 Configuration Settings Protects T1542.001 System Firmware
CM-08 System Component Inventory Protects T1542.001 System Firmware
IA-02 Identification and Authentication (organizational Users) Protects T1542.001 System Firmware
IA-07 Cryptographic Module Authentication Protects T1542.001 System Firmware
IA-08 Identification and Authentication (non-organizational Users) Protects T1542.001 System Firmware
RA-09 Criticality Analysis Protects T1542.001 System Firmware
SA-10 Developer Configuration Management Protects T1542.001 System Firmware
SA-11 Developer Testing and Evaluation Protects T1542.001 System Firmware
SC-34 Non-modifiable Executable Programs Protects T1542.001 System Firmware
SI-02 Flaw Remediation Protects T1542.001 System Firmware
SI-07 Software, Firmware, and Information Integrity Protects T1542.001 System Firmware
AC-02 Account Management Protects T1053 Scheduled Task/Job
AC-03 Access Enforcement Protects T1053 Scheduled Task/Job
AC-05 Separation of Duties Protects T1053 Scheduled Task/Job
AC-06 Least Privilege Protects T1053 Scheduled Task/Job
CM-02 Baseline Configuration Protects T1053 Scheduled Task/Job
CM-05 Access Restrictions for Change Protects T1053 Scheduled Task/Job
CM-06 Configuration Settings Protects T1053 Scheduled Task/Job
CM-07 Least Functionality Protects T1053 Scheduled Task/Job
CM-08 System Component Inventory Protects T1053 Scheduled Task/Job
IA-02 Identification and Authentication (organizational Users) Protects T1053 Scheduled Task/Job
IA-04 Identifier Management Protects T1053 Scheduled Task/Job
IA-08 Identification and Authentication (non-organizational Users) Protects T1053 Scheduled Task/Job
RA-05 Vulnerability Monitoring and Scanning Protects T1053 Scheduled Task/Job
SI-04 System Monitoring Protects T1053 Scheduled Task/Job
AC-17 Remote Access Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-03 Access Enforcement Protects T1133 External Remote Services
AC-04 Information Flow Enforcement Protects T1133 External Remote Services
AC-06 Least Privilege Protects T1133 External Remote Services
AC-07 Unsuccessful Logon Attempts Protects T1133 External Remote Services
CM-02 Baseline Configuration Protects T1133 External Remote Services
CM-06 Configuration Settings Protects T1133 External Remote Services
CM-07 Least Functionality Protects T1133 External Remote Services
CM-08 System Component Inventory Protects T1133 External Remote Services
IA-02 Identification and Authentication (organizational Users) Protects T1133 External Remote Services
IA-05 Authenticator Management Protects T1133 External Remote Services
RA-05 Vulnerability Monitoring and Scanning Protects T1133 External Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1133 External Remote Services
SC-07 Boundary Protection Protects T1133 External Remote Services
SI-04 System Monitoring Protects T1133 External Remote Services
SI-07 Software, Firmware, and Information Integrity Protects T1133 External Remote Services
AC-16 Security and Privacy Attributes Protects T1070 Indicator Removal
AC-17 Remote Access Protects T1070 Indicator Removal
AC-18 Wireless Access Protects T1070 Indicator Removal
AC-02 Account Management Protects T1070 Indicator Removal
AC-03 Access Enforcement Protects T1070 Indicator Removal
AC-05 Separation of Duties Protects T1070 Indicator Removal
AC-06 Least Privilege Protects T1070 Indicator Removal
CA-07 Continuous Monitoring Protects T1070 Indicator Removal
CM-02 Baseline Configuration Protects T1070 Indicator Removal
CM-06 Configuration Settings Protects T1070 Indicator Removal
CP-06 Alternate Storage Site Protects T1070 Indicator Removal
CP-07 Alternate Processing Site Protects T1070 Indicator Removal
CP-09 System Backup Protects T1070 Indicator Removal
SC-36 Distributed Processing and Storage Protects T1070 Indicator Removal
SC-04 Information in Shared System Resources Protects T1070 Indicator Removal
SI-12 Information Management and Retention Protects T1070 Indicator Removal
SI-23 Information Fragmentation Protects T1070 Indicator Removal
SI-03 Malicious Code Protection Protects T1070 Indicator Removal
SI-04 System Monitoring Protects T1070 Indicator Removal
SI-07 Software, Firmware, and Information Integrity Protects T1070 Indicator Removal
AC-02 Account Management Protects T1003.001 LSASS Memory
AC-03 Access Enforcement Protects T1003.001 LSASS Memory
AC-04 Information Flow Enforcement Protects T1003.001 LSASS Memory
AC-05 Separation of Duties Protects T1003.001 LSASS Memory
AC-06 Least Privilege Protects T1003.001 LSASS Memory
CA-07 Continuous Monitoring Protects T1003.001 LSASS Memory
CM-02 Baseline Configuration Protects T1003.001 LSASS Memory
CM-05 Access Restrictions for Change Protects T1003.001 LSASS Memory
CM-06 Configuration Settings Protects T1003.001 LSASS Memory
CM-07 Least Functionality Protects T1003.001 LSASS Memory
IA-02 Identification and Authentication (organizational Users) Protects T1003.001 LSASS Memory
IA-05 Authenticator Management Protects T1003.001 LSASS Memory
SC-28 Protection of Information at Rest Protects T1003.001 LSASS Memory
SC-03 Security Function Isolation Protects T1003.001 LSASS Memory
SC-39 Process Isolation Protects T1003.001 LSASS Memory
SI-16 Memory Protection Protects T1003.001 LSASS Memory
SI-02 Flaw Remediation Protects T1003.001 LSASS Memory
SI-03 Malicious Code Protection Protects T1003.001 LSASS Memory
SI-04 System Monitoring Protects T1003.001 LSASS Memory
AC-02 Account Management Protects T1003.002 Security Account Manager
AC-03 Access Enforcement Protects T1003.002 Security Account Manager
AC-05 Separation of Duties Protects T1003.002 Security Account Manager
AC-06 Least Privilege Protects T1003.002 Security Account Manager
CA-07 Continuous Monitoring Protects T1003.002 Security Account Manager
CM-02 Baseline Configuration Protects T1003.002 Security Account Manager
CM-05 Access Restrictions for Change Protects T1003.002 Security Account Manager
CM-06 Configuration Settings Protects T1003.002 Security Account Manager
CM-07 Least Functionality Protects T1003.002 Security Account Manager
IA-02 Identification and Authentication (organizational Users) Protects T1003.002 Security Account Manager
IA-05 Authenticator Management Protects T1003.002 Security Account Manager
SC-28 Protection of Information at Rest Protects T1003.002 Security Account Manager
SC-39 Process Isolation Protects T1003.002 Security Account Manager
SI-03 Malicious Code Protection Protects T1003.002 Security Account Manager
SI-04 System Monitoring Protects T1003.002 Security Account Manager
AC-11 Device Lock Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-02 Account Management Protects T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems Protects T1021.001 Remote Desktop Protocol
AC-03 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-04 Information Flow Enforcement Protects T1021.001 Remote Desktop Protocol
AC-05 Separation of Duties Protects T1021.001 Remote Desktop Protocol
AC-06 Least Privilege Protects T1021.001 Remote Desktop Protocol
AC-07 Unsuccessful Logon Attempts Protects T1021.001 Remote Desktop Protocol
CA-08 Penetration Testing Protects T1021.001 Remote Desktop Protocol
CM-02 Baseline Configuration Protects T1021.001 Remote Desktop Protocol
CM-05 Access Restrictions for Change Protects T1021.001 Remote Desktop Protocol
CM-06 Configuration Settings Protects T1021.001 Remote Desktop Protocol
CM-07 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-08 System Component Inventory Protects T1021.001 Remote Desktop Protocol
IA-02 Identification and Authentication (organizational Users) Protects T1021.001 Remote Desktop Protocol
IA-04 Identifier Management Protects T1021.001 Remote Desktop Protocol
IA-05 Authenticator Management Protects T1021.001 Remote Desktop Protocol
IA-06 Authentication Feedback Protects T1021.001 Remote Desktop Protocol
RA-05 Vulnerability Monitoring and Scanning Protects T1021.001 Remote Desktop Protocol
SC-46 Cross Domain Policy Enforcement Protects T1021.001 Remote Desktop Protocol
SC-07 Boundary Protection Protects T1021.001 Remote Desktop Protocol
SI-04 System Monitoring Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-02 Account Management Protects T1021.002 SMB/Windows Admin Shares
AC-03 Access Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-04 Information Flow Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-05 Separation of Duties Protects T1021.002 SMB/Windows Admin Shares
AC-06 Least Privilege Protects T1021.002 SMB/Windows Admin Shares
CA-07 Continuous Monitoring Protects T1021.002 SMB/Windows Admin Shares
CM-02 Baseline Configuration Protects T1021.002 SMB/Windows Admin Shares
CM-05 Access Restrictions for Change Protects T1021.002 SMB/Windows Admin Shares
CM-06 Configuration Settings Protects T1021.002 SMB/Windows Admin Shares
CM-07 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
IA-02 Identification and Authentication (organizational Users) Protects T1021.002 SMB/Windows Admin Shares
SC-07 Boundary Protection Protects T1021.002 SMB/Windows Admin Shares
SI-10 Information Input Validation Protects T1021.002 SMB/Windows Admin Shares
SI-15 Information Output Filtering Protects T1021.002 SMB/Windows Admin Shares
SI-04 System Monitoring Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-02 Account Management Protects T1021.006 Windows Remote Management
AC-03 Access Enforcement Protects T1021.006 Windows Remote Management
AC-04 Information Flow Enforcement Protects T1021.006 Windows Remote Management
AC-05 Separation of Duties Protects T1021.006 Windows Remote Management
AC-06 Least Privilege Protects T1021.006 Windows Remote Management
CM-02 Baseline Configuration Protects T1021.006 Windows Remote Management
CM-05 Access Restrictions for Change Protects T1021.006 Windows Remote Management
CM-06 Configuration Settings Protects T1021.006 Windows Remote Management
CM-07 Least Functionality Protects T1021.006 Windows Remote Management
CM-08 System Component Inventory Protects T1021.006 Windows Remote Management
IA-02 Identification and Authentication (organizational Users) Protects T1021.006 Windows Remote Management
RA-05 Vulnerability Monitoring and Scanning Protects T1021.006 Windows Remote Management
SC-46 Cross Domain Policy Enforcement Protects T1021.006 Windows Remote Management
SC-07 Boundary Protection Protects T1021.006 Windows Remote Management
SI-04 System Monitoring Protects T1021.006 Windows Remote Management
AC-02 Account Management Protects T1036.005 Match Legitimate Name or Location
AC-03 Access Enforcement Protects T1036.005 Match Legitimate Name or Location
AC-06 Least Privilege Protects T1036.005 Match Legitimate Name or Location
CA-07 Continuous Monitoring Protects T1036.005 Match Legitimate Name or Location
CM-02 Baseline Configuration Protects T1036.005 Match Legitimate Name or Location
CM-06 Configuration Settings Protects T1036.005 Match Legitimate Name or Location
CM-07 Least Functionality Protects T1036.005 Match Legitimate Name or Location
IA-09 Service Identification and Authentication Protects T1036.005 Match Legitimate Name or Location
SI-10 Information Input Validation Protects T1036.005 Match Legitimate Name or Location
SI-03 Malicious Code Protection Protects T1036.005 Match Legitimate Name or Location
SI-04 System Monitoring Protects T1036.005 Match Legitimate Name or Location
SI-07 Software, Firmware, and Information Integrity Protects T1036.005 Match Legitimate Name or Location
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-02 Account Management Protects T1047 Windows Management Instrumentation
AC-03 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-05 Separation of Duties Protects T1047 Windows Management Instrumentation
AC-06 Least Privilege Protects T1047 Windows Management Instrumentation
CM-02 Baseline Configuration Protects T1047 Windows Management Instrumentation
CM-05 Access Restrictions for Change Protects T1047 Windows Management Instrumentation
CM-06 Configuration Settings Protects T1047 Windows Management Instrumentation
CM-07 Least Functionality Protects T1047 Windows Management Instrumentation
IA-02 Identification and Authentication (organizational Users) Protects T1047 Windows Management Instrumentation
RA-05 Vulnerability Monitoring and Scanning Protects T1047 Windows Management Instrumentation
SC-03 Security Function Isolation Protects T1047 Windows Management Instrumentation
SI-16 Memory Protection Protects T1047 Windows Management Instrumentation
SI-02 Flaw Remediation Protects T1047 Windows Management Instrumentation
SI-03 Malicious Code Protection Protects T1047 Windows Management Instrumentation
SI-04 System Monitoring Protects T1047 Windows Management Instrumentation
SI-07 Software, Firmware, and Information Integrity Protects T1047 Windows Management Instrumentation
AC-02 Account Management Protects T1053.002 At
AC-05 Separation of Duties Protects T1053.002 At
AC-06 Least Privilege Protects T1053.002 At
CA-08 Penetration Testing Protects T1053.002 At
CM-02 Baseline Configuration Protects T1053.002 At
CM-05 Access Restrictions for Change Protects T1053.002 At
CM-06 Configuration Settings Protects T1053.002 At
CM-07 Least Functionality Protects T1053.002 At
CM-08 System Component Inventory Protects T1053.002 At
IA-04 Identifier Management Protects T1053.002 At
RA-05 Vulnerability Monitoring and Scanning Protects T1053.002 At
SI-04 System Monitoring Protects T1053.002 At
IA-02 Identification and Authentication (organizational Users) Protects T1053.002 At
AC-03 Access Enforcement Protects T1053.002 At
AC-02 Account Management Protects T1053.005 Scheduled Task
AC-03 Access Enforcement Protects T1053.005 Scheduled Task
AC-05 Separation of Duties Protects T1053.005 Scheduled Task
AC-06 Least Privilege Protects T1053.005 Scheduled Task
CA-08 Penetration Testing Protects T1053.005 Scheduled Task
CM-02 Baseline Configuration Protects T1053.005 Scheduled Task
CM-05 Access Restrictions for Change Protects T1053.005 Scheduled Task
CM-06 Configuration Settings Protects T1053.005 Scheduled Task
CM-07 Least Functionality Protects T1053.005 Scheduled Task
CM-08 System Component Inventory Protects T1053.005 Scheduled Task
IA-02 Identification and Authentication (organizational Users) Protects T1053.005 Scheduled Task
IA-04 Identifier Management Protects T1053.005 Scheduled Task
RA-05 Vulnerability Monitoring and Scanning Protects T1053.005 Scheduled Task
SI-04 System Monitoring Protects T1053.005 Scheduled Task
AC-06 Least Privilege Protects T1055.012 Process Hollowing
SC-18 Mobile Code Protects T1055.012 Process Hollowing
SC-07 Boundary Protection Protects T1055.012 Process Hollowing
SI-02 Flaw Remediation Protects T1055.012 Process Hollowing
SI-03 Malicious Code Protection Protects T1055.012 Process Hollowing
SI-04 System Monitoring Protects T1055.012 Process Hollowing
AC-16 Security and Privacy Attributes Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-20 Use of External Systems Protects T1114.002 Remote Email Collection
AC-03 Access Enforcement Protects T1114.002 Remote Email Collection
AC-04 Information Flow Enforcement Protects T1114.002 Remote Email Collection
CM-02 Baseline Configuration Protects T1114.002 Remote Email Collection
CM-06 Configuration Settings Protects T1114.002 Remote Email Collection
IA-02 Identification and Authentication (organizational Users) Protects T1114.002 Remote Email Collection
IA-05 Authenticator Management Protects T1114.002 Remote Email Collection
SI-12 Information Management and Retention Protects T1114.002 Remote Email Collection
SI-04 System Monitoring Protects T1114.002 Remote Email Collection
SI-07 Software, Firmware, and Information Integrity Protects T1114.002 Remote Email Collection
AC-02 Account Management Protects T1543.003 Windows Service
AC-03 Access Enforcement Protects T1543.003 Windows Service
AC-05 Separation of Duties Protects T1543.003 Windows Service
AC-06 Least Privilege Protects T1543.003 Windows Service
CM-11 User-installed Software Protects T1543.003 Windows Service
CM-02 Baseline Configuration Protects T1543.003 Windows Service
CM-05 Access Restrictions for Change Protects T1543.003 Windows Service
IA-02 Identification and Authentication (organizational Users) Protects T1543.003 Windows Service
AC-16 Security and Privacy Attributes Protects T1567 Exfiltration Over Web Service
AC-02 Account Management Protects T1567 Exfiltration Over Web Service
AC-20 Use of External Systems Protects T1567 Exfiltration Over Web Service
AC-23 Data Mining Protection Protects T1567 Exfiltration Over Web Service
AC-03 Access Enforcement Protects T1567 Exfiltration Over Web Service
AC-04 Information Flow Enforcement Protects T1567 Exfiltration Over Web Service
AC-06 Least Privilege Protects T1567 Exfiltration Over Web Service
CA-03 Information Exchange Protects T1567 Exfiltration Over Web Service
CA-07 Continuous Monitoring Protects T1567 Exfiltration Over Web Service
SA-08 Security and Privacy Engineering Principles Protects T1567 Exfiltration Over Web Service
SA-09 External System Services Protects T1567 Exfiltration Over Web Service
SC-28 Protection of Information at Rest Protects T1567 Exfiltration Over Web Service
SC-31 Covert Channel Analysis Protects T1567 Exfiltration Over Web Service
SC-07 Boundary Protection Protects T1567 Exfiltration Over Web Service
SI-03 Malicious Code Protection Protects T1567 Exfiltration Over Web Service
SI-04 System Monitoring Protects T1567 Exfiltration Over Web Service
SR-04 Provenance Protects T1567 Exfiltration Over Web Service
AC-02 Account Management Protects T1569.002 Service Execution
AC-03 Access Enforcement Protects T1569.002 Service Execution
AC-05 Separation of Duties Protects T1569.002 Service Execution
AC-06 Least Privilege Protects T1569.002 Service Execution
CA-07 Continuous Monitoring Protects T1569.002 Service Execution
CM-02 Baseline Configuration Protects T1569.002 Service Execution
CM-05 Access Restrictions for Change Protects T1569.002 Service Execution
CM-06 Configuration Settings Protects T1569.002 Service Execution
CM-07 Least Functionality Protects T1569.002 Service Execution
IA-02 Identification and Authentication (organizational Users) Protects T1569.002 Service Execution
SI-03 Malicious Code Protection Protects T1569.002 Service Execution
SI-04 System Monitoring Protects T1569.002 Service Execution
SI-07 Software, Firmware, and Information Integrity Protects T1569.002 Service Execution
AC-02 Account Management Protects T1578 Modify Cloud Compute Infrastructure
AC-03 Access Enforcement Protects T1578 Modify Cloud Compute Infrastructure
AC-05 Separation of Duties Protects T1578 Modify Cloud Compute Infrastructure
AC-06 Least Privilege Protects T1578 Modify Cloud Compute Infrastructure
CA-08 Penetration Testing Protects T1578 Modify Cloud Compute Infrastructure
CM-05 Access Restrictions for Change Protects T1578 Modify Cloud Compute Infrastructure
IA-02 Identification and Authentication (organizational Users) Protects T1578 Modify Cloud Compute Infrastructure
IA-04 Identifier Management Protects T1578 Modify Cloud Compute Infrastructure
IA-06 Authentication Feedback Protects T1578 Modify Cloud Compute Infrastructure
RA-05 Vulnerability Monitoring and Scanning Protects T1578 Modify Cloud Compute Infrastructure
SI-04 System Monitoring Protects T1578 Modify Cloud Compute Infrastructure
AC-02 Account Management Protects T1611 Escape to Host
AC-03 Access Enforcement Protects T1611 Escape to Host
AC-04 Information Flow Enforcement Protects T1611 Escape to Host
AC-05 Separation of Duties Protects T1611 Escape to Host
AC-06 Least Privilege Protects T1611 Escape to Host
CM-05 Access Restrictions for Change Protects T1611 Escape to Host
CM-06 Configuration Settings Protects T1611 Escape to Host
CM-07 Least Functionality Protects T1611 Escape to Host
IA-02 Identification and Authentication (organizational Users) Protects T1611 Escape to Host
SC-02 Separation of System and User Functionality Protects T1611 Escape to Host
SC-03 Security Function Isolation Protects T1611 Escape to Host
SC-34 Non-modifiable Executable Programs Protects T1611 Escape to Host
SC-39 Process Isolation Protects T1611 Escape to Host
SC-07 Boundary Protection Protects T1611 Escape to Host
SI-16 Memory Protection Protects T1611 Escape to Host
SI-02 Flaw Remediation Protects T1611 Escape to Host
SI-03 Malicious Code Protection Protects T1611 Escape to Host
SI-04 System Monitoring Protects T1611 Escape to Host
SI-07 Software, Firmware, and Information Integrity Protects T1611 Escape to Host
AC-17 Remote Access Protects T1609 Container Administration Command
AC-02 Account Management Protects T1609 Container Administration Command
AC-03 Access Enforcement Protects T1609 Container Administration Command
AC-04 Information Flow Enforcement Protects T1609 Container Administration Command
AC-05 Separation of Duties Protects T1609 Container Administration Command
AC-06 Least Privilege Protects T1609 Container Administration Command
CM-06 Configuration Settings Protects T1609 Container Administration Command
CM-07 Least Functionality Protects T1609 Container Administration Command
SC-07 Boundary Protection Protects T1609 Container Administration Command
SI-10 Information Input Validation Protects T1609 Container Administration Command
SI-07 Software, Firmware, and Information Integrity Protects T1609 Container Administration Command
CM-07 Least Functionality Protects T1562.010 Downgrade Attack
SI-07 Software, Firmware, and Information Integrity Protects T1562.010 Downgrade Attack
AC-02 Account Management Protects T1562.004 Disable or Modify System Firewall
AC-03 Access Enforcement Protects T1562.004 Disable or Modify System Firewall
AC-05 Separation of Duties Protects T1562.004 Disable or Modify System Firewall
AC-06 Least Privilege Protects T1562.004 Disable or Modify System Firewall
CA-07 Continuous Monitoring Protects T1562.004 Disable or Modify System Firewall
CM-02 Baseline Configuration Protects T1562.004 Disable or Modify System Firewall
CM-05 Access Restrictions for Change Protects T1562.004 Disable or Modify System Firewall
CM-06 Configuration Settings Protects T1562.004 Disable or Modify System Firewall
CM-07 Least Functionality Protects T1562.004 Disable or Modify System Firewall
IA-02 Identification and Authentication (organizational Users) Protects T1562.004 Disable or Modify System Firewall
SI-03 Malicious Code Protection Protects T1562.004 Disable or Modify System Firewall
SI-04 System Monitoring Protects T1562.004 Disable or Modify System Firewall
SI-07 Software, Firmware, and Information Integrity Protects T1562.004 Disable or Modify System Firewall
AC-02 Account Management Protects T1556 Modify Authentication Process
AC-20 Use of External Systems Protects T1556 Modify Authentication Process
AC-03 Access Enforcement Protects T1556 Modify Authentication Process
AC-05 Separation of Duties Protects T1556 Modify Authentication Process
AC-06 Least Privilege Protects T1556 Modify Authentication Process
AC-07 Unsuccessful Logon Attempts Protects T1556 Modify Authentication Process
CA-07 Continuous Monitoring Protects T1556 Modify Authentication Process
CM-02 Baseline Configuration Protects T1556 Modify Authentication Process
CM-05 Access Restrictions for Change Protects T1556 Modify Authentication Process
CM-06 Configuration Settings Protects T1556 Modify Authentication Process
CM-07 Least Functionality Protects T1556 Modify Authentication Process
IA-02 Identification and Authentication (organizational Users) Protects T1556 Modify Authentication Process
IA-05 Authenticator Management Protects T1556 Modify Authentication Process
SC-39 Process Isolation Protects T1556 Modify Authentication Process
SI-04 System Monitoring Protects T1556 Modify Authentication Process
SI-07 Software, Firmware, and Information Integrity Protects T1556 Modify Authentication Process
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-02 Account Management Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-03 Access Enforcement Protects T1552 Unsecured Credentials
AC-04 Information Flow Enforcement Protects T1552 Unsecured Credentials
AC-05 Separation of Duties Protects T1552 Unsecured Credentials
AC-06 Least Privilege Protects T1552 Unsecured Credentials
CA-07 Continuous Monitoring Protects T1552 Unsecured Credentials
CA-08 Penetration Testing Protects T1552 Unsecured Credentials
CM-02 Baseline Configuration Protects T1552 Unsecured Credentials
CM-05 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-06 Configuration Settings Protects T1552 Unsecured Credentials
CM-07 Least Functionality Protects T1552 Unsecured Credentials
IA-02 Identification and Authentication (organizational Users) Protects T1552 Unsecured Credentials
IA-03 Device Identification and Authentication Protects T1552 Unsecured Credentials
IA-04 Identifier Management Protects T1552 Unsecured Credentials
IA-05 Authenticator Management Protects T1552 Unsecured Credentials
RA-05 Vulnerability Monitoring and Scanning Protects T1552 Unsecured Credentials
SA-11 Developer Testing and Evaluation Protects T1552 Unsecured Credentials
SA-15 Development Process, Standards, and Tools Protects T1552 Unsecured Credentials
SC-12 Cryptographic Key Establishment and Management Protects T1552 Unsecured Credentials
SC-28 Protection of Information at Rest Protects T1552 Unsecured Credentials
SC-04 Information in Shared System Resources Protects T1552 Unsecured Credentials
SC-07 Boundary Protection Protects T1552 Unsecured Credentials
SI-10 Information Input Validation Protects T1552 Unsecured Credentials
SI-12 Information Management and Retention Protects T1552 Unsecured Credentials
SI-15 Information Output Filtering Protects T1552 Unsecured Credentials
SI-02 Flaw Remediation Protects T1552 Unsecured Credentials
SI-04 System Monitoring Protects T1552 Unsecured Credentials
SI-07 Software, Firmware, and Information Integrity Protects T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-02 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-03 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-05 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-06 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
CA-07 Continuous Monitoring Protects T1548 Abuse Elevation Control Mechanism
CA-08 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CM-02 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-05 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-06 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-07 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-08 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
IA-02 Identification and Authentication (organizational Users) Protects T1548 Abuse Elevation Control Mechanism
RA-05 Vulnerability Monitoring and Scanning Protects T1548 Abuse Elevation Control Mechanism
SC-18 Mobile Code Protects T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-03 Malicious Code Protection Protects T1548 Abuse Elevation Control Mechanism
SI-04 System Monitoring Protects T1548 Abuse Elevation Control Mechanism
SI-07 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
AC-02 Account Management Protects T1490 Inhibit System Recovery
AC-03 Access Enforcement Protects T1490 Inhibit System Recovery
AC-06 Least Privilege Protects T1490 Inhibit System Recovery
CM-02 Baseline Configuration Protects T1490 Inhibit System Recovery
CM-06 Configuration Settings Protects T1490 Inhibit System Recovery
CM-07 Least Functionality Protects T1490 Inhibit System Recovery
CP-10 System Recovery and Reconstitution Protects T1490 Inhibit System Recovery
CP-02 Contingency Plan Protects T1490 Inhibit System Recovery
CP-07 Alternate Processing Site Protects T1490 Inhibit System Recovery
CP-09 System Backup Protects T1490 Inhibit System Recovery
SI-03 Malicious Code Protection Protects T1490 Inhibit System Recovery
SI-04 System Monitoring Protects T1490 Inhibit System Recovery
SI-07 Software, Firmware, and Information Integrity Protects T1490 Inhibit System Recovery
IA-02 Identification and Authentication (organizational Users) Protects T1212 Exploitation for Credential Access
CA-03 Information Exchange Protects T1078 Valid Accounts
SC-43 Usage Restrictions Protects T1078 Valid Accounts
SI-12 Information Management and Retention Protects T1070.008 Clear Mailbox Data
AC-04 Information Flow Enforcement Protects T1070.008 Clear Mailbox Data
AC-20 Use of External Systems Protects T1070.008 Clear Mailbox Data
AC-16 Security and Privacy Attributes Protects T1070.008 Clear Mailbox Data
AC-17 Remote Access Protects T1070.008 Clear Mailbox Data
AC-18 Wireless Access Protects T1070.008 Clear Mailbox Data
AC-19 Access Control for Mobile Devices Protects T1070.008 Clear Mailbox Data
AC-02 Account Management Protects T1070.008 Clear Mailbox Data
AC-03 Access Enforcement Protects T1070.008 Clear Mailbox Data
AC-05 Separation of Duties Protects T1070.008 Clear Mailbox Data
AC-06 Least Privilege Protects T1070.008 Clear Mailbox Data
CA-07 Continuous Monitoring Protects T1070.008 Clear Mailbox Data
CM-02 Baseline Configuration Protects T1070.008 Clear Mailbox Data
CM-06 Configuration Settings Protects T1070.008 Clear Mailbox Data
CP-06 Alternate Storage Site Protects T1070.008 Clear Mailbox Data
CP-07 Alternate Processing Site Protects T1070.008 Clear Mailbox Data
CP-09 System Backup Protects T1070.008 Clear Mailbox Data
SC-36 Distributed Processing and Storage Protects T1070.008 Clear Mailbox Data
SC-04 Information in Shared System Resources Protects T1070.008 Clear Mailbox Data
SI-12 Information Management and Retention Protects T1070.008 Clear Mailbox Data
SI-03 Malicious Code Protection Protects T1070.008 Clear Mailbox Data
SI-04 System Monitoring Protects T1070.008 Clear Mailbox Data
SI-07 Software, Firmware, and Information Integrity Protects T1070.008 Clear Mailbox Data
AC-16 Security and Privacy Attributes Protects T1048 Exfiltration Over Alternative Protocol
AC-02 Account Management Protects T1048 Exfiltration Over Alternative Protocol
AC-20 Use of External Systems Protects T1048 Exfiltration Over Alternative Protocol
AC-23 Data Mining Protection Protects T1048 Exfiltration Over Alternative Protocol
AC-03 Access Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-04 Information Flow Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-06 Least Privilege Protects T1048 Exfiltration Over Alternative Protocol
CA-03 Information Exchange Protects T1048 Exfiltration Over Alternative Protocol
CA-07 Continuous Monitoring Protects T1048 Exfiltration Over Alternative Protocol
CM-02 Baseline Configuration Protects T1048 Exfiltration Over Alternative Protocol
CM-06 Configuration Settings Protects T1048 Exfiltration Over Alternative Protocol
CM-07 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
SA-08 Security and Privacy Engineering Principles Protects T1048 Exfiltration Over Alternative Protocol
SA-09 External System Services Protects T1048 Exfiltration Over Alternative Protocol
SC-28 Protection of Information at Rest Protects T1048 Exfiltration Over Alternative Protocol
SC-31 Covert Channel Analysis Protects T1048 Exfiltration Over Alternative Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048 Exfiltration Over Alternative Protocol
SC-07 Boundary Protection Protects T1048 Exfiltration Over Alternative Protocol
SI-10 Information Input Validation Protects T1048 Exfiltration Over Alternative Protocol
SI-15 Information Output Filtering Protects T1048 Exfiltration Over Alternative Protocol
SI-03 Malicious Code Protection Protects T1048 Exfiltration Over Alternative Protocol
SI-04 System Monitoring Protects T1048 Exfiltration Over Alternative Protocol
SR-04 Provenance Protects T1048 Exfiltration Over Alternative Protocol
CM-06 Configuration Settings Protects T1053.006 Systemd Timers
AC-17 Remote Access Protects T1659 Content Injection
AC-04 Information Flow Enforcement Protects T1659 Content Injection
AC-04 Information Flow Enforcement Protects T1654 Log Enumeration
AC-03 Access Enforcement Protects T1654 Log Enumeration
IA-02 Identification and Authentication (organizational Users) Protects T1651 Cloud Administration Command
SI-04 System Monitoring Protects T1651 Cloud Administration Command
AC-17 Remote Access Protects T1651 Cloud Administration Command
AC-06 Least Privilege Protects T1651 Cloud Administration Command
AC-03 Access Enforcement Protects T1651 Cloud Administration Command
AC-20 Use of External Systems Protects T1578.005 Modify Cloud Compute Configurations
CM-03 Configuration Change Control Protects T1578.005 Modify Cloud Compute Configurations
AC-06 Least Privilege Protects T1578.005 Modify Cloud Compute Configurations
AC-03 Access Enforcement Protects T1578.005 Modify Cloud Compute Configurations
AC-17 Remote Access Protects T1567.004 Exfiltration Over Webhook
SC-07 Boundary Protection Protects T1567.004 Exfiltration Over Webhook
SC-07 Boundary Protection Protects T1567.003 Exfiltration to Text Storage Sites
AC-17 Remote Access Protects T1567.003 Exfiltration to Text Storage Sites
SI-07 Software, Firmware, and Information Integrity Protects T1562.012 Disable or Modify Linux Audit System
CM-06 Configuration Settings Protects T1562.012 Disable or Modify Linux Audit System
CM-05 Access Restrictions for Change Protects T1562.012 Disable or Modify Linux Audit System
CM-03 Configuration Change Control Protects T1562.012 Disable or Modify Linux Audit System
AC-06 Least Privilege Protects T1562.012 Disable or Modify Linux Audit System
AC-03 Access Enforcement Protects T1562.012 Disable or Modify Linux Audit System
AC-02 Account Management Protects T1562.012 Disable or Modify Linux Audit System
SI-07 Software, Firmware, and Information Integrity Protects T1562.011 Spoof Security Alerting
SI-04 System Monitoring Protects T1562.011 Spoof Security Alerting
CM-06 Configuration Settings Protects T1562.011 Spoof Security Alerting
SI-03 Malicious Code Protection Protects T1562.011 Spoof Security Alerting
SI-07 Software, Firmware, and Information Integrity Protects T1556.008 Network Provider DLL
CM-03 Configuration Change Control Protects T1556.008 Network Provider DLL
CM-07 Least Functionality Protects T1556.008 Network Provider DLL
CM-06 Configuration Settings Protects T1556.008 Network Provider DLL
CM-05 Access Restrictions for Change Protects T1556.008 Network Provider DLL
AC-06 Least Privilege Protects T1556.008 Network Provider DLL
CM-02 Baseline Configuration Protects T1556.008 Network Provider DLL
SI-04 System Monitoring Protects T1556.008 Network Provider DLL
AC-03 Access Enforcement Protects T1556.008 Network Provider DLL
CM-07 Least Functionality Protects T1555.006 Cloud Secrets Management Stores
AC-06 Least Privilege Protects T1555.006 Cloud Secrets Management Stores
AC-03 Access Enforcement Protects T1555.006 Cloud Secrets Management Stores
AC-02 Account Management Protects T1555.006 Cloud Secrets Management Stores
SI-04 System Monitoring Protects T1552.008 Chat Messages
AC-04 Information Flow Enforcement Protects T1552.008 Chat Messages
CM-05 Access Restrictions for Change Protects T1548.005 Temporary Elevated Cloud Access
AC-03 Access Enforcement Protects T1548.005 Temporary Elevated Cloud Access
AC-02 Account Management Protects T1548.005 Temporary Elevated Cloud Access
AC-06 Least Privilege Protects T1548.005 Temporary Elevated Cloud Access
IA-05 Authenticator Management Protects T1098.006 Additional Container Cluster Roles
AC-03 Access Enforcement Protects T1098.006 Additional Container Cluster Roles
AC-02 Account Management Protects T1098.006 Additional Container Cluster Roles
IA-02 Identification and Authentication (organizational Users) Protects T1059.009 Cloud API
SI-04 System Monitoring Protects T1059.009 Cloud API
CM-07 Least Functionality Protects T1059.009 Cloud API
AC-06 Least Privilege Protects T1059.009 Cloud API
AC-03 Access Enforcement Protects T1059.009 Cloud API
AC-02 Account Management Protects T1059.009 Cloud API
CM-07 Least Functionality Protects T1036.008 Masquerade File Type
SI-10 Information Input Validation Protects T1036.008 Masquerade File Type
SI-04 System Monitoring Protects T1036.008 Masquerade File Type
SC-07 Boundary Protection Protects T1036.008 Masquerade File Type
SI-03 Malicious Code Protection Protects T1027.012 LNK Icon Smuggling
SI-10 Information Input Validation Protects T1027.010 Command Obfuscation
SI-04 System Monitoring Protects T1027.010 Command Obfuscation
CM-06 Configuration Settings Protects T1027.010 Command Obfuscation
IA-05 Authenticator Management Protects T1021.008 Direct Cloud VM Connections
IA-02 Identification and Authentication (organizational Users) Protects T1021.008 Direct Cloud VM Connections
CM-07 Least Functionality Protects T1021.008 Direct Cloud VM Connections
CM-06 Configuration Settings Protects T1021.008 Direct Cloud VM Connections
CM-05 Access Restrictions for Change Protects T1021.008 Direct Cloud VM Connections
AC-20 Use of External Systems Protects T1021.008 Direct Cloud VM Connections
AC-17 Remote Access Protects T1021.008 Direct Cloud VM Connections
SI-04 System Monitoring Protects T1021.008 Direct Cloud VM Connections
AC-03 Access Enforcement Protects T1021.008 Direct Cloud VM Connections
IA-05 Authenticator Management Protects T1021.007 Cloud Services
IA-02 Identification and Authentication (organizational Users) Protects T1021.007 Cloud Services
AC-20 Use of External Systems Protects T1021.007 Cloud Services
AC-03 Access Enforcement Protects T1021.007 Cloud Services
AC-06 Least Privilege Protects T1021.008 Direct Cloud VM Connections
AC-05 Separation of Duties Protects T1021.007 Cloud Services
AC-06 Least Privilege Protects T1021.007 Cloud Services
SI-07 Software, Firmware, and Information Integrity Protects T1112 Modify Registry
SC-08 Transmission Confidentiality and Integrity Protects T1562.010 Downgrade Attack
CM-02 Baseline Configuration Protects T1562.010 Downgrade Attack
CM-06 Configuration Settings Protects T1562.010 Downgrade Attack
RA-05 Vulnerability Monitoring and Scanning Protects T1562.010 Downgrade Attack
SI-04 System Monitoring Protects T1562.010 Downgrade Attack
SC-08 Transmission Confidentiality and Integrity Protects T1562 Impair Defenses
AC-02 Account Management Protects T1562 Impair Defenses
AC-03 Access Enforcement Protects T1562 Impair Defenses
AC-05 Separation of Duties Protects T1562 Impair Defenses
AC-06 Least Privilege Protects T1562 Impair Defenses
CA-07 Continuous Monitoring Protects T1562 Impair Defenses
CA-08 Penetration Testing Protects T1562 Impair Defenses
CM-02 Baseline Configuration Protects T1562 Impair Defenses
CM-05 Access Restrictions for Change Protects T1562 Impair Defenses
CM-06 Configuration Settings Protects T1562 Impair Defenses
CM-07 Least Functionality Protects T1562 Impair Defenses
IA-02 Identification and Authentication (organizational Users) Protects T1562 Impair Defenses
IA-04 Identifier Management Protects T1562 Impair Defenses
RA-05 Vulnerability Monitoring and Scanning Protects T1562 Impair Defenses
SI-03 Malicious Code Protection Protects T1562 Impair Defenses
SI-04 System Monitoring Protects T1562 Impair Defenses
SI-07 Software, Firmware, and Information Integrity Protects T1562 Impair Defenses
AC-20 Use of External Systems Protects T1555 Credentials from Password Stores
AC-06 Least Privilege Protects T1555 Credentials from Password Stores
AC-03 Access Enforcement Protects T1555 Credentials from Password Stores
CA-07 Continuous Monitoring Protects T1555 Credentials from Password Stores
IA-05 Authenticator Management Protects T1555 Credentials from Password Stores
SI-04 System Monitoring Protects T1555 Credentials from Password Stores
AC-17 Remote Access Protects T1552.005 Cloud Instance Metadata API
AC-16 Security and Privacy Attributes Protects T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems Protects T1552.005 Cloud Instance Metadata API
AC-03 Access Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-04 Information Flow Enforcement Protects T1552.005 Cloud Instance Metadata API
CA-07 Continuous Monitoring Protects T1552.005 Cloud Instance Metadata API
CM-06 Configuration Settings Protects T1552.005 Cloud Instance Metadata API
CM-07 Least Functionality Protects T1552.005 Cloud Instance Metadata API
IA-03 Device Identification and Authentication Protects T1552.005 Cloud Instance Metadata API
IA-04 Identifier Management Protects T1552.005 Cloud Instance Metadata API
SC-07 Boundary Protection Protects T1552.005 Cloud Instance Metadata API
SI-10 Information Input Validation Protects T1552.005 Cloud Instance Metadata API
SI-15 Information Output Filtering Protects T1552.005 Cloud Instance Metadata API
SI-04 System Monitoring Protects T1552.005 Cloud Instance Metadata API
IA-05 Authenticator Management Protects T1212 Exploitation for Credential Access
AC-02 Account Management Protects T1212 Exploitation for Credential Access
AC-04 Information Flow Enforcement Protects T1212 Exploitation for Credential Access
AC-06 Least Privilege Protects T1212 Exploitation for Credential Access
CA-07 Continuous Monitoring Protects T1212 Exploitation for Credential Access
CA-08 Penetration Testing Protects T1212 Exploitation for Credential Access
CM-02 Baseline Configuration Protects T1212 Exploitation for Credential Access
CM-06 Configuration Settings Protects T1212 Exploitation for Credential Access
CM-08 System Component Inventory Protects T1212 Exploitation for Credential Access
RA-10 Threat Hunting Protects T1212 Exploitation for Credential Access
RA-05 Vulnerability Monitoring and Scanning Protects T1212 Exploitation for Credential Access
SC-18 Mobile Code Protects T1212 Exploitation for Credential Access
SC-02 Separation of System and User Functionality Protects T1212 Exploitation for Credential Access
SC-26 Decoys Protects T1212 Exploitation for Credential Access
SC-03 Security Function Isolation Protects T1212 Exploitation for Credential Access
SC-30 Concealment and Misdirection Protects T1212 Exploitation for Credential Access
SC-35 External Malicious Code Identification Protects T1212 Exploitation for Credential Access
SC-39 Process Isolation Protects T1212 Exploitation for Credential Access
SC-07 Boundary Protection Protects T1212 Exploitation for Credential Access
SI-02 Flaw Remediation Protects T1212 Exploitation for Credential Access
SI-03 Malicious Code Protection Protects T1212 Exploitation for Credential Access
SI-04 System Monitoring Protects T1212 Exploitation for Credential Access
SI-05 Security Alerts, Advisories, and Directives Protects T1212 Exploitation for Credential Access
SI-07 Software, Firmware, and Information Integrity Protects T1212 Exploitation for Credential Access
SC-43 Usage Restrictions Protects T1078.004 Cloud Accounts
SC-07 Boundary Protection Protects T1078 Valid Accounts
CM-07 Least Functionality Protects T1078 Valid Accounts
AC-02 Account Management Protects T1078 Valid Accounts
AC-03 Access Enforcement Protects T1078 Valid Accounts
AC-05 Separation of Duties Protects T1078 Valid Accounts
AC-06 Least Privilege Protects T1078 Valid Accounts
CA-07 Continuous Monitoring Protects T1078 Valid Accounts
CM-05 Access Restrictions for Change Protects T1078 Valid Accounts
CM-06 Configuration Settings Protects T1078 Valid Accounts
IA-12 Identity Proofing Protects T1078 Valid Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1078 Valid Accounts
IA-05 Authenticator Management Protects T1078 Valid Accounts
RA-05 Vulnerability Monitoring and Scanning Protects T1078 Valid Accounts
SA-10 Developer Configuration Management Protects T1078 Valid Accounts
SA-11 Developer Testing and Evaluation Protects T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools Protects T1078 Valid Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078 Valid Accounts
SA-03 System Development Life Cycle Protects T1078 Valid Accounts
SA-04 Acquisition Process Protects T1078 Valid Accounts
SA-08 Security and Privacy Engineering Principles Protects T1078 Valid Accounts
SC-28 Protection of Information at Rest Protects T1078 Valid Accounts
SI-04 System Monitoring Protects T1078 Valid Accounts
SR-06 Supplier Assessments and Reviews Protects T1078 Valid Accounts
CM-07 Least Functionality Protects T1078.004 Cloud Accounts
AC-02 Account Management Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-03 Access Enforcement Protects T1078.004 Cloud Accounts
AC-05 Separation of Duties Protects T1078.004 Cloud Accounts
AC-06 Least Privilege Protects T1078.004 Cloud Accounts
AC-07 Unsuccessful Logon Attempts Protects T1078.004 Cloud Accounts
CA-07 Continuous Monitoring Protects T1078.004 Cloud Accounts
CM-05 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-06 Configuration Settings Protects T1078.004 Cloud Accounts
IA-12 Identity Proofing Protects T1078.004 Cloud Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1078.004 Cloud Accounts
IA-05 Authenticator Management Protects T1078.004 Cloud Accounts
SA-10 Developer Configuration Management Protects T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation Protects T1078.004 Cloud Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.004 Cloud Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.004 Cloud Accounts
SA-03 System Development Life Cycle Protects T1078.004 Cloud Accounts
SA-04 Acquisition Process Protects T1078.004 Cloud Accounts
SA-08 Security and Privacy Engineering Principles Protects T1078.004 Cloud Accounts
SC-28 Protection of Information at Rest Protects T1078.004 Cloud Accounts
SI-04 System Monitoring Protects T1078.004 Cloud Accounts
CM-11 User-installed Software Protects T1072 Software Deployment Tools
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-02 Account Management Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-03 Access Enforcement Protects T1072 Software Deployment Tools
AC-04 Information Flow Enforcement Protects T1072 Software Deployment Tools
AC-05 Separation of Duties Protects T1072 Software Deployment Tools
AC-06 Least Privilege Protects T1072 Software Deployment Tools
CA-07 Continuous Monitoring Protects T1072 Software Deployment Tools
CM-02 Baseline Configuration Protects T1072 Software Deployment Tools
CM-05 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-06 Configuration Settings Protects T1072 Software Deployment Tools
CM-07 Least Functionality Protects T1072 Software Deployment Tools
CM-08 System Component Inventory Protects T1072 Software Deployment Tools
IA-02 Identification and Authentication (organizational Users) Protects T1072 Software Deployment Tools
IA-05 Authenticator Management Protects T1072 Software Deployment Tools
SC-12 Cryptographic Key Establishment and Management Protects T1072 Software Deployment Tools
SC-17 Public Key Infrastructure Certificates Protects T1072 Software Deployment Tools
SC-46 Cross Domain Policy Enforcement Protects T1072 Software Deployment Tools
SC-07 Boundary Protection Protects T1072 Software Deployment Tools
SI-02 Flaw Remediation Protects T1072 Software Deployment Tools
SI-23 Information Fragmentation Protects T1072 Software Deployment Tools
SI-03 Malicious Code Protection Protects T1072 Software Deployment Tools
SI-04 System Monitoring Protects T1072 Software Deployment Tools
SI-07 Software, Firmware, and Information Integrity Protects T1072 Software Deployment Tools
CM-07 Least Functionality Protects T1040 Network Sniffing
AC-16 Security and Privacy Attributes Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1040 Network Sniffing
AC-18 Wireless Access Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
IA-02 Identification and Authentication (organizational Users) Protects T1040 Network Sniffing
IA-05 Authenticator Management Protects T1040 Network Sniffing
SC-04 Information in Shared System Resources Protects T1040 Network Sniffing
SC-08 Transmission Confidentiality and Integrity Protects T1040 Network Sniffing
SI-12 Information Management and Retention Protects T1040 Network Sniffing
SI-04 System Monitoring Protects T1040 Network Sniffing
SI-07 Software, Firmware, and Information Integrity Protects T1040 Network Sniffing
IA-09 Service Identification and Authentication Protects T1036 Masquerading
AC-02 Account Management Protects T1036 Masquerading
AC-03 Access Enforcement Protects T1036 Masquerading
AC-06 Least Privilege Protects T1036 Masquerading
CA-07 Continuous Monitoring Protects T1036 Masquerading
CM-02 Baseline Configuration Protects T1036 Masquerading
CM-06 Configuration Settings Protects T1036 Masquerading
CM-07 Least Functionality Protects T1036 Masquerading
IA-09 Service Identification and Authentication Protects T1036 Masquerading
SI-10 Information Input Validation Protects T1036 Masquerading
SI-03 Malicious Code Protection Protects T1036 Masquerading
SI-04 System Monitoring Protects T1036 Masquerading
SI-07 Software, Firmware, and Information Integrity Protects T1036 Masquerading
CM-07 Least Functionality Protects T1027 Obfuscated Files or Information
AC-03 Access Enforcement Protects T1027 Obfuscated Files or Information
CM-02 Baseline Configuration Protects T1027 Obfuscated Files or Information
CM-06 Configuration Settings Protects T1027 Obfuscated Files or Information
SI-02 Flaw Remediation Protects T1027 Obfuscated Files or Information
SI-03 Malicious Code Protection Protects T1027 Obfuscated Files or Information
SI-04 System Monitoring Protects T1027 Obfuscated Files or Information
SI-07 Software, Firmware, and Information Integrity Protects T1027 Obfuscated Files or Information
CM-07 Least Functionality Protects T1021 Remote Services
CM-02 Baseline Configuration Protects T1021 Remote Services
CM-05 Access Restrictions for Change Protects T1020.001 Traffic Duplication
AC-06 Least Privilege Protects T1020.001 Traffic Duplication
AC-03 Access Enforcement Protects T1020.001 Traffic Duplication
AC-02 Account Management Protects T1020.001 Traffic Duplication
SC-43 Usage Restrictions Protects T1011 Exfiltration Over Other Network Medium
CM-07 Least Functionality Protects T1653 Power Settings
CM-03 Configuration Change Control Protects T1653 Power Settings
CM-02 Baseline Configuration Protects T1653 Power Settings
AC-06 Least Privilege Protects T1657 Financial Theft
AC-02 Account Management Protects T1003.007 Proc Filesystem
AC-03 Access Enforcement Protects T1003.007 Proc Filesystem
AC-05 Separation of Duties Protects T1003.007 Proc Filesystem
AC-06 Least Privilege Protects T1003.007 Proc Filesystem
CA-07 Continuous Monitoring Protects T1003.007 Proc Filesystem
CM-02 Baseline Configuration Protects T1003.007 Proc Filesystem
CM-05 Access Restrictions for Change Protects T1003.007 Proc Filesystem
CM-06 Configuration Settings Protects T1003.007 Proc Filesystem
IA-02 Identification and Authentication (organizational Users) Protects T1003.007 Proc Filesystem
IA-05 Authenticator Management Protects T1003.007 Proc Filesystem
SC-28 Protection of Information at Rest Protects T1003.007 Proc Filesystem
SC-39 Process Isolation Protects T1003.007 Proc Filesystem
SI-03 Malicious Code Protection Protects T1003.007 Proc Filesystem
SI-04 System Monitoring Protects T1003.007 Proc Filesystem
AC-16 Security and Privacy Attributes Protects T1005 Data from Local System
AC-02 Account Management Protects T1005 Data from Local System
AC-23 Data Mining Protection Protects T1005 Data from Local System
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
CM-06 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-07 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
SI-04 System Monitoring Protects T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
CM-02 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-06 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-07 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-08 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
RA-05 Vulnerability Monitoring and Scanning Protects T1011.001 Exfiltration Over Bluetooth
SI-03 Malicious Code Protection Protects T1011.001 Exfiltration Over Bluetooth
SI-04 System Monitoring Protects T1011.001 Exfiltration Over Bluetooth
AC-16 Security and Privacy Attributes Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-18 Wireless Access Protects T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication
AC-20 Use of External Systems Protects T1020.001 Traffic Duplication
AC-04 Information Flow Enforcement Protects T1020.001 Traffic Duplication
CA-03 Information Exchange Protects T1020.001 Traffic Duplication
CM-02 Baseline Configuration Protects T1020.001 Traffic Duplication
CM-06 Configuration Settings Protects T1020.001 Traffic Duplication
CM-08 System Component Inventory Protects T1020.001 Traffic Duplication
SC-04 Information in Shared System Resources Protects T1020.001 Traffic Duplication
SC-07 Boundary Protection Protects T1020.001 Traffic Duplication
SC-08 Transmission Confidentiality and Integrity Protects T1020.001 Traffic Duplication
SI-12 Information Management and Retention Protects T1020.001 Traffic Duplication
SI-04 System Monitoring Protects T1020.001 Traffic Duplication
SI-07 Software, Firmware, and Information Integrity Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services
AC-02 Account Management Protects T1021 Remote Services
AC-20 Use of External Systems Protects T1021 Remote Services
AC-03 Access Enforcement Protects T1021 Remote Services
AC-05 Separation of Duties Protects T1021 Remote Services
AC-06 Least Privilege Protects T1021 Remote Services
AC-07 Unsuccessful Logon Attempts Protects T1021 Remote Services
CM-05 Access Restrictions for Change Protects T1021 Remote Services
CM-06 Configuration Settings Protects T1021 Remote Services
IA-02 Identification and Authentication (organizational Users) Protects T1021 Remote Services
IA-05 Authenticator Management Protects T1021 Remote Services
SI-04 System Monitoring Protects T1021 Remote Services
AC-02 Account Management Protects T1021.007 Cloud Services
AC-02 Account Management Protects T1021.008 Direct Cloud VM Connections
SI-03 Malicious Code Protection Protects T1027.010 Command Obfuscation
SI-04 System Monitoring Protects T1027.011 Fileless Storage
SI-04 System Monitoring Protects T1027.012 LNK Icon Smuggling
SI-03 Malicious Code Protection Protects T1036.008 Masquerade File Type
AC-16 Security and Privacy Attributes Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-20 Use of External Systems Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-23 Data Mining Protection Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-03 Access Enforcement Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-04 Information Flow Enforcement Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-06 Least Privilege Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-03 Information Exchange Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-02 Baseline Configuration Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SA-08 Security and Privacy Engineering Principles Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SA-09 External System Services Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-13 Cryptographic Protection Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-28 Protection of Information at Rest Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-31 Covert Channel Analysis Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-07 Boundary Protection Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-03 Malicious Code Protection Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-04 System Monitoring Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SR-04 Provenance Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-02 Account Management Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-02 Account Management Protects T1053.006 Systemd Timers
AC-03 Access Enforcement Protects T1053.006 Systemd Timers
AC-05 Separation of Duties Protects T1053.006 Systemd Timers
AC-06 Least Privilege Protects T1053.006 Systemd Timers
CA-07 Continuous Monitoring Protects T1053.006 Systemd Timers
CM-05 Access Restrictions for Change Protects T1053.006 Systemd Timers
IA-02 Identification and Authentication (organizational Users) Protects T1053.006 Systemd Timers
SI-04 System Monitoring Protects T1053.006 Systemd Timers
SI-07 Software, Firmware, and Information Integrity Protects T1053.006 Systemd Timers
AC-02 Account Management Protects T1070.007 Clear Network Connection History and Configurations
AC-03 Access Enforcement Protects T1070.007 Clear Network Connection History and Configurations
AC-05 Separation of Duties Protects T1070.007 Clear Network Connection History and Configurations
AC-06 Least Privilege Protects T1070.007 Clear Network Connection History and Configurations
CA-07 Continuous Monitoring Protects T1070.007 Clear Network Connection History and Configurations
CM-02 Baseline Configuration Protects T1070.007 Clear Network Connection History and Configurations
CM-06 Configuration Settings Protects T1070.007 Clear Network Connection History and Configurations
SI-03 Malicious Code Protection Protects T1070.007 Clear Network Connection History and Configurations
SI-04 System Monitoring Protects T1070.007 Clear Network Connection History and Configurations
SI-07 Software, Firmware, and Information Integrity Protects T1070.007 Clear Network Connection History and Configurations
AC-04 Information Flow Enforcement Protects T1071 Application Layer Protocol
CA-07 Continuous Monitoring Protects T1071 Application Layer Protocol
CM-02 Baseline Configuration Protects T1071 Application Layer Protocol
CM-06 Configuration Settings Protects T1071 Application Layer Protocol
CM-07 Least Functionality Protects T1071 Application Layer Protocol
SC-10 Network Disconnect Protects T1071 Application Layer Protocol
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071 Application Layer Protocol
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071 Application Layer Protocol
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071 Application Layer Protocol
SC-23 Session Authenticity Protects T1071 Application Layer Protocol
SC-31 Covert Channel Analysis Protects T1071 Application Layer Protocol
SC-37 Out-of-band Channels Protects T1071 Application Layer Protocol
SC-07 Boundary Protection Protects T1071 Application Layer Protocol
SI-03 Malicious Code Protection Protects T1071 Application Layer Protocol
SI-04 System Monitoring Protects T1071 Application Layer Protocol
AC-04 Information Flow Enforcement Protects T1071.001 Web Protocols
CA-07 Continuous Monitoring Protects T1071.001 Web Protocols
CM-02 Baseline Configuration Protects T1071.001 Web Protocols
CM-06 Configuration Settings Protects T1071.001 Web Protocols
CM-07 Least Functionality Protects T1071.001 Web Protocols
SC-10 Network Disconnect Protects T1071.001 Web Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.001 Web Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.001 Web Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.001 Web Protocols
SC-23 Session Authenticity Protects T1071.001 Web Protocols
SC-31 Covert Channel Analysis Protects T1071.001 Web Protocols
SC-37 Out-of-band Channels Protects T1071.001 Web Protocols
SC-07 Boundary Protection Protects T1071.001 Web Protocols
SI-03 Malicious Code Protection Protects T1071.001 Web Protocols
SI-04 System Monitoring Protects T1071.001 Web Protocols
AC-04 Information Flow Enforcement Protects T1071.002 File Transfer Protocols
CA-07 Continuous Monitoring Protects T1071.002 File Transfer Protocols
CM-02 Baseline Configuration Protects T1071.002 File Transfer Protocols
CM-06 Configuration Settings Protects T1071.002 File Transfer Protocols
CM-07 Least Functionality Protects T1071.002 File Transfer Protocols
SC-10 Network Disconnect Protects T1071.002 File Transfer Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.002 File Transfer Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.002 File Transfer Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.002 File Transfer Protocols
SC-23 Session Authenticity Protects T1071.002 File Transfer Protocols
SC-31 Covert Channel Analysis Protects T1071.002 File Transfer Protocols
SC-37 Out-of-band Channels Protects T1071.002 File Transfer Protocols
SC-07 Boundary Protection Protects T1071.002 File Transfer Protocols
SI-03 Malicious Code Protection Protects T1071.002 File Transfer Protocols
SI-04 System Monitoring Protects T1071.002 File Transfer Protocols
AC-03 Access Enforcement Protects T1080 Taint Shared Content
CA-07 Continuous Monitoring Protects T1080 Taint Shared Content
CM-02 Baseline Configuration Protects T1080 Taint Shared Content
CM-07 Least Functionality Protects T1080 Taint Shared Content
SC-04 Information in Shared System Resources Protects T1080 Taint Shared Content
SC-07 Boundary Protection Protects T1080 Taint Shared Content
SI-10 Information Input Validation Protects T1080 Taint Shared Content
SI-03 Malicious Code Protection Protects T1080 Taint Shared Content
SI-04 System Monitoring Protects T1080 Taint Shared Content
SI-07 Software, Firmware, and Information Integrity Protects T1080 Taint Shared Content
CM-06 Configuration Settings Protects T1087.002 Domain Account
CM-07 Least Functionality Protects T1087.002 Domain Account
SI-04 System Monitoring Protects T1087.002 Domain Account
AC-02 Account Management Protects T1098 Account Manipulation
AC-03 Access Enforcement Protects T1098 Account Manipulation
AC-04 Information Flow Enforcement Protects T1098 Account Manipulation
AC-05 Separation of Duties Protects T1098 Account Manipulation
AC-06 Least Privilege Protects T1098 Account Manipulation
CM-05 Access Restrictions for Change Protects T1098 Account Manipulation
CM-06 Configuration Settings Protects T1098 Account Manipulation
CM-07 Least Functionality Protects T1098 Account Manipulation
IA-02 Identification and Authentication (organizational Users) Protects T1098 Account Manipulation
SC-07 Boundary Protection Protects T1098 Account Manipulation
SI-04 System Monitoring Protects T1098 Account Manipulation
AC-02 Account Management Protects T1098.003 Additional Cloud Roles
AC-05 Separation of Duties Protects T1098.003 Additional Cloud Roles
CM-05 Access Restrictions for Change Protects T1098.003 Additional Cloud Roles
CM-06 Configuration Settings Protects T1098.003 Additional Cloud Roles
IA-02 Identification and Authentication (organizational Users) Protects T1098.003 Additional Cloud Roles
IA-05 Authenticator Management Protects T1098.003 Additional Cloud Roles
SI-04 System Monitoring Protects T1098.003 Additional Cloud Roles
SI-07 Software, Firmware, and Information Integrity Protects T1098.003 Additional Cloud Roles
AC-20 Use of External Systems Protects T1098.003 Additional Cloud Roles
AC-03 Access Enforcement Protects T1098.003 Additional Cloud Roles
AC-06 Least Privilege Protects T1098.003 Additional Cloud Roles
AC-20 Use of External Systems Protects T1098.004 SSH Authorized Keys
AC-03 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-05 Separation of Duties Protects T1098.004 SSH Authorized Keys
AC-06 Least Privilege Protects T1098.004 SSH Authorized Keys
CM-02 Baseline Configuration Protects T1098.004 SSH Authorized Keys
CM-05 Access Restrictions for Change Protects T1098.004 SSH Authorized Keys
CM-06 Configuration Settings Protects T1098.004 SSH Authorized Keys
CM-07 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-08 System Component Inventory Protects T1098.004 SSH Authorized Keys
IA-02 Identification and Authentication (organizational Users) Protects T1098.004 SSH Authorized Keys
IA-05 Authenticator Management Protects T1098.004 SSH Authorized Keys
RA-05 Vulnerability Monitoring and Scanning Protects T1098.004 SSH Authorized Keys
SC-12 Cryptographic Key Establishment and Management Protects T1098.004 SSH Authorized Keys
SI-03 Malicious Code Protection Protects T1098.004 SSH Authorized Keys
SI-04 System Monitoring Protects T1098.004 SSH Authorized Keys
AC-02 Account Management Protects T1098.005 Device Registration
AC-20 Use of External Systems Protects T1098.005 Device Registration
AC-03 Access Enforcement Protects T1098.005 Device Registration
AC-05 Separation of Duties Protects T1098.005 Device Registration
AC-06 Least Privilege Protects T1098.005 Device Registration
CM-05 Access Restrictions for Change Protects T1098.005 Device Registration
CM-06 Configuration Settings Protects T1098.005 Device Registration
AC-06 Least Privilege Protects T1098.006 Additional Container Cluster Roles
AC-06 Least Privilege Protects T1106 Native API
CM-02 Baseline Configuration Protects T1106 Native API
CM-06 Configuration Settings Protects T1106 Native API
CM-07 Least Functionality Protects T1106 Native API
SI-02 Flaw Remediation Protects T1106 Native API
SI-03 Malicious Code Protection Protects T1106 Native API
SI-04 System Monitoring Protects T1106 Native API
AC-06 Least Privilege Protects T1112 Modify Registry
CM-07 Least Functionality Protects T1112 Modify Registry
AC-04 Information Flow Enforcement Protects T1132.001 Standard Encoding
CA-07 Continuous Monitoring Protects T1132.001 Standard Encoding
CM-02 Baseline Configuration Protects T1132.001 Standard Encoding
CM-06 Configuration Settings Protects T1132.001 Standard Encoding
SC-07 Boundary Protection Protects T1132.001 Standard Encoding
SI-03 Malicious Code Protection Protects T1132.001 Standard Encoding
SI-04 System Monitoring Protects T1132.001 Standard Encoding
AC-02 Account Management Protects T1134.001 Token Impersonation/Theft
AC-03 Access Enforcement Protects T1134.001 Token Impersonation/Theft
AC-05 Separation of Duties Protects T1134.001 Token Impersonation/Theft
AC-06 Least Privilege Protects T1134.001 Token Impersonation/Theft
CM-05 Access Restrictions for Change Protects T1134.001 Token Impersonation/Theft
CM-06 Configuration Settings Protects T1134.001 Token Impersonation/Theft
IA-02 Identification and Authentication (organizational Users) Protects T1134.001 Token Impersonation/Theft
AC-02 Account Management Protects T1134.002 Create Process with Token
AC-03 Access Enforcement Protects T1134.002 Create Process with Token
AC-05 Separation of Duties Protects T1134.002 Create Process with Token
AC-06 Least Privilege Protects T1134.002 Create Process with Token
CM-05 Access Restrictions for Change Protects T1134.002 Create Process with Token
CM-06 Configuration Settings Protects T1134.002 Create Process with Token
IA-02 Identification and Authentication (organizational Users) Protects T1134.002 Create Process with Token
AC-02 Account Management Protects T1134.003 Make and Impersonate Token
AC-03 Access Enforcement Protects T1134.003 Make and Impersonate Token
AC-05 Separation of Duties Protects T1134.003 Make and Impersonate Token
AC-06 Least Privilege Protects T1134.003 Make and Impersonate Token
CM-05 Access Restrictions for Change Protects T1134.003 Make and Impersonate Token
CM-06 Configuration Settings Protects T1134.003 Make and Impersonate Token
IA-02 Identification and Authentication (organizational Users) Protects T1134.003 Make and Impersonate Token
AC-02 Account Management Protects T1136.001 Local Account
AC-20 Use of External Systems Protects T1136.001 Local Account
AC-03 Access Enforcement Protects T1136.001 Local Account
AC-05 Separation of Duties Protects T1136.001 Local Account
AC-06 Least Privilege Protects T1136.001 Local Account
CM-05 Access Restrictions for Change Protects T1136.001 Local Account
CM-06 Configuration Settings Protects T1136.001 Local Account
IA-02 Identification and Authentication (organizational Users) Protects T1136.001 Local Account
IA-05 Authenticator Management Protects T1136.001 Local Account
SI-04 System Monitoring Protects T1136.001 Local Account
SI-07 Software, Firmware, and Information Integrity Protects T1136.001 Local Account
AC-02 Account Management Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-03 Access Enforcement Protects T1136.003 Cloud Account
AC-04 Information Flow Enforcement Protects T1136.003 Cloud Account
AC-05 Separation of Duties Protects T1136.003 Cloud Account
AC-06 Least Privilege Protects T1136.003 Cloud Account
CM-05 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-06 Configuration Settings Protects T1136.003 Cloud Account
CM-07 Least Functionality Protects T1136.003 Cloud Account
IA-02 Identification and Authentication (organizational Users) Protects T1136.003 Cloud Account
IA-05 Authenticator Management Protects T1136.003 Cloud Account
SC-07 Boundary Protection Protects T1136.003 Cloud Account
SI-04 System Monitoring Protects T1136.003 Cloud Account
SI-07 Software, Firmware, and Information Integrity Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1539 Steal Web Session Cookie
AC-03 Access Enforcement Protects T1539 Steal Web Session Cookie
AC-06 Least Privilege Protects T1539 Steal Web Session Cookie
CA-07 Continuous Monitoring Protects T1539 Steal Web Session Cookie
CM-02 Baseline Configuration Protects T1539 Steal Web Session Cookie
CM-06 Configuration Settings Protects T1539 Steal Web Session Cookie
IA-02 Identification and Authentication (organizational Users) Protects T1539 Steal Web Session Cookie
IA-05 Authenticator Management Protects T1539 Steal Web Session Cookie
SI-03 Malicious Code Protection Protects T1539 Steal Web Session Cookie
SI-04 System Monitoring Protects T1539 Steal Web Session Cookie
CM-05 Access Restrictions for Change Protects T1562.011 Spoof Security Alerting
SI-04 System Monitoring Protects T1562.012 Disable or Modify Linux Audit System
AC-04 Information Flow Enforcement Protects T1567.003 Exfiltration to Text Storage Sites
AC-04 Information Flow Enforcement Protects T1567.004 Exfiltration Over Webhook
AC-02 Account Management Protects T1578.005 Modify Cloud Compute Configurations
AC-02 Account Management Protects T1651 Cloud Administration Command
SI-04 System Monitoring Protects T1653 Power Settings
AC-06 Least Privilege Protects T1654 Log Enumeration
AC-05 Separation of Duties Protects T1657 Financial Theft
SC-07 Boundary Protection Protects T1659 Content Injection