NIST 800-53 AC-5 Mappings

Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission or business functions and support functions among different individuals or roles, conducting system support functions with different individuals, and ensuring that security personnel who administer access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of systems and system components when developing policy on separation of duties. Separation of duties is enforced through the account management activities in AC-2, access control mechanisms in AC-3, and identity management activities in IA-2, IA-4, and IA-12.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-5 Separation of Duties Protects T1003 OS Credential Dumping
AC-5 Separation of Duties Protects T1003.001 LSASS Memory
AC-5 Separation of Duties Protects T1003.002 Security Account Manager
AC-5 Separation of Duties Protects T1003.003 NTDS
AC-5 Separation of Duties Protects T1003.004 LSA Secrets
AC-5 Separation of Duties Protects T1003.005 Cached Domain Credentials
AC-5 Separation of Duties Protects T1003.006 DCSync
AC-5 Separation of Duties Protects T1003.007 Proc Filesystem
AC-5 Separation of Duties Protects T1003.008 /etc/passwd and /etc/shadow
AC-5 Separation of Duties Protects T1021 Remote Services
AC-5 Separation of Duties Protects T1021.001 Remote Desktop Protocol
AC-5 Separation of Duties Protects T1021.002 SMB/Windows Admin Shares
AC-5 Separation of Duties Protects T1021.003 Distributed Component Object Model
AC-5 Separation of Duties Protects T1021.004 SSH
AC-5 Separation of Duties Protects T1021.006 Windows Remote Management
AC-5 Separation of Duties Protects T1047 Windows Management Instrumentation
AC-5 Separation of Duties Protects T1053 Scheduled Task/Job
AC-5 Separation of Duties Protects T1053.001 At (Linux)
AC-5 Separation of Duties Protects T1053.002 At (Windows)
AC-5 Separation of Duties Protects T1053.003 Cron
AC-5 Separation of Duties Protects T1053.005 Scheduled Task
AC-5 Separation of Duties Protects T1053.006 Systemd Timers
AC-5 Separation of Duties Protects T1053.007 Container Orchestration Job
AC-5 Separation of Duties Protects T1055 Process Injection
AC-5 Separation of Duties Protects T1055.008 Ptrace System Calls
AC-5 Separation of Duties Protects T1056.003 Web Portal Capture
AC-5 Separation of Duties Protects T1059 Command and Scripting Interpreter
AC-5 Separation of Duties Protects T1059.001 PowerShell
AC-5 Separation of Duties Protects T1059.008 Network Device CLI
AC-5 Separation of Duties Protects T1070 Indicator Removal on Host
AC-5 Separation of Duties Protects T1070.001 Clear Windows Event Logs
AC-5 Separation of Duties Protects T1070.002 Clear Linux or Mac System Logs
AC-5 Separation of Duties Protects T1070.003 Clear Command History
AC-5 Separation of Duties Protects T1072 Software Deployment Tools
AC-5 Separation of Duties Protects T1078 Valid Accounts
AC-5 Separation of Duties Protects T1078.001 Default Accounts
AC-5 Separation of Duties Protects T1078.002 Domain Accounts
AC-5 Separation of Duties Protects T1078.003 Local Accounts
AC-5 Separation of Duties Protects T1078.004 Cloud Accounts
AC-5 Separation of Duties Protects T1087.004 Cloud Account
AC-5 Separation of Duties Protects T1098 Account Manipulation
AC-5 Separation of Duties Protects T1098.001 Additional Cloud Credentials
AC-5 Separation of Duties Protects T1098.002 Exchange Email Delegate Permissions
AC-5 Separation of Duties Protects T1098.003 Add Office 365 Global Administrator Role
AC-5 Separation of Duties Protects T1110 Brute Force
AC-5 Separation of Duties Protects T1110.001 Password Guessing
AC-5 Separation of Duties Protects T1110.002 Password Cracking
AC-5 Separation of Duties Protects T1110.003 Password Spraying
AC-5 Separation of Duties Protects T1110.004 Credential Stuffing
AC-5 Separation of Duties Protects T1134 Access Token Manipulation
AC-5 Separation of Duties Protects T1134.001 Token Impersonation/Theft
AC-5 Separation of Duties Protects T1134.002 Create Process with Token
AC-5 Separation of Duties Protects T1134.003 Make and Impersonate Token
AC-5 Separation of Duties Protects T1134.005 SID-History Injection
AC-5 Separation of Duties Protects T1136 Create Account
AC-5 Separation of Duties Protects T1136.001 Local Account
AC-5 Separation of Duties Protects T1136.002 Domain Account
AC-5 Separation of Duties Protects T1136.003 Cloud Account
AC-5 Separation of Duties Protects T1185 Browser Session Hijacking
AC-5 Separation of Duties Protects T1190 Exploit Public-Facing Application
AC-5 Separation of Duties Protects T1197 BITS Jobs
AC-5 Separation of Duties Protects T1210 Exploitation of Remote Services
AC-5 Separation of Duties Protects T1213 Data from Information Repositories
AC-5 Separation of Duties Protects T1213.001 Confluence
AC-5 Separation of Duties Protects T1213.002 Sharepoint
AC-5 Separation of Duties Protects T1213.003 Code Repositories
AC-5 Separation of Duties Protects T1218 Signed Binary Proxy Execution
AC-5 Separation of Duties Protects T1218.007 Msiexec
AC-5 Separation of Duties Protects T1222 File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.001 Windows File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1484 Domain Policy Modification
AC-5 Separation of Duties Protects T1489 Service Stop
AC-5 Separation of Duties Protects T1495 Firmware Corruption
AC-5 Separation of Duties Protects T1505 Server Software Component
AC-5 Separation of Duties Protects T1505.002 Transport Agent
AC-5 Separation of Duties Protects T1505.003 Web Shell
AC-5 Separation of Duties Protects T1525 Implant Internal Image
AC-5 Separation of Duties Protects T1528 Steal Application Access Token
AC-5 Separation of Duties Protects T1530 Data from Cloud Storage Object
AC-5 Separation of Duties Protects T1537 Transfer Data to Cloud Account
AC-5 Separation of Duties Protects T1538 Cloud Service Dashboard
AC-5 Separation of Duties Protects T1542 Pre-OS Boot
AC-5 Separation of Duties Protects T1542.001 System Firmware
AC-5 Separation of Duties Protects T1542.003 Bootkit
AC-5 Separation of Duties Protects T1542.005 TFTP Boot
AC-5 Separation of Duties Protects T1543 Create or Modify System Process
AC-5 Separation of Duties Protects T1543.001 Launch Agent
AC-5 Separation of Duties Protects T1543.002 Systemd Service
AC-5 Separation of Duties Protects T1543.003 Windows Service
AC-5 Separation of Duties Protects T1543.004 Launch Daemon
AC-5 Separation of Duties Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-5 Separation of Duties Protects T1547.004 Winlogon Helper DLL
AC-5 Separation of Duties Protects T1547.006 Kernel Modules and Extensions
AC-5 Separation of Duties Protects T1547.009 Shortcut Modification
AC-5 Separation of Duties Protects T1547.012 Print Processors
AC-5 Separation of Duties Protects T1547.013 XDG Autostart Entries
AC-5 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-5 Separation of Duties Protects T1548.002 Bypass User Account Control
AC-5 Separation of Duties Protects T1548.003 Sudo and Sudo Caching
AC-5 Separation of Duties Protects T1550 Use Alternate Authentication Material
AC-5 Separation of Duties Protects T1550.002 Pass the Hash
AC-5 Separation of Duties Protects T1550.003 Pass the Ticket
AC-5 Separation of Duties Protects T1552 Unsecured Credentials
AC-5 Separation of Duties Protects T1552.001 Credentials In Files
AC-5 Separation of Duties Protects T1552.002 Credentials in Registry
AC-5 Separation of Duties Protects T1552.006 Group Policy Preferences
AC-5 Separation of Duties Protects T1552.007 Container API
AC-5 Separation of Duties Protects T1556 Modify Authentication Process
AC-5 Separation of Duties Protects T1556.001 Domain Controller Authentication
AC-5 Separation of Duties Protects T1556.003 Pluggable Authentication Modules
AC-5 Separation of Duties Protects T1556.004 Network Device Authentication
AC-5 Separation of Duties Protects T1558 Steal or Forge Kerberos Tickets
AC-5 Separation of Duties Protects T1558.001 Golden Ticket
AC-5 Separation of Duties Protects T1558.002 Silver Ticket
AC-5 Separation of Duties Protects T1558.003 Kerberoasting
AC-5 Separation of Duties Protects T1559 Inter-Process Communication
AC-5 Separation of Duties Protects T1559.001 Component Object Model
AC-5 Separation of Duties Protects T1562 Impair Defenses
AC-5 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-5 Separation of Duties Protects T1562.002 Disable Windows Event Logging
AC-5 Separation of Duties Protects T1562.004 Disable or Modify System Firewall
AC-5 Separation of Duties Protects T1562.006 Indicator Blocking
AC-5 Separation of Duties Protects T1562.007 Disable or Modify Cloud Firewall
AC-5 Separation of Duties Protects T1562.008 Disable Cloud Logs
AC-5 Separation of Duties Protects T1562.009 Safe Mode Boot
AC-5 Separation of Duties Protects T1563 Remote Service Session Hijacking
AC-5 Separation of Duties Protects T1563.001 SSH Hijacking
AC-5 Separation of Duties Protects T1563.002 RDP Hijacking
AC-5 Separation of Duties Protects T1569 System Services
AC-5 Separation of Duties Protects T1569.001 Launchctl
AC-5 Separation of Duties Protects T1569.002 Service Execution
AC-5 Separation of Duties Protects T1574 Hijack Execution Flow
AC-5 Separation of Duties Protects T1574.004 Dylib Hijacking
AC-5 Separation of Duties Protects T1574.005 Executable Installer File Permissions Weakness
AC-5 Separation of Duties Protects T1574.007 Path Interception by PATH Environment Variable
AC-5 Separation of Duties Protects T1574.008 Path Interception by Search Order Hijacking
AC-5 Separation of Duties Protects T1574.009 Path Interception by Unquoted Path
AC-5 Separation of Duties Protects T1574.010 Services File Permissions Weakness
AC-5 Separation of Duties Protects T1574.012 COR_PROFILER
AC-5 Separation of Duties Protects T1578 Modify Cloud Compute Infrastructure
AC-5 Separation of Duties Protects T1578.001 Create Snapshot
AC-5 Separation of Duties Protects T1578.002 Create Cloud Instance
AC-5 Separation of Duties Protects T1578.003 Delete Cloud Instance
AC-5 Separation of Duties Protects T1580 Cloud Infrastructure Discovery
AC-5 Separation of Duties Protects T1599 Network Boundary Bridging
AC-5 Separation of Duties Protects T1599.001 Network Address Translation Traversal
AC-5 Separation of Duties Protects T1601 Modify System Image
AC-5 Separation of Duties Protects T1601.001 Patch System Image
AC-5 Separation of Duties Protects T1601.002 Downgrade System Image
AC-5 Separation of Duties Protects T1606 Forge Web Credentials
AC-5 Separation of Duties Protects T1611 Escape to Host
AC-5 Separation of Duties Protects T1619 Cloud Storage Object Discovery