NIST 800-53 AC-6 Mappings

Organizations employ least privilege for specific duties and systems. The principle of least privilege is also applied to system processes, ensuring that the processes have access to systems and operate at privilege levels no higher than necessary to accomplish organizational missions or business functions. Organizations consider the creation of additional processes, roles, and accounts as necessary to achieve least privilege. Organizations apply least privilege to the development, implementation, and operation of organizational systems.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-6 Least Privilege Protects T1003 OS Credential Dumping
AC-6 Least Privilege Protects T1003.001 LSASS Memory
AC-6 Least Privilege Protects T1003.002 Security Account Manager
AC-6 Least Privilege Protects T1003.003 NTDS
AC-6 Least Privilege Protects T1003.004 LSA Secrets
AC-6 Least Privilege Protects T1003.005 Cached Domain Credentials
AC-6 Least Privilege Protects T1003.006 DCSync
AC-6 Least Privilege Protects T1003.007 Proc Filesystem
AC-6 Least Privilege Protects T1003.008 /etc/passwd and /etc/shadow
AC-6 Least Privilege Protects T1005 Data from Local System
AC-6 Least Privilege Protects T1021 Remote Services
AC-6 Least Privilege Protects T1021.001 Remote Desktop Protocol
AC-6 Least Privilege Protects T1021.002 SMB/Windows Admin Shares
AC-6 Least Privilege Protects T1021.003 Distributed Component Object Model
AC-6 Least Privilege Protects T1021.004 SSH
AC-6 Least Privilege Protects T1021.005 VNC
AC-6 Least Privilege Protects T1021.006 Windows Remote Management
AC-6 Least Privilege Protects T1025 Data from Removable Media
AC-6 Least Privilege Protects T1036 Masquerading
AC-6 Least Privilege Protects T1036.003 Rename System Utilities
AC-6 Least Privilege Protects T1036.005 Match Legitimate Name or Location
AC-6 Least Privilege Protects T1041 Exfiltration Over C2 Channel
AC-6 Least Privilege Protects T1047 Windows Management Instrumentation
AC-6 Least Privilege Protects T1048 Exfiltration Over Alternative Protocol
AC-6 Least Privilege Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-6 Least Privilege Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-6 Least Privilege Protects T1052 Exfiltration Over Physical Medium
AC-6 Least Privilege Protects T1052.001 Exfiltration over USB
AC-6 Least Privilege Protects T1053 Scheduled Task/Job
AC-6 Least Privilege Protects T1053.001 At (Linux)
AC-6 Least Privilege Protects T1053.002 At (Windows)
AC-6 Least Privilege Protects T1053.003 Cron
AC-6 Least Privilege Protects T1053.005 Scheduled Task
AC-6 Least Privilege Protects T1053.006 Systemd Timers
AC-6 Least Privilege Protects T1053.007 Container Orchestration Job
AC-6 Least Privilege Protects T1055 Process Injection
AC-6 Least Privilege Protects T1055.001 Dynamic-link Library Injection
AC-6 Least Privilege Protects T1055.002 Portable Executable Injection
AC-6 Least Privilege Protects T1055.003 Thread Execution Hijacking
AC-6 Least Privilege Protects T1055.004 Asynchronous Procedure Call
AC-6 Least Privilege Protects T1055.005 Thread Local Storage
AC-6 Least Privilege Protects T1055.008 Ptrace System Calls
AC-6 Least Privilege Protects T1055.009 Proc Memory
AC-6 Least Privilege Protects T1055.011 Extra Window Memory Injection
AC-6 Least Privilege Protects T1055.012 Process Hollowing
AC-6 Least Privilege Protects T1055.013 Process Doppelgänging
AC-6 Least Privilege Protects T1055.014 VDSO Hijacking
AC-6 Least Privilege Protects T1056.003 Web Portal Capture
AC-6 Least Privilege Protects T1059 Command and Scripting Interpreter
AC-6 Least Privilege Protects T1059.001 PowerShell
AC-6 Least Privilege Protects T1059.002 AppleScript
AC-6 Least Privilege Protects T1059.003 Windows Command Shell
AC-6 Least Privilege Protects T1059.004 Unix Shell
AC-6 Least Privilege Protects T1059.005 Visual Basic
AC-6 Least Privilege Protects T1059.006 Python
AC-6 Least Privilege Protects T1059.007 JavaScript
AC-6 Least Privilege Protects T1059.008 Network Device CLI
AC-6 Least Privilege Protects T1068 Exploitation for Privilege Escalation
AC-6 Least Privilege Protects T1070 Indicator Removal on Host
AC-6 Least Privilege Protects T1070.001 Clear Windows Event Logs
AC-6 Least Privilege Protects T1070.002 Clear Linux or Mac System Logs
AC-6 Least Privilege Protects T1070.003 Clear Command History
AC-6 Least Privilege Protects T1072 Software Deployment Tools
AC-6 Least Privilege Protects T1078 Valid Accounts
AC-6 Least Privilege Protects T1078.001 Default Accounts
AC-6 Least Privilege Protects T1078.002 Domain Accounts
AC-6 Least Privilege Protects T1078.003 Local Accounts
AC-6 Least Privilege Protects T1078.004 Cloud Accounts
AC-6 Least Privilege Protects T1087.004 Cloud Account
AC-6 Least Privilege Protects T1091 Replication Through Removable Media
AC-6 Least Privilege Protects T1098 Account Manipulation
AC-6 Least Privilege Protects T1098.001 Additional Cloud Credentials
AC-6 Least Privilege Protects T1098.002 Exchange Email Delegate Permissions
AC-6 Least Privilege Protects T1098.003 Add Office 365 Global Administrator Role
AC-6 Least Privilege Protects T1106 Native API
AC-6 Least Privilege Protects T1110 Brute Force
AC-6 Least Privilege Protects T1110.001 Password Guessing
AC-6 Least Privilege Protects T1110.002 Password Cracking
AC-6 Least Privilege Protects T1110.003 Password Spraying
AC-6 Least Privilege Protects T1110.004 Credential Stuffing
AC-6 Least Privilege Protects T1112 Modify Registry
AC-6 Least Privilege Protects T1133 External Remote Services
AC-6 Least Privilege Protects T1134 Access Token Manipulation
AC-6 Least Privilege Protects T1134.001 Token Impersonation/Theft
AC-6 Least Privilege Protects T1134.002 Create Process with Token
AC-6 Least Privilege Protects T1134.003 Make and Impersonate Token
AC-6 Least Privilege Protects T1134.005 SID-History Injection
AC-6 Least Privilege Protects T1136 Create Account
AC-6 Least Privilege Protects T1136.001 Local Account
AC-6 Least Privilege Protects T1136.002 Domain Account
AC-6 Least Privilege Protects T1136.003 Cloud Account
AC-6 Least Privilege Protects T1137 Office Application Startup
AC-6 Least Privilege Protects T1137.001 Office Template Macros
AC-6 Least Privilege Protects T1137.002 Office Test
AC-6 Least Privilege Protects T1137.003 Outlook Forms
AC-6 Least Privilege Protects T1137.004 Outlook Home Page
AC-6 Least Privilege Protects T1137.005 Outlook Rules
AC-6 Least Privilege Protects T1137.006 Add-ins
AC-6 Least Privilege Protects T1176 Browser Extensions
AC-6 Least Privilege Protects T1185 Browser Session Hijacking
AC-6 Least Privilege Protects T1189 Drive-by Compromise
AC-6 Least Privilege Protects T1190 Exploit Public-Facing Application
AC-6 Least Privilege Protects T1197 BITS Jobs
AC-6 Least Privilege Protects T1199 Trusted Relationship
AC-6 Least Privilege Protects T1200 Hardware Additions
AC-6 Least Privilege Protects T1203 Exploitation for Client Execution
AC-6 Least Privilege Protects T1210 Exploitation of Remote Services
AC-6 Least Privilege Protects T1211 Exploitation for Defense Evasion
AC-6 Least Privilege Protects T1212 Exploitation for Credential Access
AC-6 Least Privilege Protects T1213 Data from Information Repositories
AC-6 Least Privilege Protects T1213.001 Confluence
AC-6 Least Privilege Protects T1213.002 Sharepoint
AC-6 Least Privilege Protects T1213.003 Code Repositories
AC-6 Least Privilege Protects T1218 Signed Binary Proxy Execution
AC-6 Least Privilege Protects T1218.007 Msiexec
AC-6 Least Privilege Protects T1222 File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.001 Windows File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-6 Least Privilege Protects T1484 Domain Policy Modification
AC-6 Least Privilege Protects T1485 Data Destruction
AC-6 Least Privilege Protects T1486 Data Encrypted for Impact
AC-6 Least Privilege Protects T1489 Service Stop
AC-6 Least Privilege Protects T1490 Inhibit System Recovery
AC-6 Least Privilege Protects T1491 Defacement
AC-6 Least Privilege Protects T1491.001 Internal Defacement
AC-6 Least Privilege Protects T1491.002 External Defacement
AC-6 Least Privilege Protects T1495 Firmware Corruption
AC-6 Least Privilege Protects T1505 Server Software Component
AC-6 Least Privilege Protects T1505.002 Transport Agent
AC-6 Least Privilege Protects T1505.003 Web Shell
AC-6 Least Privilege Protects T1505.004 IIS Components
AC-6 Least Privilege Protects T1525 Implant Internal Image
AC-6 Least Privilege Protects T1528 Steal Application Access Token
AC-6 Least Privilege Protects T1530 Data from Cloud Storage Object
AC-6 Least Privilege Protects T1537 Transfer Data to Cloud Account
AC-6 Least Privilege Protects T1538 Cloud Service Dashboard
AC-6 Least Privilege Protects T1539 Steal Web Session Cookie
AC-6 Least Privilege Protects T1542 Pre-OS Boot
AC-6 Least Privilege Protects T1542.001 System Firmware
AC-6 Least Privilege Protects T1542.003 Bootkit
AC-6 Least Privilege Protects T1542.004 ROMMONkit
AC-6 Least Privilege Protects T1542.005 TFTP Boot
AC-6 Least Privilege Protects T1543 Create or Modify System Process
AC-6 Least Privilege Protects T1543.001 Launch Agent
AC-6 Least Privilege Protects T1543.002 Systemd Service
AC-6 Least Privilege Protects T1543.003 Windows Service
AC-6 Least Privilege Protects T1543.004 Launch Daemon
AC-6 Least Privilege Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-6 Least Privilege Protects T1546.004 Unix Shell Configuration Modification
AC-6 Least Privilege Protects T1546.011 Application Shimming
AC-6 Least Privilege Protects T1546.013 PowerShell Profile
AC-6 Least Privilege Protects T1547.003 Time Providers
AC-6 Least Privilege Protects T1547.004 Winlogon Helper DLL
AC-6 Least Privilege Protects T1547.006 Kernel Modules and Extensions
AC-6 Least Privilege Protects T1547.009 Shortcut Modification
AC-6 Least Privilege Protects T1547.011 Plist Modification
AC-6 Least Privilege Protects T1547.012 Print Processors
AC-6 Least Privilege Protects T1547.013 XDG Autostart Entries
AC-6 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
AC-6 Least Privilege Protects T1548.002 Bypass User Account Control
AC-6 Least Privilege Protects T1548.003 Sudo and Sudo Caching
AC-6 Least Privilege Protects T1550 Use Alternate Authentication Material
AC-6 Least Privilege Protects T1550.002 Pass the Hash
AC-6 Least Privilege Protects T1550.003 Pass the Ticket
AC-6 Least Privilege Protects T1552 Unsecured Credentials
AC-6 Least Privilege Protects T1552.001 Credentials In Files
AC-6 Least Privilege Protects T1552.002 Credentials in Registry
AC-6 Least Privilege Protects T1552.006 Group Policy Preferences
AC-6 Least Privilege Protects T1552.007 Container API
AC-6 Least Privilege Protects T1553 Subvert Trust Controls
AC-6 Least Privilege Protects T1553.003 SIP and Trust Provider Hijacking
AC-6 Least Privilege Protects T1553.006 Code Signing Policy Modification
AC-6 Least Privilege Protects T1556 Modify Authentication Process
AC-6 Least Privilege Protects T1556.001 Domain Controller Authentication
AC-6 Least Privilege Protects T1556.003 Pluggable Authentication Modules
AC-6 Least Privilege Protects T1556.004 Network Device Authentication
AC-6 Least Privilege Protects T1558 Steal or Forge Kerberos Tickets
AC-6 Least Privilege Protects T1558.001 Golden Ticket
AC-6 Least Privilege Protects T1558.002 Silver Ticket
AC-6 Least Privilege Protects T1558.003 Kerberoasting
AC-6 Least Privilege Protects T1559 Inter-Process Communication
AC-6 Least Privilege Protects T1559.001 Component Object Model
AC-6 Least Privilege Protects T1559.002 Dynamic Data Exchange
AC-6 Least Privilege Protects T1561 Disk Wipe
AC-6 Least Privilege Protects T1561.001 Disk Content Wipe
AC-6 Least Privilege Protects T1561.002 Disk Structure Wipe
AC-6 Least Privilege Protects T1562 Impair Defenses
AC-6 Least Privilege Protects T1562.001 Disable or Modify Tools
AC-6 Least Privilege Protects T1562.002 Disable Windows Event Logging
AC-6 Least Privilege Protects T1562.004 Disable or Modify System Firewall
AC-6 Least Privilege Protects T1562.006 Indicator Blocking
AC-6 Least Privilege Protects T1562.007 Disable or Modify Cloud Firewall
AC-6 Least Privilege Protects T1562.008 Disable Cloud Logs
AC-6 Least Privilege Protects T1562.009 Safe Mode Boot
AC-6 Least Privilege Protects T1563 Remote Service Session Hijacking
AC-6 Least Privilege Protects T1563.001 SSH Hijacking
AC-6 Least Privilege Protects T1563.002 RDP Hijacking
AC-6 Least Privilege Protects T1567 Exfiltration Over Web Service
AC-6 Least Privilege Protects T1569 System Services
AC-6 Least Privilege Protects T1569.001 Launchctl
AC-6 Least Privilege Protects T1569.002 Service Execution
AC-6 Least Privilege Protects T1574 Hijack Execution Flow
AC-6 Least Privilege Protects T1574.004 Dylib Hijacking
AC-6 Least Privilege Protects T1574.005 Executable Installer File Permissions Weakness
AC-6 Least Privilege Protects T1574.007 Path Interception by PATH Environment Variable
AC-6 Least Privilege Protects T1574.008 Path Interception by Search Order Hijacking
AC-6 Least Privilege Protects T1574.009 Path Interception by Unquoted Path
AC-6 Least Privilege Protects T1574.010 Services File Permissions Weakness
AC-6 Least Privilege Protects T1574.011 Services Registry Permissions Weakness
AC-6 Least Privilege Protects T1574.012 COR_PROFILER
AC-6 Least Privilege Protects T1578 Modify Cloud Compute Infrastructure
AC-6 Least Privilege Protects T1578.001 Create Snapshot
AC-6 Least Privilege Protects T1578.002 Create Cloud Instance
AC-6 Least Privilege Protects T1578.003 Delete Cloud Instance
AC-6 Least Privilege Protects T1580 Cloud Infrastructure Discovery
AC-6 Least Privilege Protects T1599 Network Boundary Bridging
AC-6 Least Privilege Protects T1599.001 Network Address Translation Traversal
AC-6 Least Privilege Protects T1601 Modify System Image
AC-6 Least Privilege Protects T1601.001 Patch System Image
AC-6 Least Privilege Protects T1601.002 Downgrade System Image
AC-6 Least Privilege Protects T1606 Forge Web Credentials
AC-6 Least Privilege Protects T1606.001 Web Cookies
AC-6 Least Privilege Protects T1606.002 SAML Tokens
AC-6 Least Privilege Protects T1609 Container Administration Command
AC-6 Least Privilege Protects T1610 Deploy Container
AC-6 Least Privilege Protects T1611 Escape to Host
AC-6 Least Privilege Protects T1612 Build Image on Host
AC-6 Least Privilege Protects T1613 Container and Resource Discovery
AC-6 Least Privilege Protects T1619 Cloud Storage Object Discovery