NIST 800-53 CM-2 Mappings

Baseline configurations for systems and system components include connectivity, operational, and communications aspects of systems. Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, or changes to systems and include security and privacy control implementations, operational procedures, information about system components, network topology, and logical placement of components in the system architecture. Maintaining baseline configurations requires creating new baselines as organizational systems change over time. Baseline configurations of systems reflect the current enterprise architecture.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-2 Baseline Configuration Protects T1001 Data Obfuscation
CM-2 Baseline Configuration Protects T1001.001 Junk Data
CM-2 Baseline Configuration Protects T1001.002 Steganography
CM-2 Baseline Configuration Protects T1001.003 Protocol Impersonation
CM-2 Baseline Configuration Protects T1003 OS Credential Dumping
CM-2 Baseline Configuration Protects T1003.001 LSASS Memory
CM-2 Baseline Configuration Protects T1003.002 Security Account Manager
CM-2 Baseline Configuration Protects T1003.003 NTDS
CM-2 Baseline Configuration Protects T1003.004 LSA Secrets
CM-2 Baseline Configuration Protects T1003.005 Cached Domain Credentials
CM-2 Baseline Configuration Protects T1003.006 DCSync
CM-2 Baseline Configuration Protects T1003.007 Proc Filesystem
CM-2 Baseline Configuration Protects T1003.008 /etc/passwd and /etc/shadow
CM-2 Baseline Configuration Protects T1008 Fallback Channels
CM-2 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-2 Baseline Configuration Protects T1020.001 Traffic Duplication
CM-2 Baseline Configuration Protects T1021.001 Remote Desktop Protocol
CM-2 Baseline Configuration Protects T1021.002 SMB/Windows Admin Shares
CM-2 Baseline Configuration Protects T1021.003 Distributed Component Object Model
CM-2 Baseline Configuration Protects T1021.004 SSH
CM-2 Baseline Configuration Protects T1021.005 VNC
CM-2 Baseline Configuration Protects T1021.006 Windows Remote Management
CM-2 Baseline Configuration Protects T1027 Obfuscated Files or Information
CM-2 Baseline Configuration Protects T1029 Scheduled Transfer
CM-2 Baseline Configuration Protects T1030 Data Transfer Size Limits
CM-2 Baseline Configuration Protects T1036 Masquerading
CM-2 Baseline Configuration Protects T1036.001 Invalid Code Signature
CM-2 Baseline Configuration Protects T1036.003 Rename System Utilities
CM-2 Baseline Configuration Protects T1036.005 Match Legitimate Name or Location
CM-2 Baseline Configuration Protects T1036.007 Double File Extension
CM-2 Baseline Configuration Protects T1037 Boot or Logon Initialization Scripts
CM-2 Baseline Configuration Protects T1037.002 Logon Script (Mac)
CM-2 Baseline Configuration Protects T1037.003 Network Logon Script
CM-2 Baseline Configuration Protects T1037.004 RC Scripts
CM-2 Baseline Configuration Protects T1037.005 Startup Items
CM-2 Baseline Configuration Protects T1046 Network Service Scanning
CM-2 Baseline Configuration Protects T1047 Windows Management Instrumentation
CM-2 Baseline Configuration Protects T1048 Exfiltration Over Alternative Protocol
CM-2 Baseline Configuration Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-2 Baseline Configuration Protects T1052 Exfiltration Over Physical Medium
CM-2 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-2 Baseline Configuration Protects T1053 Scheduled Task/Job
CM-2 Baseline Configuration Protects T1053.002 At (Windows)
CM-2 Baseline Configuration Protects T1053.005 Scheduled Task
CM-2 Baseline Configuration Protects T1059 Command and Scripting Interpreter
CM-2 Baseline Configuration Protects T1059.001 PowerShell
CM-2 Baseline Configuration Protects T1059.002 AppleScript
CM-2 Baseline Configuration Protects T1059.003 Windows Command Shell
CM-2 Baseline Configuration Protects T1059.004 Unix Shell
CM-2 Baseline Configuration Protects T1059.005 Visual Basic
CM-2 Baseline Configuration Protects T1059.006 Python
CM-2 Baseline Configuration Protects T1059.007 JavaScript
CM-2 Baseline Configuration Protects T1059.008 Network Device CLI
CM-2 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-2 Baseline Configuration Protects T1070 Indicator Removal on Host
CM-2 Baseline Configuration Protects T1070.001 Clear Windows Event Logs
CM-2 Baseline Configuration Protects T1070.002 Clear Linux or Mac System Logs
CM-2 Baseline Configuration Protects T1070.003 Clear Command History
CM-2 Baseline Configuration Protects T1071 Application Layer Protocol
CM-2 Baseline Configuration Protects T1071.001 Web Protocols
CM-2 Baseline Configuration Protects T1071.002 File Transfer Protocols
CM-2 Baseline Configuration Protects T1071.003 Mail Protocols
CM-2 Baseline Configuration Protects T1071.004 DNS
CM-2 Baseline Configuration Protects T1072 Software Deployment Tools
CM-2 Baseline Configuration Protects T1080 Taint Shared Content
CM-2 Baseline Configuration Protects T1090 Proxy
CM-2 Baseline Configuration Protects T1090.001 Internal Proxy
CM-2 Baseline Configuration Protects T1090.002 External Proxy
CM-2 Baseline Configuration Protects T1091 Replication Through Removable Media
CM-2 Baseline Configuration Protects T1092 Communication Through Removable Media
CM-2 Baseline Configuration Protects T1095 Non-Application Layer Protocol
CM-2 Baseline Configuration Protects T1098.004 SSH Authorized Keys
CM-2 Baseline Configuration Protects T1102 Web Service
CM-2 Baseline Configuration Protects T1102.001 Dead Drop Resolver
CM-2 Baseline Configuration Protects T1102.002 Bidirectional Communication
CM-2 Baseline Configuration Protects T1102.003 One-Way Communication
CM-2 Baseline Configuration Protects T1104 Multi-Stage Channels
CM-2 Baseline Configuration Protects T1105 Ingress Tool Transfer
CM-2 Baseline Configuration Protects T1106 Native API
CM-2 Baseline Configuration Protects T1110 Brute Force
CM-2 Baseline Configuration Protects T1110.001 Password Guessing
CM-2 Baseline Configuration Protects T1110.002 Password Cracking
CM-2 Baseline Configuration Protects T1110.003 Password Spraying
CM-2 Baseline Configuration Protects T1110.004 Credential Stuffing
CM-2 Baseline Configuration Protects T1111 Two-Factor Authentication Interception
CM-2 Baseline Configuration Protects T1114 Email Collection
CM-2 Baseline Configuration Protects T1114.002 Remote Email Collection
CM-2 Baseline Configuration Protects T1119 Automated Collection
CM-2 Baseline Configuration Protects T1127 Trusted Developer Utilities Proxy Execution
CM-2 Baseline Configuration Protects T1127.001 MSBuild
CM-2 Baseline Configuration Protects T1129 Shared Modules
CM-2 Baseline Configuration Protects T1132 Data Encoding
CM-2 Baseline Configuration Protects T1132.001 Standard Encoding
CM-2 Baseline Configuration Protects T1132.002 Non-Standard Encoding
CM-2 Baseline Configuration Protects T1133 External Remote Services
CM-2 Baseline Configuration Protects T1134.005 SID-History Injection
CM-2 Baseline Configuration Protects T1137 Office Application Startup
CM-2 Baseline Configuration Protects T1137.001 Office Template Macros
CM-2 Baseline Configuration Protects T1137.002 Office Test
CM-2 Baseline Configuration Protects T1137.003 Outlook Forms
CM-2 Baseline Configuration Protects T1137.004 Outlook Home Page
CM-2 Baseline Configuration Protects T1137.005 Outlook Rules
CM-2 Baseline Configuration Protects T1137.006 Add-ins
CM-2 Baseline Configuration Protects T1176 Browser Extensions
CM-2 Baseline Configuration Protects T1185 Browser Session Hijacking
CM-2 Baseline Configuration Protects T1187 Forced Authentication
CM-2 Baseline Configuration Protects T1189 Drive-by Compromise
CM-2 Baseline Configuration Protects T1201 Password Policy Discovery
CM-2 Baseline Configuration Protects T1204 User Execution
CM-2 Baseline Configuration Protects T1204.001 Malicious Link
CM-2 Baseline Configuration Protects T1204.002 Malicious File
CM-2 Baseline Configuration Protects T1204.003 Malicious Image
CM-2 Baseline Configuration Protects T1205 Traffic Signaling
CM-2 Baseline Configuration Protects T1210 Exploitation of Remote Services
CM-2 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-2 Baseline Configuration Protects T1212 Exploitation for Credential Access
CM-2 Baseline Configuration Protects T1213 Data from Information Repositories
CM-2 Baseline Configuration Protects T1213.001 Confluence
CM-2 Baseline Configuration Protects T1213.002 Sharepoint
CM-2 Baseline Configuration Protects T1216 Signed Script Proxy Execution
CM-2 Baseline Configuration Protects T1216.001 PubPrn
CM-2 Baseline Configuration Protects T1218 Signed Binary Proxy Execution
CM-2 Baseline Configuration Protects T1218.001 Compiled HTML File
CM-2 Baseline Configuration Protects T1218.002 Control Panel
CM-2 Baseline Configuration Protects T1218.003 CMSTP
CM-2 Baseline Configuration Protects T1218.004 InstallUtil
CM-2 Baseline Configuration Protects T1218.005 Mshta
CM-2 Baseline Configuration Protects T1218.007 Msiexec
CM-2 Baseline Configuration Protects T1218.008 Odbcconf
CM-2 Baseline Configuration Protects T1218.009 Regsvcs/Regasm
CM-2 Baseline Configuration Protects T1218.012 Verclsid
CM-2 Baseline Configuration Protects T1218.013 Mavinject
CM-2 Baseline Configuration Protects T1218.014 MMC
CM-2 Baseline Configuration Protects T1219 Remote Access Software
CM-2 Baseline Configuration Protects T1220 XSL Script Processing
CM-2 Baseline Configuration Protects T1221 Template Injection
CM-2 Baseline Configuration Protects T1484 Domain Policy Modification
CM-2 Baseline Configuration Protects T1485 Data Destruction
CM-2 Baseline Configuration Protects T1486 Data Encrypted for Impact
CM-2 Baseline Configuration Protects T1490 Inhibit System Recovery
CM-2 Baseline Configuration Protects T1491 Defacement
CM-2 Baseline Configuration Protects T1491.001 Internal Defacement
CM-2 Baseline Configuration Protects T1491.002 External Defacement
CM-2 Baseline Configuration Protects T1505 Server Software Component
CM-2 Baseline Configuration Protects T1505.001 SQL Stored Procedures
CM-2 Baseline Configuration Protects T1505.002 Transport Agent
CM-2 Baseline Configuration Protects T1505.003 Web Shell
CM-2 Baseline Configuration Protects T1505.004 IIS Components
CM-2 Baseline Configuration Protects T1525 Implant Internal Image
CM-2 Baseline Configuration Protects T1528 Steal Application Access Token
CM-2 Baseline Configuration Protects T1530 Data from Cloud Storage Object
CM-2 Baseline Configuration Protects T1539 Steal Web Session Cookie
CM-2 Baseline Configuration Protects T1542.004 ROMMONkit
CM-2 Baseline Configuration Protects T1542.005 TFTP Boot
CM-2 Baseline Configuration Protects T1543 Create or Modify System Process
CM-2 Baseline Configuration Protects T1543.001 Launch Agent
CM-2 Baseline Configuration Protects T1543.002 Systemd Service
CM-2 Baseline Configuration Protects T1543.003 Windows Service
CM-2 Baseline Configuration Protects T1543.004 Launch Daemon
CM-2 Baseline Configuration Protects T1546 Event Triggered Execution
CM-2 Baseline Configuration Protects T1546.002 Screensaver
CM-2 Baseline Configuration Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-2 Baseline Configuration Protects T1546.004 Unix Shell Configuration Modification
CM-2 Baseline Configuration Protects T1546.006 LC_LOAD_DYLIB Addition
CM-2 Baseline Configuration Protects T1546.010 AppInit DLLs
CM-2 Baseline Configuration Protects T1546.013 PowerShell Profile
CM-2 Baseline Configuration Protects T1546.014 Emond
CM-2 Baseline Configuration Protects T1547.003 Time Providers
CM-2 Baseline Configuration Protects T1547.007 Re-opened Applications
CM-2 Baseline Configuration Protects T1547.008 LSASS Driver
CM-2 Baseline Configuration Protects T1547.011 Plist Modification
CM-2 Baseline Configuration Protects T1547.013 XDG Autostart Entries
CM-2 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-2 Baseline Configuration Protects T1548.002 Bypass User Account Control
CM-2 Baseline Configuration Protects T1548.003 Sudo and Sudo Caching
CM-2 Baseline Configuration Protects T1548.004 Elevated Execution with Prompt
CM-2 Baseline Configuration Protects T1550.001 Application Access Token
CM-2 Baseline Configuration Protects T1550.003 Pass the Ticket
CM-2 Baseline Configuration Protects T1552 Unsecured Credentials
CM-2 Baseline Configuration Protects T1552.001 Credentials In Files
CM-2 Baseline Configuration Protects T1552.004 Private Keys
CM-2 Baseline Configuration Protects T1552.006 Group Policy Preferences
CM-2 Baseline Configuration Protects T1553 Subvert Trust Controls
CM-2 Baseline Configuration Protects T1553.001 Gatekeeper Bypass
CM-2 Baseline Configuration Protects T1553.003 SIP and Trust Provider Hijacking
CM-2 Baseline Configuration Protects T1553.005 Mark-of-the-Web Bypass
CM-2 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-2 Baseline Configuration Protects T1555.004 Windows Credential Manager
CM-2 Baseline Configuration Protects T1555.005 Password Managers
CM-2 Baseline Configuration Protects T1556 Modify Authentication Process
CM-2 Baseline Configuration Protects T1556.004 Network Device Authentication
CM-2 Baseline Configuration Protects T1557 Adversary-in-the-Middle
CM-2 Baseline Configuration Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-2 Baseline Configuration Protects T1557.002 ARP Cache Poisoning
CM-2 Baseline Configuration Protects T1558 Steal or Forge Kerberos Tickets
CM-2 Baseline Configuration Protects T1558.001 Golden Ticket
CM-2 Baseline Configuration Protects T1558.002 Silver Ticket
CM-2 Baseline Configuration Protects T1558.003 Kerberoasting
CM-2 Baseline Configuration Protects T1558.004 AS-REP Roasting
CM-2 Baseline Configuration Protects T1559 Inter-Process Communication
CM-2 Baseline Configuration Protects T1559.001 Component Object Model
CM-2 Baseline Configuration Protects T1559.002 Dynamic Data Exchange
CM-2 Baseline Configuration Protects T1561 Disk Wipe
CM-2 Baseline Configuration Protects T1561.001 Disk Content Wipe
CM-2 Baseline Configuration Protects T1561.002 Disk Structure Wipe
CM-2 Baseline Configuration Protects T1562 Impair Defenses
CM-2 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-2 Baseline Configuration Protects T1562.002 Disable Windows Event Logging
CM-2 Baseline Configuration Protects T1562.003 Impair Command History Logging
CM-2 Baseline Configuration Protects T1562.004 Disable or Modify System Firewall
CM-2 Baseline Configuration Protects T1562.006 Indicator Blocking
CM-2 Baseline Configuration Protects T1562.010 Downgrade Attack
CM-2 Baseline Configuration Protects T1563 Remote Service Session Hijacking
CM-2 Baseline Configuration Protects T1563.001 SSH Hijacking
CM-2 Baseline Configuration Protects T1563.002 RDP Hijacking
CM-2 Baseline Configuration Protects T1564.006 Run Virtual Instance
CM-2 Baseline Configuration Protects T1564.007 VBA Stomping
CM-2 Baseline Configuration Protects T1564.009 Resource Forking
CM-2 Baseline Configuration Protects T1565 Data Manipulation
CM-2 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-2 Baseline Configuration Protects T1565.002 Transmitted Data Manipulation
CM-2 Baseline Configuration Protects T1566 Phishing
CM-2 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1566.002 Spearphishing Link
CM-2 Baseline Configuration Protects T1569 System Services
CM-2 Baseline Configuration Protects T1569.002 Service Execution
CM-2 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-2 Baseline Configuration Protects T1571 Non-Standard Port
CM-2 Baseline Configuration Protects T1572 Protocol Tunneling
CM-2 Baseline Configuration Protects T1573 Encrypted Channel
CM-2 Baseline Configuration Protects T1573.001 Symmetric Cryptography
CM-2 Baseline Configuration Protects T1573.002 Asymmetric Cryptography
CM-2 Baseline Configuration Protects T1574 Hijack Execution Flow
CM-2 Baseline Configuration Protects T1574.001 DLL Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.004 Dylib Hijacking
CM-2 Baseline Configuration Protects T1574.005 Executable Installer File Permissions Weakness
CM-2 Baseline Configuration Protects T1574.007 Path Interception by PATH Environment Variable
CM-2 Baseline Configuration Protects T1574.008 Path Interception by Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.009 Path Interception by Unquoted Path
CM-2 Baseline Configuration Protects T1574.010 Services File Permissions Weakness
CM-2 Baseline Configuration Protects T1598 Phishing for Information
CM-2 Baseline Configuration Protects T1598.002 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1598.003 Spearphishing Link
CM-2 Baseline Configuration Protects T1599 Network Boundary Bridging
CM-2 Baseline Configuration Protects T1599.001 Network Address Translation Traversal
CM-2 Baseline Configuration Protects T1601 Modify System Image
CM-2 Baseline Configuration Protects T1601.001 Patch System Image
CM-2 Baseline Configuration Protects T1601.002 Downgrade System Image
CM-2 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-2 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-2 Baseline Configuration Protects T1602.002 Network Device Configuration Dump