NIST 800-53 CM-5 Mappings

Changes to the hardware, software, or firmware components of systems or the operational procedures related to the system can potentially have significant effects on the security of the systems or individuals’ privacy. Therefore, organizations permit only qualified and authorized individuals to access systems for purposes of initiating changes. Access restrictions include physical and logical access controls (see AC-03 and PE-03), software libraries, workflow automation, media libraries, abstract layers (i.e., changes implemented into external interfaces rather than directly into systems), and change windows (i.e., changes occur only during specified times).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-5 Access Restrictions for Change Protects T1003 OS Credential Dumping
CM-5 Access Restrictions for Change Protects T1003.001 LSASS Memory
CM-5 Access Restrictions for Change Protects T1003.002 Security Account Manager
CM-5 Access Restrictions for Change Protects T1003.003 NTDS
CM-5 Access Restrictions for Change Protects T1003.004 LSA Secrets
CM-5 Access Restrictions for Change Protects T1003.005 Cached Domain Credentials
CM-5 Access Restrictions for Change Protects T1003.006 DCSync
CM-5 Access Restrictions for Change Protects T1003.007 Proc Filesystem
CM-5 Access Restrictions for Change Protects T1003.008 /etc/passwd and /etc/shadow
CM-5 Access Restrictions for Change Protects T1021 Remote Services
CM-5 Access Restrictions for Change Protects T1021.001 Remote Desktop Protocol
CM-5 Access Restrictions for Change Protects T1021.002 SMB/Windows Admin Shares
CM-5 Access Restrictions for Change Protects T1021.003 Distributed Component Object Model
CM-5 Access Restrictions for Change Protects T1021.004 SSH
CM-5 Access Restrictions for Change Protects T1021.005 VNC
CM-5 Access Restrictions for Change Protects T1021.006 Windows Remote Management
CM-5 Access Restrictions for Change Protects T1047 Windows Management Instrumentation
CM-5 Access Restrictions for Change Protects T1053 Scheduled Task/Job
CM-5 Access Restrictions for Change Protects T1053.001 At (Linux)
CM-5 Access Restrictions for Change Protects T1053.002 At (Windows)
CM-5 Access Restrictions for Change Protects T1053.003 Cron
CM-5 Access Restrictions for Change Protects T1053.005 Scheduled Task
CM-5 Access Restrictions for Change Protects T1053.006 Systemd Timers
CM-5 Access Restrictions for Change Protects T1053.007 Container Orchestration Job
CM-5 Access Restrictions for Change Protects T1055 Process Injection
CM-5 Access Restrictions for Change Protects T1055.008 Ptrace System Calls
CM-5 Access Restrictions for Change Protects T1056.003 Web Portal Capture
CM-5 Access Restrictions for Change Protects T1059 Command and Scripting Interpreter
CM-5 Access Restrictions for Change Protects T1059.001 PowerShell
CM-5 Access Restrictions for Change Protects T1059.006 Python
CM-5 Access Restrictions for Change Protects T1059.008 Network Device CLI
CM-5 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-5 Access Restrictions for Change Protects T1078 Valid Accounts
CM-5 Access Restrictions for Change Protects T1078.002 Domain Accounts
CM-5 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-5 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-5 Access Restrictions for Change Protects T1098 Account Manipulation
CM-5 Access Restrictions for Change Protects T1098.001 Additional Cloud Credentials
CM-5 Access Restrictions for Change Protects T1098.002 Exchange Email Delegate Permissions
CM-5 Access Restrictions for Change Protects T1098.003 Add Office 365 Global Administrator Role
CM-5 Access Restrictions for Change Protects T1134 Access Token Manipulation
CM-5 Access Restrictions for Change Protects T1134.001 Token Impersonation/Theft
CM-5 Access Restrictions for Change Protects T1134.002 Create Process with Token
CM-5 Access Restrictions for Change Protects T1134.003 Make and Impersonate Token
CM-5 Access Restrictions for Change Protects T1136 Create Account
CM-5 Access Restrictions for Change Protects T1136.001 Local Account
CM-5 Access Restrictions for Change Protects T1136.002 Domain Account
CM-5 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-5 Access Restrictions for Change Protects T1137.002 Office Test
CM-5 Access Restrictions for Change Protects T1176 Browser Extensions
CM-5 Access Restrictions for Change Protects T1185 Browser Session Hijacking
CM-5 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-5 Access Restrictions for Change Protects T1195.003 Compromise Hardware Supply Chain
CM-5 Access Restrictions for Change Protects T1197 BITS Jobs
CM-5 Access Restrictions for Change Protects T1210 Exploitation of Remote Services
CM-5 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-5 Access Restrictions for Change Protects T1213.001 Confluence
CM-5 Access Restrictions for Change Protects T1213.002 Sharepoint
CM-5 Access Restrictions for Change Protects T1218 Signed Binary Proxy Execution
CM-5 Access Restrictions for Change Protects T1218.007 Msiexec
CM-5 Access Restrictions for Change Protects T1222 File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1222.001 Windows File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1484 Domain Policy Modification
CM-5 Access Restrictions for Change Protects T1489 Service Stop
CM-5 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-5 Access Restrictions for Change Protects T1505 Server Software Component
CM-5 Access Restrictions for Change Protects T1505.002 Transport Agent
CM-5 Access Restrictions for Change Protects T1525 Implant Internal Image
CM-5 Access Restrictions for Change Protects T1528 Steal Application Access Token
CM-5 Access Restrictions for Change Protects T1530 Data from Cloud Storage Object
CM-5 Access Restrictions for Change Protects T1537 Transfer Data to Cloud Account
CM-5 Access Restrictions for Change Protects T1542 Pre-OS Boot
CM-5 Access Restrictions for Change Protects T1542.001 System Firmware
CM-5 Access Restrictions for Change Protects T1542.003 Bootkit
CM-5 Access Restrictions for Change Protects T1542.004 ROMMONkit
CM-5 Access Restrictions for Change Protects T1542.005 TFTP Boot
CM-5 Access Restrictions for Change Protects T1543 Create or Modify System Process
CM-5 Access Restrictions for Change Protects T1543.001 Launch Agent
CM-5 Access Restrictions for Change Protects T1543.002 Systemd Service
CM-5 Access Restrictions for Change Protects T1543.003 Windows Service
CM-5 Access Restrictions for Change Protects T1543.004 Launch Daemon
CM-5 Access Restrictions for Change Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-5 Access Restrictions for Change Protects T1547.003 Time Providers
CM-5 Access Restrictions for Change Protects T1547.004 Winlogon Helper DLL
CM-5 Access Restrictions for Change Protects T1547.006 Kernel Modules and Extensions
CM-5 Access Restrictions for Change Protects T1547.007 Re-opened Applications
CM-5 Access Restrictions for Change Protects T1547.009 Shortcut Modification
CM-5 Access Restrictions for Change Protects T1547.011 Plist Modification
CM-5 Access Restrictions for Change Protects T1547.012 Print Processors
CM-5 Access Restrictions for Change Protects T1547.013 XDG Autostart Entries
CM-5 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-5 Access Restrictions for Change Protects T1548.002 Bypass User Account Control
CM-5 Access Restrictions for Change Protects T1548.003 Sudo and Sudo Caching
CM-5 Access Restrictions for Change Protects T1550 Use Alternate Authentication Material
CM-5 Access Restrictions for Change Protects T1550.002 Pass the Hash
CM-5 Access Restrictions for Change Protects T1550.003 Pass the Ticket
CM-5 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-5 Access Restrictions for Change Protects T1552.002 Credentials in Registry
CM-5 Access Restrictions for Change Protects T1552.007 Container API
CM-5 Access Restrictions for Change Protects T1553 Subvert Trust Controls
CM-5 Access Restrictions for Change Protects T1553.006 Code Signing Policy Modification
CM-5 Access Restrictions for Change Protects T1556 Modify Authentication Process
CM-5 Access Restrictions for Change Protects T1556.001 Domain Controller Authentication
CM-5 Access Restrictions for Change Protects T1556.003 Pluggable Authentication Modules
CM-5 Access Restrictions for Change Protects T1556.004 Network Device Authentication
CM-5 Access Restrictions for Change Protects T1558 Steal or Forge Kerberos Tickets
CM-5 Access Restrictions for Change Protects T1558.001 Golden Ticket
CM-5 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-5 Access Restrictions for Change Protects T1558.003 Kerberoasting
CM-5 Access Restrictions for Change Protects T1559 Inter-Process Communication
CM-5 Access Restrictions for Change Protects T1559.001 Component Object Model
CM-5 Access Restrictions for Change Protects T1562 Impair Defenses
CM-5 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-5 Access Restrictions for Change Protects T1562.002 Disable Windows Event Logging
CM-5 Access Restrictions for Change Protects T1562.004 Disable or Modify System Firewall
CM-5 Access Restrictions for Change Protects T1562.006 Indicator Blocking
CM-5 Access Restrictions for Change Protects T1562.007 Disable or Modify Cloud Firewall
CM-5 Access Restrictions for Change Protects T1562.008 Disable Cloud Logs
CM-5 Access Restrictions for Change Protects T1562.009 Safe Mode Boot
CM-5 Access Restrictions for Change Protects T1563 Remote Service Session Hijacking
CM-5 Access Restrictions for Change Protects T1563.001 SSH Hijacking
CM-5 Access Restrictions for Change Protects T1563.002 RDP Hijacking
CM-5 Access Restrictions for Change Protects T1564.008 Email Hiding Rules
CM-5 Access Restrictions for Change Protects T1569 System Services
CM-5 Access Restrictions for Change Protects T1569.001 Launchctl
CM-5 Access Restrictions for Change Protects T1569.002 Service Execution
CM-5 Access Restrictions for Change Protects T1574 Hijack Execution Flow
CM-5 Access Restrictions for Change Protects T1574.005 Executable Installer File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.010 Services File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.011 Services Registry Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.012 COR_PROFILER
CM-5 Access Restrictions for Change Protects T1578 Modify Cloud Compute Infrastructure
CM-5 Access Restrictions for Change Protects T1578.001 Create Snapshot
CM-5 Access Restrictions for Change Protects T1578.002 Create Cloud Instance
CM-5 Access Restrictions for Change Protects T1578.003 Delete Cloud Instance
CM-5 Access Restrictions for Change Protects T1599 Network Boundary Bridging
CM-5 Access Restrictions for Change Protects T1599.001 Network Address Translation Traversal
CM-5 Access Restrictions for Change Protects T1601 Modify System Image
CM-5 Access Restrictions for Change Protects T1601.001 Patch System Image
CM-5 Access Restrictions for Change Protects T1601.002 Downgrade System Image
CM-5 Access Restrictions for Change Protects T1611 Escape to Host
CM-5 Access Restrictions for Change Protects T1619 Cloud Storage Object Discovery