NIST 800-53 CM-6 Mappings

Configuration settings are the parameters that can be changed in the hardware, software, or firmware components of the system that affect the security and privacy posture or functionality of the system. Information technology products for which configuration settings can be defined include mainframe computers, servers, workstations, operating systems, mobile devices, input/output devices, protocols, and applications. Parameters that impact the security posture of systems include registry settings; account, file, or directory permission settings; and settings for functions, protocols, ports, services, and remote connections. Privacy parameters are parameters impacting the privacy posture of systems, including the parameters required to satisfy other privacy controls. Privacy parameters include settings for access controls, data processing preferences, and processing and retention permissions. Organizations establish organization-wide configuration settings and subsequently derive specific configuration settings for systems. The established settings become part of the configuration baseline for the system.

Common secure configurations (also known as security configuration checklists, lockdown and hardening guides, and security reference guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for information technology products and platforms as well as instructions for configuring those products or platforms to meet operational requirements. Common secure configurations can be developed by a variety of organizations, including information technology product developers, manufacturers, vendors, federal agencies, consortia, academia, industry, and other organizations in the public and private sectors.

Implementation of a common secure configuration may be mandated at the organization level, mission and business process level, system level, or at a higher level, including by a regulatory agency. Common secure configurations include the United States Government Configuration Baseline USGCB and security technical implementation guides (STIGs), which affect the implementation of CM-6 and other controls such as AC-19 and CM-7. The Security Content Automation Protocol (SCAP) and the defined standards within the protocol provide an effective method to uniquely identify, track, and control configuration settings.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-6 Configuration Settings Protects T1001 Data Obfuscation
CM-6 Configuration Settings Protects T1001.001 Junk Data
CM-6 Configuration Settings Protects T1001.002 Steganography
CM-6 Configuration Settings Protects T1001.003 Protocol Impersonation
CM-6 Configuration Settings Protects T1003 OS Credential Dumping
CM-6 Configuration Settings Protects T1003.001 LSASS Memory
CM-6 Configuration Settings Protects T1003.002 Security Account Manager
CM-6 Configuration Settings Protects T1003.003 NTDS
CM-6 Configuration Settings Protects T1003.004 LSA Secrets
CM-6 Configuration Settings Protects T1003.005 Cached Domain Credentials
CM-6 Configuration Settings Protects T1003.006 DCSync
CM-6 Configuration Settings Protects T1003.007 Proc Filesystem
CM-6 Configuration Settings Protects T1003.008 /etc/passwd and /etc/shadow
CM-6 Configuration Settings Protects T1008 Fallback Channels
CM-6 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-6 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-6 Configuration Settings Protects T1020.001 Traffic Duplication
CM-6 Configuration Settings Protects T1021 Remote Services
CM-6 Configuration Settings Protects T1021.001 Remote Desktop Protocol
CM-6 Configuration Settings Protects T1021.002 SMB/Windows Admin Shares
CM-6 Configuration Settings Protects T1021.003 Distributed Component Object Model
CM-6 Configuration Settings Protects T1021.004 SSH
CM-6 Configuration Settings Protects T1021.005 VNC
CM-6 Configuration Settings Protects T1021.006 Windows Remote Management
CM-6 Configuration Settings Protects T1027 Obfuscated Files or Information
CM-6 Configuration Settings Protects T1029 Scheduled Transfer
CM-6 Configuration Settings Protects T1030 Data Transfer Size Limits
CM-6 Configuration Settings Protects T1036 Masquerading
CM-6 Configuration Settings Protects T1036.001 Invalid Code Signature
CM-6 Configuration Settings Protects T1036.003 Rename System Utilities
CM-6 Configuration Settings Protects T1036.005 Match Legitimate Name or Location
CM-6 Configuration Settings Protects T1036.007 Double File Extension
CM-6 Configuration Settings Protects T1037 Boot or Logon Initialization Scripts
CM-6 Configuration Settings Protects T1037.002 Logon Script (Mac)
CM-6 Configuration Settings Protects T1037.003 Network Logon Script
CM-6 Configuration Settings Protects T1037.004 RC Scripts
CM-6 Configuration Settings Protects T1037.005 Startup Items
CM-6 Configuration Settings Protects T1046 Network Service Scanning
CM-6 Configuration Settings Protects T1047 Windows Management Instrumentation
CM-6 Configuration Settings Protects T1048 Exfiltration Over Alternative Protocol
CM-6 Configuration Settings Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-6 Configuration Settings Protects T1052 Exfiltration Over Physical Medium
CM-6 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-6 Configuration Settings Protects T1053 Scheduled Task/Job
CM-6 Configuration Settings Protects T1053.002 At (Windows)
CM-6 Configuration Settings Protects T1053.005 Scheduled Task
CM-6 Configuration Settings Protects T1055 Process Injection
CM-6 Configuration Settings Protects T1055.008 Ptrace System Calls
CM-6 Configuration Settings Protects T1056.003 Web Portal Capture
CM-6 Configuration Settings Protects T1059 Command and Scripting Interpreter
CM-6 Configuration Settings Protects T1059.001 PowerShell
CM-6 Configuration Settings Protects T1059.002 AppleScript
CM-6 Configuration Settings Protects T1059.003 Windows Command Shell
CM-6 Configuration Settings Protects T1059.004 Unix Shell
CM-6 Configuration Settings Protects T1059.005 Visual Basic
CM-6 Configuration Settings Protects T1059.006 Python
CM-6 Configuration Settings Protects T1059.007 JavaScript
CM-6 Configuration Settings Protects T1059.008 Network Device CLI
CM-6 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-6 Configuration Settings Protects T1070 Indicator Removal on Host
CM-6 Configuration Settings Protects T1070.001 Clear Windows Event Logs
CM-6 Configuration Settings Protects T1070.002 Clear Linux or Mac System Logs
CM-6 Configuration Settings Protects T1070.003 Clear Command History
CM-6 Configuration Settings Protects T1071 Application Layer Protocol
CM-6 Configuration Settings Protects T1071.001 Web Protocols
CM-6 Configuration Settings Protects T1071.002 File Transfer Protocols
CM-6 Configuration Settings Protects T1071.003 Mail Protocols
CM-6 Configuration Settings Protects T1071.004 DNS
CM-6 Configuration Settings Protects T1072 Software Deployment Tools
CM-6 Configuration Settings Protects T1078 Valid Accounts
CM-6 Configuration Settings Protects T1078.002 Domain Accounts
CM-6 Configuration Settings Protects T1078.003 Local Accounts
CM-6 Configuration Settings Protects T1078.004 Cloud Accounts
CM-6 Configuration Settings Protects T1087 Account Discovery
CM-6 Configuration Settings Protects T1087.001 Local Account
CM-6 Configuration Settings Protects T1087.002 Domain Account
CM-6 Configuration Settings Protects T1090 Proxy
CM-6 Configuration Settings Protects T1090.001 Internal Proxy
CM-6 Configuration Settings Protects T1090.002 External Proxy
CM-6 Configuration Settings Protects T1090.003 Multi-hop Proxy
CM-6 Configuration Settings Protects T1091 Replication Through Removable Media
CM-6 Configuration Settings Protects T1092 Communication Through Removable Media
CM-6 Configuration Settings Protects T1095 Non-Application Layer Protocol
CM-6 Configuration Settings Protects T1098 Account Manipulation
CM-6 Configuration Settings Protects T1098.001 Additional Cloud Credentials
CM-6 Configuration Settings Protects T1098.002 Exchange Email Delegate Permissions
CM-6 Configuration Settings Protects T1098.003 Add Office 365 Global Administrator Role
CM-6 Configuration Settings Protects T1098.004 SSH Authorized Keys
CM-6 Configuration Settings Protects T1102 Web Service
CM-6 Configuration Settings Protects T1102.001 Dead Drop Resolver
CM-6 Configuration Settings Protects T1102.002 Bidirectional Communication
CM-6 Configuration Settings Protects T1102.003 One-Way Communication
CM-6 Configuration Settings Protects T1104 Multi-Stage Channels
CM-6 Configuration Settings Protects T1105 Ingress Tool Transfer
CM-6 Configuration Settings Protects T1106 Native API
CM-6 Configuration Settings Protects T1110 Brute Force
CM-6 Configuration Settings Protects T1110.001 Password Guessing
CM-6 Configuration Settings Protects T1110.002 Password Cracking
CM-6 Configuration Settings Protects T1110.003 Password Spraying
CM-6 Configuration Settings Protects T1110.004 Credential Stuffing
CM-6 Configuration Settings Protects T1111 Two-Factor Authentication Interception
CM-6 Configuration Settings Protects T1114 Email Collection
CM-6 Configuration Settings Protects T1114.002 Remote Email Collection
CM-6 Configuration Settings Protects T1114.003 Email Forwarding Rule
CM-6 Configuration Settings Protects T1119 Automated Collection
CM-6 Configuration Settings Protects T1127 Trusted Developer Utilities Proxy Execution
CM-6 Configuration Settings Protects T1127.001 MSBuild
CM-6 Configuration Settings Protects T1132 Data Encoding
CM-6 Configuration Settings Protects T1132.001 Standard Encoding
CM-6 Configuration Settings Protects T1132.002 Non-Standard Encoding
CM-6 Configuration Settings Protects T1133 External Remote Services
CM-6 Configuration Settings Protects T1134 Access Token Manipulation
CM-6 Configuration Settings Protects T1134.001 Token Impersonation/Theft
CM-6 Configuration Settings Protects T1134.002 Create Process with Token
CM-6 Configuration Settings Protects T1134.003 Make and Impersonate Token
CM-6 Configuration Settings Protects T1134.005 SID-History Injection
CM-6 Configuration Settings Protects T1135 Network Share Discovery
CM-6 Configuration Settings Protects T1136 Create Account
CM-6 Configuration Settings Protects T1136.001 Local Account
CM-6 Configuration Settings Protects T1136.002 Domain Account
CM-6 Configuration Settings Protects T1136.003 Cloud Account
CM-6 Configuration Settings Protects T1137 Office Application Startup
CM-6 Configuration Settings Protects T1137.001 Office Template Macros
CM-6 Configuration Settings Protects T1137.002 Office Test
CM-6 Configuration Settings Protects T1137.003 Outlook Forms
CM-6 Configuration Settings Protects T1137.004 Outlook Home Page
CM-6 Configuration Settings Protects T1137.005 Outlook Rules
CM-6 Configuration Settings Protects T1137.006 Add-ins
CM-6 Configuration Settings Protects T1176 Browser Extensions
CM-6 Configuration Settings Protects T1187 Forced Authentication
CM-6 Configuration Settings Protects T1189 Drive-by Compromise
CM-6 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-6 Configuration Settings Protects T1197 BITS Jobs
CM-6 Configuration Settings Protects T1199 Trusted Relationship
CM-6 Configuration Settings Protects T1201 Password Policy Discovery
CM-6 Configuration Settings Protects T1204 User Execution
CM-6 Configuration Settings Protects T1204.001 Malicious Link
CM-6 Configuration Settings Protects T1204.002 Malicious File
CM-6 Configuration Settings Protects T1204.003 Malicious Image
CM-6 Configuration Settings Protects T1205 Traffic Signaling
CM-6 Configuration Settings Protects T1205.001 Port Knocking
CM-6 Configuration Settings Protects T1210 Exploitation of Remote Services
CM-6 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-6 Configuration Settings Protects T1212 Exploitation for Credential Access
CM-6 Configuration Settings Protects T1213 Data from Information Repositories
CM-6 Configuration Settings Protects T1213.001 Confluence
CM-6 Configuration Settings Protects T1213.002 Sharepoint
CM-6 Configuration Settings Protects T1216 Signed Script Proxy Execution
CM-6 Configuration Settings Protects T1216.001 PubPrn
CM-6 Configuration Settings Protects T1218 Signed Binary Proxy Execution
CM-6 Configuration Settings Protects T1218.001 Compiled HTML File
CM-6 Configuration Settings Protects T1218.002 Control Panel
CM-6 Configuration Settings Protects T1218.003 CMSTP
CM-6 Configuration Settings Protects T1218.004 InstallUtil
CM-6 Configuration Settings Protects T1218.005 Mshta
CM-6 Configuration Settings Protects T1218.007 Msiexec
CM-6 Configuration Settings Protects T1218.008 Odbcconf
CM-6 Configuration Settings Protects T1218.009 Regsvcs/Regasm
CM-6 Configuration Settings Protects T1218.012 Verclsid
CM-6 Configuration Settings Protects T1218.013 Mavinject
CM-6 Configuration Settings Protects T1218.014 MMC
CM-6 Configuration Settings Protects T1219 Remote Access Software
CM-6 Configuration Settings Protects T1220 XSL Script Processing
CM-6 Configuration Settings Protects T1221 Template Injection
CM-6 Configuration Settings Protects T1222 File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1222.001 Windows File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1482 Domain Trust Discovery
CM-6 Configuration Settings Protects T1484 Domain Policy Modification
CM-6 Configuration Settings Protects T1489 Service Stop
CM-6 Configuration Settings Protects T1490 Inhibit System Recovery
CM-6 Configuration Settings Protects T1495 Firmware Corruption
CM-6 Configuration Settings Protects T1498 Network Denial of Service
CM-6 Configuration Settings Protects T1498.001 Direct Network Flood
CM-6 Configuration Settings Protects T1498.002 Reflection Amplification
CM-6 Configuration Settings Protects T1499 Endpoint Denial of Service
CM-6 Configuration Settings Protects T1499.001 OS Exhaustion Flood
CM-6 Configuration Settings Protects T1499.002 Service Exhaustion Flood
CM-6 Configuration Settings Protects T1499.003 Application Exhaustion Flood
CM-6 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-6 Configuration Settings Protects T1505 Server Software Component
CM-6 Configuration Settings Protects T1505.001 SQL Stored Procedures
CM-6 Configuration Settings Protects T1505.002 Transport Agent
CM-6 Configuration Settings Protects T1505.003 Web Shell
CM-6 Configuration Settings Protects T1505.004 IIS Components
CM-6 Configuration Settings Protects T1525 Implant Internal Image
CM-6 Configuration Settings Protects T1528 Steal Application Access Token
CM-6 Configuration Settings Protects T1530 Data from Cloud Storage Object
CM-6 Configuration Settings Protects T1537 Transfer Data to Cloud Account
CM-6 Configuration Settings Protects T1539 Steal Web Session Cookie
CM-6 Configuration Settings Protects T1542 Pre-OS Boot
CM-6 Configuration Settings Protects T1542.001 System Firmware
CM-6 Configuration Settings Protects T1542.003 Bootkit
CM-6 Configuration Settings Protects T1542.004 ROMMONkit
CM-6 Configuration Settings Protects T1542.005 TFTP Boot
CM-6 Configuration Settings Protects T1543 Create or Modify System Process
CM-6 Configuration Settings Protects T1543.002 Systemd Service
CM-6 Configuration Settings Protects T1546 Event Triggered Execution
CM-6 Configuration Settings Protects T1546.002 Screensaver
CM-6 Configuration Settings Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-6 Configuration Settings Protects T1546.004 Unix Shell Configuration Modification
CM-6 Configuration Settings Protects T1546.006 LC_LOAD_DYLIB Addition
CM-6 Configuration Settings Protects T1546.008 Accessibility Features
CM-6 Configuration Settings Protects T1546.013 PowerShell Profile
CM-6 Configuration Settings Protects T1546.014 Emond
CM-6 Configuration Settings Protects T1547.002 Authentication Package
CM-6 Configuration Settings Protects T1547.003 Time Providers
CM-6 Configuration Settings Protects T1547.005 Security Support Provider
CM-6 Configuration Settings Protects T1547.006 Kernel Modules and Extensions
CM-6 Configuration Settings Protects T1547.007 Re-opened Applications
CM-6 Configuration Settings Protects T1547.008 LSASS Driver
CM-6 Configuration Settings Protects T1547.011 Plist Modification
CM-6 Configuration Settings Protects T1547.013 XDG Autostart Entries
CM-6 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-6 Configuration Settings Protects T1548.001 Setuid and Setgid
CM-6 Configuration Settings Protects T1548.002 Bypass User Account Control
CM-6 Configuration Settings Protects T1548.003 Sudo and Sudo Caching
CM-6 Configuration Settings Protects T1548.004 Elevated Execution with Prompt
CM-6 Configuration Settings Protects T1550 Use Alternate Authentication Material
CM-6 Configuration Settings Protects T1550.001 Application Access Token
CM-6 Configuration Settings Protects T1550.002 Pass the Hash
CM-6 Configuration Settings Protects T1550.003 Pass the Ticket
CM-6 Configuration Settings Protects T1552 Unsecured Credentials
CM-6 Configuration Settings Protects T1552.001 Credentials In Files
CM-6 Configuration Settings Protects T1552.002 Credentials in Registry
CM-6 Configuration Settings Protects T1552.003 Bash History
CM-6 Configuration Settings Protects T1552.004 Private Keys
CM-6 Configuration Settings Protects T1552.005 Cloud Instance Metadata API
CM-6 Configuration Settings Protects T1552.006 Group Policy Preferences
CM-6 Configuration Settings Protects T1552.007 Container API
CM-6 Configuration Settings Protects T1553 Subvert Trust Controls
CM-6 Configuration Settings Protects T1553.001 Gatekeeper Bypass
CM-6 Configuration Settings Protects T1553.003 SIP and Trust Provider Hijacking
CM-6 Configuration Settings Protects T1553.004 Install Root Certificate
CM-6 Configuration Settings Protects T1553.005 Mark-of-the-Web Bypass
CM-6 Configuration Settings Protects T1554 Compromise Client Software Binary
CM-6 Configuration Settings Protects T1555.004 Windows Credential Manager
CM-6 Configuration Settings Protects T1555.005 Password Managers
CM-6 Configuration Settings Protects T1556 Modify Authentication Process
CM-6 Configuration Settings Protects T1556.001 Domain Controller Authentication
CM-6 Configuration Settings Protects T1556.002 Password Filter DLL
CM-6 Configuration Settings Protects T1556.003 Pluggable Authentication Modules
CM-6 Configuration Settings Protects T1556.004 Network Device Authentication
CM-6 Configuration Settings Protects T1557 Adversary-in-the-Middle
CM-6 Configuration Settings Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-6 Configuration Settings Protects T1557.002 ARP Cache Poisoning
CM-6 Configuration Settings Protects T1558 Steal or Forge Kerberos Tickets
CM-6 Configuration Settings Protects T1558.001 Golden Ticket
CM-6 Configuration Settings Protects T1558.002 Silver Ticket
CM-6 Configuration Settings Protects T1558.003 Kerberoasting
CM-6 Configuration Settings Protects T1558.004 AS-REP Roasting
CM-6 Configuration Settings Protects T1559 Inter-Process Communication
CM-6 Configuration Settings Protects T1559.001 Component Object Model
CM-6 Configuration Settings Protects T1559.002 Dynamic Data Exchange
CM-6 Configuration Settings Protects T1562 Impair Defenses
CM-6 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-6 Configuration Settings Protects T1562.002 Disable Windows Event Logging
CM-6 Configuration Settings Protects T1562.003 Impair Command History Logging
CM-6 Configuration Settings Protects T1562.004 Disable or Modify System Firewall
CM-6 Configuration Settings Protects T1562.006 Indicator Blocking
CM-6 Configuration Settings Protects T1562.009 Safe Mode Boot
CM-6 Configuration Settings Protects T1562.010 Downgrade Attack
CM-6 Configuration Settings Protects T1563 Remote Service Session Hijacking
CM-6 Configuration Settings Protects T1563.001 SSH Hijacking
CM-6 Configuration Settings Protects T1563.002 RDP Hijacking
CM-6 Configuration Settings Protects T1564.002 Hidden Users
CM-6 Configuration Settings Protects T1564.006 Run Virtual Instance
CM-6 Configuration Settings Protects T1564.007 VBA Stomping
CM-6 Configuration Settings Protects T1564.009 Resource Forking
CM-6 Configuration Settings Protects T1565 Data Manipulation
CM-6 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-6 Configuration Settings Protects T1565.002 Transmitted Data Manipulation
CM-6 Configuration Settings Protects T1565.003 Runtime Data Manipulation
CM-6 Configuration Settings Protects T1566 Phishing
CM-6 Configuration Settings Protects T1566.001 Spearphishing Attachment
CM-6 Configuration Settings Protects T1566.002 Spearphishing Link
CM-6 Configuration Settings Protects T1569 System Services
CM-6 Configuration Settings Protects T1569.002 Service Execution
CM-6 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-6 Configuration Settings Protects T1571 Non-Standard Port
CM-6 Configuration Settings Protects T1572 Protocol Tunneling
CM-6 Configuration Settings Protects T1573 Encrypted Channel
CM-6 Configuration Settings Protects T1573.001 Symmetric Cryptography
CM-6 Configuration Settings Protects T1573.002 Asymmetric Cryptography
CM-6 Configuration Settings Protects T1574 Hijack Execution Flow
CM-6 Configuration Settings Protects T1574.001 DLL Search Order Hijacking
CM-6 Configuration Settings Protects T1574.004 Dylib Hijacking
CM-6 Configuration Settings Protects T1574.005 Executable Installer File Permissions Weakness
CM-6 Configuration Settings Protects T1574.006 Dynamic Linker Hijacking
CM-6 Configuration Settings Protects T1574.007 Path Interception by PATH Environment Variable
CM-6 Configuration Settings Protects T1574.008 Path Interception by Search Order Hijacking
CM-6 Configuration Settings Protects T1574.009 Path Interception by Unquoted Path
CM-6 Configuration Settings Protects T1574.010 Services File Permissions Weakness
CM-6 Configuration Settings Protects T1598 Phishing for Information
CM-6 Configuration Settings Protects T1598.002 Spearphishing Attachment
CM-6 Configuration Settings Protects T1598.003 Spearphishing Link
CM-6 Configuration Settings Protects T1599 Network Boundary Bridging
CM-6 Configuration Settings Protects T1599.001 Network Address Translation Traversal
CM-6 Configuration Settings Protects T1601 Modify System Image
CM-6 Configuration Settings Protects T1601.001 Patch System Image
CM-6 Configuration Settings Protects T1601.002 Downgrade System Image
CM-6 Configuration Settings Protects T1602 Data from Configuration Repository
CM-6 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-6 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-6 Configuration Settings Protects T1609 Container Administration Command
CM-6 Configuration Settings Protects T1610 Deploy Container
CM-6 Configuration Settings Protects T1611 Escape to Host
CM-6 Configuration Settings Protects T1612 Build Image on Host
CM-6 Configuration Settings Protects T1613 Container and Resource Discovery