NIST 800-53 SI-16 Mappings

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-16 Memory Protection Protects T1003.001 LSASS Memory
SI-16 Memory Protection Protects T1047 Windows Management Instrumentation
SI-16 Memory Protection Protects T1055.009 Proc Memory
SI-16 Memory Protection Protects T1059 Command and Scripting Interpreter
SI-16 Memory Protection Protects T1059.001 PowerShell
SI-16 Memory Protection Protects T1059.002 AppleScript
SI-16 Memory Protection Protects T1059.003 Windows Command Shell
SI-16 Memory Protection Protects T1059.004 Unix Shell
SI-16 Memory Protection Protects T1059.005 Visual Basic
SI-16 Memory Protection Protects T1059.006 Python
SI-16 Memory Protection Protects T1059.007 JavaScript
SI-16 Memory Protection Protects T1059.008 Network Device CLI
SI-16 Memory Protection Protects T1218 Signed Binary Proxy Execution
SI-16 Memory Protection Protects T1218.001 Compiled HTML File
SI-16 Memory Protection Protects T1218.002 Control Panel
SI-16 Memory Protection Protects T1218.003 CMSTP
SI-16 Memory Protection Protects T1218.004 InstallUtil
SI-16 Memory Protection Protects T1218.005 Mshta
SI-16 Memory Protection Protects T1218.008 Odbcconf
SI-16 Memory Protection Protects T1218.009 Regsvcs/Regasm
SI-16 Memory Protection Protects T1218.012 Verclsid
SI-16 Memory Protection Protects T1218.013 Mavinject
SI-16 Memory Protection Protects T1218.014 MMC
SI-16 Memory Protection Protects T1505.004 IIS Components
SI-16 Memory Protection Protects T1543 Create or Modify System Process
SI-16 Memory Protection Protects T1543.002 Systemd Service
SI-16 Memory Protection Protects T1547.004 Winlogon Helper DLL
SI-16 Memory Protection Protects T1547.006 Kernel Modules and Extensions
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection Protects T1565 Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.003 Runtime Data Manipulation
SI-16 Memory Protection Protects T1611 Escape to Host