NIST 800-53 Risk Assessment Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
RA-10 Threat Hunting Protects T1068 Exploitation for Privilege Escalation
RA-10 Threat Hunting Protects T1190 Exploit Public-Facing Application
RA-10 Threat Hunting Protects T1195 Supply Chain Compromise
RA-10 Threat Hunting Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-10 Threat Hunting Protects T1195.002 Compromise Software Supply Chain
RA-10 Threat Hunting Protects T1210 Exploitation of Remote Services
RA-10 Threat Hunting Protects T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting Protects T1212 Exploitation for Credential Access
RA-5 Vulnerability Monitoring and Scanning Protects T1011.001 Exfiltration Over Bluetooth
RA-5 Vulnerability Monitoring and Scanning Protects T1021.001 Remote Desktop Protocol
RA-5 Vulnerability Monitoring and Scanning Protects T1021.003 Distributed Component Object Model
RA-5 Vulnerability Monitoring and Scanning Protects T1021.004 SSH
RA-5 Vulnerability Monitoring and Scanning Protects T1021.005 VNC
RA-5 Vulnerability Monitoring and Scanning Protects T1021.006 Windows Remote Management
RA-5 Vulnerability Monitoring and Scanning Protects T1046 Network Service Scanning
RA-5 Vulnerability Monitoring and Scanning Protects T1047 Windows Management Instrumentation
RA-5 Vulnerability Monitoring and Scanning Protects T1052 Exfiltration Over Physical Medium
RA-5 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
RA-5 Vulnerability Monitoring and Scanning Protects T1053 Scheduled Task/Job
RA-5 Vulnerability Monitoring and Scanning Protects T1053.001 At (Linux)
RA-5 Vulnerability Monitoring and Scanning Protects T1053.002 At (Windows)
RA-5 Vulnerability Monitoring and Scanning Protects T1053.003 Cron
RA-5 Vulnerability Monitoring and Scanning Protects T1053.005 Scheduled Task
RA-5 Vulnerability Monitoring and Scanning Protects T1059 Command and Scripting Interpreter
RA-5 Vulnerability Monitoring and Scanning Protects T1059.001 PowerShell
RA-5 Vulnerability Monitoring and Scanning Protects T1059.005 Visual Basic
RA-5 Vulnerability Monitoring and Scanning Protects T1059.007 JavaScript
RA-5 Vulnerability Monitoring and Scanning Protects T1068 Exploitation for Privilege Escalation
RA-5 Vulnerability Monitoring and Scanning Protects T1078 Valid Accounts
RA-5 Vulnerability Monitoring and Scanning Protects T1091 Replication Through Removable Media
RA-5 Vulnerability Monitoring and Scanning Protects T1092 Communication Through Removable Media
RA-5 Vulnerability Monitoring and Scanning Protects T1098.004 SSH Authorized Keys
RA-5 Vulnerability Monitoring and Scanning Protects T1127 Trusted Developer Utilities Proxy Execution
RA-5 Vulnerability Monitoring and Scanning Protects T1127.001 MSBuild
RA-5 Vulnerability Monitoring and Scanning Protects T1133 External Remote Services
RA-5 Vulnerability Monitoring and Scanning Protects T1137 Office Application Startup
RA-5 Vulnerability Monitoring and Scanning Protects T1137.001 Office Template Macros
RA-5 Vulnerability Monitoring and Scanning Protects T1176 Browser Extensions
RA-5 Vulnerability Monitoring and Scanning Protects T1190 Exploit Public-Facing Application
RA-5 Vulnerability Monitoring and Scanning Protects T1195 Supply Chain Compromise
RA-5 Vulnerability Monitoring and Scanning Protects T1195.001 Compromise Software Dependencies and Development Tools
RA-5 Vulnerability Monitoring and Scanning Protects T1195.002 Compromise Software Supply Chain
RA-5 Vulnerability Monitoring and Scanning Protects T1204.003 Malicious Image
RA-5 Vulnerability Monitoring and Scanning Protects T1210 Exploitation of Remote Services
RA-5 Vulnerability Monitoring and Scanning Protects T1211 Exploitation for Defense Evasion
RA-5 Vulnerability Monitoring and Scanning Protects T1212 Exploitation for Credential Access
RA-5 Vulnerability Monitoring and Scanning Protects T1213 Data from Information Repositories
RA-5 Vulnerability Monitoring and Scanning Protects T1213.001 Confluence
RA-5 Vulnerability Monitoring and Scanning Protects T1213.002 Sharepoint
RA-5 Vulnerability Monitoring and Scanning Protects T1213.003 Code Repositories
RA-5 Vulnerability Monitoring and Scanning Protects T1218 Signed Binary Proxy Execution
RA-5 Vulnerability Monitoring and Scanning Protects T1218.003 CMSTP
RA-5 Vulnerability Monitoring and Scanning Protects T1218.004 InstallUtil
RA-5 Vulnerability Monitoring and Scanning Protects T1218.005 Mshta
RA-5 Vulnerability Monitoring and Scanning Protects T1218.008 Odbcconf
RA-5 Vulnerability Monitoring and Scanning Protects T1218.009 Regsvcs/Regasm
RA-5 Vulnerability Monitoring and Scanning Protects T1218.012 Verclsid
RA-5 Vulnerability Monitoring and Scanning Protects T1218.013 Mavinject
RA-5 Vulnerability Monitoring and Scanning Protects T1218.014 MMC
RA-5 Vulnerability Monitoring and Scanning Protects T1221 Template Injection
RA-5 Vulnerability Monitoring and Scanning Protects T1482 Domain Trust Discovery
RA-5 Vulnerability Monitoring and Scanning Protects T1484 Domain Policy Modification
RA-5 Vulnerability Monitoring and Scanning Protects T1505 Server Software Component
RA-5 Vulnerability Monitoring and Scanning Protects T1505.001 SQL Stored Procedures
RA-5 Vulnerability Monitoring and Scanning Protects T1505.002 Transport Agent
RA-5 Vulnerability Monitoring and Scanning Protects T1505.003 Web Shell
RA-5 Vulnerability Monitoring and Scanning Protects T1505.004 IIS Components
RA-5 Vulnerability Monitoring and Scanning Protects T1525 Implant Internal Image
RA-5 Vulnerability Monitoring and Scanning Protects T1528 Steal Application Access Token
RA-5 Vulnerability Monitoring and Scanning Protects T1530 Data from Cloud Storage Object
RA-5 Vulnerability Monitoring and Scanning Protects T1542.004 ROMMONkit
RA-5 Vulnerability Monitoring and Scanning Protects T1542.005 TFTP Boot
RA-5 Vulnerability Monitoring and Scanning Protects T1543 Create or Modify System Process
RA-5 Vulnerability Monitoring and Scanning Protects T1546.002 Screensaver
RA-5 Vulnerability Monitoring and Scanning Protects T1546.014 Emond
RA-5 Vulnerability Monitoring and Scanning Protects T1547.006 Kernel Modules and Extensions
RA-5 Vulnerability Monitoring and Scanning Protects T1547.007 Re-opened Applications
RA-5 Vulnerability Monitoring and Scanning Protects T1547.008 LSASS Driver
RA-5 Vulnerability Monitoring and Scanning Protects T1548 Abuse Elevation Control Mechanism
RA-5 Vulnerability Monitoring and Scanning Protects T1548.002 Bypass User Account Control
RA-5 Vulnerability Monitoring and Scanning Protects T1548.003 Sudo and Sudo Caching
RA-5 Vulnerability Monitoring and Scanning Protects T1552 Unsecured Credentials
RA-5 Vulnerability Monitoring and Scanning Protects T1552.001 Credentials In Files
RA-5 Vulnerability Monitoring and Scanning Protects T1552.002 Credentials in Registry
RA-5 Vulnerability Monitoring and Scanning Protects T1552.004 Private Keys
RA-5 Vulnerability Monitoring and Scanning Protects T1552.006 Group Policy Preferences
RA-5 Vulnerability Monitoring and Scanning Protects T1557 Adversary-in-the-Middle
RA-5 Vulnerability Monitoring and Scanning Protects T1558.004 AS-REP Roasting
RA-5 Vulnerability Monitoring and Scanning Protects T1559 Inter-Process Communication
RA-5 Vulnerability Monitoring and Scanning Protects T1559.002 Dynamic Data Exchange
RA-5 Vulnerability Monitoring and Scanning Protects T1560 Archive Collected Data
RA-5 Vulnerability Monitoring and Scanning Protects T1560.001 Archive via Utility
RA-5 Vulnerability Monitoring and Scanning Protects T1562 Impair Defenses
RA-5 Vulnerability Monitoring and Scanning Protects T1562.010 Downgrade Attack
RA-5 Vulnerability Monitoring and Scanning Protects T1563 Remote Service Session Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1563.001 SSH Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1563.002 RDP Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574 Hijack Execution Flow
RA-5 Vulnerability Monitoring and Scanning Protects T1574.001 DLL Search Order Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.004 Dylib Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.005 Executable Installer File Permissions Weakness
RA-5 Vulnerability Monitoring and Scanning Protects T1574.007 Path Interception by PATH Environment Variable
RA-5 Vulnerability Monitoring and Scanning Protects T1574.008 Path Interception by Search Order Hijacking
RA-5 Vulnerability Monitoring and Scanning Protects T1574.009 Path Interception by Unquoted Path
RA-5 Vulnerability Monitoring and Scanning Protects T1574.010 Services File Permissions Weakness
RA-5 Vulnerability Monitoring and Scanning Protects T1578 Modify Cloud Compute Infrastructure
RA-5 Vulnerability Monitoring and Scanning Protects T1578.001 Create Snapshot
RA-5 Vulnerability Monitoring and Scanning Protects T1578.002 Create Cloud Instance
RA-5 Vulnerability Monitoring and Scanning Protects T1578.003 Delete Cloud Instance
RA-5 Vulnerability Monitoring and Scanning Protects T1612 Build Image on Host
RA-9 Criticality Analysis Protects T1195.003 Compromise Hardware Supply Chain
RA-9 Criticality Analysis Protects T1495 Firmware Corruption
RA-9 Criticality Analysis Protects T1542 Pre-OS Boot
RA-9 Criticality Analysis Protects T1542.001 System Firmware
RA-9 Criticality Analysis Protects T1542.003 Bootkit
RA-9 Criticality Analysis Protects T1542.004 ROMMONkit
RA-9 Criticality Analysis Protects T1542.005 TFTP Boot
RA-9 Criticality Analysis Protects T1553 Subvert Trust Controls
RA-9 Criticality Analysis Protects T1553.006 Code Signing Policy Modification
RA-9 Criticality Analysis Protects T1601 Modify System Image
RA-9 Criticality Analysis Protects T1601.001 Patch System Image
RA-9 Criticality Analysis Protects T1601.002 Downgrade System Image

Capabilities

Capability ID Capability Name Number of Mappings
RA-9 Criticality Analysis 12
RA-5 Vulnerability Monitoring and Scanning 102
RA-10 Threat Hunting 8