NIST 800-53 MAPPINGS

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise

NIST 800-53 Mapping Methodology | Mapping Scope

SELECT VERSIONS

NIST 800-53 Version

ATT&CK Version

ATT&CK Domain

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
AC Access Control 1271 19
AU Audit and Accountability 7 4
CA Security Assessment and Authorization 278 4
CM Configuration Management 1088 9
CP Contingency Planning 65 5
IA Identification and Authentication 343 10
IR Incident Response 1 1
MP Media Protection 6 1
RA Risk Assessment 122 3
SA System and Services Acquisition 126 10
SC System and Communications Protection 510 31
SI System and Information Integrity 1060 12
SR Supply Chain Risk Management 52 4

All Mappings

This is a very large mapping. To reduce the size, we have only downloaded the first 500 of 4,929 mappings. Load all data (4.1 MB)

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-1 Policy and Procedures Protects T1556.006 Multi-Factor Authentication
AC-1 Policy and Procedures Protects T1556.007 Hybrid Identity
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-10 Concurrent Session Control Protects T1185 Browser Session Hijacking
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token
AC-11 Device Lock Protects T1021.001 Remote Desktop Protocol
AC-11 Device Lock Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-12 Session Termination Protects T1185 Browser Session Hijacking
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1505.005 Terminal Services DLL
AC-14 Permitted Actions Without Identification or Authentication Protects T1137.002 Office Test
AC-16 Security and Privacy Attributes Protects T1020.001 Traffic Duplication
AC-16 Security and Privacy Attributes Protects T1070 Indicator Removal on Host
AC-16 Security and Privacy Attributes Protects T1070.001 Clear Windows Event Logs
AC-16 Security and Privacy Attributes Protects T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1505 Server Software Component
AC-16 Security and Privacy Attributes Protects T1537 Transfer Data to Cloud Account
AC-16 Security and Privacy Attributes Protects T1547.007 Re-opened Applications
AC-16 Security and Privacy Attributes Protects T1548.003 Sudo and Sudo Caching
AC-16 Security and Privacy Attributes Protects T1550.001 Application Access Token
AC-16 Security and Privacy Attributes Protects T1552.005 Cloud Instance Metadata API
AC-16 Security and Privacy Attributes Protects T1558 Steal or Forge Kerberos Tickets
AC-16 Security and Privacy Attributes Protects T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes Protects T1565 Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.002 Transmitted Data Manipulation
AC-16 Security and Privacy Attributes Protects T1567 Exfiltration Over Web Service
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-16 Security and Privacy Attributes Protects T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes Protects T1025 Data from Removable Media
AC-16 Security and Privacy Attributes Protects T1041 Exfiltration Over C2 Channel
AC-16 Security and Privacy Attributes Protects T1048 Exfiltration Over Alternative Protocol
AC-16 Security and Privacy Attributes Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-16 Security and Privacy Attributes Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-16 Security and Privacy Attributes Protects T1052 Exfiltration Over Physical Medium
AC-16 Security and Privacy Attributes Protects T1052.001 Exfiltration over USB
AC-16 Security and Privacy Attributes Protects T1070.002 Clear Linux or Mac System Logs
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-16 Security and Privacy Attributes Protects T1114.001 Local Email Collection
AC-16 Security and Privacy Attributes Protects T1114.002 Remote Email Collection
AC-16 Security and Privacy Attributes Protects T1114.003 Email Forwarding Rule
AC-16 Security and Privacy Attributes Protects T1213 Data from Information Repositories
AC-16 Security and Privacy Attributes Protects T1213.001 Confluence
AC-16 Security and Privacy Attributes Protects T1213.002 Sharepoint
AC-16 Security and Privacy Attributes Protects T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1505.002 Transport Agent
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes Protects T1552.004 Private Keys
AC-16 Security and Privacy Attributes Protects T1557.002 ARP Cache Poisoning
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes Protects T1558.004 AS-REP Roasting
AC-16 Security and Privacy Attributes Protects T1564.004 NTFS File Attributes
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes Protects T1003.003 NTDS
AC-16 Security and Privacy Attributes Protects T1005 Data from Local System
AC-16 Security and Privacy Attributes Protects T1040 Network Sniffing
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage Object
AC-16 Security and Privacy Attributes Protects T1557 Adversary-in-the-Middle
AC-16 Security Attributes Protects T1070.008 Clear Mailbox Data
AC-16 Security Attributes Protects T1647 Plist File Modification
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1059 Command and Scripting Interpreter
AC-17 Remote Access Protects T1059.001 PowerShell
AC-17 Remote Access Protects T1059.002 AppleScript
AC-17 Remote Access Protects T1059.005 Visual Basic
AC-17 Remote Access Protects T1059.008 Network Device CLI
AC-17 Remote Access Protects T1070 Indicator Removal on Host
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1547.003 Time Providers
AC-17 Remote Access Protects T1547.004 Winlogon Helper DLL
AC-17 Remote Access Protects T1547.009 Shortcut Modification
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1609 Container Administration Command
AC-17 Remote Access Protects T1610 Deploy Container
AC-17 Remote Access Protects T1021 Remote Services
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1059.003 Windows Command Shell
AC-17 Remote Access Protects T1059.004 Unix Shell
AC-17 Remote Access Protects T1059.006 Python
AC-17 Remote Access Protects T1059.007 JavaScript
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213.001 Confluence
AC-17 Remote Access Protects T1213.002 Sharepoint
AC-17 Remote Access Protects T1505.004 IIS Components
AC-17 Remote Access Protects T1547.012 Print Processors
AC-17 Remote Access Protects T1547.013 XDG Autostart Entries
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552.002 Credentials in Registry
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1612 Build Image on Host
AC-17 Remote Access Protects T1613 Container and Resource Discovery
AC-17 Remote Access Protects T1619 Cloud Storage Object Discovery
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1552.007 Container API
AC-17 Remote Access Protects T1557 Adversary-in-the-Middle
AC-17 Remote Access Protects T1070.008 Clear Mailbox Data
AC-17 Remote Access Protects T1505.005 Terminal Services DLL
AC-17 Remote Access Protects T1647 Plist File Modification
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
AC-18 Wireless Access Protects T1020.001 Traffic Duplication
AC-18 Wireless Access Protects T1070 Indicator Removal on Host
AC-18 Wireless Access Protects T1070.001 Clear Windows Event Logs
AC-18 Wireless Access Protects T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access Protects T1558.003 Kerberoasting
AC-18 Wireless Access Protects T1565 Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-18 Wireless Access Protects T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552.004 Private Keys
AC-18 Wireless Access Protects T1557.002 ARP Cache Poisoning
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.004 AS-REP Roasting
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1040 Network Sniffing
AC-18 Wireless Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1530 Data from Cloud Storage Object
AC-18 Wireless Access Protects T1557 Adversary-in-the-Middle
AC-18 Wireless Access Protects T1070.008 Clear Mailbox Data
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices Protects T1070 Indicator Removal on Host
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage Object
AC-19 Access Control for Mobile Devices Protects T1557 Adversary-in-the-Middle
AC-19 Access Control For Mobile Devices Protects T1070.008 Clear Mailbox Data
AC-2 Account Management Protects T1021.001 Remote Desktop Protocol
AC-2 Account Management Protects T1047 Windows Management Instrumentation
AC-2 Account Management Protects T1053 Scheduled Task/Job
AC-2 Account Management Protects T1053.002 At (Windows)
AC-2 Account Management Protects T1053.003 Cron
AC-2 Account Management Protects T1053.005 Scheduled Task
AC-2 Account Management Protects T1059 Command and Scripting Interpreter
AC-2 Account Management Protects T1059.001 PowerShell
AC-2 Account Management Protects T1059.002 AppleScript
AC-2 Account Management Protects T1059.005 Visual Basic
AC-2 Account Management Protects T1059.008 Network Device CLI
AC-2 Account Management Protects T1070 Indicator Removal on Host
AC-2 Account Management Protects T1070.001 Clear Windows Event Logs
AC-2 Account Management Protects T1070.003 Clear Command History
AC-2 Account Management Protects T1078.002 Domain Accounts
AC-2 Account Management Protects T1078.004 Cloud Accounts
AC-2 Account Management Protects T1098 Account Manipulation
AC-2 Account Management Protects T1098.001 Additional Cloud Credentials
AC-2 Account Management Protects T1098.002 Exchange Email Delegate Permissions
AC-2 Account Management Protects T1098.003 Add Office 365 Global Administrator Role
AC-2 Account Management Protects T1190 Exploit Public-Facing Application
AC-2 Account Management Protects T1197 BITS Jobs
AC-2 Account Management Protects T1210 Exploitation of Remote Services
AC-2 Account Management Protects T1213.003 Code Repositories
AC-2 Account Management Protects T1218.007 Msiexec
AC-2 Account Management Protects T1222 File and Directory Permissions Modification
AC-2 Account Management Protects T1495 Firmware Corruption
AC-2 Account Management Protects T1505 Server Software Component
AC-2 Account Management Protects T1505.003 Web Shell
AC-2 Account Management Protects T1525 Implant Internal Image
AC-2 Account Management Protects T1537 Transfer Data to Cloud Account
AC-2 Account Management Protects T1543 Create or Modify System Process
AC-2 Account Management Protects T1543.001 Launch Agent
AC-2 Account Management Protects T1543.003 Windows Service
AC-2 Account Management Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-2 Account Management Protects T1547.004 Winlogon Helper DLL
AC-2 Account Management Protects T1547.006 Kernel Modules and Extensions
AC-2 Account Management Protects T1547.009 Shortcut Modification
AC-2 Account Management Protects T1548.002 Bypass User Account Control
AC-2 Account Management Protects T1548.003 Sudo and Sudo Caching
AC-2 Account Management Protects T1556.004 Network Device Authentication
AC-2 Account Management Protects T1558 Steal or Forge Kerberos Tickets
AC-2 Account Management Protects T1558.003 Kerberoasting
AC-2 Account Management Protects T1559 Inter-Process Communication
AC-2 Account Management Protects T1562 Impair Defenses
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-2 Account Management Protects T1562.006 Indicator Blocking
AC-2 Account Management Protects T1562.008 Disable Cloud Logs
AC-2 Account Management Protects T1567 Exfiltration Over Web Service
AC-2 Account Management Protects T1574 Hijack Execution Flow
AC-2 Account Management Protects T1574.007 Path Interception by PATH Environment Variable
AC-2 Account Management Protects T1609 Container Administration Command
AC-2 Account Management Protects T1610 Deploy Container
AC-2 Account Management Protects T1003 OS Credential Dumping
AC-2 Account Management Protects T1003.004 LSA Secrets
AC-2 Account Management Protects T1003.005 Cached Domain Credentials
AC-2 Account Management Protects T1003.006 DCSync
AC-2 Account Management Protects T1003.007 Proc Filesystem
AC-2 Account Management Protects T1003.008 /etc/passwd and /etc/shadow
AC-2 Account Management Protects T1021 Remote Services
AC-2 Account Management Protects T1021.002 SMB/Windows Admin Shares
AC-2 Account Management Protects T1021.003 Distributed Component Object Model
AC-2 Account Management Protects T1021.004 SSH
AC-2 Account Management Protects T1021.005 VNC
AC-2 Account Management Protects T1021.006 Windows Remote Management
AC-2 Account Management Protects T1025 Data from Removable Media
AC-2 Account Management Protects T1036 Masquerading
AC-2 Account Management Protects T1036.003 Rename System Utilities
AC-2 Account Management Protects T1036.005 Match Legitimate Name or Location
AC-2 Account Management Protects T1041 Exfiltration Over C2 Channel
AC-2 Account Management Protects T1048 Exfiltration Over Alternative Protocol
AC-2 Account Management Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-2 Account Management Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-2 Account Management Protects T1052 Exfiltration Over Physical Medium
AC-2 Account Management Protects T1052.001 Exfiltration over USB
AC-2 Account Management Protects T1053.006 Systemd Timers
AC-2 Account Management Protects T1053.007 Container Orchestration Job
AC-2 Account Management Protects T1055.008 Ptrace System Calls
AC-2 Account Management Protects T1056.003 Web Portal Capture
AC-2 Account Management Protects T1059.003 Windows Command Shell
AC-2 Account Management Protects T1059.004 Unix Shell
AC-2 Account Management Protects T1059.006 Python
AC-2 Account Management Protects T1059.007 JavaScript
AC-2 Account Management Protects T1070.002 Clear Linux or Mac System Logs
AC-2 Account Management Protects T1072 Software Deployment Tools
AC-2 Account Management Protects T1078.001 Default Accounts
AC-2 Account Management Protects T1078.003 Local Accounts
AC-2 Account Management Protects T1087.004 Cloud Account
AC-2 Account Management Protects T1110 Brute Force
AC-2 Account Management Protects T1110.003 Password Spraying
AC-2 Account Management Protects T1110.004 Credential Stuffing
AC-2 Account Management Protects T1134 Access Token Manipulation
AC-2 Account Management Protects T1134.001 Token Impersonation/Theft
AC-2 Account Management Protects T1134.002 Create Process with Token
AC-2 Account Management Protects T1134.003 Make and Impersonate Token
AC-2 Account Management Protects T1136 Create Account
AC-2 Account Management Protects T1136.001 Local Account
AC-2 Account Management Protects T1136.002 Domain Account
AC-2 Account Management Protects T1136.003 Cloud Account
AC-2 Account Management Protects T1185 Browser Session Hijacking
AC-2 Account Management Protects T1213 Data from Information Repositories
AC-2 Account Management Protects T1213.001 Confluence
AC-2 Account Management Protects T1213.002 Sharepoint
AC-2 Account Management Protects T1222.001 Windows File and Directory Permissions Modification
AC-2 Account Management Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-2 Account Management Protects T1484 Domain Policy Modification
AC-2 Account Management Protects T1489 Service Stop
AC-2 Account Management Protects T1505.002 Transport Agent
AC-2 Account Management Protects T1538 Cloud Service Dashboard
AC-2 Account Management Protects T1542 Pre-OS Boot
AC-2 Account Management Protects T1542.001 System Firmware
AC-2 Account Management Protects T1542.003 Bootkit
AC-2 Account Management Protects T1542.005 TFTP Boot
AC-2 Account Management Protects T1543.002 Systemd Service
AC-2 Account Management Protects T1543.004 Launch Daemon
AC-2 Account Management Protects T1547.012 Print Processors
AC-2 Account Management Protects T1547.013 XDG Autostart Entries
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1550 Use Alternate Authentication Material
AC-2 Account Management Protects T1550.002 Pass the Hash
AC-2 Account Management Protects T1550.003 Pass the Ticket
AC-2 Account Management Protects T1552 Unsecured Credentials
AC-2 Account Management Protects T1552.001 Credentials In Files
AC-2 Account Management Protects T1552.002 Credentials in Registry
AC-2 Account Management Protects T1552.004 Private Keys
AC-2 Account Management Protects T1552.006 Group Policy Preferences
AC-2 Account Management Protects T1556.001 Domain Controller Authentication
AC-2 Account Management Protects T1556.003 Pluggable Authentication Modules
AC-2 Account Management Protects T1558.001 Golden Ticket
AC-2 Account Management Protects T1558.002 Silver Ticket
AC-2 Account Management Protects T1558.004 AS-REP Roasting
AC-2 Account Management Protects T1559.001 Component Object Model
AC-2 Account Management Protects T1562.002 Disable Windows Event Logging
AC-2 Account Management Protects T1562.004 Disable or Modify System Firewall
AC-2 Account Management Protects T1562.007 Disable or Modify Cloud Firewall
AC-2 Account Management Protects T1562.009 Safe Mode Boot
AC-2 Account Management Protects T1563 Remote Service Session Hijacking
AC-2 Account Management Protects T1563.001 SSH Hijacking
AC-2 Account Management Protects T1563.002 RDP Hijacking
AC-2 Account Management Protects T1569 System Services
AC-2 Account Management Protects T1569.001 Launchctl
AC-2 Account Management Protects T1569.002 Service Execution
AC-2 Account Management Protects T1574.004 Dylib Hijacking
AC-2 Account Management Protects T1574.005 Executable Installer File Permissions Weakness
AC-2 Account Management Protects T1574.008 Path Interception by Search Order Hijacking
AC-2 Account Management Protects T1574.009 Path Interception by Unquoted Path
AC-2 Account Management Protects T1574.010 Services File Permissions Weakness
AC-2 Account Management Protects T1574.012 COR_PROFILER
AC-2 Account Management Protects T1578 Modify Cloud Compute Infrastructure
AC-2 Account Management Protects T1578.001 Create Snapshot
AC-2 Account Management Protects T1578.002 Create Cloud Instance
AC-2 Account Management Protects T1578.003 Delete Cloud Instance
AC-2 Account Management Protects T1599.001 Network Address Translation Traversal
AC-2 Account Management Protects T1601 Modify System Image
AC-2 Account Management Protects T1601.001 Patch System Image
AC-2 Account Management Protects T1601.002 Downgrade System Image
AC-2 Account Management Protects T1606 Forge Web Credentials
AC-2 Account Management Protects T1606.001 Web Cookies
AC-2 Account Management Protects T1606.002 SAML Tokens
AC-2 Account Management Protects T1612 Build Image on Host
AC-2 Account Management Protects T1613 Container and Resource Discovery
AC-2 Account Management Protects T1619 Cloud Storage Object Discovery
AC-2 Account Management Protects T1003.001 LSASS Memory
AC-2 Account Management Protects T1003.002 Security Account Manager
AC-2 Account Management Protects T1003.003 NTDS
AC-2 Account Management Protects T1005 Data from Local System
AC-2 Account Management Protects T1055 Process Injection
AC-2 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-2 Account Management Protects T1078 Valid Accounts
AC-2 Account Management Protects T1110.001 Password Guessing
AC-2 Account Management Protects T1110.002 Password Cracking
AC-2 Account Management Protects T1212 Exploitation for Credential Access
AC-2 Account Management Protects T1218 Signed Binary Proxy Execution
AC-2 Account Management Protects T1528 Steal Application Access Token
AC-2 Account Management Protects T1530 Data from Cloud Storage Object
AC-2 Account Management Protects T1552.007 Container API
AC-2 Account Management Protects T1556 Modify Authentication Process
AC-2 Account Management Protects T1580 Cloud Infrastructure Discovery
AC-2 Account Management Protects T1599 Network Boundary Bridging
AC-2 Account Management Protects T1611 Escape to Host
AC-2 Account Management Protects T1070.007 Clear Network Connection History and Configurations
AC-2 Account Management Protects T1070.008 Clear Mailbox Data
AC-2 Account Management Protects T1070.009 Clear Persistence
AC-2 Account Management Protects T1098.005 Device Registration
AC-2 Account Management Protects T1505.005 Terminal Services DLL
AC-2 Account Management Protects T1648 Serverless Execution
AC-2 Account Management Protects T1556.005 Reversible Encryption
AC-2 Account Management Protects T1556.006 Multi-Factor Authentication
AC-2 Account Management Protects T1556.007 Hybrid Identity
AC-2 Account Management Protects T1585.003 Cloud Accounts
AC-2 Account Management Protects T1586.003 Cloud Accounts
AC-2 Account Management Protects T1621 Multi-Factor Authentication Request Generation
AC-20 Use of External Systems Protects T1020.001 Traffic Duplication
AC-20 Use of External Systems Protects T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems Protects T1078.002 Domain Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems Protects T1098.002 Exchange Email Delegate Permissions
AC-20 Use of External Systems Protects T1098.003 Add Office 365 Global Administrator Role
AC-20 Use of External Systems Protects T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems Protects T1550.001 Application Access Token
AC-20 Use of External Systems Protects T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems Protects T1556.004 Network Device Authentication
AC-20 Use of External Systems Protects T1565 Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems Protects T1567 Exfiltration Over Web Service
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-20 Use of External Systems Protects T1021 Remote Services
AC-20 Use of External Systems Protects T1021.004 SSH
AC-20 Use of External Systems Protects T1041 Exfiltration Over C2 Channel
AC-20 Use of External Systems Protects T1048 Exfiltration Over Alternative Protocol
AC-20 Use of External Systems Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-20 Use of External Systems Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-20 Use of External Systems Protects T1052 Exfiltration Over Physical Medium
AC-20 Use of External Systems Protects T1052.001 Exfiltration over USB
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1110 Brute Force
AC-20 Use of External Systems Protects T1110.003 Password Spraying
AC-20 Use of External Systems Protects T1110.004 Credential Stuffing
AC-20 Use of External Systems Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114.001 Local Email Collection
AC-20 Use of External Systems Protects T1114.002 Remote Email Collection
AC-20 Use of External Systems Protects T1114.003 Email Forwarding Rule
AC-20 Use of External Systems Protects T1134.005 SID-History Injection
AC-20 Use of External Systems Protects T1136 Create Account
AC-20 Use of External Systems Protects T1136.001 Local Account
AC-20 Use of External Systems Protects T1136.002 Domain Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1539 Steal Web Session Cookie
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552.004 Private Keys
AC-20 Use of External Systems Protects T1556.001 Domain Controller Authentication
AC-20 Use of External Systems Protects T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems Protects T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1110.001 Password Guessing
AC-20 Use of External Systems Protects T1110.002 Password Cracking
AC-20 Use of External Systems Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage Object
AC-20 Use of External Systems Protects T1556 Modify Authentication Process
AC-20 Use of External Systems Protects T1557 Adversary-in-the-Middle
AC-20 Use Of External Information Systems Protects T1098.004 SSH Authorized Keys
AC-20 Use of External Systems Protects T1098.005 Device Registration
AC-20 Use of External Systems Protects T1505.005 Terminal Services DLL
AC-20 Use of External Information Systems Protects T1583.007 Serverless
AC-20 Use of External Information Systems Protects T1584.007 Serverless
AC-21 Information Sharing Protects T1213 Data from Information Repositories
AC-21 Information Sharing Protects T1213.001 Confluence
AC-21 Information Sharing Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1567 Exfiltration Over Web Service
AC-23 Data Mining Protection Protects T1025 Data from Removable Media
AC-23 Data Mining Protection Protects T1041 Exfiltration Over C2 Channel
AC-23 Data Mining Protection Protects T1048 Exfiltration Over Alternative Protocol
AC-23 Data Mining Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-23 Data Mining Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-23 Data Mining Protection Protects T1052 Exfiltration Over Physical Medium
AC-23 Data Mining Protection Protects T1052.001 Exfiltration over USB
AC-23 Data Mining Protection Protects T1213 Data from Information Repositories
AC-23 Data Mining Protection Protects T1213.001 Confluence
AC-23 Data Mining Protection Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1005 Data from Local System
AC-23 Data Mining Protection Protects T1133 External Remote Services
AC-23 Data Mining Protection Protects T1552.007 Container API
AC-3 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-3 Access Enforcement Protects T1037.002 Logon Script (Mac)
AC-3 Access Enforcement Protects T1037.005 Startup Items
AC-3 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-3 Access Enforcement Protects T1053 Scheduled Task/Job
AC-3 Access Enforcement Protects T1053.002 At (Windows)
AC-3 Access Enforcement Protects T1053.003 Cron
AC-3 Access Enforcement Protects T1053.005 Scheduled Task
AC-3 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-3 Access Enforcement Protects T1059.001 PowerShell
AC-3 Access Enforcement Protects T1059.002 AppleScript
AC-3 Access Enforcement Protects T1059.005 Visual Basic
AC-3 Access Enforcement Protects T1059.008 Network Device CLI
AC-3 Access Enforcement Protects T1070 Indicator Removal on Host
AC-3 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-3 Access Enforcement Protects T1070.003 Clear Command History
AC-3 Access Enforcement Protects T1078.002 Domain Accounts
AC-3 Access Enforcement Protects T1078.004 Cloud Accounts
AC-3 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-3 Access Enforcement Protects T1098 Account Manipulation
AC-3 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-3 Access Enforcement Protects T1098.002 Exchange Email Delegate Permissions
AC-3 Access Enforcement Protects T1098.003 Add Office 365 Global Administrator Role
AC-3 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1197 BITS Jobs
AC-3 Access Enforcement Protects T1205 Traffic Signaling
AC-3 Access Enforcement Protects T1205.001 Port Knocking
AC-3 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-3 Access Enforcement Protects T1213.003 Code Repositories
AC-3 Access Enforcement Protects T1218.007 Msiexec
AC-3 Access Enforcement Protects T1218.012 Verclsid
AC-3 Access Enforcement Protects T1219 Remote Access Software
AC-3 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-3 Access Enforcement Protects T1490 Inhibit System Recovery
AC-3 Access Enforcement Protects T1491 Defacement
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-3 Access Enforcement Protects T1495 Firmware Corruption