NIST 800-53 SC-4 Mappings

Preventing unauthorized and unintended information transfer via shared system resources stops information produced by the actions of prior users or roles (or the actions of processes acting on behalf of prior users or roles) from being available to current users or roles (or current processes acting on behalf of current users or roles) that obtain access to shared system resources after those resources have been released back to the system. Information in shared system resources also applies to encrypted representations of information. In other contexts, control of information in shared system resources is referred to as object reuse and residual information protection. Information in shared system resources does not address information remanence, which refers to the residual representation of data that has been nominally deleted; covert channels (including storage and timing channels), where shared system resources are manipulated to violate information flow restrictions; or components within systems for which there are only single users or roles.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-4 Information in Shared System Resources Protects T1020.001 Traffic Duplication
SC-4 Information in Shared System Resources Protects T1070 Indicator Removal on Host
SC-4 Information in Shared System Resources Protects T1070.001 Clear Windows Event Logs
SC-4 Information in Shared System Resources Protects T1558 Steal or Forge Kerberos Tickets
SC-4 Information in Shared System Resources Protects T1558.003 Kerberoasting
SC-4 Information in Shared System Resources Protects T1565 Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.002 Transmitted Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.003 Runtime Data Manipulation
SC-4 Information in Shared System Resources Protects T1602.002 Network Device Configuration Dump
SC-4 Information in Shared System Resources Protects T1070.002 Clear Linux or Mac System Logs
SC-4 Information in Shared System Resources Protects T1080 Taint Shared Content
SC-4 Information in Shared System Resources Protects T1552 Unsecured Credentials
SC-4 Information in Shared System Resources Protects T1552.001 Credentials In Files
SC-4 Information in Shared System Resources Protects T1552.002 Credentials in Registry
SC-4 Information in Shared System Resources Protects T1552.004 Private Keys
SC-4 Information in Shared System Resources Protects T1557.002 ARP Cache Poisoning
SC-4 Information in Shared System Resources Protects T1558.002 Silver Ticket
SC-4 Information in Shared System Resources Protects T1558.004 AS-REP Roasting
SC-4 Information in Shared System Resources Protects T1564.009 Resource Forking
SC-4 Information in Shared System Resources Protects T1602 Data from Configuration Repository
SC-4 Information in Shared System Resources Protects T1602.001 SNMP (MIB Dump)
SC-4 Information in Shared System Resources Protects T1040 Network Sniffing
SC-4 Information in Shared System Resources Protects T1119 Automated Collection
SC-4 Information in Shared System Resources Protects T1530 Data from Cloud Storage Object
SC-4 Information in Shared System Resources Protects T1557 Adversary-in-the-Middle
SC-4 Information In Shared Resources Protects T1070.008 Clear Mailbox Data
SC-4 Information in Shared System Resources Protects T1595.003 Wordlist Scanning