| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AU-1 | Policy and Procedures | Protects | T1556.006 | Multi-Factor Authentication |
| AU-1 | Policy and Procedures | Protects | T1556.007 | Hybrid Identity |
| AU-2 | Event Logging | Protects | T1556.006 | Multi-Factor Authentication |
| AU-2 | Event Logging | Protects | T1556.007 | Hybrid Identity |
| AU-5 | Response to Audit Processing Failure | Protects | T1593.003 | Code Repositories |
| AU-5 | Audit Review, Analysis, and Reporting | Protects | T1649 | Steal or Forge Authentication Certificates |
| AU-6 | Audit Review, Analysis, & Reporting | Protects | T1593.003 | Code Repositories |
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| AU-1 | Policy and Procedures | 2 |
| AU-2 | Event Logging | 2 |
| AU-5 | Response to Audit Processing Failure | 2 |
| AU-6 | Audit Review, Analysis, & Reporting | 1 |