NIST 800-53 Configuration Management Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-10 Software Usage Restrictions Protects T1550.001 Application Access Token
CM-10 Software Usage Restrictions Protects T1559 Inter-Process Communication
CM-10 Software Usage Restrictions Protects T1559.002 Dynamic Data Exchange
CM-10 Software Usage Restrictions Protects T1562.006 Indicator Blocking
CM-10 Software Usage Restrictions Protects T1546.008 Accessibility Features
CM-10 Software Usage Restrictions Protects T1546.013 PowerShell Profile
CM-10 Software Usage Restrictions Protects T1553 Subvert Trust Controls
CM-10 Software Usage Restrictions Protects T1553.004 Install Root Certificate
CM-10 Software Usage Restrictions Protects T1562.009 Safe Mode Boot
CM-11 User-installed Software Protects T1059 Command and Scripting Interpreter
CM-11 User-installed Software Protects T1176 Browser Extensions
CM-11 User-installed Software Protects T1195 Supply Chain Compromise
CM-11 User-installed Software Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software Protects T1195.002 Compromise Software Supply Chain
CM-11 User-installed Software Protects T1218.003 CMSTP
CM-11 User-installed Software Protects T1218.004 InstallUtil
CM-11 User-installed Software Protects T1218.008 Odbcconf
CM-11 User-installed Software Protects T1218.009 Regsvcs/Regasm
CM-11 User-installed Software Protects T1218.012 Verclsid
CM-11 User-installed Software Protects T1218.013 Mavinject
CM-11 User-installed Software Protects T1218.014 MMC
CM-11 User-installed Software Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1543 Create or Modify System Process
CM-11 User-installed Software Protects T1543.001 Launch Agent
CM-11 User-installed Software Protects T1543.003 Windows Service
CM-11 User-installed Software Protects T1550.001 Application Access Token
CM-11 User-installed Software Protects T1021.005 VNC
CM-11 User-installed Software Protects T1059.006 Python
CM-11 User-installed Software Protects T1218.001 Compiled HTML File
CM-11 User-installed Software Protects T1218.002 Control Panel
CM-11 User-installed Software Protects T1218.005 Mshta
CM-11 User-installed Software Protects T1505.001 SQL Stored Procedures
CM-11 User-installed Software Protects T1505.002 Transport Agent
CM-11 User-installed Software Protects T1505.004 IIS Components
CM-11 User-installed Software Protects T1543.002 Systemd Service
CM-11 User-installed Software Protects T1543.004 Launch Daemon
CM-11 User-installed Software Protects T1547.013 XDG Autostart Entries
CM-11 User-installed Software Protects T1564.009 Resource Forking
CM-11 User-installed Software Protects T1569 System Services
CM-11 User-installed Software Protects T1569.001 Launchctl
CM-11 User-installed Software Protects T1218 Signed Binary Proxy Execution
CM-12 Information Location Protects T1025 Data from Removable Media
CM-12 Information Location Protects T1005 Data from Local System
CM-2 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-2 Baseline Configuration Protects T1020.001 Traffic Duplication
CM-2 Baseline Configuration Protects T1021.001 Remote Desktop Protocol
CM-2 Baseline Configuration Protects T1027 Obfuscated Files or Information
CM-2 Baseline Configuration Protects T1037.002 Logon Script (Mac)
CM-2 Baseline Configuration Protects T1037.005 Startup Items
CM-2 Baseline Configuration Protects T1047 Windows Management Instrumentation
CM-2 Baseline Configuration Protects T1053 Scheduled Task/Job
CM-2 Baseline Configuration Protects T1053.002 At (Windows)
CM-2 Baseline Configuration Protects T1053.005 Scheduled Task
CM-2 Baseline Configuration Protects T1059 Command and Scripting Interpreter
CM-2 Baseline Configuration Protects T1059.001 PowerShell
CM-2 Baseline Configuration Protects T1059.002 AppleScript
CM-2 Baseline Configuration Protects T1059.005 Visual Basic
CM-2 Baseline Configuration Protects T1059.008 Network Device CLI
CM-2 Baseline Configuration Protects T1070 Indicator Removal on Host
CM-2 Baseline Configuration Protects T1070.001 Clear Windows Event Logs
CM-2 Baseline Configuration Protects T1070.003 Clear Command History
CM-2 Baseline Configuration Protects T1095 Non-Application Layer Protocol
CM-2 Baseline Configuration Protects T1098.004 SSH Authorized Keys
CM-2 Baseline Configuration Protects T1105 Ingress Tool Transfer
CM-2 Baseline Configuration Protects T1106 Native API
CM-2 Baseline Configuration Protects T1129 Shared Modules
CM-2 Baseline Configuration Protects T1176 Browser Extensions
CM-2 Baseline Configuration Protects T1189 Drive-by Compromise
CM-2 Baseline Configuration Protects T1205 Traffic Signaling
CM-2 Baseline Configuration Protects T1210 Exploitation of Remote Services
CM-2 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-2 Baseline Configuration Protects T1216 Signed Script Proxy Execution
CM-2 Baseline Configuration Protects T1216.001 PubPrn
CM-2 Baseline Configuration Protects T1218.003 CMSTP
CM-2 Baseline Configuration Protects T1218.004 InstallUtil
CM-2 Baseline Configuration Protects T1218.007 Msiexec
CM-2 Baseline Configuration Protects T1218.008 Odbcconf
CM-2 Baseline Configuration Protects T1218.009 Regsvcs/Regasm
CM-2 Baseline Configuration Protects T1218.012 Verclsid
CM-2 Baseline Configuration Protects T1218.013 Mavinject
CM-2 Baseline Configuration Protects T1218.014 MMC
CM-2 Baseline Configuration Protects T1219 Remote Access Software
CM-2 Baseline Configuration Protects T1221 Template Injection
CM-2 Baseline Configuration Protects T1486 Data Encrypted for Impact
CM-2 Baseline Configuration Protects T1490 Inhibit System Recovery
CM-2 Baseline Configuration Protects T1491 Defacement
CM-2 Baseline Configuration Protects T1491.001 Internal Defacement
CM-2 Baseline Configuration Protects T1491.002 External Defacement
CM-2 Baseline Configuration Protects T1505 Server Software Component
CM-2 Baseline Configuration Protects T1505.003 Web Shell
CM-2 Baseline Configuration Protects T1525 Implant Internal Image
CM-2 Baseline Configuration Protects T1543 Create or Modify System Process
CM-2 Baseline Configuration Protects T1543.001 Launch Agent
CM-2 Baseline Configuration Protects T1543.003 Windows Service
CM-2 Baseline Configuration Protects T1546 Event Triggered Execution
CM-2 Baseline Configuration Protects T1546.002 Screensaver
CM-2 Baseline Configuration Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-2 Baseline Configuration Protects T1546.006 LC_LOAD_DYLIB Addition
CM-2 Baseline Configuration Protects T1547.003 Time Providers
CM-2 Baseline Configuration Protects T1547.007 Re-opened Applications
CM-2 Baseline Configuration Protects T1547.008 LSASS Driver
CM-2 Baseline Configuration Protects T1548.002 Bypass User Account Control
CM-2 Baseline Configuration Protects T1548.003 Sudo and Sudo Caching
CM-2 Baseline Configuration Protects T1550.001 Application Access Token
CM-2 Baseline Configuration Protects T1553.001 Gatekeeper Bypass
CM-2 Baseline Configuration Protects T1553.005 Mark-of-the-Web Bypass
CM-2 Baseline Configuration Protects T1556.004 Network Device Authentication
CM-2 Baseline Configuration Protects T1558 Steal or Forge Kerberos Tickets
CM-2 Baseline Configuration Protects T1558.003 Kerberoasting
CM-2 Baseline Configuration Protects T1559 Inter-Process Communication
CM-2 Baseline Configuration Protects T1559.002 Dynamic Data Exchange
CM-2 Baseline Configuration Protects T1562 Impair Defenses
CM-2 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-2 Baseline Configuration Protects T1562.003 Impair Command History Logging
CM-2 Baseline Configuration Protects T1562.006 Indicator Blocking
CM-2 Baseline Configuration Protects T1562.010 Downgrade Attack
CM-2 Baseline Configuration Protects T1565 Data Manipulation
CM-2 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-2 Baseline Configuration Protects T1565.002 Transmitted Data Manipulation
CM-2 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-2 Baseline Configuration Protects T1574 Hijack Execution Flow
CM-2 Baseline Configuration Protects T1574.007 Path Interception by PATH Environment Variable
CM-2 Baseline Configuration Protects T1602.002 Network Device Configuration Dump
CM-2 Baseline Configuration Protects T1001 Data Obfuscation
CM-2 Baseline Configuration Protects T1001.001 Junk Data
CM-2 Baseline Configuration Protects T1001.002 Steganography
CM-2 Baseline Configuration Protects T1001.003 Protocol Impersonation
CM-2 Baseline Configuration Protects T1003 OS Credential Dumping
CM-2 Baseline Configuration Protects T1003.004 LSA Secrets
CM-2 Baseline Configuration Protects T1003.005 Cached Domain Credentials
CM-2 Baseline Configuration Protects T1003.006 DCSync
CM-2 Baseline Configuration Protects T1003.007 Proc Filesystem
CM-2 Baseline Configuration Protects T1003.008 /etc/passwd and /etc/shadow
CM-2 Baseline Configuration Protects T1008 Fallback Channels
CM-2 Baseline Configuration Protects T1021.002 SMB/Windows Admin Shares
CM-2 Baseline Configuration Protects T1021.003 Distributed Component Object Model
CM-2 Baseline Configuration Protects T1021.004 SSH
CM-2 Baseline Configuration Protects T1021.005 VNC
CM-2 Baseline Configuration Protects T1021.006 Windows Remote Management
CM-2 Baseline Configuration Protects T1029 Scheduled Transfer
CM-2 Baseline Configuration Protects T1030 Data Transfer Size Limits
CM-2 Baseline Configuration Protects T1036 Masquerading
CM-2 Baseline Configuration Protects T1036.001 Invalid Code Signature
CM-2 Baseline Configuration Protects T1036.003 Rename System Utilities
CM-2 Baseline Configuration Protects T1036.005 Match Legitimate Name or Location
CM-2 Baseline Configuration Protects T1036.007 Double File Extension
CM-2 Baseline Configuration Protects T1037 Boot or Logon Initialization Scripts
CM-2 Baseline Configuration Protects T1037.003 Network Logon Script
CM-2 Baseline Configuration Protects T1037.004 RC Scripts
CM-2 Baseline Configuration Protects T1048 Exfiltration Over Alternative Protocol
CM-2 Baseline Configuration Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-2 Baseline Configuration Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-2 Baseline Configuration Protects T1052 Exfiltration Over Physical Medium
CM-2 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-2 Baseline Configuration Protects T1059.003 Windows Command Shell
CM-2 Baseline Configuration Protects T1059.004 Unix Shell
CM-2 Baseline Configuration Protects T1059.006 Python
CM-2 Baseline Configuration Protects T1059.007 JavaScript
CM-2 Baseline Configuration Protects T1070.002 Clear Linux or Mac System Logs
CM-2 Baseline Configuration Protects T1071 Application Layer Protocol
CM-2 Baseline Configuration Protects T1071.001 Web Protocols
CM-2 Baseline Configuration Protects T1071.002 File Transfer Protocols
CM-2 Baseline Configuration Protects T1071.003 Mail Protocols
CM-2 Baseline Configuration Protects T1071.004 DNS
CM-2 Baseline Configuration Protects T1072 Software Deployment Tools
CM-2 Baseline Configuration Protects T1080 Taint Shared Content
CM-2 Baseline Configuration Protects T1090 Proxy
CM-2 Baseline Configuration Protects T1090.001 Internal Proxy
CM-2 Baseline Configuration Protects T1090.002 External Proxy
CM-2 Baseline Configuration Protects T1092 Communication Through Removable Media
CM-2 Baseline Configuration Protects T1102 Web Service
CM-2 Baseline Configuration Protects T1102.001 Dead Drop Resolver
CM-2 Baseline Configuration Protects T1102.002 Bidirectional Communication
CM-2 Baseline Configuration Protects T1102.003 One-Way Communication
CM-2 Baseline Configuration Protects T1104 Multi-Stage Channels
CM-2 Baseline Configuration Protects T1110 Brute Force
CM-2 Baseline Configuration Protects T1110.003 Password Spraying
CM-2 Baseline Configuration Protects T1110.004 Credential Stuffing
CM-2 Baseline Configuration Protects T1114 Email Collection
CM-2 Baseline Configuration Protects T1114.002 Remote Email Collection
CM-2 Baseline Configuration Protects T1127 Trusted Developer Utilities Proxy Execution
CM-2 Baseline Configuration Protects T1127.001 MSBuild
CM-2 Baseline Configuration Protects T1132 Data Encoding
CM-2 Baseline Configuration Protects T1132.001 Standard Encoding
CM-2 Baseline Configuration Protects T1132.002 Non-Standard Encoding
CM-2 Baseline Configuration Protects T1134.005 SID-History Injection
CM-2 Baseline Configuration Protects T1137 Office Application Startup
CM-2 Baseline Configuration Protects T1137.001 Office Template Macros
CM-2 Baseline Configuration Protects T1137.002 Office Test
CM-2 Baseline Configuration Protects T1137.003 Outlook Forms
CM-2 Baseline Configuration Protects T1137.004 Outlook Home Page
CM-2 Baseline Configuration Protects T1137.005 Outlook Rules
CM-2 Baseline Configuration Protects T1137.006 Add-ins
CM-2 Baseline Configuration Protects T1185 Browser Session Hijacking
CM-2 Baseline Configuration Protects T1187 Forced Authentication
CM-2 Baseline Configuration Protects T1204.001 Malicious Link
CM-2 Baseline Configuration Protects T1204.003 Malicious Image
CM-2 Baseline Configuration Protects T1213 Data from Information Repositories
CM-2 Baseline Configuration Protects T1213.001 Confluence
CM-2 Baseline Configuration Protects T1213.002 Sharepoint
CM-2 Baseline Configuration Protects T1218.001 Compiled HTML File
CM-2 Baseline Configuration Protects T1218.002 Control Panel
CM-2 Baseline Configuration Protects T1218.005 Mshta
CM-2 Baseline Configuration Protects T1220 XSL Script Processing
CM-2 Baseline Configuration Protects T1484 Domain Policy Modification
CM-2 Baseline Configuration Protects T1485 Data Destruction
CM-2 Baseline Configuration Protects T1505.001 SQL Stored Procedures
CM-2 Baseline Configuration Protects T1505.002 Transport Agent
CM-2 Baseline Configuration Protects T1505.004 IIS Components
CM-2 Baseline Configuration Protects T1539 Steal Web Session Cookie
CM-2 Baseline Configuration Protects T1542.004 ROMMONkit
CM-2 Baseline Configuration Protects T1542.005 TFTP Boot
CM-2 Baseline Configuration Protects T1543.002 Systemd Service
CM-2 Baseline Configuration Protects T1543.004 Launch Daemon
CM-2 Baseline Configuration Protects T1546.004 Unix Shell Configuration Modification
CM-2 Baseline Configuration Protects T1546.010 AppInit DLLs
CM-2 Baseline Configuration Protects T1546.013 PowerShell Profile
CM-2 Baseline Configuration Protects T1546.014 Emond
CM-2 Baseline Configuration Protects T1547.013 XDG Autostart Entries
CM-2 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-2 Baseline Configuration Protects T1548.004 Elevated Execution with Prompt
CM-2 Baseline Configuration Protects T1550.003 Pass the Ticket
CM-2 Baseline Configuration Protects T1552 Unsecured Credentials
CM-2 Baseline Configuration Protects T1552.001 Credentials In Files
CM-2 Baseline Configuration Protects T1552.004 Private Keys
CM-2 Baseline Configuration Protects T1552.006 Group Policy Preferences
CM-2 Baseline Configuration Protects T1553 Subvert Trust Controls
CM-2 Baseline Configuration Protects T1553.003 SIP and Trust Provider Hijacking
CM-2 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-2 Baseline Configuration Protects T1555.005 Password Managers
CM-2 Baseline Configuration Protects T1557.002 ARP Cache Poisoning
CM-2 Baseline Configuration Protects T1558.001 Golden Ticket
CM-2 Baseline Configuration Protects T1558.002 Silver Ticket
CM-2 Baseline Configuration Protects T1558.004 AS-REP Roasting
CM-2 Baseline Configuration Protects T1559.001 Component Object Model
CM-2 Baseline Configuration Protects T1561 Disk Wipe
CM-2 Baseline Configuration Protects T1561.001 Disk Content Wipe
CM-2 Baseline Configuration Protects T1561.002 Disk Structure Wipe
CM-2 Baseline Configuration Protects T1562.002 Disable Windows Event Logging
CM-2 Baseline Configuration Protects T1562.004 Disable or Modify System Firewall
CM-2 Baseline Configuration Protects T1563 Remote Service Session Hijacking
CM-2 Baseline Configuration Protects T1563.001 SSH Hijacking
CM-2 Baseline Configuration Protects T1563.002 RDP Hijacking
CM-2 Baseline Configuration Protects T1564.006 Run Virtual Instance
CM-2 Baseline Configuration Protects T1564.007 VBA Stomping
CM-2 Baseline Configuration Protects T1564.009 Resource Forking
CM-2 Baseline Configuration Protects T1566 Phishing
CM-2 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1569 System Services
CM-2 Baseline Configuration Protects T1569.002 Service Execution
CM-2 Baseline Configuration Protects T1571 Non-Standard Port
CM-2 Baseline Configuration Protects T1572 Protocol Tunneling
CM-2 Baseline Configuration Protects T1573 Encrypted Channel
CM-2 Baseline Configuration Protects T1573.001 Symmetric Cryptography
CM-2 Baseline Configuration Protects T1573.002 Asymmetric Cryptography
CM-2 Baseline Configuration Protects T1574.001 DLL Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.004 Dylib Hijacking
CM-2 Baseline Configuration Protects T1574.005 Executable Installer File Permissions Weakness
CM-2 Baseline Configuration Protects T1574.008 Path Interception by Search Order Hijacking
CM-2 Baseline Configuration Protects T1574.009 Path Interception by Unquoted Path
CM-2 Baseline Configuration Protects T1574.010 Services File Permissions Weakness
CM-2 Baseline Configuration Protects T1598 Phishing for Information
CM-2 Baseline Configuration Protects T1598.002 Spearphishing Attachment
CM-2 Baseline Configuration Protects T1599.001 Network Address Translation Traversal
CM-2 Baseline Configuration Protects T1601 Modify System Image
CM-2 Baseline Configuration Protects T1601.001 Patch System Image
CM-2 Baseline Configuration Protects T1601.002 Downgrade System Image
CM-2 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-2 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-2 Baseline Configuration Protects T1003.001 LSASS Memory
CM-2 Baseline Configuration Protects T1003.002 Security Account Manager
CM-2 Baseline Configuration Protects T1003.003 NTDS
CM-2 Baseline Configuration Protects T1046 Network Service Scanning
CM-2 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-2 Baseline Configuration Protects T1091 Replication Through Removable Media
CM-2 Baseline Configuration Protects T1110.001 Password Guessing
CM-2 Baseline Configuration Protects T1110.002 Password Cracking
CM-2 Baseline Configuration Protects T1111 Two-Factor Authentication Interception
CM-2 Baseline Configuration Protects T1119 Automated Collection
CM-2 Baseline Configuration Protects T1133 External Remote Services
CM-2 Baseline Configuration Protects T1201 Password Policy Discovery
CM-2 Baseline Configuration Protects T1212 Exploitation for Credential Access
CM-2 Baseline Configuration Protects T1218 Signed Binary Proxy Execution
CM-2 Baseline Configuration Protects T1528 Steal Application Access Token
CM-2 Baseline Configuration Protects T1530 Data from Cloud Storage Object
CM-2 Baseline Configuration Protects T1555.004 Windows Credential Manager
CM-2 Baseline Configuration Protects T1556 Modify Authentication Process
CM-2 Baseline Configuration Protects T1557 Adversary-in-the-Middle
CM-2 Baseline Configuration Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-2 Baseline Configuration Protects T1566.002 Spearphishing Link
CM-2 Baseline Configuration Protects T1598.003 Spearphishing Link
CM-2 Baseline Configuration Protects T1599 Network Boundary Bridging
CM-2 Baseline Configuration Protects T1204 User Execution
CM-2 Baseline Configuration Protects T1204.002 Malicious File
CM-2 Baseline Configuration Protects T1557.003 DHCP Spoofing
CM-2 Baseline Configuration Protects T1070.007 Clear Network Connection History and Configurations
CM-2 Baseline Configuration Protects T1070.008 Clear Mailbox Data
CM-2 Baseline Configuration Protects T1070.009 Clear Persistence
CM-2 Baseline Configuration Protects T1505.005 Terminal Services DLL
CM-2 Baseline Configuration Protects T1622 Debugger Evasion
CM-2 Baseline Configuration Protects T1647 Plist File Modification
CM-3 Configuration Change Control Protects T1176 Browser Extensions
CM-3 Configuration Change Control Protects T1495 Firmware Corruption
CM-3 Configuration Change Control Protects T1543 Create or Modify System Process
CM-3 Configuration Change Control Protects T1547.007 Re-opened Applications
CM-3 Configuration Change Control Protects T1021.005 VNC
CM-3 Configuration Change Control Protects T1059.006 Python
CM-3 Configuration Change Control Protects T1213 Data from Information Repositories
CM-3 Configuration Change Control Protects T1213.001 Confluence
CM-3 Configuration Change Control Protects T1213.002 Sharepoint
CM-3 Configuration Change Control Protects T1542 Pre-OS Boot
CM-3 Configuration Change Control Protects T1542.001 System Firmware
CM-3 Configuration Change Control Protects T1542.003 Bootkit
CM-3 Configuration Change Control Protects T1542.004 ROMMONkit
CM-3 Configuration Change Control Protects T1542.005 TFTP Boot
CM-3 Configuration Change Control Protects T1543.002 Systemd Service
CM-3 Configuration Change Control Protects T1547.013 XDG Autostart Entries
CM-3 Configuration Change Control Protects T1553 Subvert Trust Controls
CM-3 Configuration Change Control Protects T1553.006 Code Signing Policy Modification
CM-3 Configuration Change Control Protects T1564.008 Email Hiding Rules
CM-3 Configuration Change Control Protects T1601 Modify System Image
CM-3 Configuration Change Control Protects T1601.001 Patch System Image
CM-3 Configuration Change Control Protects T1601.002 Downgrade System Image
CM-3 Configuration Change Control Protects T1195.003 Compromise Hardware Supply Chain
CM-3 Configuration Change Control Protects T1647 Plist File Modification
CM-5 Access Restrictions for Change Protects T1021.001 Remote Desktop Protocol
CM-5 Access Restrictions for Change Protects T1047 Windows Management Instrumentation
CM-5 Access Restrictions for Change Protects T1053 Scheduled Task/Job
CM-5 Access Restrictions for Change Protects T1053.002 At (Windows)
CM-5 Access Restrictions for Change Protects T1053.003 Cron
CM-5 Access Restrictions for Change Protects T1053.005 Scheduled Task
CM-5 Access Restrictions for Change Protects T1059 Command and Scripting Interpreter
CM-5 Access Restrictions for Change Protects T1059.001 PowerShell
CM-5 Access Restrictions for Change Protects T1059.008 Network Device CLI
CM-5 Access Restrictions for Change Protects T1078.002 Domain Accounts
CM-5 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-5 Access Restrictions for Change Protects T1098 Account Manipulation
CM-5 Access Restrictions for Change Protects T1098.001 Additional Cloud Credentials
CM-5 Access Restrictions for Change Protects T1098.002 Exchange Email Delegate Permissions
CM-5 Access Restrictions for Change Protects T1098.003 Add Office 365 Global Administrator Role
CM-5 Access Restrictions for Change Protects T1176 Browser Extensions
CM-5 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-5 Access Restrictions for Change Protects T1197 BITS Jobs
CM-5 Access Restrictions for Change Protects T1210 Exploitation of Remote Services
CM-5 Access Restrictions for Change Protects T1218.007 Msiexec
CM-5 Access Restrictions for Change Protects T1222 File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-5 Access Restrictions for Change Protects T1505 Server Software Component
CM-5 Access Restrictions for Change Protects T1525 Implant Internal Image
CM-5 Access Restrictions for Change Protects T1537 Transfer Data to Cloud Account
CM-5 Access Restrictions for Change Protects T1543 Create or Modify System Process
CM-5 Access Restrictions for Change Protects T1543.001 Launch Agent
CM-5 Access Restrictions for Change Protects T1543.003 Windows Service
CM-5 Access Restrictions for Change Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-5 Access Restrictions for Change Protects T1547.003 Time Providers
CM-5 Access Restrictions for Change Protects T1547.004 Winlogon Helper DLL
CM-5 Access Restrictions for Change Protects T1547.006 Kernel Modules and Extensions
CM-5 Access Restrictions for Change Protects T1547.007 Re-opened Applications
CM-5 Access Restrictions for Change Protects T1547.009 Shortcut Modification
CM-5 Access Restrictions for Change Protects T1548.002 Bypass User Account Control
CM-5 Access Restrictions for Change Protects T1548.003 Sudo and Sudo Caching
CM-5 Access Restrictions for Change Protects T1556.004 Network Device Authentication
CM-5 Access Restrictions for Change Protects T1558 Steal or Forge Kerberos Tickets
CM-5 Access Restrictions for Change Protects T1558.003 Kerberoasting
CM-5 Access Restrictions for Change Protects T1559 Inter-Process Communication
CM-5 Access Restrictions for Change Protects T1562 Impair Defenses
CM-5 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-5 Access Restrictions for Change Protects T1562.006 Indicator Blocking
CM-5 Access Restrictions for Change Protects T1562.008 Disable Cloud Logs
CM-5 Access Restrictions for Change Protects T1574 Hijack Execution Flow
CM-5 Access Restrictions for Change Protects T1574.011 Services Registry Permissions Weakness
CM-5 Access Restrictions for Change Protects T1003 OS Credential Dumping
CM-5 Access Restrictions for Change Protects T1003.004 LSA Secrets
CM-5 Access Restrictions for Change Protects T1003.005 Cached Domain Credentials
CM-5 Access Restrictions for Change Protects T1003.006 DCSync
CM-5 Access Restrictions for Change Protects T1003.007 Proc Filesystem
CM-5 Access Restrictions for Change Protects T1003.008 /etc/passwd and /etc/shadow
CM-5 Access Restrictions for Change Protects T1021 Remote Services
CM-5 Access Restrictions for Change Protects T1021.002 SMB/Windows Admin Shares
CM-5 Access Restrictions for Change Protects T1021.003 Distributed Component Object Model
CM-5 Access Restrictions for Change Protects T1021.004 SSH
CM-5 Access Restrictions for Change Protects T1021.005 VNC
CM-5 Access Restrictions for Change Protects T1021.006 Windows Remote Management
CM-5 Access Restrictions for Change Protects T1053.006 Systemd Timers
CM-5 Access Restrictions for Change Protects T1053.007 Container Orchestration Job
CM-5 Access Restrictions for Change Protects T1055.008 Ptrace System Calls
CM-5 Access Restrictions for Change Protects T1056.003 Web Portal Capture
CM-5 Access Restrictions for Change Protects T1059.006 Python
CM-5 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-5 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-5 Access Restrictions for Change Protects T1134 Access Token Manipulation
CM-5 Access Restrictions for Change Protects T1134.001 Token Impersonation/Theft
CM-5 Access Restrictions for Change Protects T1134.002 Create Process with Token
CM-5 Access Restrictions for Change Protects T1134.003 Make and Impersonate Token
CM-5 Access Restrictions for Change Protects T1136 Create Account
CM-5 Access Restrictions for Change Protects T1136.001 Local Account
CM-5 Access Restrictions for Change Protects T1136.002 Domain Account
CM-5 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-5 Access Restrictions for Change Protects T1137.002 Office Test
CM-5 Access Restrictions for Change Protects T1185 Browser Session Hijacking
CM-5 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-5 Access Restrictions for Change Protects T1213.001 Confluence
CM-5 Access Restrictions for Change Protects T1213.002 Sharepoint
CM-5 Access Restrictions for Change Protects T1222.001 Windows File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-5 Access Restrictions for Change Protects T1484 Domain Policy Modification
CM-5 Access Restrictions for Change Protects T1489 Service Stop
CM-5 Access Restrictions for Change Protects T1505.002 Transport Agent
CM-5 Access Restrictions for Change Protects T1542 Pre-OS Boot
CM-5 Access Restrictions for Change Protects T1542.001 System Firmware
CM-5 Access Restrictions for Change Protects T1542.003 Bootkit
CM-5 Access Restrictions for Change Protects T1542.004 ROMMONkit
CM-5 Access Restrictions for Change Protects T1542.005 TFTP Boot
CM-5 Access Restrictions for Change Protects T1543.002 Systemd Service
CM-5 Access Restrictions for Change Protects T1543.004 Launch Daemon
CM-5 Access Restrictions for Change Protects T1547.012 Print Processors
CM-5 Access Restrictions for Change Protects T1547.013 XDG Autostart Entries
CM-5 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-5 Access Restrictions for Change Protects T1550 Use Alternate Authentication Material
CM-5 Access Restrictions for Change Protects T1550.002 Pass the Hash
CM-5 Access Restrictions for Change Protects T1550.003 Pass the Ticket
CM-5 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-5 Access Restrictions for Change Protects T1552.002 Credentials in Registry
CM-5 Access Restrictions for Change Protects T1553 Subvert Trust Controls
CM-5 Access Restrictions for Change Protects T1553.006 Code Signing Policy Modification
CM-5 Access Restrictions for Change Protects T1556.001 Domain Controller Authentication
CM-5 Access Restrictions for Change Protects T1556.003 Pluggable Authentication Modules
CM-5 Access Restrictions for Change Protects T1558.001 Golden Ticket
CM-5 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-5 Access Restrictions for Change Protects T1559.001 Component Object Model
CM-5 Access Restrictions for Change Protects T1562.002 Disable Windows Event Logging
CM-5 Access Restrictions for Change Protects T1562.004 Disable or Modify System Firewall
CM-5 Access Restrictions for Change Protects T1562.007 Disable or Modify Cloud Firewall
CM-5 Access Restrictions for Change Protects T1562.009 Safe Mode Boot
CM-5 Access Restrictions for Change Protects T1563 Remote Service Session Hijacking
CM-5 Access Restrictions for Change Protects T1563.001 SSH Hijacking
CM-5 Access Restrictions for Change Protects T1563.002 RDP Hijacking
CM-5 Access Restrictions for Change Protects T1564.008 Email Hiding Rules
CM-5 Access Restrictions for Change Protects T1569 System Services
CM-5 Access Restrictions for Change Protects T1569.001 Launchctl
CM-5 Access Restrictions for Change Protects T1569.002 Service Execution
CM-5 Access Restrictions for Change Protects T1574.005 Executable Installer File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.010 Services File Permissions Weakness
CM-5 Access Restrictions for Change Protects T1574.012 COR_PROFILER
CM-5 Access Restrictions for Change Protects T1578 Modify Cloud Compute Infrastructure
CM-5 Access Restrictions for Change Protects T1578.001 Create Snapshot
CM-5 Access Restrictions for Change Protects T1578.002 Create Cloud Instance
CM-5 Access Restrictions for Change Protects T1578.003 Delete Cloud Instance
CM-5 Access Restrictions for Change Protects T1599.001 Network Address Translation Traversal
CM-5 Access Restrictions for Change Protects T1601 Modify System Image
CM-5 Access Restrictions for Change Protects T1601.001 Patch System Image
CM-5 Access Restrictions for Change Protects T1601.002 Downgrade System Image
CM-5 Access Restrictions for Change Protects T1619 Cloud Storage Object Discovery
CM-5 Access Restrictions for Change Protects T1003.001 LSASS Memory
CM-5 Access Restrictions for Change Protects T1003.002 Security Account Manager
CM-5 Access Restrictions for Change Protects T1003.003 NTDS
CM-5 Access Restrictions for Change Protects T1055 Process Injection
CM-5 Access Restrictions for Change Protects T1078 Valid Accounts
CM-5 Access Restrictions for Change Protects T1195.003 Compromise Hardware Supply Chain
CM-5 Access Restrictions for Change Protects T1218 Signed Binary Proxy Execution
CM-5 Access Restrictions for Change Protects T1528 Steal Application Access Token
CM-5 Access Restrictions for Change Protects T1530 Data from Cloud Storage Object
CM-5 Access Restrictions for Change Protects T1552.007 Container API
CM-5 Access Restrictions for Change Protects T1556 Modify Authentication Process
CM-5 Access Restrictions for Change Protects T1599 Network Boundary Bridging
CM-5 Access Restrictions for Change Protects T1611 Escape to Host
CM-5 Access Restrictions For Change Protects T1098.004 SSH Authorized Keys
CM-5 Access Restrictions for Change Protects T1098.005 Device Registration
CM-5 Access Restrictions For Change Protects T1546.016 Installer Packages
CM-5 Access Restrictions for Change Protects T1559.003 XPC Services
CM-5 Access Restrictions For Change Protects T1647 Plist File Modification
CM-5 Access Restriction for Change Protects T1621 Multi-Factor Authentication Request Generation
CM-6 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-6 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-6 Configuration Settings Protects T1020.001 Traffic Duplication
CM-6 Configuration Settings Protects T1021.001 Remote Desktop Protocol
CM-6 Configuration Settings Protects T1027 Obfuscated Files or Information
CM-6 Configuration Settings Protects T1037.002 Logon Script (Mac)
CM-6 Configuration Settings Protects T1037.005 Startup Items
CM-6 Configuration Settings Protects T1047 Windows Management Instrumentation
CM-6 Configuration Settings Protects T1053 Scheduled Task/Job
CM-6 Configuration Settings Protects T1053.002 At (Windows)
CM-6 Configuration Settings Protects T1053.005 Scheduled Task
CM-6 Configuration Settings Protects T1059 Command and Scripting Interpreter
CM-6 Configuration Settings Protects T1059.001 PowerShell
CM-6 Configuration Settings Protects T1059.002 AppleScript
CM-6 Configuration Settings Protects T1059.005 Visual Basic
CM-6 Configuration Settings Protects T1059.008 Network Device CLI
CM-6 Configuration Settings Protects T1070 Indicator Removal on Host
CM-6 Configuration Settings Protects T1070.001 Clear Windows Event Logs
CM-6 Configuration Settings Protects T1070.003 Clear Command History
CM-6 Configuration Settings Protects T1078.002 Domain Accounts
CM-6 Configuration Settings Protects T1078.004 Cloud Accounts
CM-6 Configuration Settings Protects T1095 Non-Application Layer Protocol
CM-6 Configuration Settings Protects T1098 Account Manipulation
CM-6 Configuration Settings Protects T1098.001 Additional Cloud Credentials
CM-6 Configuration Settings Protects T1098.002 Exchange Email Delegate Permissions
CM-6 Configuration Settings Protects T1098.003 Add Office 365 Global Administrator Role
CM-6 Configuration Settings Protects T1098.004 SSH Authorized Keys
CM-6 Configuration Settings Protects T1105 Ingress Tool Transfer
CM-6 Configuration Settings Protects T1106 Native API
CM-6 Configuration Settings Protects T1176 Browser Extensions
CM-6 Configuration Settings Protects T1189 Drive-by Compromise
CM-6 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-6 Configuration Settings Protects T1197 BITS Jobs
CM-6 Configuration Settings Protects T1205 Traffic Signaling
CM-6 Configuration Settings Protects T1205.001 Port Knocking
CM-6 Configuration Settings Protects T1210 Exploitation of Remote Services
CM-6 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-6 Configuration Settings Protects T1216 Signed Script Proxy Execution
CM-6 Configuration Settings Protects T1216.001 PubPrn
CM-6 Configuration Settings Protects T1218.003 CMSTP
CM-6 Configuration Settings Protects T1218.004 InstallUtil
CM-6 Configuration Settings Protects T1218.007 Msiexec
CM-6 Configuration Settings Protects T1218.008 Odbcconf
CM-6 Configuration Settings Protects T1218.009 Regsvcs/Regasm
CM-6 Configuration Settings Protects T1218.012 Verclsid
CM-6 Configuration Settings Protects T1218.013 Mavinject
CM-6 Configuration Settings Protects T1218.014 MMC
CM-6 Configuration Settings Protects T1219 Remote Access Software
CM-6 Configuration Settings Protects T1221 Template Injection
CM-6 Configuration Settings Protects T1222 File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1490 Inhibit System Recovery
CM-6 Configuration Settings Protects T1495 Firmware Corruption
CM-6 Configuration Settings Protects T1498.001 Direct Network Flood
CM-6 Configuration Settings Protects T1498.002 Reflection Amplification
CM-6 Configuration Settings Protects T1499 Endpoint Denial of Service
CM-6 Configuration Settings Protects T1499.001 OS Exhaustion Flood
CM-6 Configuration Settings Protects T1499.002 Service Exhaustion Flood
CM-6 Configuration Settings Protects T1499.003 Application Exhaustion Flood
CM-6 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-6 Configuration Settings Protects T1505 Server Software Component
CM-6 Configuration Settings Protects T1505.003 Web Shell
CM-6 Configuration Settings Protects T1525 Implant Internal Image
CM-6 Configuration Settings Protects T1537 Transfer Data to Cloud Account
CM-6 Configuration Settings Protects T1543 Create or Modify System Process
CM-6 Configuration Settings Protects T1546 Event Triggered Execution
CM-6 Configuration Settings Protects T1546.002 Screensaver
CM-6 Configuration Settings Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-6 Configuration Settings Protects T1546.006 LC_LOAD_DYLIB Addition
CM-6 Configuration Settings Protects T1547.002 Authentication Package
CM-6 Configuration Settings Protects T1547.003 Time Providers
CM-6 Configuration Settings Protects T1547.006 Kernel Modules and Extensions
CM-6 Configuration Settings Protects T1547.007 Re-opened Applications
CM-6 Configuration Settings Protects T1547.008 LSASS Driver
CM-6 Configuration Settings Protects T1548.002 Bypass User Account Control
CM-6 Configuration Settings Protects T1548.003 Sudo and Sudo Caching
CM-6 Configuration Settings Protects T1550.001 Application Access Token
CM-6 Configuration Settings Protects T1552.003 Bash History
CM-6 Configuration Settings Protects T1552.005 Cloud Instance Metadata API
CM-6 Configuration Settings Protects T1553.001 Gatekeeper Bypass
CM-6 Configuration Settings Protects T1553.005 Mark-of-the-Web Bypass
CM-6 Configuration Settings Protects T1556.004 Network Device Authentication
CM-6 Configuration Settings Protects T1558 Steal or Forge Kerberos Tickets
CM-6 Configuration Settings Protects T1558.003 Kerberoasting
CM-6 Configuration Settings Protects T1559 Inter-Process Communication
CM-6 Configuration Settings Protects T1559.002 Dynamic Data Exchange
CM-6 Configuration Settings Protects T1562 Impair Defenses
CM-6 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-6 Configuration Settings Protects T1562.003 Impair Command History Logging
CM-6 Configuration Settings Protects T1562.006 Indicator Blocking
CM-6 Configuration Settings Protects T1562.010 Downgrade Attack
CM-6 Configuration Settings Protects T1564.002 Hidden Users
CM-6 Configuration Settings Protects T1565 Data Manipulation
CM-6 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-6 Configuration Settings Protects T1565.002 Transmitted Data Manipulation
CM-6 Configuration Settings Protects T1565.003 Runtime Data Manipulation
CM-6 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-6 Configuration Settings Protects T1574 Hijack Execution Flow
CM-6 Configuration Settings Protects T1574.007 Path Interception by PATH Environment Variable
CM-6 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-6 Configuration Settings Protects T1609 Container Administration Command
CM-6 Configuration Settings Protects T1610 Deploy Container
CM-6 Configuration Settings Protects T1001 Data Obfuscation
CM-6 Configuration Settings Protects T1001.001 Junk Data
CM-6 Configuration Settings Protects T1001.002 Steganography
CM-6 Configuration Settings Protects T1001.003 Protocol Impersonation
CM-6 Configuration Settings Protects T1003 OS Credential Dumping
CM-6 Configuration Settings Protects T1003.004 LSA Secrets
CM-6 Configuration Settings Protects T1003.005 Cached Domain Credentials
CM-6 Configuration Settings Protects T1003.006 DCSync
CM-6 Configuration Settings Protects T1003.007 Proc Filesystem
CM-6 Configuration Settings Protects T1003.008 /etc/passwd and /etc/shadow
CM-6 Configuration Settings Protects T1008 Fallback Channels
CM-6 Configuration Settings Protects T1021 Remote Services
CM-6 Configuration Settings Protects T1021.002 SMB/Windows Admin Shares
CM-6 Configuration Settings Protects T1021.003 Distributed Component Object Model
CM-6 Configuration Settings Protects T1021.004 SSH
CM-6 Configuration Settings Protects T1021.005 VNC
CM-6 Configuration Settings Protects T1021.006 Windows Remote Management
CM-6 Configuration Settings Protects T1029 Scheduled Transfer
CM-6 Configuration Settings Protects T1030 Data Transfer Size Limits
CM-6 Configuration Settings Protects T1036 Masquerading
CM-6 Configuration Settings Protects T1036.001 Invalid Code Signature
CM-6 Configuration Settings Protects T1036.003 Rename System Utilities
CM-6 Configuration Settings Protects T1036.005 Match Legitimate Name or Location
CM-6 Configuration Settings Protects T1036.007 Double File Extension
CM-6 Configuration Settings Protects T1037 Boot or Logon Initialization Scripts
CM-6 Configuration Settings Protects T1037.003 Network Logon Script
CM-6 Configuration Settings Protects T1037.004 RC Scripts
CM-6 Configuration Settings Protects T1048 Exfiltration Over Alternative Protocol
CM-6 Configuration Settings Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-6 Configuration Settings Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-6 Configuration Settings Protects T1052 Exfiltration Over Physical Medium
CM-6 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-6 Configuration Settings Protects T1055.008 Ptrace System Calls
CM-6 Configuration Settings Protects T1056.003 Web Portal Capture
CM-6 Configuration Settings Protects T1059.003 Windows Command Shell
CM-6 Configuration Settings Protects T1059.004 Unix Shell
CM-6 Configuration Settings Protects T1059.006 Python
CM-6 Configuration Settings Protects T1059.007 JavaScript
CM-6 Configuration Settings Protects T1070.002 Clear Linux or Mac System Logs
CM-6 Configuration Settings Protects T1071 Application Layer Protocol
CM-6 Configuration Settings Protects T1071.001 Web Protocols
CM-6 Configuration Settings Protects T1071.002 File Transfer Protocols
CM-6 Configuration Settings Protects T1071.003 Mail Protocols
CM-6 Configuration Settings Protects T1071.004 DNS
CM-6 Configuration Settings Protects T1072 Software Deployment Tools
CM-6 Configuration Settings Protects T1078.003 Local Accounts
CM-6 Configuration Settings Protects T1087 Account Discovery
CM-6 Configuration Settings Protects T1090 Proxy
CM-6 Configuration Settings Protects T1090.001 Internal Proxy
CM-6 Configuration Settings Protects T1090.002 External Proxy
CM-6 Configuration Settings Protects T1090.003 Multi-hop Proxy
CM-6 Configuration Settings Protects T1092 Communication Through Removable Media
CM-6 Configuration Settings Protects T1102 Web Service
CM-6 Configuration Settings Protects T1102.001 Dead Drop Resolver
CM-6 Configuration Settings Protects T1102.002 Bidirectional Communication
CM-6 Configuration Settings Protects T1102.003 One-Way Communication
CM-6 Configuration Settings Protects T1104 Multi-Stage Channels
CM-6 Configuration Settings Protects T1110 Brute Force
CM-6 Configuration Settings Protects T1110.003 Password Spraying
CM-6 Configuration Settings Protects T1110.004 Credential Stuffing
CM-6 Configuration Settings Protects T1114 Email Collection
CM-6 Configuration Settings Protects T1114.002 Remote Email Collection
CM-6 Configuration Settings Protects T1114.003 Email Forwarding Rule
CM-6 Configuration Settings Protects T1127 Trusted Developer Utilities Proxy Execution
CM-6 Configuration Settings Protects T1127.001 MSBuild
CM-6 Configuration Settings Protects T1132 Data Encoding
CM-6 Configuration Settings Protects T1132.001 Standard Encoding
CM-6 Configuration Settings Protects T1132.002 Non-Standard Encoding
CM-6 Configuration Settings Protects T1134 Access Token Manipulation
CM-6 Configuration Settings Protects T1134.001 Token Impersonation/Theft
CM-6 Configuration Settings Protects T1134.002 Create Process with Token
CM-6 Configuration Settings Protects T1134.003 Make and Impersonate Token
CM-6 Configuration Settings Protects T1134.005 SID-History Injection
CM-6 Configuration Settings Protects T1135 Network Share Discovery
CM-6 Configuration Settings Protects T1136 Create Account
CM-6 Configuration Settings Protects T1136.001 Local Account
CM-6 Configuration Settings Protects T1136.002 Domain Account
CM-6 Configuration Settings Protects T1136.003 Cloud Account
CM-6 Configuration Settings Protects T1137 Office Application Startup
CM-6 Configuration Settings Protects T1137.001 Office Template Macros
CM-6 Configuration Settings Protects T1137.002 Office Test
CM-6 Configuration Settings Protects T1137.003 Outlook Forms
CM-6 Configuration Settings Protects T1137.004 Outlook Home Page
CM-6 Configuration Settings Protects T1137.005 Outlook Rules
CM-6 Configuration Settings Protects T1137.006 Add-ins
CM-6 Configuration Settings Protects T1187 Forced Authentication
CM-6 Configuration Settings Protects T1204.001 Malicious Link
CM-6 Configuration Settings Protects T1204.003 Malicious Image
CM-6 Configuration Settings Protects T1213 Data from Information Repositories
CM-6 Configuration Settings Protects T1213.001 Confluence
CM-6 Configuration Settings Protects T1213.002 Sharepoint
CM-6 Configuration Settings Protects T1218.001 Compiled HTML File
CM-6 Configuration Settings Protects T1218.002 Control Panel
CM-6 Configuration Settings Protects T1218.005 Mshta
CM-6 Configuration Settings Protects T1220 XSL Script Processing
CM-6 Configuration Settings Protects T1222.001 Windows File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-6 Configuration Settings Protects T1484 Domain Policy Modification
CM-6 Configuration Settings Protects T1489 Service Stop
CM-6 Configuration Settings Protects T1498 Network Denial of Service
CM-6 Configuration Settings Protects T1505.001 SQL Stored Procedures
CM-6 Configuration Settings Protects T1505.002 Transport Agent
CM-6 Configuration Settings Protects T1505.004 IIS Components
CM-6 Configuration Settings Protects T1539 Steal Web Session Cookie
CM-6 Configuration Settings Protects T1542 Pre-OS Boot
CM-6 Configuration Settings Protects T1542.001 System Firmware
CM-6 Configuration Settings Protects T1542.003 Bootkit
CM-6 Configuration Settings Protects T1542.004 ROMMONkit
CM-6 Configuration Settings Protects T1542.005 TFTP Boot
CM-6 Configuration Settings Protects T1543.002 Systemd Service
CM-6 Configuration Settings Protects T1546.004 Unix Shell Configuration Modification
CM-6 Configuration Settings Protects T1546.008 Accessibility Features
CM-6 Configuration Settings Protects T1546.013 PowerShell Profile
CM-6 Configuration Settings Protects T1546.014 Emond
CM-6 Configuration Settings Protects T1547.005 Security Support Provider
CM-6 Configuration Settings Protects T1547.013 XDG Autostart Entries
CM-6 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-6 Configuration Settings Protects T1548.004 Elevated Execution with Prompt
CM-6 Configuration Settings Protects T1550 Use Alternate Authentication Material
CM-6 Configuration Settings Protects T1550.002 Pass the Hash
CM-6 Configuration Settings Protects T1550.003 Pass the Ticket
CM-6 Configuration Settings Protects T1552 Unsecured Credentials
CM-6 Configuration Settings Protects T1552.001 Credentials In Files
CM-6 Configuration Settings Protects T1552.002 Credentials in Registry
CM-6 Configuration Settings Protects T1552.004 Private Keys
CM-6 Configuration Settings Protects T1552.006 Group Policy Preferences
CM-6 Configuration Settings Protects T1553 Subvert Trust Controls
CM-6 Configuration Settings Protects T1553.003 SIP and Trust Provider Hijacking
CM-6 Configuration Settings Protects T1553.004 Install Root Certificate
CM-6 Configuration Settings Protects T1554 Compromise Client Software Binary
CM-6 Configuration Settings Protects T1555.005 Password Managers
CM-6 Configuration Settings Protects T1556.001 Domain Controller Authentication
CM-6 Configuration Settings Protects T1556.002 Password Filter DLL
CM-6 Configuration Settings Protects T1556.003 Pluggable Authentication Modules
CM-6 Configuration Settings Protects T1557.002 ARP Cache Poisoning
CM-6 Configuration Settings Protects T1558.001 Golden Ticket
CM-6 Configuration Settings Protects T1558.002 Silver Ticket
CM-6 Configuration Settings Protects T1558.004 AS-REP Roasting
CM-6 Configuration Settings Protects T1559.001 Component Object Model
CM-6 Configuration Settings Protects T1562.002 Disable Windows Event Logging
CM-6 Configuration Settings Protects T1562.004 Disable or Modify System Firewall
CM-6 Configuration Settings Protects T1562.009 Safe Mode Boot
CM-6 Configuration Settings Protects T1563 Remote Service Session Hijacking
CM-6 Configuration Settings Protects T1563.001 SSH Hijacking
CM-6 Configuration Settings Protects T1563.002 RDP Hijacking
CM-6 Configuration Settings Protects T1564.006 Run Virtual Instance
CM-6 Configuration Settings Protects T1564.007 VBA Stomping
CM-6 Configuration Settings Protects T1564.009 Resource Forking
CM-6 Configuration Settings Protects T1566 Phishing
CM-6 Configuration Settings Protects T1566.001 Spearphishing Attachment
CM-6 Configuration Settings Protects T1569 System Services
CM-6 Configuration Settings Protects T1569.002 Service Execution
CM-6 Configuration Settings Protects T1571 Non-Standard Port
CM-6 Configuration Settings Protects T1572 Protocol Tunneling
CM-6 Configuration Settings Protects T1573 Encrypted Channel
CM-6 Configuration Settings Protects T1573.001 Symmetric Cryptography
CM-6 Configuration Settings Protects T1573.002 Asymmetric Cryptography
CM-6 Configuration Settings Protects T1574.001 DLL Search Order Hijacking
CM-6 Configuration Settings Protects T1574.004 Dylib Hijacking
CM-6 Configuration Settings Protects T1574.005 Executable Installer File Permissions Weakness
CM-6 Configuration Settings Protects T1574.006 Dynamic Linker Hijacking
CM-6 Configuration Settings Protects T1574.008 Path Interception by Search Order Hijacking
CM-6 Configuration Settings Protects T1574.009 Path Interception by Unquoted Path
CM-6 Configuration Settings Protects T1574.010 Services File Permissions Weakness
CM-6 Configuration Settings Protects T1598 Phishing for Information
CM-6 Configuration Settings Protects T1598.002 Spearphishing Attachment
CM-6 Configuration Settings Protects T1599.001 Network Address Translation Traversal
CM-6 Configuration Settings Protects T1601 Modify System Image
CM-6 Configuration Settings Protects T1601.001 Patch System Image
CM-6 Configuration Settings Protects T1601.002 Downgrade System Image
CM-6 Configuration Settings Protects T1602 Data from Configuration Repository
CM-6 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-6 Configuration Settings Protects T1612 Build Image on Host
CM-6 Configuration Settings Protects T1613 Container and Resource Discovery
CM-6 Configuration Settings Protects T1003.001 LSASS Memory
CM-6 Configuration Settings Protects T1003.002 Security Account Manager
CM-6 Configuration Settings Protects T1003.003 NTDS
CM-6 Configuration Settings Protects T1046 Network Service Scanning
CM-6 Configuration Settings Protects T1055 Process Injection
CM-6 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-6 Configuration Settings Protects T1078 Valid Accounts
CM-6 Configuration Settings Protects T1087.001 Local Account
CM-6 Configuration Settings Protects T1087.002 Domain Account
CM-6 Configuration Settings Protects T1091 Replication Through Removable Media
CM-6 Configuration Settings Protects T1110.001 Password Guessing
CM-6 Configuration Settings Protects T1110.002 Password Cracking
CM-6 Configuration Settings Protects T1111 Two-Factor Authentication Interception
CM-6 Configuration Settings Protects T1119 Automated Collection
CM-6 Configuration Settings Protects T1133 External Remote Services
CM-6 Configuration Settings Protects T1199 Trusted Relationship
CM-6 Configuration Settings Protects T1201 Password Policy Discovery
CM-6 Configuration Settings Protects T1212 Exploitation for Credential Access
CM-6 Configuration Settings Protects T1218 Signed Binary Proxy Execution
CM-6 Configuration Settings Protects T1482 Domain Trust Discovery
CM-6 Configuration Settings Protects T1528 Steal Application Access Token
CM-6 Configuration Settings Protects T1530 Data from Cloud Storage Object
CM-6 Configuration Settings Protects T1548.001 Setuid and Setgid
CM-6 Configuration Settings Protects T1552.007 Container API
CM-6 Configuration Settings Protects T1555.004 Windows Credential Manager
CM-6 Configuration Settings Protects T1556 Modify Authentication Process
CM-6 Configuration Settings Protects T1557 Adversary-in-the-Middle
CM-6 Configuration Settings Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-6 Configuration Settings Protects T1566.002 Spearphishing Link
CM-6 Configuration Settings Protects T1598.003 Spearphishing Link
CM-6 Configuration Settings Protects T1599 Network Boundary Bridging
CM-6 Configuration Settings Protects T1611 Escape to Host
CM-6 Configuration Settings Protects T1204 User Execution
CM-6 Configuration Settings Protects T1204.002 Malicious File
CM-6 Configuration Settings Protects T1557.003 DHCP Spoofing
CM-6 Configuration Settings Protects T1070.007 Clear Network Connection History and Configurations
CM-6 Configuration Settings Protects T1070.008 Clear Mailbox Data
CM-6 Configuration Settings Protects T1070.009 Clear Persistence
CM-6 Configuration Settings Protects T1098.005 Device Registration
CM-6 Configuration Settings Protects T1505.005 Terminal Services DLL
CM-6 Configuration Settings Protects T1546.016 Installer Packages
CM-6 Configuration Settings Protects T1559.003 XPC Services
CM-6 Configuration Settings Protects T1622 Debugger Evasion
CM-6 Configuration Settings Protects T1647 Plist File Modification
CM-6 Configuration Settings Protects T1648 Serverless Execution
CM-7 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
CM-7 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-7 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-7 Least Functionality Protects T1047 Windows Management Instrumentation
CM-7 Least Functionality Protects T1053 Scheduled Task/Job
CM-7 Least Functionality Protects T1053.002 At (Windows)
CM-7 Least Functionality Protects T1053.005 Scheduled Task
CM-7 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-7 Least Functionality Protects T1059.005 Visual Basic
CM-7 Least Functionality Protects T1095 Non-Application Layer Protocol
CM-7 Least Functionality Protects T1098 Account Manipulation
CM-7 Least Functionality Protects T1098.001 Additional Cloud Credentials
CM-7 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-7 Least Functionality Protects T1105 Ingress Tool Transfer
CM-7 Least Functionality Protects T1106 Native API
CM-7 Least Functionality Protects T1129 Shared Modules
CM-7 Least Functionality Protects T1176 Browser Extensions
CM-7 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-7 Least Functionality Protects T1195 Supply Chain Compromise
CM-7 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-7 Least Functionality Protects T1195.002 Compromise Software Supply Chain
CM-7 Least Functionality Protects T1197 BITS Jobs
CM-7 Least Functionality Protects T1205 Traffic Signaling
CM-7 Least Functionality Protects T1205.001 Port Knocking
CM-7 Least Functionality Protects T1210 Exploitation of Remote Services
CM-7 Least Functionality Protects T1216 Signed Script Proxy Execution
CM-7 Least Functionality Protects T1216.001 PubPrn
CM-7 Least Functionality Protects T1218.003 CMSTP
CM-7 Least Functionality Protects T1218.004 InstallUtil
CM-7 Least Functionality Protects T1218.007 Msiexec
CM-7 Least Functionality Protects T1218.008 Odbcconf
CM-7 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-7 Least Functionality Protects T1218.012 Verclsid
CM-7 Least Functionality Protects T1218.013 Mavinject
CM-7 Least Functionality Protects T1218.014 MMC
CM-7 Least Functionality Protects T1219 Remote Access Software
CM-7 Least Functionality Protects T1221 Template Injection
CM-7 Least Functionality Protects T1490 Inhibit System Recovery
CM-7 Least Functionality Protects T1498.001 Direct Network Flood
CM-7 Least Functionality Protects T1498.002 Reflection Amplification
CM-7 Least Functionality Protects T1499 Endpoint Denial of Service
CM-7 Least Functionality Protects T1499.001 OS Exhaustion Flood
CM-7 Least Functionality Protects T1499.002 Service Exhaustion Flood
CM-7 Least Functionality Protects T1499.003 Application Exhaustion Flood
CM-7 Least Functionality Protects T1499.004 Application or System Exploitation
CM-7 Least Functionality Protects T1525 Implant Internal Image
CM-7 Least Functionality Protects T1537 Transfer Data to Cloud Account
CM-7 Least Functionality Protects T1543 Create or Modify System Process
CM-7 Least Functionality Protects T1546.002 Screensaver
CM-7 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-7 Least Functionality Protects T1547.004 Winlogon Helper DLL
CM-7 Least Functionality Protects T1547.006 Kernel Modules and Extensions
CM-7 Least Functionality Protects T1547.007 Re-opened Applications
CM-7 Least Functionality Protects T1548.003 Sudo and Sudo Caching
CM-7 Least Functionality Protects T1552.003 Bash History
CM-7 Least Functionality Protects T1552.005 Cloud Instance Metadata API
CM-7 Least Functionality Protects T1553.001 Gatekeeper Bypass
CM-7 Least Functionality Protects T1553.005 Mark-of-the-Web Bypass
CM-7 Least Functionality Protects T1559 Inter-Process Communication
CM-7 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-7 Least Functionality Protects T1562 Impair Defenses
CM-7 Least Functionality Protects T1562.001 Disable or Modify Tools
CM-7 Least Functionality Protects T1562.003 Impair Command History Logging
CM-7 Least Functionality Protects T1562.006 Indicator Blocking
CM-7 Least Functionality Protects T1564.002 Hidden Users
CM-7 Least Functionality Protects T1565 Data Manipulation
CM-7 Least Functionality Protects T1565.003 Runtime Data Manipulation
CM-7 Least Functionality Protects T1570 Lateral Tool Transfer
CM-7 Least Functionality Protects T1574 Hijack Execution Flow
CM-7 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-7 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-7 Least Functionality Protects T1609 Container Administration Command
CM-7 Least Functionality Protects T1610 Deploy Container
CM-7 Least Functionality Protects T1003 OS Credential Dumping
CM-7 Least Functionality Protects T1003.005 Cached Domain Credentials
CM-7 Least Functionality Protects T1008 Fallback Channels
CM-7 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
CM-7 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-7 Least Functionality Protects T1021.005 VNC
CM-7 Least Functionality Protects T1021.006 Windows Remote Management
CM-7 Least Functionality Protects T1036 Masquerading
CM-7 Least Functionality Protects T1036.005 Match Legitimate Name or Location
CM-7 Least Functionality Protects T1036.007 Double File Extension
CM-7 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
CM-7 Least Functionality Protects T1037.001 Logon Script (Windows)
CM-7 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
CM-7 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-7 Least Functionality Protects T1052 Exfiltration Over Physical Medium
CM-7 Least Functionality Protects T1052.001 Exfiltration over USB
CM-7 Least Functionality Protects T1059.007 JavaScript
CM-7 Least Functionality Protects T1071 Application Layer Protocol
CM-7 Least Functionality Protects T1071.001 Web Protocols
CM-7 Least Functionality Protects T1071.002 File Transfer Protocols
CM-7 Least Functionality Protects T1071.003 Mail Protocols
CM-7 Least Functionality Protects T1071.004 DNS
CM-7 Least Functionality Protects T1072 Software Deployment Tools
CM-7 Least Functionality Protects T1080 Taint Shared Content
CM-7 Least Functionality Protects T1087 Account Discovery
CM-7 Least Functionality Protects T1090 Proxy
CM-7 Least Functionality Protects T1090.001 Internal Proxy
CM-7 Least Functionality Protects T1090.002 External Proxy
CM-7 Least Functionality Protects T1090.003 Multi-hop Proxy
CM-7 Least Functionality Protects T1092 Communication Through Removable Media
CM-7 Least Functionality Protects T1102 Web Service
CM-7 Least Functionality Protects T1102.001 Dead Drop Resolver
CM-7 Least Functionality Protects T1102.002 Bidirectional Communication
CM-7 Least Functionality Protects T1102.003 One-Way Communication
CM-7 Least Functionality Protects T1104 Multi-Stage Channels
CM-7 Least Functionality Protects T1112 Modify Registry
CM-7 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-7 Least Functionality Protects T1135 Network Share Discovery
CM-7 Least Functionality Protects T1136 Create Account
CM-7 Least Functionality Protects T1136.002 Domain Account
CM-7 Least Functionality Protects T1136.003 Cloud Account
CM-7 Least Functionality Protects T1187 Forced Authentication
CM-7 Least Functionality Protects T1204.001 Malicious Link
CM-7 Least Functionality Protects T1204.003 Malicious Image
CM-7 Least Functionality Protects T1213 Data from Information Repositories
CM-7 Least Functionality Protects T1213.001 Confluence
CM-7 Least Functionality Protects T1213.002 Sharepoint
CM-7 Least Functionality Protects T1218.001 Compiled HTML File
CM-7 Least Functionality Protects T1218.002 Control Panel
CM-7 Least Functionality Protects T1218.005 Mshta
CM-7 Least Functionality Protects T1220 XSL Script Processing
CM-7 Least Functionality Protects T1484 Domain Policy Modification
CM-7 Least Functionality Protects T1489 Service Stop
CM-7 Least Functionality Protects T1498 Network Denial of Service
CM-7 Least Functionality Protects T1505.004 IIS Components
CM-7 Least Functionality Protects T1542.004 ROMMONkit
CM-7 Least Functionality Protects T1542.005 TFTP Boot
CM-7 Least Functionality Protects T1546.008 Accessibility Features
CM-7 Least Functionality Protects T1546.009 AppCert DLLs
CM-7 Least Functionality Protects T1546.010 AppInit DLLs
CM-7 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-7 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-7 Least Functionality Protects T1552 Unsecured Credentials
CM-7 Least Functionality Protects T1553 Subvert Trust Controls
CM-7 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
CM-7 Least Functionality Protects T1553.004 Install Root Certificate
CM-7 Least Functionality Protects T1553.006 Code Signing Policy Modification
CM-7 Least Functionality Protects T1556.002 Password Filter DLL
CM-7 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-7 Least Functionality Protects T1562.002 Disable Windows Event Logging
CM-7 Least Functionality Protects T1562.004 Disable or Modify System Firewall
CM-7 Least Functionality Protects T1562.009 Safe Mode Boot
CM-7 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-7 Least Functionality Protects T1563.001 SSH Hijacking
CM-7 Least Functionality Protects T1563.002 RDP Hijacking
CM-7 Least Functionality Protects T1564.003 Hidden Window
CM-7 Least Functionality Protects T1564.006 Run Virtual Instance
CM-7 Least Functionality Protects T1564.008 Email Hiding Rules
CM-7 Least Functionality Protects T1564.009 Resource Forking
CM-7 Least Functionality Protects T1569 System Services
CM-7 Least Functionality Protects T1569.002 Service Execution
CM-7 Least Functionality Protects T1571 Non-Standard Port
CM-7 Least Functionality Protects T1572 Protocol Tunneling
CM-7 Least Functionality Protects T1573 Encrypted Channel
CM-7 Least Functionality Protects T1573.001 Symmetric Cryptography
CM-7 Least Functionality Protects T1573.002 Asymmetric Cryptography
CM-7 Least Functionality Protects T1574.001 DLL Search Order Hijacking
CM-7 Least Functionality Protects T1574.006 Dynamic Linker Hijacking
CM-7 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-7 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-7 Least Functionality Protects T1574.012 COR_PROFILER
CM-7 Least Functionality Protects T1599.001 Network Address Translation Traversal
CM-7 Least Functionality Protects T1601 Modify System Image
CM-7 Least Functionality Protects T1601.001 Patch System Image
CM-7 Least Functionality Protects T1601.002 Downgrade System Image
CM-7 Least Functionality Protects T1602 Data from Configuration Repository
CM-7 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-7 Least Functionality Protects T1612 Build Image on Host
CM-7 Least Functionality Protects T1613 Container and Resource Discovery
CM-7 Least Functionality Protects T1003.001 LSASS Memory
CM-7 Least Functionality Protects T1003.002 Security Account Manager
CM-7 Least Functionality Protects T1046 Network Service Scanning
CM-7 Least Functionality Protects T1068 Exploitation for Privilege Escalation
CM-7 Least Functionality Protects T1087.001 Local Account
CM-7 Least Functionality Protects T1087.002 Domain Account
CM-7 Least Functionality Protects T1133 External Remote Services
CM-7 Least Functionality Protects T1199 Trusted Relationship
CM-7 Least Functionality Protects T1218 Signed Binary Proxy Execution
CM-7 Least Functionality Protects T1482 Domain Trust Discovery
CM-7 Least Functionality Protects T1530 Data from Cloud Storage Object
CM-7 Least Functionality Protects T1548.001 Setuid and Setgid
CM-7 Least Functionality Protects T1552.007 Container API
CM-7 Least Functionality Protects T1555.004 Windows Credential Manager
CM-7 Least Functionality Protects T1556 Modify Authentication Process
CM-7 Least Functionality Protects T1557 Adversary-in-the-Middle
CM-7 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-7 Least Functionality Protects T1599 Network Boundary Bridging
CM-7 Least Functionality Protects T1611 Escape to Host
CM-7 Least Functionality Protects T1204 User Execution
CM-7 Least Functionality Protects T1204.002 Malicious File
CM-7 Least Functionality Protects T1557.003 DHCP Spoofing
CM-7 Least Functionality Protects T1559.003 XPC Services
CM-7 Least Functionality Protects T1622 Debugger Evasion
CM-7 Least Functionality Protects T1647 Plist File Modification
CM-7 Least Functionality Protects T1648 Serverless Execution
CM-8 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
CM-8 System Component Inventory Protects T1020.001 Traffic Duplication
CM-8 System Component Inventory Protects T1021.001 Remote Desktop Protocol
CM-8 System Component Inventory Protects T1053 Scheduled Task/Job
CM-8 System Component Inventory Protects T1053.002 At (Windows)
CM-8 System Component Inventory Protects T1053.005 Scheduled Task
CM-8 System Component Inventory Protects T1059 Command and Scripting Interpreter
CM-8 System Component Inventory Protects T1059.001 PowerShell
CM-8 System Component Inventory Protects T1059.005 Visual Basic
CM-8 System Component Inventory Protects T1098.004 SSH Authorized Keys
CM-8 System Component Inventory Protects T1189 Drive-by Compromise
CM-8 System Component Inventory Protects T1190 Exploit Public-Facing Application
CM-8 System Component Inventory Protects T1203 Exploitation for Client Execution
CM-8 System Component Inventory Protects T1210 Exploitation of Remote Services
CM-8 System Component Inventory Protects T1211 Exploitation for Defense Evasion
CM-8 System Component Inventory Protects T1218.003 CMSTP
CM-8 System Component Inventory Protects T1218.004 InstallUtil
CM-8 System Component Inventory Protects T1218.008 Odbcconf
CM-8 System Component Inventory Protects T1218.009 Regsvcs/Regasm
CM-8 System Component Inventory Protects T1218.012 Verclsid
CM-8 System Component Inventory Protects T1218.013 Mavinject
CM-8 System Component Inventory Protects T1218.014 MMC
CM-8 System Component Inventory Protects T1221 Template Injection
CM-8 System Component Inventory Protects T1495 Firmware Corruption
CM-8 System Component Inventory Protects T1505 Server Software Component
CM-8 System Component Inventory Protects T1546.002 Screensaver
CM-8 System Component Inventory Protects T1546.006 LC_LOAD_DYLIB Addition
CM-8 System Component Inventory Protects T1547.007 Re-opened Applications
CM-8 System Component Inventory Protects T1559 Inter-Process Communication
CM-8 System Component Inventory Protects T1559.002 Dynamic Data Exchange
CM-8 System Component Inventory Protects T1565 Data Manipulation
CM-8 System Component Inventory Protects T1565.001 Stored Data Manipulation
CM-8 System Component Inventory Protects T1565.002 Transmitted Data Manipulation
CM-8 System Component Inventory Protects T1574 Hijack Execution Flow
CM-8 System Component Inventory Protects T1574.007 Path Interception by PATH Environment Variable
CM-8 System Component Inventory Protects T1602.002 Network Device Configuration Dump
CM-8 System Component Inventory Protects T1021.003 Distributed Component Object Model
CM-8 System Component Inventory Protects T1021.004 SSH
CM-8 System Component Inventory Protects T1021.005 VNC
CM-8 System Component Inventory Protects T1021.006 Windows Remote Management
CM-8 System Component Inventory Protects T1052 Exfiltration Over Physical Medium
CM-8 System Component Inventory Protects T1052.001 Exfiltration over USB
CM-8 System Component Inventory Protects T1059.007 JavaScript
CM-8 System Component Inventory Protects T1072 Software Deployment Tools
CM-8 System Component Inventory Protects T1092 Communication Through Removable Media
CM-8 System Component Inventory Protects T1127 Trusted Developer Utilities Proxy Execution
CM-8 System Component Inventory Protects T1127.001 MSBuild
CM-8 System Component Inventory Protects T1137 Office Application Startup
CM-8 System Component Inventory Protects T1137.001 Office Template Macros
CM-8 System Component Inventory Protects T1213 Data from Information Repositories
CM-8 System Component Inventory Protects T1213.001 Confluence
CM-8 System Component Inventory Protects T1213.002 Sharepoint
CM-8 System Component Inventory Protects T1218.005 Mshta
CM-8 System Component Inventory Protects T1505.001 SQL Stored Procedures
CM-8 System Component Inventory Protects T1505.002 Transport Agent
CM-8 System Component Inventory Protects T1505.004 IIS Components
CM-8 System Component Inventory Protects T1542 Pre-OS Boot
CM-8 System Component Inventory Protects T1542.001 System Firmware
CM-8 System Component Inventory Protects T1542.003 Bootkit
CM-8 System Component Inventory Protects T1542.004 ROMMONkit
CM-8 System Component Inventory Protects T1542.005 TFTP Boot
CM-8 System Component Inventory Protects T1546.014 Emond
CM-8 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
CM-8 System Component Inventory Protects T1548.004 Elevated Execution with Prompt
CM-8 System Component Inventory Protects T1553 Subvert Trust Controls
CM-8 System Component Inventory Protects T1553.006 Code Signing Policy Modification
CM-8 System Component Inventory Protects T1557.002 ARP Cache Poisoning
CM-8 System Component Inventory Protects T1563 Remote Service Session Hijacking
CM-8 System Component Inventory Protects T1563.001 SSH Hijacking
CM-8 System Component Inventory Protects T1563.002 RDP Hijacking
CM-8 System Component Inventory Protects T1564.006 Run Virtual Instance
CM-8 System Component Inventory Protects T1564.007 VBA Stomping
CM-8 System Component Inventory Protects T1574.004 Dylib Hijacking
CM-8 System Component Inventory Protects T1574.008 Path Interception by Search Order Hijacking
CM-8 System Component Inventory Protects T1574.009 Path Interception by Unquoted Path
CM-8 System Component Inventory Protects T1601 Modify System Image
CM-8 System Component Inventory Protects T1601.001 Patch System Image
CM-8 System Component Inventory Protects T1601.002 Downgrade System Image
CM-8 System Component Inventory Protects T1602 Data from Configuration Repository
CM-8 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
CM-8 System Component Inventory Protects T1046 Network Service Scanning
CM-8 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
CM-8 System Component Inventory Protects T1091 Replication Through Removable Media
CM-8 System Component Inventory Protects T1119 Automated Collection
CM-8 System Component Inventory Protects T1133 External Remote Services
CM-8 System Component Inventory Protects T1195.003 Compromise Hardware Supply Chain
CM-8 System Component Inventory Protects T1212 Exploitation for Credential Access
CM-8 System Component Inventory Protects T1218 Signed Binary Proxy Execution
CM-8 System Component Inventory Protects T1530 Data from Cloud Storage Object
CM-8 System Component Inventory Protects T1557 Adversary-in-the-Middle
CM-8 System Component Inventory Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-8 System Component Inventory Protects T1557.003 DHCP Spoofing
CM-8 System Component Inventory Protects T1622 Debugger Evasion
CM-8 Information System Component Inventory Protects T1593.003 Code Repositories

Capabilities

Capability ID Capability Name Number of Mappings
CM-10 Software Usage Restrictions 9
CM-12 Information Location 2
CM-2 Baseline Configuration 259
CM-7 Least Functionality 200
CM-6 Configuration Settings 321
CM-8 System Component Inventory 94
CM-11 User-installed Software 32
CM-3 Configuration Change Control 24
CM-5 Access Restrictions for Change 147