NIST 800-53 System and Communications Protection Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-10 Network Disconnect Protects T1071 Application Layer Protocol
SC-10 Network Disconnect Protects T1071.001 Web Protocols
SC-10 Network Disconnect Protects T1071.002 File Transfer Protocols
SC-10 Network Disconnect Protects T1071.003 Mail Protocols
SC-10 Network Disconnect Protects T1071.004 DNS
SC-12 Cryptographic Key Establishment and Management Protects T1098.004 SSH Authorized Keys
SC-12 Cryptographic Key Establishment and Management Protects T1072 Software Deployment Tools
SC-12 Cryptographic Key Establishment and Management Protects T1552 Unsecured Credentials
SC-12 Cryptographic Key Establishment and Management Protects T1552.001 Credentials In Files
SC-12 Cryptographic Key Establishment and Management Protects T1552.002 Credentials in Registry
SC-12 Cryptographic Key Establishment and Management Protects T1552.004 Private Keys
SC-12 Cryptographic Key Establishment and Management Protects T1563.001 SSH Hijacking
SC-12 Cryptographic Key Establishment and Management Protects T1573 Encrypted Channel
SC-12 Cryptographic Key Establishment and Management Protects T1573.001 Symmetric Cryptography
SC-12 Cryptographic Key Establishment and Management Protects T1573.002 Asymmetric Cryptography
SC-13 Cryptographic Protection Protects T1025 Data from Removable Media
SC-13 Cryptographic Protection Protects T1041 Exfiltration Over C2 Channel
SC-13 Cryptographic Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-13 Cryptographic Protection Protects T1005 Data from Local System
SC-16 Transmission of Security and Privacy Attributes Protects T1505 Server Software Component
SC-16 Transmission of Security and Privacy Attributes Protects T1505.002 Transport Agent
SC-16 Transmission of Security and Privacy Attributes Protects T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes Protects T1573.001 Symmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes Protects T1573.002 Asymmetric Cryptography
SC-17 Public Key Infrastructure Certificates Protects T1072 Software Deployment Tools
SC-17 Public Key Infrastructure Certificates Protects T1606 Forge Web Credentials
SC-18 Mobile Code Protects T1059 Command and Scripting Interpreter
SC-18 Mobile Code Protects T1059.005 Visual Basic
SC-18 Mobile Code Protects T1189 Drive-by Compromise
SC-18 Mobile Code Protects T1190 Exploit Public-Facing Application
SC-18 Mobile Code Protects T1203 Exploitation for Client Execution
SC-18 Mobile Code Protects T1210 Exploitation of Remote Services
SC-18 Mobile Code Protects T1211 Exploitation for Defense Evasion
SC-18 Mobile Code Protects T1559 Inter-Process Communication
SC-18 Mobile Code Protects T1559.002 Dynamic Data Exchange
SC-18 Mobile Code Protects T1021.003 Distributed Component Object Model
SC-18 Mobile Code Protects T1055.002 Portable Executable Injection
SC-18 Mobile Code Protects T1055.003 Thread Execution Hijacking
SC-18 Mobile Code Protects T1055.004 Asynchronous Procedure Call
SC-18 Mobile Code Protects T1055.005 Thread Local Storage
SC-18 Mobile Code Protects T1055.008 Ptrace System Calls
SC-18 Mobile Code Protects T1055.009 Proc Memory
SC-18 Mobile Code Protects T1055.011 Extra Window Memory Injection
SC-18 Mobile Code Protects T1055.012 Process Hollowing
SC-18 Mobile Code Protects T1055.013 Process Doppelgänging
SC-18 Mobile Code Protects T1059.007 JavaScript
SC-18 Mobile Code Protects T1137 Office Application Startup
SC-18 Mobile Code Protects T1137.001 Office Template Macros
SC-18 Mobile Code Protects T1137.002 Office Test
SC-18 Mobile Code Protects T1137.003 Outlook Forms
SC-18 Mobile Code Protects T1137.004 Outlook Home Page
SC-18 Mobile Code Protects T1137.005 Outlook Rules
SC-18 Mobile Code Protects T1137.006 Add-ins
SC-18 Mobile Code Protects T1218.001 Compiled HTML File
SC-18 Mobile Code Protects T1548 Abuse Elevation Control Mechanism
SC-18 Mobile Code Protects T1548.004 Elevated Execution with Prompt
SC-18 Mobile Code Protects T1559.001 Component Object Model
SC-18 Mobile Code Protects T1055 Process Injection
SC-18 Mobile Code Protects T1055.001 Dynamic-link Library Injection
SC-18 Mobile Code Protects T1055.014 VDSO Hijacking
SC-18 Mobile Code Protects T1068 Exploitation for Privilege Escalation
SC-18 Mobile Code Protects T1212 Exploitation for Credential Access
SC-2 Separation of System and User Functionality Protects T1189 Drive-by Compromise
SC-2 Separation of System and User Functionality Protects T1190 Exploit Public-Facing Application
SC-2 Separation of System and User Functionality Protects T1203 Exploitation for Client Execution
SC-2 Separation of System and User Functionality Protects T1210 Exploitation of Remote Services
SC-2 Separation of System and User Functionality Protects T1211 Exploitation for Defense Evasion
SC-2 Separation of System and User Functionality Protects T1068 Exploitation for Privilege Escalation
SC-2 Separation of System and User Functionality Protects T1212 Exploitation for Credential Access
SC-2 Separation of System and User Functionality Protects T1611 Escape to Host
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568.002 Domain Generation Algorithms
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071 Application Layer Protocol
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.001 Web Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.002 File Transfer Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.003 Mail Protocols
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1071.004 DNS
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1553.004 Install Root Certificate
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566 Phishing
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.001 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1568 Dynamic Resolution
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598 Phishing for Information
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.002 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.002 Spearphishing Link
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1598.003 Spearphishing Link
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568.002 Domain Generation Algorithms
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071 Application Layer Protocol
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.001 Web Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.002 File Transfer Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.003 Mail Protocols
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1071.004 DNS
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) Protects T1568 Dynamic Resolution
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568.002 Domain Generation Algorithms
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071 Application Layer Protocol
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.001 Web Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.002 File Transfer Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.003 Mail Protocols
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1071.004 DNS
SC-22 Architecture and Provisioning for Name/address Resolution Service Protects T1568 Dynamic Resolution
SC-23 Session Authenticity Protects T1562.006 Indicator Blocking
SC-23 Session Authenticity Protects T1071 Application Layer Protocol
SC-23 Session Authenticity Protects T1071.001 Web Protocols
SC-23 Session Authenticity Protects T1071.002 File Transfer Protocols
SC-23 Session Authenticity Protects T1071.003 Mail Protocols
SC-23 Session Authenticity Protects T1071.004 DNS
SC-23 Session Authenticity Protects T1185 Browser Session Hijacking
SC-23 Session Authenticity Protects T1535 Unused/Unsupported Cloud Regions
SC-23 Session Authenticity Protects T1550.004 Web Session Cookie
SC-23 Session Authenticity Protects T1557.002 ARP Cache Poisoning
SC-23 Session Authenticity Protects T1562.009 Safe Mode Boot
SC-23 Session Authenticity Protects T1563.001 SSH Hijacking
SC-23 Session Authenticity Protects T1573 Encrypted Channel
SC-23 Session Authenticity Protects T1573.001 Symmetric Cryptography
SC-23 Session Authenticity Protects T1573.002 Asymmetric Cryptography
SC-23 Session Authenticity Protects T1557 Adversary-in-the-Middle
SC-23 Session Authenticity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-23 Session Authenticity Protects T1557.003 DHCP Spoofing
SC-23 Session Authenticity Protects T1622 Debugger Evasion
SC-26 Decoys Protects T1210 Exploitation of Remote Services
SC-26 Decoys Protects T1211 Exploitation for Defense Evasion
SC-26 Decoys Protects T1068 Exploitation for Privilege Escalation
SC-26 Decoys Protects T1212 Exploitation for Credential Access
SC-28 Protection of Information at Rest Protects T1078.004 Cloud Accounts
SC-28 Protection of Information at Rest Protects T1550.001 Application Access Token
SC-28 Protection of Information at Rest Protects T1552.003 Bash History
SC-28 Protection of Information at Rest Protects T1565 Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest Protects T1565.003 Runtime Data Manipulation
SC-28 Protection of Information at Rest Protects T1567 Exfiltration Over Web Service
SC-28 Protection of Information at Rest Protects T1602.002 Network Device Configuration Dump
SC-28 Protection of Information at Rest Protects T1003 OS Credential Dumping
SC-28 Protection of Information at Rest Protects T1003.004 LSA Secrets
SC-28 Protection of Information at Rest Protects T1003.005 Cached Domain Credentials
SC-28 Protection of Information at Rest Protects T1003.006 DCSync
SC-28 Protection of Information at Rest Protects T1003.007 Proc Filesystem
SC-28 Protection of Information at Rest Protects T1003.008 /etc/passwd and /etc/shadow
SC-28 Protection of Information at Rest Protects T1025 Data from Removable Media
SC-28 Protection of Information at Rest Protects T1041 Exfiltration Over C2 Channel
SC-28 Protection of Information at Rest Protects T1048 Exfiltration Over Alternative Protocol
SC-28 Protection of Information at Rest Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-28 Protection of Information at Rest Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-28 Protection of Information at Rest Protects T1052 Exfiltration Over Physical Medium
SC-28 Protection of Information at Rest Protects T1052.001 Exfiltration over USB
SC-28 Protection of Information at Rest Protects T1078.001 Default Accounts
SC-28 Protection of Information at Rest Protects T1078.003 Local Accounts
SC-28 Protection of Information at Rest Protects T1213 Data from Information Repositories
SC-28 Protection of Information at Rest Protects T1213.001 Confluence
SC-28 Protection of Information at Rest Protects T1213.002 Sharepoint
SC-28 Protection of Information at Rest Protects T1552 Unsecured Credentials
SC-28 Protection of Information at Rest Protects T1552.001 Credentials In Files
SC-28 Protection of Information at Rest Protects T1552.002 Credentials in Registry
SC-28 Protection of Information at Rest Protects T1552.004 Private Keys
SC-28 Protection of Information at Rest Protects T1599.001 Network Address Translation Traversal
SC-28 Protection of Information at Rest Protects T1602 Data from Configuration Repository
SC-28 Protection of Information at Rest Protects T1602.001 SNMP (MIB Dump)
SC-28 Protection of Information at Rest Protects T1003.001 LSASS Memory
SC-28 Protection of Information at Rest Protects T1003.002 Security Account Manager
SC-28 Protection of Information at Rest Protects T1003.003 NTDS
SC-28 Protection of Information at Rest Protects T1005 Data from Local System
SC-28 Protection of Information at Rest Protects T1078 Valid Accounts
SC-28 Protection of Information at Rest Protects T1530 Data from Cloud Storage Object
SC-28 Protection of Information at Rest Protects T1599 Network Boundary Bridging
SC-29 Heterogeneity Protects T1189 Drive-by Compromise
SC-29 Heterogeneity Protects T1190 Exploit Public-Facing Application
SC-29 Heterogeneity Protects T1203 Exploitation for Client Execution
SC-29 Heterogeneity Protects T1210 Exploitation of Remote Services
SC-29 Heterogeneity Protects T1211 Exploitation for Defense Evasion
SC-29 Heterogeneity Protects T1068 Exploitation for Privilege Escalation
SC-29 Heterogeneity Protects T1212 Exploitation for Credential Access
SC-3 Security Function Isolation Protects T1047 Windows Management Instrumentation
SC-3 Security Function Isolation Protects T1189 Drive-by Compromise
SC-3 Security Function Isolation Protects T1190 Exploit Public-Facing Application
SC-3 Security Function Isolation Protects T1203 Exploitation for Client Execution
SC-3 Security Function Isolation Protects T1210 Exploitation of Remote Services
SC-3 Security Function Isolation Protects T1211 Exploitation for Defense Evasion
SC-3 Security Function Isolation Protects T1559 Inter-Process Communication
SC-3 Security Function Isolation Protects T1559.002 Dynamic Data Exchange
SC-3 Security Function Isolation Protects T1602.002 Network Device Configuration Dump
SC-3 Security Function Isolation Protects T1021.003 Distributed Component Object Model
SC-3 Security Function Isolation Protects T1134.005 SID-History Injection
SC-3 Security Function Isolation Protects T1559.001 Component Object Model
SC-3 Security Function Isolation Protects T1602 Data from Configuration Repository
SC-3 Security Function Isolation Protects T1602.001 SNMP (MIB Dump)
SC-3 Security Function Isolation Protects T1003.001 LSASS Memory
SC-3 Security Function Isolation Protects T1068 Exploitation for Privilege Escalation
SC-3 Security Function Isolation Protects T1212 Exploitation for Credential Access
SC-3 Security Function Isolation Protects T1611 Escape to Host
SC-30 Concealment and Misdirection Protects T1189 Drive-by Compromise
SC-30 Concealment and Misdirection Protects T1190 Exploit Public-Facing Application
SC-30 Concealment and Misdirection Protects T1203 Exploitation for Client Execution
SC-30 Concealment and Misdirection Protects T1210 Exploitation of Remote Services
SC-30 Concealment and Misdirection Protects T1211 Exploitation for Defense Evasion
SC-30 Concealment and Misdirection Protects T1068 Exploitation for Privilege Escalation
SC-30 Concealment and Misdirection Protects T1212 Exploitation for Credential Access
SC-31 Covert Channel Analysis Protects T1567 Exfiltration Over Web Service
SC-31 Covert Channel Analysis Protects T1041 Exfiltration Over C2 Channel
SC-31 Covert Channel Analysis Protects T1048 Exfiltration Over Alternative Protocol
SC-31 Covert Channel Analysis Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-31 Covert Channel Analysis Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-31 Covert Channel Analysis Protects T1071 Application Layer Protocol
SC-31 Covert Channel Analysis Protects T1071.001 Web Protocols
SC-31 Covert Channel Analysis Protects T1071.002 File Transfer Protocols
SC-31 Covert Channel Analysis Protects T1071.003 Mail Protocols
SC-31 Covert Channel Analysis Protects T1071.004 DNS
SC-34 Non-modifiable Executable Programs Protects T1047 Windows Management Instrumentation
SC-34 Non-modifiable Executable Programs Protects T1542 Pre-OS Boot
SC-34 Non-modifiable Executable Programs Protects T1542.001 System Firmware
SC-34 Non-modifiable Executable Programs Protects T1542.003 Bootkit
SC-34 Non-modifiable Executable Programs Protects T1542.004 ROMMONkit
SC-34 Non-modifiable Executable Programs Protects T1542.005 TFTP Boot
SC-34 Non-modifiable Executable Programs Protects T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs Protects T1548.004 Elevated Execution with Prompt
SC-34 Non-modifiable Executable Programs Protects T1553 Subvert Trust Controls
SC-34 Non-modifiable Executable Programs Protects T1553.006 Code Signing Policy Modification
SC-34 Non-modifiable Executable Programs Protects T1601 Modify System Image
SC-34 Non-modifiable Executable Programs Protects T1601.001 Patch System Image
SC-34 Non-modifiable Executable Programs Protects T1601.002 Downgrade System Image
SC-34 Non-modifiable Executable Programs Protects T1195.003 Compromise Hardware Supply Chain
SC-34 Non-modifiable Executable Programs Protects T1611 Escape to Host
SC-35 External Malicious Code Identification Protects T1210 Exploitation of Remote Services
SC-35 External Malicious Code Identification Protects T1211 Exploitation for Defense Evasion
SC-35 External Malicious Code Identification Protects T1068 Exploitation for Privilege Escalation
SC-35 External Malicious Code Identification Protects T1212 Exploitation for Credential Access
SC-36 Distributed Processing and Storage Protects T1070 Indicator Removal on Host
SC-36 Distributed Processing and Storage Protects T1070.001 Clear Windows Event Logs
SC-36 Distributed Processing and Storage Protects T1565 Data Manipulation
SC-36 Distributed Processing and Storage Protects T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage Protects T1070.002 Clear Linux or Mac System Logs
SC-36 Distributed Processing and Storage Protects T1119 Automated Collection
SC-36 Distributed Processing And Storage Protects T1070.008 Clear Mailbox Data
SC-37 Out-of-band Channels Protects T1071 Application Layer Protocol
SC-37 Out-of-band Channels Protects T1071.001 Web Protocols
SC-37 Out-of-band Channels Protects T1071.002 File Transfer Protocols
SC-37 Out-of-band Channels Protects T1071.003 Mail Protocols
SC-37 Out-of-band Channels Protects T1071.004 DNS
SC-38 Operations Security Protects T1025 Data from Removable Media
SC-38 Operations Security Protects T1005 Data from Local System
SC-39 Process Isolation Protects T1189 Drive-by Compromise
SC-39 Process Isolation Protects T1190 Exploit Public-Facing Application
SC-39 Process Isolation Protects T1203 Exploitation for Client Execution
SC-39 Process Isolation Protects T1210 Exploitation of Remote Services
SC-39 Process Isolation Protects T1211 Exploitation for Defense Evasion
SC-39 Process Isolation Protects T1547.002 Authentication Package
SC-39 Process Isolation Protects T1547.008 LSASS Driver
SC-39 Process Isolation Protects T1003 OS Credential Dumping
SC-39 Process Isolation Protects T1003.004 LSA Secrets
SC-39 Process Isolation Protects T1003.005 Cached Domain Credentials
SC-39 Process Isolation Protects T1003.006 DCSync
SC-39 Process Isolation Protects T1003.007 Proc Filesystem
SC-39 Process Isolation Protects T1003.008 /etc/passwd and /etc/shadow
SC-39 Process Isolation Protects T1547.005 Security Support Provider
SC-39 Process Isolation Protects T1556.001 Domain Controller Authentication
SC-39 Process Isolation Protects T1003.001 LSASS Memory
SC-39 Process Isolation Protects T1003.002 Security Account Manager
SC-39 Process Isolation Protects T1003.003 NTDS
SC-39 Process Isolation Protects T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation Protects T1212 Exploitation for Credential Access
SC-39 Process Isolation Protects T1556 Modify Authentication Process
SC-39 Process Isolation Protects T1611 Escape to Host
SC-4 Information in Shared System Resources Protects T1020.001 Traffic Duplication
SC-4 Information in Shared System Resources Protects T1070 Indicator Removal on Host
SC-4 Information in Shared System Resources Protects T1070.001 Clear Windows Event Logs
SC-4 Information in Shared System Resources Protects T1558 Steal or Forge Kerberos Tickets
SC-4 Information in Shared System Resources Protects T1558.003 Kerberoasting
SC-4 Information in Shared System Resources Protects T1565 Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.001 Stored Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.002 Transmitted Data Manipulation
SC-4 Information in Shared System Resources Protects T1565.003 Runtime Data Manipulation
SC-4 Information in Shared System Resources Protects T1602.002 Network Device Configuration Dump
SC-4 Information in Shared System Resources Protects T1070.002 Clear Linux or Mac System Logs
SC-4 Information in Shared System Resources Protects T1080 Taint Shared Content
SC-4 Information in Shared System Resources Protects T1552 Unsecured Credentials
SC-4 Information in Shared System Resources Protects T1552.001 Credentials In Files
SC-4 Information in Shared System Resources Protects T1552.002 Credentials in Registry
SC-4 Information in Shared System Resources Protects T1552.004 Private Keys
SC-4 Information in Shared System Resources Protects T1557.002 ARP Cache Poisoning
SC-4 Information in Shared System Resources Protects T1558.002 Silver Ticket
SC-4 Information in Shared System Resources Protects T1558.004 AS-REP Roasting
SC-4 Information in Shared System Resources Protects T1564.009 Resource Forking
SC-4 Information in Shared System Resources Protects T1602 Data from Configuration Repository
SC-4 Information in Shared System Resources Protects T1602.001 SNMP (MIB Dump)
SC-4 Information in Shared System Resources Protects T1040 Network Sniffing
SC-4 Information in Shared System Resources Protects T1119 Automated Collection
SC-4 Information in Shared System Resources Protects T1530 Data from Cloud Storage Object
SC-4 Information in Shared System Resources Protects T1557 Adversary-in-the-Middle
SC-4 Information In Shared Resources Protects T1070.008 Clear Mailbox Data
SC-4 Information in Shared System Resources Protects T1595.003 Wordlist Scanning
SC-41 Port and I/O Device Access Protects T1025 Data from Removable Media
SC-41 Port and I/O Device Access Protects T1052 Exfiltration Over Physical Medium
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1091 Replication Through Removable Media
SC-41 Port and I/O Device Access Protects T1200 Hardware Additions
SC-43 Usage Restrictions Protects T1114.003 Email Forwarding Rule
SC-43 Usage Restrictions Protects T1613 Container and Resource Discovery
SC-44 Detonation Chambers Protects T1203 Exploitation for Client Execution
SC-44 Detonation Chambers Protects T1221 Template Injection
SC-44 Detonation Chambers Protects T1137 Office Application Startup
SC-44 Detonation Chambers Protects T1137.001 Office Template Macros
SC-44 Detonation Chambers Protects T1137.002 Office Test
SC-44 Detonation Chambers Protects T1137.003 Outlook Forms
SC-44 Detonation Chambers Protects T1137.004 Outlook Home Page
SC-44 Detonation Chambers Protects T1137.005 Outlook Rules
SC-44 Detonation Chambers Protects T1137.006 Add-ins
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.003 Malicious Image
SC-44 Detonation Chambers Protects T1564.009 Resource Forking
SC-44 Detonation Chambers Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.003 Spearphishing via Service
SC-44 Detonation Chambers Protects T1598 Phishing for Information
SC-44 Detonation Chambers Protects T1598.001 Spearphishing Service
SC-44 Detonation Chambers Protects T1598.002 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.002 Spearphishing Link
SC-44 Detonation Chambers Protects T1598.003 Spearphishing Link
SC-44 Detonation Chambers Protects T1204 User Execution
SC-44 Detonation Chambers Protects T1204.002 Malicious File
SC-46 Cross Domain Policy Enforcement Protects T1021.001 Remote Desktop Protocol
SC-46 Cross Domain Policy Enforcement Protects T1098 Account Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1098.001 Additional Cloud Credentials
SC-46 Cross Domain Policy Enforcement Protects T1190 Exploit Public-Facing Application
SC-46 Cross Domain Policy Enforcement Protects T1210 Exploitation of Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1565 Data Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1565.003 Runtime Data Manipulation
SC-46 Cross Domain Policy Enforcement Protects T1021.003 Distributed Component Object Model
SC-46 Cross Domain Policy Enforcement Protects T1021.006 Windows Remote Management
SC-46 Cross Domain Policy Enforcement Protects T1048 Exfiltration Over Alternative Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement Protects T1072 Software Deployment Tools
SC-46 Cross Domain Policy Enforcement Protects T1136 Create Account
SC-46 Cross Domain Policy Enforcement Protects T1136.002 Domain Account
SC-46 Cross Domain Policy Enforcement Protects T1136.003 Cloud Account
SC-46 Cross Domain Policy Enforcement Protects T1489 Service Stop
SC-46 Cross Domain Policy Enforcement Protects T1563 Remote Service Session Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1563.002 RDP Hijacking
SC-46 Cross Domain Policy Enforcement Protects T1046 Network Service Scanning
SC-46 Cross Domain Policy Enforcement Protects T1133 External Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1199 Trusted Relationship
SC-46 Cross Domain Policy Enforcement Protects T1482 Domain Trust Discovery
SC-46 Cross Domain Policy Enforcement Protects T1552.007 Container API
SC-46 Cross Domain Policy Enforcement Protects T1557 Adversary-in-the-Middle
SC-46 Cross Domain Policy Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-46 Cross Domain Policy Enforcement Protects T1557.003 DHCP Spoofing
SC-46 Cross Domain Policy Enforcement Protects T1622 Debugger Evasion
SC-6 Resource Availability Protects T1564.009 Resource Forking
SC-7 Boundary Protection Protects T1020.001 Traffic Duplication
SC-7 Boundary Protection Protects T1021.001 Remote Desktop Protocol
SC-7 Boundary Protection Protects T1095 Non-Application Layer Protocol
SC-7 Boundary Protection Protects T1098 Account Manipulation
SC-7 Boundary Protection Protects T1098.001 Additional Cloud Credentials
SC-7 Boundary Protection Protects T1105 Ingress Tool Transfer
SC-7 Boundary Protection Protects T1176 Browser Extensions
SC-7 Boundary Protection Protects T1189 Drive-by Compromise
SC-7 Boundary Protection Protects T1190 Exploit Public-Facing Application
SC-7 Boundary Protection Protects T1197 BITS Jobs
SC-7 Boundary Protection Protects T1203 Exploitation for Client Execution
SC-7 Boundary Protection Protects T1205 Traffic Signaling
SC-7 Boundary Protection Protects T1205.001 Port Knocking
SC-7 Boundary Protection Protects T1210 Exploitation of Remote Services
SC-7 Boundary Protection Protects T1211 Exploitation for Defense Evasion
SC-7 Boundary Protection Protects T1218.012 Verclsid
SC-7 Boundary Protection Protects T1219 Remote Access Software
SC-7 Boundary Protection Protects T1221 Template Injection
SC-7 Boundary Protection Protects T1498.001 Direct Network Flood
SC-7 Boundary Protection Protects T1498.002 Reflection Amplification
SC-7 Boundary Protection Protects T1499 Endpoint Denial of Service
SC-7 Boundary Protection Protects T1499.001 OS Exhaustion Flood
SC-7 Boundary Protection Protects T1499.002 Service Exhaustion Flood
SC-7 Boundary Protection Protects T1499.003 Application Exhaustion Flood
SC-7 Boundary Protection Protects T1499.004 Application or System Exploitation
SC-7 Boundary Protection Protects T1537 Transfer Data to Cloud Account
SC-7 Boundary Protection Protects T1552.005 Cloud Instance Metadata API
SC-7 Boundary Protection Protects T1559 Inter-Process Communication
SC-7 Boundary Protection Protects T1559.002 Dynamic Data Exchange
SC-7 Boundary Protection Protects T1565 Data Manipulation
SC-7 Boundary Protection Protects T1565.001 Stored Data Manipulation
SC-7 Boundary Protection Protects T1565.003 Runtime Data Manipulation
SC-7 Boundary Protection Protects T1567 Exfiltration Over Web Service
SC-7 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
SC-7 Boundary Protection Protects T1568.002 Domain Generation Algorithms
SC-7 Boundary Protection Protects T1570 Lateral Tool Transfer
SC-7 Boundary Protection Protects T1602.002 Network Device Configuration Dump
SC-7 Boundary Protection Protects T1609 Container Administration Command
SC-7 Boundary Protection Protects T1610 Deploy Container
SC-7 Boundary Protection Protects T1001 Data Obfuscation
SC-7 Boundary Protection Protects T1001.001 Junk Data
SC-7 Boundary Protection Protects T1001.002 Steganography
SC-7 Boundary Protection Protects T1001.003 Protocol Impersonation
SC-7 Boundary Protection Protects T1008 Fallback Channels
SC-7 Boundary Protection Protects T1021.002 SMB/Windows Admin Shares
SC-7 Boundary Protection Protects T1021.003 Distributed Component Object Model
SC-7 Boundary Protection Protects T1021.005 VNC
SC-7 Boundary Protection Protects T1021.006 Windows Remote Management
SC-7 Boundary Protection Protects T1029 Scheduled Transfer
SC-7 Boundary Protection Protects T1030 Data Transfer Size Limits
SC-7 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SC-7 Boundary Protection Protects T1048 Exfiltration Over Alternative Protocol
SC-7 Boundary Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-7 Boundary Protection Protects T1055.002 Portable Executable Injection
SC-7 Boundary Protection Protects T1055.003 Thread Execution Hijacking
SC-7 Boundary Protection Protects T1055.004 Asynchronous Procedure Call
SC-7 Boundary Protection Protects T1055.005 Thread Local Storage
SC-7 Boundary Protection Protects T1055.008 Ptrace System Calls
SC-7 Boundary Protection Protects T1055.009 Proc Memory
SC-7 Boundary Protection Protects T1055.011 Extra Window Memory Injection
SC-7 Boundary Protection Protects T1055.012 Process Hollowing
SC-7 Boundary Protection Protects T1055.013 Process Doppelgänging
SC-7 Boundary Protection Protects T1071 Application Layer Protocol
SC-7 Boundary Protection Protects T1071.001 Web Protocols
SC-7 Boundary Protection Protects T1071.002 File Transfer Protocols
SC-7 Boundary Protection Protects T1071.003 Mail Protocols
SC-7 Boundary Protection Protects T1071.004 DNS
SC-7 Boundary Protection Protects T1072 Software Deployment Tools
SC-7 Boundary Protection Protects T1080 Taint Shared Content
SC-7 Boundary Protection Protects T1090 Proxy
SC-7 Boundary Protection Protects T1090.001 Internal Proxy
SC-7 Boundary Protection Protects T1090.002 External Proxy
SC-7 Boundary Protection Protects T1090.003 Multi-hop Proxy
SC-7 Boundary Protection Protects T1102 Web Service
SC-7 Boundary Protection Protects T1102.001 Dead Drop Resolver
SC-7 Boundary Protection Protects T1102.002 Bidirectional Communication
SC-7 Boundary Protection Protects T1102.003 One-Way Communication
SC-7 Boundary Protection Protects T1104 Multi-Stage Channels
SC-7 Boundary Protection Protects T1114 Email Collection
SC-7 Boundary Protection Protects T1114.003 Email Forwarding Rule
SC-7 Boundary Protection Protects T1132 Data Encoding
SC-7 Boundary Protection Protects T1132.001 Standard Encoding
SC-7 Boundary Protection Protects T1132.002 Non-Standard Encoding
SC-7 Boundary Protection Protects T1136 Create Account
SC-7 Boundary Protection Protects T1136.002 Domain Account
SC-7 Boundary Protection Protects T1136.003 Cloud Account
SC-7 Boundary Protection Protects T1187 Forced Authentication
SC-7 Boundary Protection Protects T1204.001 Malicious Link
SC-7 Boundary Protection Protects T1204.003 Malicious Image
SC-7 Boundary Protection Protects T1489 Service Stop
SC-7 Boundary Protection Protects T1498 Network Denial of Service
SC-7 Boundary Protection Protects T1505.004 IIS Components
SC-7 Boundary Protection Protects T1542 Pre-OS Boot
SC-7 Boundary Protection Protects T1542.004 ROMMONkit
SC-7 Boundary Protection Protects T1542.005 TFTP Boot
SC-7 Boundary Protection Protects T1552 Unsecured Credentials
SC-7 Boundary Protection Protects T1552.001 Credentials In Files
SC-7 Boundary Protection Protects T1552.004 Private Keys
SC-7 Boundary Protection Protects T1557.002 ARP Cache Poisoning
SC-7 Boundary Protection Protects T1559.001 Component Object Model
SC-7 Boundary Protection Protects T1560 Archive Collected Data
SC-7 Boundary Protection Protects T1563 Remote Service Session Hijacking
SC-7 Boundary Protection Protects T1563.002 RDP Hijacking
SC-7 Boundary Protection Protects T1566 Phishing
SC-7 Boundary Protection Protects T1566.001 Spearphishing Attachment
SC-7 Boundary Protection Protects T1566.003 Spearphishing via Service
SC-7 Boundary Protection Protects T1567.001 Exfiltration to Code Repository
SC-7 Boundary Protection Protects T1568 Dynamic Resolution
SC-7 Boundary Protection Protects T1571 Non-Standard Port
SC-7 Boundary Protection Protects T1572 Protocol Tunneling
SC-7 Boundary Protection Protects T1573 Encrypted Channel
SC-7 Boundary Protection Protects T1573.001 Symmetric Cryptography
SC-7 Boundary Protection Protects T1573.002 Asymmetric Cryptography
SC-7 Boundary Protection Protects T1598 Phishing for Information
SC-7 Boundary Protection Protects T1598.001 Spearphishing Service
SC-7 Boundary Protection Protects T1598.002 Spearphishing Attachment
SC-7 Boundary Protection Protects T1599.001 Network Address Translation Traversal
SC-7 Boundary Protection Protects T1602 Data from Configuration Repository
SC-7 Boundary Protection Protects T1602.001 SNMP (MIB Dump)
SC-7 Boundary Protection Protects T1612 Build Image on Host
SC-7 Boundary Protection Protects T1613 Container and Resource Discovery
SC-7 Boundary Protection Protects T1046 Network Service Scanning
SC-7 Boundary Protection Protects T1055 Process Injection
SC-7 Boundary Protection Protects T1055.001 Dynamic-link Library Injection
SC-7 Boundary Protection Protects T1055.014 VDSO Hijacking
SC-7 Boundary Protection Protects T1068 Exploitation for Privilege Escalation
SC-7 Boundary Protection Protects T1133 External Remote Services
SC-7 Boundary Protection Protects T1199 Trusted Relationship
SC-7 Boundary Protection Protects T1212 Exploitation for Credential Access
SC-7 Boundary Protection Protects T1482 Domain Trust Discovery
SC-7 Boundary Protection Protects T1530 Data from Cloud Storage Object
SC-7 Boundary Protection Protects T1552.007 Container API
SC-7 Boundary Protection Protects T1557 Adversary-in-the-Middle
SC-7 Boundary Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-7 Boundary Protection Protects T1560.001 Archive via Utility
SC-7 Boundary Protection Protects T1566.002 Spearphishing Link
SC-7 Boundary Protection Protects T1598.003 Spearphishing Link
SC-7 Boundary Protection Protects T1599 Network Boundary Bridging
SC-7 Boundary Protection Protects T1611 Escape to Host
SC-7 Boundary Protection Protects T1204 User Execution
SC-7 Boundary Protection Protects T1204.002 Malicious File
SC-7 Boundary Protection Protects T1622 Debugger Evasion
SC-7 Boundary Protection Protects T1648 Serverless Execution
SC-7 Boundary Protection Protects T1557.003 DHCP Spoofing
SC-7 Boundary Protection Protects T1583.007 Serverless
SC-7 Boundary Protection Protects T1584.007 Serverless
SC-8 Transmission Confidentiality and Integrity Protects T1020.001 Traffic Duplication
SC-8 Transmission Confidentiality and Integrity Protects T1550.001 Application Access Token
SC-8 Transmission Confidentiality and Integrity Protects T1562.006 Indicator Blocking
SC-8 Transmission Confidentiality and Integrity Protects T1602.002 Network Device Configuration Dump
SC-8 Transmission Confidentiality and Integrity Protects T1090 Proxy
SC-8 Transmission Confidentiality and Integrity Protects T1090.004 Domain Fronting
SC-8 Transmission Confidentiality and Integrity Protects T1550.004 Web Session Cookie
SC-8 Transmission Confidentiality and Integrity Protects T1557.002 ARP Cache Poisoning
SC-8 Transmission Confidentiality and Integrity Protects T1562.009 Safe Mode Boot
SC-8 Transmission Confidentiality and Integrity Protects T1602 Data from Configuration Repository
SC-8 Transmission Confidentiality and Integrity Protects T1602.001 SNMP (MIB Dump)
SC-8 Transmission Confidentiality and Integrity Protects T1040 Network Sniffing
SC-8 Transmission Confidentiality and Integrity Protects T1552.007 Container API
SC-8 Transmission Confidentiality and Integrity Protects T1557 Adversary-in-the-Middle
SC-8 Transmission Confidentiality and Integrity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-8 Transmission Confidentiality and Integrity Protects T1557.003 DHCP Spoofing
SC-8 Transmission Confidentiality and Integrity Protects T1622 Debugger Evasion

Capabilities

Capability ID Capability Name Number of Mappings
SC-41 Port and I/O Device Access 5
SC-10 Network Disconnect 5
SC-26 Decoys 4
SC-29 Heterogeneity 7
SC-3 Security Function Isolation 18
SC-4 Information in Shared System Resources 28
SC-43 Usage Restrictions 2
SC-8 Transmission Confidentiality and Integrity 17
SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) 7
SC-18 Mobile Code 36
SC-16 Transmission of Security and Privacy Attributes 5
SC-6 Resource Availability 1
SC-2 Separation of System and User Functionality 8
SC-31 Covert Channel Analysis 10
SC-34 Non-modifiable Executable Programs 15
SC-7 Boundary Protection 148
SC-35 External Malicious Code Identification 4
SC-30 Concealment and Misdirection 7
SC-44 Detonation Chambers 22
SC-39 Process Isolation 22
SC-28 Protection of Information at Rest 40
SC-13 Cryptographic Protection 4
SC-37 Out-of-band Channels 5
SC-12 Cryptographic Key Establishment and Management 10
SC-17 Public Key Infrastructure Certificates 2
SC-36 Distributed Processing and Storage 7
SC-22 Architecture and Provisioning for Name/address Resolution Service 7
SC-20 Secure Name/address Resolution Service (authoritative Source) 14
SC-38 Operations Security 2
SC-23 Session Authenticity 19
SC-46 Cross Domain Policy Enforcement 29