NIST 800-53 AC-19 Mappings

A mobile device is a computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection; possesses local, non-removable or removable data storage; and includes a self-contained power source. Mobile device functionality may also include voice communication capabilities, on-board sensors that allow the device to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones and tablets. Mobile devices are typically associated with a single individual. The processing, storage, and transmission capability of the mobile device may be comparable to or merely a subset of notebook/desktop systems, depending on the nature and intended purpose of the device. Protection and control of mobile devices is behavior or policy-based and requires users to take physical action to protect and control such devices when outside of controlled areas. Controlled areas are spaces for which organizations provide physical or procedural controls to meet the requirements established for protecting information and systems.

Due to the large variety of mobile devices with different characteristics and capabilities, organizational restrictions may vary for the different classes or types of such devices. Usage restrictions and specific implementation guidance for mobile devices include configuration management, device identification and authentication, implementation of mandatory protective software, scanning devices for malicious code, updating virus protection software, scanning for critical software updates and patches, conducting primary operating system (and possibly other resident software) integrity checks, and disabling unnecessary hardware.

Usage restrictions and authorization to connect may vary among organizational systems. For example, the organization may authorize the connection of mobile devices to its network and impose a set of usage restrictions, while a system owner may withhold authorization for mobile device connection to specific applications or impose additional usage restrictions before allowing mobile device connections to a system. Adequate security for mobile devices goes beyond the requirements specified in AC-19. Many safeguards for mobile devices are reflected in other controls. AC-20 addresses mobile devices that are not organization-controlled.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1557 Adversary-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1070.008 Clear Mailbox Data
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication