Home
Mapping Frameworks
NIST 800-53 Home
Continuous Monitoring

NIST 800-53 CA-07 Mappings

Continuous monitoring at the system level facilitates ongoing awareness of the system security and privacy posture to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and monitor their controls and risks at a frequency sufficient to support risk-based decisions. Different types of controls may require different monitoring frequencies. The results of continuous monitoring generate risk response actions by organizations. When monitoring the effectiveness of multiple controls that have been grouped into capabilities, a root-cause analysis may be needed to determine the specific control that has failed. Continuous monitoring programs allow organizations to maintain the authorizations of systems and common controls in highly dynamic environments of operation with changing mission and business needs, threats, vulnerabilities, and technologies. Having access to security and privacy information on a continuing basis through reports and dashboards gives organizational officials the ability to make effective and timely risk management decisions, including ongoing authorization decisions.

Automation supports more frequent updates to hardware, software, and firmware inventories, authorization packages, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of systems. Monitoring requirements, including the need for specific monitoring, may be referenced in other controls and control enhancements, such as AC-02g, AC-02(07), AC-02(12)(a), AC-02(07)(b), AC-02(07)(c), AC-17(01), AT-04a, AU-13, AU-13(01), AU-13(02), CM-03f, CM-06d, CM-11c, IR-05, MA-02b, MA-03a, MA-04a, PE-03d, PE-06, PE-14b, PE-16, PE-20, PM-06, PM-23, PM-31, PS-07e, SA-09c, SR-04, SC-05(03)(b), SC-07a, SC-07(24)(b), SC-18b, SC-43b, and SI-04.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
CA-07	Continuous Monitoring	Protects	T1001	Data Obfuscation
CA-07	Continuous Monitoring	Protects	T1001.001	Junk Data
CA-07	Continuous Monitoring	Protects	T1001.002	Steganography
CA-07	Continuous Monitoring	Protects	T1001.003	Protocol Impersonation
CA-07	Continuous Monitoring	Protects	T1003	OS Credential Dumping
CA-07	Continuous Monitoring	Protects	T1003.003	NTDS
CA-07	Continuous Monitoring	Protects	T1003.004	LSA Secrets
CA-07	Continuous Monitoring	Protects	T1003.005	Cached Domain Credentials
CA-07	Continuous Monitoring	Protects	T1003.006	DCSync
CA-07	Continuous Monitoring	Protects	T1003.008	/etc/passwd and /etc/shadow
CA-07	Continuous Monitoring	Protects	T1008	Fallback Channels
CA-07	Continuous Monitoring	Protects	T1021.005	VNC
CA-07	Continuous Monitoring	Protects	T1029	Scheduled Transfer
CA-07	Continuous Monitoring	Protects	T1030	Data Transfer Size Limits
CA-07	Continuous Monitoring	Protects	T1036.003	Rename System Utilities
CA-07	Continuous Monitoring	Protects	T1036.007	Double File Extension
CA-07	Continuous Monitoring	Protects	T1037.002	Login Hook
CA-07	Continuous Monitoring	Protects	T1037.003	Network Logon Script
CA-07	Continuous Monitoring	Protects	T1037.004	RC Scripts
CA-07	Continuous Monitoring	Protects	T1037.005	Startup Items
CA-07	Continuous Monitoring	Protects	T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CA-07	Continuous Monitoring	Protects	T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-07	Continuous Monitoring	Protects	T1052	Exfiltration Over Physical Medium
CA-07	Continuous Monitoring	Protects	T1052.001	Exfiltration over USB
CA-07	Continuous Monitoring	Protects	T1055.009	Proc Memory
CA-07	Continuous Monitoring	Protects	T1056.002	GUI Input Capture
CA-07	Continuous Monitoring	Protects	T1059	Command and Scripting Interpreter
CA-07	Continuous Monitoring	Protects	T1059.005	Visual Basic
CA-07	Continuous Monitoring	Protects	T1059.007	JavaScript
CA-07	Continuous Monitoring	Protects	T1070.002	Clear Linux or Mac System Logs
CA-07	Continuous Monitoring	Protects	T1071.003	Mail Protocols
CA-07	Continuous Monitoring	Protects	T1071.004	DNS
CA-07	Continuous Monitoring	Protects	T1078.001	Default Accounts
CA-07	Continuous Monitoring	Protects	T1078.003	Local Accounts
CA-07	Continuous Monitoring	Protects	T1090	Proxy
CA-07	Continuous Monitoring	Protects	T1090.001	Internal Proxy
CA-07	Continuous Monitoring	Protects	T1090.002	External Proxy
CA-07	Continuous Monitoring	Protects	T1090.003	Multi-hop Proxy
CA-07	Continuous Monitoring	Protects	T1102	Web Service
CA-07	Continuous Monitoring	Protects	T1102.001	Dead Drop Resolver
CA-07	Continuous Monitoring	Protects	T1102.002	Bidirectional Communication
CA-07	Continuous Monitoring	Protects	T1102.003	One-Way Communication
CA-07	Continuous Monitoring	Protects	T1104	Multi-Stage Channels
CA-07	Continuous Monitoring	Protects	T1110.001	Password Guessing
CA-07	Continuous Monitoring	Protects	T1110.002	Password Cracking
CA-07	Continuous Monitoring	Protects	T1110.003	Password Spraying
CA-07	Continuous Monitoring	Protects	T1110.004	Credential Stuffing
CA-07	Continuous Monitoring	Protects	T1132.002	Non-Standard Encoding
CA-07	Continuous Monitoring	Protects	T1176	Browser Extensions
CA-07	Continuous Monitoring	Protects	T1185	Browser Session Hijacking
CA-07	Continuous Monitoring	Protects	T1195.001	Compromise Software Dependencies and Development Tools
CA-07	Continuous Monitoring	Protects	T1195.002	Compromise Software Supply Chain
CA-07	Continuous Monitoring	Protects	T1201	Password Policy Discovery
CA-07	Continuous Monitoring	Protects	T1203	Exploitation for Client Execution
CA-07	Continuous Monitoring	Protects	T1204	User Execution
CA-07	Continuous Monitoring	Protects	T1204.001	Malicious Link
CA-07	Continuous Monitoring	Protects	T1204.002	Malicious File
CA-07	Continuous Monitoring	Protects	T1204.003	Malicious Image
CA-07	Continuous Monitoring	Protects	T1205	Traffic Signaling
CA-07	Continuous Monitoring	Protects	T1205.001	Port Knocking
CA-07	Continuous Monitoring	Protects	T1210	Exploitation of Remote Services
CA-07	Continuous Monitoring	Protects	T1213	Data from Information Repositories
CA-07	Continuous Monitoring	Protects	T1213.001	Confluence
CA-07	Continuous Monitoring	Protects	T1213.002	Sharepoint
CA-07	Continuous Monitoring	Protects	T1213.003	Code Repositories
CA-07	Continuous Monitoring	Protects	T1218	System Binary Proxy Execution
CA-07	Continuous Monitoring	Protects	T1218.002	Control Panel
CA-07	Continuous Monitoring	Protects	T1218.010	Regsvr32
CA-07	Continuous Monitoring	Protects	T1218.011	Rundll32
CA-07	Continuous Monitoring	Protects	T1218.012	Verclsid
CA-07	Continuous Monitoring	Protects	T1221	Template Injection
CA-07	Continuous Monitoring	Protects	T1222	File and Directory Permissions Modification
CA-07	Continuous Monitoring	Protects	T1222.001	Windows File and Directory Permissions Modification
CA-07	Continuous Monitoring	Protects	T1222.002	Linux and Mac File and Directory Permissions Modification
CA-07	Continuous Monitoring	Protects	T1489	Service Stop
CA-07	Continuous Monitoring	Protects	T1498	Network Denial of Service
CA-07	Continuous Monitoring	Protects	T1498.001	Direct Network Flood
CA-07	Continuous Monitoring	Protects	T1498.002	Reflection Amplification
CA-07	Continuous Monitoring	Protects	T1499.003	Application Exhaustion Flood
CA-07	Continuous Monitoring	Protects	T1499.004	Application or System Exploitation
CA-07	Continuous Monitoring	Protects	T1528	Steal Application Access Token
CA-07	Continuous Monitoring	Protects	T1537	Transfer Data to Cloud Account
CA-07	Continuous Monitoring	Protects	T1542.004	ROMMONkit
CA-07	Continuous Monitoring	Protects	T1542.005	TFTP Boot
CA-07	Continuous Monitoring	Protects	T1543	Create or Modify System Process
CA-07	Continuous Monitoring	Protects	T1546.003	Windows Management Instrumentation Event Subscription
CA-07	Continuous Monitoring	Protects	T1546.004	Unix Shell Configuration Modification
CA-07	Continuous Monitoring	Protects	T1546.013	PowerShell Profile
CA-07	Continuous Monitoring	Protects	T1546.016	Installer Packages
CA-07	Continuous Monitoring	Protects	T1547.003	Time Providers
CA-07	Continuous Monitoring	Protects	T1548.003	Sudo and Sudo Caching
CA-07	Continuous Monitoring	Protects	T1550.003	Pass the Ticket
CA-07	Continuous Monitoring	Protects	T1553.003	SIP and Trust Provider Hijacking
CA-07	Continuous Monitoring	Protects	T1555.001	Keychain
CA-07	Continuous Monitoring	Protects	T1555.002	Securityd Memory
CA-07	Continuous Monitoring	Protects	T1556.001	Domain Controller Authentication
CA-07	Continuous Monitoring	Protects	T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay
CA-07	Continuous Monitoring	Protects	T1557.002	ARP Cache Poisoning
CA-07	Continuous Monitoring	Protects	T1557.003	DHCP Spoofing
CA-07	Continuous Monitoring	Protects	T1558	Steal or Forge Kerberos Tickets
CA-07	Continuous Monitoring	Protects	T1558.002	Silver Ticket
CA-07	Continuous Monitoring	Protects	T1558.003	Kerberoasting
CA-07	Continuous Monitoring	Protects	T1558.004	AS-REP Roasting
CA-07	Continuous Monitoring	Protects	T1563.001	SSH Hijacking
CA-07	Continuous Monitoring	Protects	T1564.004	NTFS File Attributes
CA-07	Continuous Monitoring	Protects	T1564.010	Process Argument Spoofing
CA-07	Continuous Monitoring	Protects	T1565	Data Manipulation
CA-07	Continuous Monitoring	Protects	T1565.001	Stored Data Manipulation
CA-07	Continuous Monitoring	Protects	T1565.003	Runtime Data Manipulation
CA-07	Continuous Monitoring	Protects	T1566.001	Spearphishing Attachment
CA-07	Continuous Monitoring	Protects	T1566.003	Spearphishing via Service
CA-07	Continuous Monitoring	Protects	T1568	Dynamic Resolution
CA-07	Continuous Monitoring	Protects	T1568.002	Domain Generation Algorithms
CA-07	Continuous Monitoring	Protects	T1569	System Services
CA-07	Continuous Monitoring	Protects	T1572	Protocol Tunneling
CA-07	Continuous Monitoring	Protects	T1573	Encrypted Channel
CA-07	Continuous Monitoring	Protects	T1573.001	Symmetric Cryptography
CA-07	Continuous Monitoring	Protects	T1573.002	Asymmetric Cryptography
CA-07	Continuous Monitoring	Protects	T1574	Hijack Execution Flow
CA-07	Continuous Monitoring	Protects	T1574.004	Dylib Hijacking
CA-07	Continuous Monitoring	Protects	T1574.008	Path Interception by Search Order Hijacking
CA-07	Continuous Monitoring	Protects	T1574.009	Path Interception by Unquoted Path
CA-07	Continuous Monitoring	Protects	T1574.013	KernelCallbackTable
CA-07	Continuous Monitoring	Protects	T1598.001	Spearphishing Service
CA-07	Continuous Monitoring	Protects	T1598.002	Spearphishing Attachment
CA-07	Continuous Monitoring	Protects	T1599	Network Boundary Bridging
CA-07	Continuous Monitoring	Protects	T1599.001	Network Address Translation Traversal
CA-07	Continuous Monitoring	Protects	T1602	Data from Configuration Repository
CA-07	Continuous Monitoring	Protects	T1602.001	SNMP (MIB Dump)
CA-07	Continuous Monitoring	Protects	T1602.002	Network Device Configuration Dump
CA-07	Continuous Monitoring	Protects	T1622	Debugger Evasion
CA-07	Continuous Monitoring	Protects	T1647	Plist File Modification
CA-07	Continuous Monitoring	Protects	T1598.003	Spearphishing Link
CA-07	Continuous Monitoring	Protects	T1598	Phishing for Information
CA-07	Continuous Monitoring	Protects	T1574.007	Path Interception by PATH Environment Variable
CA-07	Continuous Monitoring	Protects	T1571	Non-Standard Port
CA-07	Continuous Monitoring	Protects	T1570	Lateral Tool Transfer
CA-07	Continuous Monitoring	Protects	T1566.002	Spearphishing Link
CA-07	Continuous Monitoring	Protects	T1566	Phishing
CA-07	Continuous Monitoring	Protects	T1562.006	Indicator Blocking
CA-07	Continuous Monitoring	Protects	T1562.002	Disable Windows Event Logging
CA-07	Continuous Monitoring	Protects	T1562.001	Disable or Modify Tools
CA-07	Continuous Monitoring	Protects	T1557	Adversary-in-the-Middle
CA-07	Continuous Monitoring	Protects	T1552.004	Private Keys
CA-07	Continuous Monitoring	Protects	T1547.013	XDG Autostart Entries
CA-07	Continuous Monitoring	Protects	T1543.002	Systemd Service
CA-07	Continuous Monitoring	Protects	T1530	Data from Cloud Storage
CA-07	Continuous Monitoring	Protects	T1219	Remote Access Software
CA-07	Continuous Monitoring	Protects	T1211	Exploitation for Defense Evasion
CA-07	Continuous Monitoring	Protects	T1190	Exploit Public-Facing Application
CA-07	Continuous Monitoring	Protects	T1189	Drive-by Compromise
CA-07	Continuous Monitoring	Protects	T1111	Multi-Factor Authentication Interception
CA-07	Continuous Monitoring	Protects	T1105	Ingress Tool Transfer
CA-07	Continuous Monitoring	Protects	T1095	Non-Application Layer Protocol
CA-07	Continuous Monitoring	Protects	T1070.009	Clear Persistence
CA-07	Continuous Monitoring	Protects	T1070.001	Clear Windows Event Logs
CA-07	Continuous Monitoring	Protects	T1552.002	Credentials in Registry
CA-07	Continuous Monitoring	Protects	T1552.001	Credentials In Files
CA-07	Continuous Monitoring	Protects	T1499.002	Service Exhaustion Flood
CA-07	Continuous Monitoring	Protects	T1499.001	OS Exhaustion Flood
CA-07	Continuous Monitoring	Protects	T1499	Endpoint Denial of Service
CA-07	Continuous Monitoring	Protects	T1197	BITS Jobs
CA-07	Continuous Monitoring	Protects	T1195	Supply Chain Compromise
CA-07	Continuous Monitoring	Protects	T1187	Forced Authentication
CA-07	Continuous Monitoring	Protects	T1132	Data Encoding
CA-07	Continuous Monitoring	Protects	T1110	Brute Force
CA-07	Continuous Monitoring	Protects	T1070.003	Clear Command History
CA-07	Continuous Monitoring	Protects	T1046	Network Service Discovery
CA-07	Continuous Monitoring	Protects	T1041	Exfiltration Over C2 Channel
CA-07	Continuous Monitoring	Protects	T1037	Boot or Logon Initialization Scripts
CA-07	Continuous Monitoring	Protects	T1068	Exploitation for Privilege Escalation
CA-07	Continuous Monitoring	Protects	T1070	Indicator Removal
CA-07	Continuous Monitoring	Protects	T1003.001	LSASS Memory
CA-07	Continuous Monitoring	Protects	T1003.002	Security Account Manager
CA-07	Continuous Monitoring	Protects	T1021.002	SMB/Windows Admin Shares
CA-07	Continuous Monitoring	Protects	T1036.005	Match Legitimate Name or Location
CA-07	Continuous Monitoring	Protects	T1567	Exfiltration Over Web Service
CA-07	Continuous Monitoring	Protects	T1569.002	Service Execution
CA-07	Continuous Monitoring	Protects	T1562.004	Disable or Modify System Firewall
CA-07	Continuous Monitoring	Protects	T1556	Modify Authentication Process
CA-07	Continuous Monitoring	Protects	T1552	Unsecured Credentials
CA-07	Continuous Monitoring	Protects	T1548	Abuse Elevation Control Mechanism
CA-07	Continuous Monitoring	Protects	T1070.008	Clear Mailbox Data
CA-07	Continuous Monitoring	Protects	T1048	Exfiltration Over Alternative Protocol
CA-07	Continuous Monitoring	Protects	T1562	Impair Defenses
CA-07	Continuous Monitoring	Protects	T1555	Credentials from Password Stores
CA-07	Continuous Monitoring	Protects	T1552.005	Cloud Instance Metadata API
CA-07	Continuous Monitoring	Protects	T1212	Exploitation for Credential Access
CA-07	Continuous Monitoring	Protects	T1078	Valid Accounts
CA-07	Continuous Monitoring	Protects	T1078.004	Cloud Accounts
CA-07	Continuous Monitoring	Protects	T1072	Software Deployment Tools
CA-07	Continuous Monitoring	Protects	T1036	Masquerading
CA-07	Continuous Monitoring	Protects	T1003.007	Proc Filesystem
CA-07	Continuous Monitoring	Protects	T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol
CA-07	Continuous Monitoring	Protects	T1053.006	Systemd Timers
CA-07	Continuous Monitoring	Protects	T1070.007	Clear Network Connection History and Configurations
CA-07	Continuous Monitoring	Protects	T1071	Application Layer Protocol
CA-07	Continuous Monitoring	Protects	T1071.001	Web Protocols
CA-07	Continuous Monitoring	Protects	T1071.002	File Transfer Protocols
CA-07	Continuous Monitoring	Protects	T1080	Taint Shared Content
CA-07	Continuous Monitoring	Protects	T1132.001	Standard Encoding
CA-07	Continuous Monitoring	Protects	T1539	Steal Web Session Cookie