NIST 800-53 CM-07 Mappings

Systems provide a wide variety of functions and services. Some of the functions and services routinely provided by default may not be necessary to support essential organizational missions, functions, or operations. Additionally, it is sometimes convenient to provide multiple services from a single system component, but doing so increases risk over limiting the services provided by that single component. Where feasible, organizations limit component functionality to a single function per component. Organizations consider removing unused or unnecessary software and disabling unused or unnecessary physical and logical ports and protocols to prevent unauthorized connection of components, transfer of information, and tunneling. Organizations employ network scanning tools, intrusion detection and prevention systems, and end-point protection technologies, such as firewalls and host-based intrusion detection systems, to identify and prevent the use of prohibited functions, protocols, ports, and services. Least functionality can also be achieved as part of the fundamental design and development of the system (see SA-08, SC-02, and SC-03).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-07 Least Functionality Protects T1003 OS Credential Dumping
CM-07 Least Functionality Protects T1003.005 Cached Domain Credentials
CM-07 Least Functionality Protects T1008 Fallback Channels
CM-07 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-07 Least Functionality Protects T1021.005 VNC
CM-07 Least Functionality Protects T1036.007 Double File Extension
CM-07 Least Functionality Protects T1037.001 Logon Script (Windows)
CM-07 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1052 Exfiltration Over Physical Medium
CM-07 Least Functionality Protects T1052.001 Exfiltration over USB
CM-07 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-07 Least Functionality Protects T1059.005 Visual Basic
CM-07 Least Functionality Protects T1059.007 JavaScript
CM-07 Least Functionality Protects T1071.003 Mail Protocols
CM-07 Least Functionality Protects T1071.004 DNS
CM-07 Least Functionality Protects T1087.001 Local Account
CM-07 Least Functionality Protects T1090 Proxy
CM-07 Least Functionality Protects T1090.001 Internal Proxy
CM-07 Least Functionality Protects T1090.002 External Proxy
CM-07 Least Functionality Protects T1090.003 Multi-hop Proxy
CM-07 Least Functionality Protects T1092 Communication Through Removable Media
CM-07 Least Functionality Protects T1102 Web Service
CM-07 Least Functionality Protects T1102.001 Dead Drop Resolver
CM-07 Least Functionality Protects T1102.002 Bidirectional Communication
CM-07 Least Functionality Protects T1102.003 One-Way Communication
CM-07 Least Functionality Protects T1104 Multi-Stage Channels
CM-07 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-07 Least Functionality Protects T1136.002 Domain Account
CM-07 Least Functionality Protects T1176 Browser Extensions
CM-07 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-07 Least Functionality Protects T1195.002 Compromise Software Supply Chain
CM-07 Least Functionality Protects T1199 Trusted Relationship
CM-07 Least Functionality Protects T1204 User Execution
CM-07 Least Functionality Protects T1204.001 Malicious Link
CM-07 Least Functionality Protects T1204.002 Malicious File
CM-07 Least Functionality Protects T1204.003 Malicious Image
CM-07 Least Functionality Protects T1205 Traffic Signaling
CM-07 Least Functionality Protects T1205.001 Port Knocking
CM-07 Least Functionality Protects T1210 Exploitation of Remote Services
CM-07 Least Functionality Protects T1213 Data from Information Repositories
CM-07 Least Functionality Protects T1213.001 Confluence
CM-07 Least Functionality Protects T1213.002 Sharepoint
CM-07 Least Functionality Protects T1216 System Script Proxy Execution
CM-07 Least Functionality Protects T1216.001 PubPrn
CM-07 Least Functionality Protects T1218 System Binary Proxy Execution
CM-07 Least Functionality Protects T1218.001 Compiled HTML File
CM-07 Least Functionality Protects T1218.002 Control Panel
CM-07 Least Functionality Protects T1218.003 CMSTP
CM-07 Least Functionality Protects T1218.004 InstallUtil
CM-07 Least Functionality Protects T1218.005 Mshta
CM-07 Least Functionality Protects T1218.007 Msiexec
CM-07 Least Functionality Protects T1218.008 Odbcconf
CM-07 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-07 Least Functionality Protects T1218.012 Verclsid
CM-07 Least Functionality Protects T1218.013 Mavinject
CM-07 Least Functionality Protects T1218.014 MMC
CM-07 Least Functionality Protects T1220 XSL Script Processing
CM-07 Least Functionality Protects T1221 Template Injection
CM-07 Least Functionality Protects T1482 Domain Trust Discovery
CM-07 Least Functionality Protects T1484 Domain Policy Modification
CM-07 Least Functionality Protects T1489 Service Stop
CM-07 Least Functionality Protects T1498 Network Denial of Service
CM-07 Least Functionality Protects T1498.001 Direct Network Flood
CM-07 Least Functionality Protects T1498.002 Reflection Amplification
CM-07 Least Functionality Protects T1499.003 Application Exhaustion Flood
CM-07 Least Functionality Protects T1499.004 Application or System Exploitation
CM-07 Least Functionality Protects T1505.004 IIS Components
CM-07 Least Functionality Protects T1525 Implant Internal Image
CM-07 Least Functionality Protects T1537 Transfer Data to Cloud Account
CM-07 Least Functionality Protects T1542.004 ROMMONkit
CM-07 Least Functionality Protects T1542.005 TFTP Boot
CM-07 Least Functionality Protects T1543 Create or Modify System Process
CM-07 Least Functionality Protects T1546.002 Screensaver
CM-07 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-07 Least Functionality Protects T1546.008 Accessibility Features
CM-07 Least Functionality Protects T1546.009 AppCert DLLs
CM-07 Least Functionality Protects T1546.010 AppInit DLLs
CM-07 Least Functionality Protects T1547.004 Winlogon Helper DLL
CM-07 Least Functionality Protects T1547.006 Kernel Modules and Extensions
CM-07 Least Functionality Protects T1547.007 Re-opened Applications
CM-07 Least Functionality Protects T1548.003 Sudo and Sudo Caching
CM-07 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-07 Least Functionality Protects T1552.003 Bash History
CM-07 Least Functionality Protects T1552.007 Container API
CM-07 Least Functionality Protects T1553 Subvert Trust Controls
CM-07 Least Functionality Protects T1553.001 Gatekeeper Bypass
CM-07 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
CM-07 Least Functionality Protects T1553.004 Install Root Certificate
CM-07 Least Functionality Protects T1553.006 Code Signing Policy Modification
CM-07 Least Functionality Protects T1555.004 Windows Credential Manager
CM-07 Least Functionality Protects T1556.002 Password Filter DLL
CM-07 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-07 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-07 Least Functionality Protects T1557.003 DHCP Spoofing
CM-07 Least Functionality Protects T1559 Inter-Process Communication
CM-07 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-07 Least Functionality Protects T1559.003 XPC Services
CM-07 Least Functionality Protects T1562.003 Impair Command History Logging
CM-07 Least Functionality Protects T1562.009 Safe Mode Boot
CM-07 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-07 Least Functionality Protects T1563.001 SSH Hijacking
CM-07 Least Functionality Protects T1563.002 RDP Hijacking
CM-07 Least Functionality Protects T1564.002 Hidden Users
CM-07 Least Functionality Protects T1564.003 Hidden Window
CM-07 Least Functionality Protects T1564.006 Run Virtual Instance
CM-07 Least Functionality Protects T1564.009 Resource Forking
CM-07 Least Functionality Protects T1565 Data Manipulation
CM-07 Least Functionality Protects T1565.003 Runtime Data Manipulation
CM-07 Least Functionality Protects T1569 System Services
CM-07 Least Functionality Protects T1572 Protocol Tunneling
CM-07 Least Functionality Protects T1573 Encrypted Channel
CM-07 Least Functionality Protects T1573.001 Symmetric Cryptography
CM-07 Least Functionality Protects T1573.002 Asymmetric Cryptography
CM-07 Least Functionality Protects T1574 Hijack Execution Flow
CM-07 Least Functionality Protects T1574.001 DLL Search Order Hijacking
CM-07 Least Functionality Protects T1574.006 Dynamic Linker Hijacking
CM-07 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-07 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-07 Least Functionality Protects T1574.012 COR_PROFILER
CM-07 Least Functionality Protects T1599 Network Boundary Bridging
CM-07 Least Functionality Protects T1599.001 Network Address Translation Traversal
CM-07 Least Functionality Protects T1601 Modify System Image
CM-07 Least Functionality Protects T1601.001 Patch System Image
CM-07 Least Functionality Protects T1601.002 Downgrade System Image
CM-07 Least Functionality Protects T1602 Data from Configuration Repository
CM-07 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-07 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-07 Least Functionality Protects T1610 Deploy Container
CM-07 Least Functionality Protects T1613 Container and Resource Discovery
CM-07 Least Functionality Protects T1622 Debugger Evasion
CM-07 Least Functionality Protects T1647 Plist File Modification
CM-07 Least Functionality Protects T1648 Serverless Execution
CM-07 Least Functionality Protects T1612 Build Image on Host
CM-07 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-07 Least Functionality Protects T1571 Non-Standard Port
CM-07 Least Functionality Protects T1570 Lateral Tool Transfer
CM-07 Least Functionality Protects T1564.008 Email Hiding Rules
CM-07 Least Functionality Protects T1562.006 Indicator Blocking
CM-07 Least Functionality Protects T1562.002 Disable Windows Event Logging
CM-07 Least Functionality Protects T1562.001 Disable or Modify Tools
CM-07 Least Functionality Protects T1557 Adversary-in-the-Middle
CM-07 Least Functionality Protects T1553.005 Mark-of-the-Web Bypass
CM-07 Least Functionality Protects T1548.001 Setuid and Setgid
CM-07 Least Functionality Protects T1530 Data from Cloud Storage
CM-07 Least Functionality Protects T1219 Remote Access Software
CM-07 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-07 Least Functionality Protects T1129 Shared Modules
CM-07 Least Functionality Protects T1105 Ingress Tool Transfer
CM-07 Least Functionality Protects T1098.001 Additional Cloud Credentials
CM-07 Least Functionality Protects T1095 Non-Application Layer Protocol
CM-07 Least Functionality Protects T1087 Account Discovery
CM-07 Least Functionality Protects T1499.002 Service Exhaustion Flood
CM-07 Least Functionality Protects T1499.001 OS Exhaustion Flood
CM-07 Least Functionality Protects T1499 Endpoint Denial of Service
CM-07 Least Functionality Protects T1197 BITS Jobs
CM-07 Least Functionality Protects T1195 Supply Chain Compromise
CM-07 Least Functionality Protects T1187 Forced Authentication
CM-07 Least Functionality Protects T1136 Create Account
CM-07 Least Functionality Protects T1135 Network Share Discovery
CM-07 Least Functionality Protects T1046 Network Service Discovery
CM-07 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
CM-07 Least Functionality Protects T1068 Exploitation for Privilege Escalation
CM-07 Least Functionality Protects T1053 Scheduled Task/Job
CM-07 Least Functionality Protects T1133 External Remote Services
CM-07 Least Functionality Protects T1003.001 LSASS Memory
CM-07 Least Functionality Protects T1003.002 Security Account Manager
CM-07 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-07 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
CM-07 Least Functionality Protects T1021.006 Windows Remote Management
CM-07 Least Functionality Protects T1036.005 Match Legitimate Name or Location
CM-07 Least Functionality Protects T1047 Windows Management Instrumentation
CM-07 Least Functionality Protects T1053.002 At
CM-07 Least Functionality Protects T1053.005 Scheduled Task
CM-07 Least Functionality Protects T1569.002 Service Execution
CM-07 Least Functionality Protects T1611 Escape to Host
CM-07 Least Functionality Protects T1609 Container Administration Command
CM-07 Least Functionality Protects T1562.010 Downgrade Attack
CM-07 Least Functionality Protects T1562.004 Disable or Modify System Firewall
CM-07 Least Functionality Protects T1556 Modify Authentication Process
CM-07 Least Functionality Protects T1552 Unsecured Credentials
CM-07 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-07 Least Functionality Protects T1490 Inhibit System Recovery
CM-07 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
CM-07 Least Functionality Protects T1556.008 Network Provider DLL
CM-07 Least Functionality Protects T1555.006 Cloud Secrets Management Stores
CM-07 Least Functionality Protects T1059.009 Cloud API
CM-07 Least Functionality Protects T1036.008 Masquerade File Type
CM-07 Least Functionality Protects T1021.008 Direct Cloud VM Connections
CM-07 Least Functionality Protects T1562 Impair Defenses
CM-07 Least Functionality Protects T1552.005 Cloud Instance Metadata API
CM-07 Least Functionality Protects T1078 Valid Accounts
CM-07 Least Functionality Protects T1078.004 Cloud Accounts
CM-07 Least Functionality Protects T1072 Software Deployment Tools
CM-07 Least Functionality Protects T1040 Network Sniffing
CM-07 Least Functionality Protects T1036 Masquerading
CM-07 Least Functionality Protects T1027 Obfuscated Files or Information
CM-07 Least Functionality Protects T1021 Remote Services
CM-07 Least Functionality Protects T1653 Power Settings
CM-07 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
CM-07 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-07 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1071 Application Layer Protocol
CM-07 Least Functionality Protects T1071.001 Web Protocols
CM-07 Least Functionality Protects T1071.002 File Transfer Protocols
CM-07 Least Functionality Protects T1080 Taint Shared Content
CM-07 Least Functionality Protects T1087.002 Domain Account
CM-07 Least Functionality Protects T1098 Account Manipulation
CM-07 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-07 Least Functionality Protects T1106 Native API
CM-07 Least Functionality Protects T1112 Modify Registry
CM-07 Least Functionality Protects T1136.003 Cloud Account