NIST 800-53 SC-23 Mappings

Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information. Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-23 Session Authenticity Protects T1071.003 Mail Protocols
SC-23 Session Authenticity Protects T1071.004 DNS
SC-23 Session Authenticity Protects T1185 Browser Session Hijacking
SC-23 Session Authenticity Protects T1535 Unused/Unsupported Cloud Regions
SC-23 Session Authenticity Protects T1550.004 Web Session Cookie
SC-23 Session Authenticity Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-23 Session Authenticity Protects T1557.002 ARP Cache Poisoning
SC-23 Session Authenticity Protects T1557.003 DHCP Spoofing
SC-23 Session Authenticity Protects T1562.009 Safe Mode Boot
SC-23 Session Authenticity Protects T1563.001 SSH Hijacking
SC-23 Session Authenticity Protects T1573 Encrypted Channel
SC-23 Session Authenticity Protects T1573.001 Symmetric Cryptography
SC-23 Session Authenticity Protects T1573.002 Asymmetric Cryptography
SC-23 Session Authenticity Protects T1622 Debugger Evasion
SC-23 Session Authenticity Protects T1562.006 Indicator Blocking
SC-23 Session Authenticity Protects T1557 Adversary-in-the-Middle
SC-23 Session Authenticity Protects T1071 Application Layer Protocol
SC-23 Session Authenticity Protects T1071.001 Web Protocols
SC-23 Session Authenticity Protects T1071.002 File Transfer Protocols