NIST 800-53 SR-04 Mappings

Every system and system component has a point of origin and may be changed throughout its existence. Provenance is the chronology of the origin, development, ownership, location, and changes to a system or system component and associated data. It may also include personnel and processes used to interact with or make modifications to the system, component, or associated data. Organizations consider developing procedures (see SR-01) for allocating responsibilities for the creation, maintenance, and monitoring of provenance for systems and system components; transferring provenance documentation and responsibility between organizations; and preventing and monitoring for unauthorized changes to the provenance records. Organizations have methods to document, monitor, and maintain valid provenance baselines for systems, system components, and related data. These actions help track, assess, and document any changes to the provenance, including changes in supply chain elements or configuration, and help ensure non-repudiation of provenance information and the provenance change records. Provenance considerations are addressed throughout the system development life cycle and incorporated into contracts and other arrangements, as appropriate.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SR-04 Provenance Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SR-04 Provenance Protects T1052 Exfiltration Over Physical Medium
SR-04 Provenance Protects T1052.001 Exfiltration over USB
SR-04 Provenance Protects T1059.002 AppleScript
SR-04 Provenance Protects T1204.003 Malicious Image
SR-04 Provenance Protects T1505 Server Software Component
SR-04 Provenance Protects T1505.001 SQL Stored Procedures
SR-04 Provenance Protects T1505.002 Transport Agent
SR-04 Provenance Protects T1505.004 IIS Components
SR-04 Provenance Protects T1546.006 LC_LOAD_DYLIB Addition
SR-04 Provenance Protects T1601 Modify System Image
SR-04 Provenance Protects T1601.001 Patch System Image
SR-04 Provenance Protects T1601.002 Downgrade System Image
SR-04 Provenance Protects T1554 Compromise Client Software Binary
SR-04 Provenance Protects T1041 Exfiltration Over C2 Channel
SR-04 Provenance Protects T1567 Exfiltration Over Web Service
SR-04 Provenance Protects T1048 Exfiltration Over Alternative Protocol
SR-04 Provenance Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol