|
AC-04
|
Information Flow Enforcement
| Protects |
T1001
|
Data Obfuscation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001
|
Data Obfuscation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001
|
Data Obfuscation
|
|
CM-06
|
Configuration Settings
| Protects |
T1001
|
Data Obfuscation
|
|
SC-07
|
Boundary Protection
| Protects |
T1001
|
Data Obfuscation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001
|
Data Obfuscation
|
|
SI-04
|
System Monitoring
| Protects |
T1001
|
Data Obfuscation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.001
|
Junk Data
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.001
|
Junk Data
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.001
|
Junk Data
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.001
|
Junk Data
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.001
|
Junk Data
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.001
|
Junk Data
|
|
SI-04
|
System Monitoring
| Protects |
T1001.001
|
Junk Data
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.002
|
Steganography
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.002
|
Steganography
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.002
|
Steganography
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.002
|
Steganography
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.002
|
Steganography
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.002
|
Steganography
|
|
SI-04
|
System Monitoring
| Protects |
T1001.002
|
Steganography
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1001.003
|
Protocol Impersonation
|
|
CM-06
|
Configuration Settings
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SC-07
|
Boundary Protection
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1001.003
|
Protocol Impersonation
|
|
SI-04
|
System Monitoring
| Protects |
T1001.003
|
Protocol Impersonation
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-02
|
Account Management
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-03
|
Access Enforcement
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-05
|
Separation of Duties
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-06
|
Least Privilege
| Protects |
T1003
|
OS Credential Dumping
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-06
|
Configuration Settings
| Protects |
T1003
|
OS Credential Dumping
|
|
CM-07
|
Least Functionality
| Protects |
T1003
|
OS Credential Dumping
|
|
CP-09
|
System Backup
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-04
|
Identifier Management
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-05
|
Authenticator Management
| Protects |
T1003
|
OS Credential Dumping
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003
|
OS Credential Dumping
|
|
SC-39
|
Process Isolation
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-12
|
Information Management and Retention
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-02
|
Flaw Remediation
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-04
|
System Monitoring
| Protects |
T1003
|
OS Credential Dumping
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1003
|
OS Credential Dumping
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1003.003
|
NTDS
|
|
AC-02
|
Account Management
| Protects |
T1003.003
|
NTDS
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.003
|
NTDS
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.003
|
NTDS
|
|
AC-06
|
Least Privilege
| Protects |
T1003.003
|
NTDS
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.003
|
NTDS
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.003
|
NTDS
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.003
|
NTDS
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.003
|
NTDS
|
|
CP-09
|
System Backup
| Protects |
T1003.003
|
NTDS
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.003
|
NTDS
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.003
|
NTDS
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.003
|
NTDS
|
|
SC-39
|
Process Isolation
| Protects |
T1003.003
|
NTDS
|
|
SI-12
|
Information Management and Retention
| Protects |
T1003.003
|
NTDS
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.003
|
NTDS
|
|
SI-04
|
System Monitoring
| Protects |
T1003.003
|
NTDS
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1003.003
|
NTDS
|
|
AC-02
|
Account Management
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-06
|
Least Privilege
| Protects |
T1003.004
|
LSA Secrets
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.004
|
LSA Secrets
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.004
|
LSA Secrets
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.004
|
LSA Secrets
|
|
SC-39
|
Process Isolation
| Protects |
T1003.004
|
LSA Secrets
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.004
|
LSA Secrets
|
|
SI-04
|
System Monitoring
| Protects |
T1003.004
|
LSA Secrets
|
|
AC-02
|
Account Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-06
|
Least Privilege
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
CM-07
|
Least Functionality
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-04
|
Identifier Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SC-39
|
Process Isolation
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
SI-04
|
System Monitoring
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
AC-02
|
Account Management
| Protects |
T1003.006
|
DCSync
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.006
|
DCSync
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003.006
|
DCSync
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.006
|
DCSync
|
|
AC-06
|
Least Privilege
| Protects |
T1003.006
|
DCSync
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.006
|
DCSync
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.006
|
DCSync
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.006
|
DCSync
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.006
|
DCSync
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.006
|
DCSync
|
|
IA-04
|
Identifier Management
| Protects |
T1003.006
|
DCSync
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.006
|
DCSync
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.006
|
DCSync
|
|
SC-39
|
Process Isolation
| Protects |
T1003.006
|
DCSync
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.006
|
DCSync
|
|
SI-04
|
System Monitoring
| Protects |
T1003.006
|
DCSync
|
|
AC-02
|
Account Management
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-06
|
Least Privilege
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SC-39
|
Process Isolation
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
SI-04
|
System Monitoring
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1008
|
Fallback Channels
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1008
|
Fallback Channels
|
|
CM-02
|
Baseline Configuration
| Protects |
T1008
|
Fallback Channels
|
|
CM-06
|
Configuration Settings
| Protects |
T1008
|
Fallback Channels
|
|
CM-07
|
Least Functionality
| Protects |
T1008
|
Fallback Channels
|
|
SC-07
|
Boundary Protection
| Protects |
T1008
|
Fallback Channels
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1008
|
Fallback Channels
|
|
SI-04
|
System Monitoring
| Protects |
T1008
|
Fallback Channels
|
|
AC-17
|
Remote Access
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-02
|
Account Management
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-06
|
Least Privilege
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-07
|
Least Functionality
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-18
|
Mobile Code
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-03
|
Security Function Isolation
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
SI-04
|
System Monitoring
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
AC-17
|
Remote Access
| Protects |
T1021.004
|
SSH
|
|
AC-02
|
Account Management
| Protects |
T1021.004
|
SSH
|
|
AC-20
|
Use of External Systems
| Protects |
T1021.004
|
SSH
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.004
|
SSH
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.004
|
SSH
|
|
AC-06
|
Least Privilege
| Protects |
T1021.004
|
SSH
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1021.004
|
SSH
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.004
|
SSH
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.004
|
SSH
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.004
|
SSH
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.004
|
SSH
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.004
|
SSH
|
|
IA-05
|
Authenticator Management
| Protects |
T1021.004
|
SSH
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.004
|
SSH
|
|
SI-04
|
System Monitoring
| Protects |
T1021.004
|
SSH
|
|
AC-17
|
Remote Access
| Protects |
T1021.005
|
VNC
|
|
AC-02
|
Account Management
| Protects |
T1021.005
|
VNC
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.005
|
VNC
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.005
|
VNC
|
|
AC-06
|
Least Privilege
| Protects |
T1021.005
|
VNC
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1021.005
|
VNC
|
|
CA-08
|
Penetration Testing
| Protects |
T1021.005
|
VNC
|
|
CM-11
|
User-installed Software
| Protects |
T1021.005
|
VNC
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.005
|
VNC
|
|
CM-03
|
Configuration Change Control
| Protects |
T1021.005
|
VNC
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.005
|
VNC
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.005
|
VNC
|
|
CM-07
|
Least Functionality
| Protects |
T1021.005
|
VNC
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.005
|
VNC
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.005
|
VNC
|
|
IA-04
|
Identifier Management
| Protects |
T1021.005
|
VNC
|
|
IA-06
|
Authentication Feedback
| Protects |
T1021.005
|
VNC
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.005
|
VNC
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.005
|
VNC
|
|
SI-10
|
Information Input Validation
| Protects |
T1021.005
|
VNC
|
|
SI-15
|
Information Output Filtering
| Protects |
T1021.005
|
VNC
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1021.005
|
VNC
|
|
SI-04
|
System Monitoring
| Protects |
T1021.005
|
VNC
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1025
|
Data from Removable Media
|
|
AC-02
|
Account Management
| Protects |
T1025
|
Data from Removable Media
|
|
AC-23
|
Data Mining Protection
| Protects |
T1025
|
Data from Removable Media
|
|
AC-03
|
Access Enforcement
| Protects |
T1025
|
Data from Removable Media
|
|
AC-06
|
Least Privilege
| Protects |
T1025
|
Data from Removable Media
|
|
CM-12
|
Information Location
| Protects |
T1025
|
Data from Removable Media
|
|
CP-09
|
System Backup
| Protects |
T1025
|
Data from Removable Media
|
|
MP-07
|
Media Use
| Protects |
T1025
|
Data from Removable Media
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1025
|
Data from Removable Media
|
|
SC-13
|
Cryptographic Protection
| Protects |
T1025
|
Data from Removable Media
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1025
|
Data from Removable Media
|
|
SC-38
|
Operations Security
| Protects |
T1025
|
Data from Removable Media
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1025
|
Data from Removable Media
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1025
|
Data from Removable Media
|
|
SI-04
|
System Monitoring
| Protects |
T1025
|
Data from Removable Media
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.002
|
Software Packing
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.002
|
Software Packing
|
|
SI-04
|
System Monitoring
| Protects |
T1027.002
|
Software Packing
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.002
|
Software Packing
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-04
|
System Monitoring
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.007
|
Dynamic API Resolution
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-04
|
System Monitoring
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.008
|
Stripped Payloads
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-04
|
System Monitoring
| Protects |
T1027.009
|
Embedded Payloads
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027.009
|
Embedded Payloads
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1029
|
Scheduled Transfer
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1029
|
Scheduled Transfer
|
|
CM-02
|
Baseline Configuration
| Protects |
T1029
|
Scheduled Transfer
|
|
CM-06
|
Configuration Settings
| Protects |
T1029
|
Scheduled Transfer
|
|
SC-07
|
Boundary Protection
| Protects |
T1029
|
Scheduled Transfer
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1029
|
Scheduled Transfer
|
|
SI-04
|
System Monitoring
| Protects |
T1029
|
Scheduled Transfer
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-02
|
Baseline Configuration
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-06
|
Configuration Settings
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SC-07
|
Boundary Protection
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1030
|
Data Transfer Size Limits
|
|
SI-04
|
System Monitoring
| Protects |
T1030
|
Data Transfer Size Limits
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.001
|
Invalid Code Signature
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.001
|
Invalid Code Signature
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1036.001
|
Invalid Code Signature
|
|
SI-04
|
System Monitoring
| Protects |
T1036.001
|
Invalid Code Signature
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1036.001
|
Invalid Code Signature
|
|
AC-02
|
Account Management
| Protects |
T1036.003
|
Rename System Utilities
|
|
AC-03
|
Access Enforcement
| Protects |
T1036.003
|
Rename System Utilities
|
|
AC-06
|
Least Privilege
| Protects |
T1036.003
|
Rename System Utilities
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036.003
|
Rename System Utilities
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.003
|
Rename System Utilities
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.003
|
Rename System Utilities
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1036.003
|
Rename System Utilities
|
|
SI-04
|
System Monitoring
| Protects |
T1036.003
|
Rename System Utilities
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036.007
|
Double File Extension
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.007
|
Double File Extension
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.007
|
Double File Extension
|
|
CM-07
|
Least Functionality
| Protects |
T1036.007
|
Double File Extension
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1036.007
|
Double File Extension
|
|
SI-04
|
System Monitoring
| Protects |
T1036.007
|
Double File Extension
|
|
AC-17
|
Remote Access
| Protects |
T1037.001
|
Logon Script (Windows)
|
|
CM-07
|
Least Functionality
| Protects |
T1037.001
|
Logon Script (Windows)
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.002
|
Login Hook
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.002
|
Login Hook
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.002
|
Login Hook
|
|
SI-04
|
System Monitoring
| Protects |
T1037.002
|
Login Hook
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.002
|
Login Hook
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.002
|
Login Hook
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.002
|
Login Hook
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.003
|
Network Logon Script
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.003
|
Network Logon Script
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.003
|
Network Logon Script
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-04
|
System Monitoring
| Protects |
T1037.003
|
Network Logon Script
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.003
|
Network Logon Script
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.004
|
RC Scripts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.004
|
RC Scripts
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.004
|
RC Scripts
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.004
|
RC Scripts
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.004
|
RC Scripts
|
|
SI-04
|
System Monitoring
| Protects |
T1037.004
|
RC Scripts
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.004
|
RC Scripts
|
|
AC-03
|
Access Enforcement
| Protects |
T1037.005
|
Startup Items
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037.005
|
Startup Items
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037.005
|
Startup Items
|
|
CM-06
|
Configuration Settings
| Protects |
T1037.005
|
Startup Items
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037.005
|
Startup Items
|
|
SI-04
|
System Monitoring
| Protects |
T1037.005
|
Startup Items
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037.005
|
Startup Items
|
|
AC-03
|
Access Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-02
|
Account Management
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-20
|
Use of External Systems
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-23
|
Data Mining Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-03
|
Access Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-06
|
Least Privilege
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-03
|
Information Exchange
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SR-04
|
Provenance
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-02
|
Account Management
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-20
|
Use of External Systems
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-23
|
Data Mining Protection
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-03
|
Access Enforcement
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-06
|
Least Privilege
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-02
|
Baseline Configuration
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-06
|
Configuration Settings
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-07
|
Least Functionality
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
CM-08
|
System Component Inventory
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
MP-07
|
Media Use
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SI-04
|
System Monitoring
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SR-04
|
Provenance
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-02
|
Account Management
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-20
|
Use of External Systems
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-23
|
Data Mining Protection
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-03
|
Access Enforcement
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-06
|
Least Privilege
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-02
|
Baseline Configuration
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-06
|
Configuration Settings
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-07
|
Least Functionality
| Protects |
T1052.001
|
Exfiltration over USB
|
|
CM-08
|
System Component Inventory
| Protects |
T1052.001
|
Exfiltration over USB
|
|
MP-07
|
Media Use
| Protects |
T1052.001
|
Exfiltration over USB
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SI-04
|
System Monitoring
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SR-04
|
Provenance
| Protects |
T1052.001
|
Exfiltration over USB
|
|
AC-02
|
Account Management
| Protects |
T1053.003
|
Cron
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.003
|
Cron
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.003
|
Cron
|
|
AC-06
|
Least Privilege
| Protects |
T1053.003
|
Cron
|
|
CA-08
|
Penetration Testing
| Protects |
T1053.003
|
Cron
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.003
|
Cron
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.003
|
Cron
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.003
|
Cron
|
|
SI-04
|
System Monitoring
| Protects |
T1053.003
|
Cron
|
|
AC-02
|
Account Management
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-06
|
Least Privilege
| Protects |
T1053.007
|
Container Orchestration Job
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
AC-02
|
Account Management
| Protects |
T1055
|
Process Injection
|
|
AC-03
|
Access Enforcement
| Protects |
T1055
|
Process Injection
|
|
AC-05
|
Separation of Duties
| Protects |
T1055
|
Process Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055
|
Process Injection
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1055
|
Process Injection
|
|
CM-06
|
Configuration Settings
| Protects |
T1055
|
Process Injection
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1055
|
Process Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055
|
Process Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055
|
Process Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055
|
Process Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055
|
Process Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055
|
Process Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.001
|
Dynamic-link Library Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.002
|
Portable Executable Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.002
|
Portable Executable Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SC-18
|
Mobile Code
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1055.003
|
Thread Execution Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SC-18
|
Mobile Code
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
SI-04
|
System Monitoring
| Protects |
T1055.004
|
Asynchronous Procedure Call
|
|
AC-06
|
Least Privilege
| Protects |
T1055.005
|
Thread Local Storage
|
|
SC-18
|
Mobile Code
| Protects |
T1055.005
|
Thread Local Storage
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.005
|
Thread Local Storage
|
|
SI-04
|
System Monitoring
| Protects |
T1055.005
|
Thread Local Storage
|
|
AC-02
|
Account Management
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-03
|
Access Enforcement
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-05
|
Separation of Duties
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-06
|
Least Privilege
| Protects |
T1055.008
|
Ptrace System Calls
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1055.008
|
Ptrace System Calls
|
|
CM-06
|
Configuration Settings
| Protects |
T1055.008
|
Ptrace System Calls
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SC-18
|
Mobile Code
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.008
|
Ptrace System Calls
|
|
SI-04
|
System Monitoring
| Protects |
T1055.008
|
Ptrace System Calls
|
|
AC-03
|
Access Enforcement
| Protects |
T1055.009
|
Proc Memory
|
|
AC-06
|
Least Privilege
| Protects |
T1055.009
|
Proc Memory
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1055.009
|
Proc Memory
|
|
SC-18
|
Mobile Code
| Protects |
T1055.009
|
Proc Memory
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-16
|
Memory Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.009
|
Proc Memory
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.009
|
Proc Memory
|
|
SI-04
|
System Monitoring
| Protects |
T1055.009
|
Proc Memory
|
|
AC-06
|
Least Privilege
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SC-18
|
Mobile Code
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1055.011
|
Extra Window Memory Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SC-18
|
Mobile Code
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.013
|
Process Doppelgänging
|
|
SI-04
|
System Monitoring
| Protects |
T1055.013
|
Process Doppelgänging
|
|
AC-06
|
Least Privilege
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SC-18
|
Mobile Code
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1055.014
|
VDSO Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.015
|
ListPlanting
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-04
|
System Monitoring
| Protects |
T1056.002
|
GUI Input Capture
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1056.002
|
GUI Input Capture
|
|
AC-02
|
Account Management
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-03
|
Access Enforcement
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-05
|
Separation of Duties
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-06
|
Least Privilege
| Protects |
T1056.003
|
Web Portal Capture
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1056.003
|
Web Portal Capture
|
|
CM-06
|
Configuration Settings
| Protects |
T1056.003
|
Web Portal Capture
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1056.003
|
Web Portal Capture
|
|
AC-17
|
Remote Access
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-02
|
Account Management
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-03
|
Access Enforcement
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-05
|
Separation of Duties
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-06
|
Least Privilege
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CA-08
|
Penetration Testing
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-11
|
User-installed Software
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-06
|
Configuration Settings
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-07
|
Least Functionality
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
CM-08
|
System Component Inventory
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SC-18
|
Mobile Code
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-10
|
Information Input Validation
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-16
|
Memory Protection
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-02
|
Flaw Remediation
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-04
|
System Monitoring
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
AC-17
|
Remote Access
| Protects |
T1059.001
|
PowerShell
|
|
AC-02
|
Account Management
| Protects |
T1059.001
|
PowerShell
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.001
|
PowerShell
|
|
AC-05
|
Separation of Duties
| Protects |
T1059.001
|
PowerShell
|
|
AC-06
|
Least Privilege
| Protects |
T1059.001
|
PowerShell
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.001
|
PowerShell
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1059.001
|
PowerShell
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.001
|
PowerShell
|
|
CM-08
|
System Component Inventory
| Protects |
T1059.001
|
PowerShell
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1059.001
|
PowerShell
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059.001
|
PowerShell
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1059.001
|
PowerShell
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.001
|
PowerShell
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.001
|
PowerShell
|
|
SI-16
|
Memory Protection
| Protects |
T1059.001
|
PowerShell
|
|
SI-02
|
Flaw Remediation
| Protects |
T1059.001
|
PowerShell
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.001
|
PowerShell
|
|
SI-04
|
System Monitoring
| Protects |
T1059.001
|
PowerShell
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.001
|
PowerShell
|
|
AC-17
|
Remote Access
| Protects |
T1059.002
|
AppleScript
|
|
AC-02
|
Account Management
| Protects |
T1059.002
|
AppleScript
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.002
|
AppleScript
|
|
AC-06
|
Least Privilege
| Protects |
T1059.002
|
AppleScript
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.002
|
AppleScript
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.002
|
AppleScript
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1059.002
|
AppleScript
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.002
|
AppleScript
|
|
SI-16
|
Memory Protection
| Protects |
T1059.002
|
AppleScript
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.002
|
AppleScript
|
|
SI-04
|
System Monitoring
| Protects |
T1059.002
|
AppleScript
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.002
|
AppleScript
|
|
SR-11
|
Component Authenticity
| Protects |
T1059.002
|
AppleScript
|
|
SR-04
|
Provenance
| Protects |
T1059.002
|
AppleScript
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1059.002
|
AppleScript
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1059.002
|
AppleScript
|
|
AC-17
|
Remote Access
| Protects |
T1059.003
|
Windows Command Shell
|
|
AC-02
|
Account Management
| Protects |
T1059.003
|
Windows Command Shell
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.003
|
Windows Command Shell
|
|
AC-06
|
Least Privilege
| Protects |
T1059.003
|
Windows Command Shell
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.003
|
Windows Command Shell
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.003
|
Windows Command Shell
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.003
|
Windows Command Shell
|
|
SI-16
|
Memory Protection
| Protects |
T1059.003
|
Windows Command Shell
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.003
|
Windows Command Shell
|
|
SI-04
|
System Monitoring
| Protects |
T1059.003
|
Windows Command Shell
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.003
|
Windows Command Shell
|
|
AC-17
|
Remote Access
| Protects |
T1059.004
|
Unix Shell
|
|
AC-02
|
Account Management
| Protects |
T1059.004
|
Unix Shell
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.004
|
Unix Shell
|
|
AC-06
|
Least Privilege
| Protects |
T1059.004
|
Unix Shell
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.004
|
Unix Shell
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.004
|
Unix Shell
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.004
|
Unix Shell
|
|
SI-16
|
Memory Protection
| Protects |
T1059.004
|
Unix Shell
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.004
|
Unix Shell
|
|
SI-04
|
System Monitoring
| Protects |
T1059.004
|
Unix Shell
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.004
|
Unix Shell
|
|
AC-17
|
Remote Access
| Protects |
T1059.005
|
Visual Basic
|
|
AC-02
|
Account Management
| Protects |
T1059.005
|
Visual Basic
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.005
|
Visual Basic
|
|
AC-06
|
Least Privilege
| Protects |
T1059.005
|
Visual Basic
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1059.005
|
Visual Basic
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.005
|
Visual Basic
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.005
|
Visual Basic
|
|
CM-07
|
Least Functionality
| Protects |
T1059.005
|
Visual Basic
|
|
CM-08
|
System Component Inventory
| Protects |
T1059.005
|
Visual Basic
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.005
|
Visual Basic
|
|
SC-18
|
Mobile Code
| Protects |
T1059.005
|
Visual Basic
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.005
|
Visual Basic
|
|
SI-16
|
Memory Protection
| Protects |
T1059.005
|
Visual Basic
|
|
SI-02
|
Flaw Remediation
| Protects |
T1059.005
|
Visual Basic
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.005
|
Visual Basic
|
|
SI-04
|
System Monitoring
| Protects |
T1059.005
|
Visual Basic
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.005
|
Visual Basic
|
|
AC-17
|
Remote Access
| Protects |
T1059.006
|
Python
|
|
AC-02
|
Account Management
| Protects |
T1059.006
|
Python
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.006
|
Python
|
|
AC-06
|
Least Privilege
| Protects |
T1059.006
|
Python
|
|
CM-11
|
User-installed Software
| Protects |
T1059.006
|
Python
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.006
|
Python
|
|
CM-03
|
Configuration Change Control
| Protects |
T1059.006
|
Python
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1059.006
|
Python
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.006
|
Python
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.006
|
Python
|
|
SI-16
|
Memory Protection
| Protects |
T1059.006
|
Python
|
|
SI-02
|
Flaw Remediation
| Protects |
T1059.006
|
Python
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.006
|
Python
|
|
SI-04
|
System Monitoring
| Protects |
T1059.006
|
Python
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.006
|
Python
|
|
AC-17
|
Remote Access
| Protects |
T1059.007
|
JavaScript
|
|
AC-02
|
Account Management
| Protects |
T1059.007
|
JavaScript
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.007
|
JavaScript
|
|
AC-06
|
Least Privilege
| Protects |
T1059.007
|
JavaScript
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1059.007
|
JavaScript
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.007
|
JavaScript
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.007
|
JavaScript
|
|
CM-07
|
Least Functionality
| Protects |
T1059.007
|
JavaScript
|
|
CM-08
|
System Component Inventory
| Protects |
T1059.007
|
JavaScript
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.007
|
JavaScript
|
|
SC-18
|
Mobile Code
| Protects |
T1059.007
|
JavaScript
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.007
|
JavaScript
|
|
SI-16
|
Memory Protection
| Protects |
T1059.007
|
JavaScript
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.007
|
JavaScript
|
|
SI-04
|
System Monitoring
| Protects |
T1059.007
|
JavaScript
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.007
|
JavaScript
|
|
AC-17
|
Remote Access
| Protects |
T1059.008
|
Network Device CLI
|
|
AC-02
|
Account Management
| Protects |
T1059.008
|
Network Device CLI
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.008
|
Network Device CLI
|
|
AC-05
|
Separation of Duties
| Protects |
T1059.008
|
Network Device CLI
|
|
AC-06
|
Least Privilege
| Protects |
T1059.008
|
Network Device CLI
|
|
CM-02
|
Baseline Configuration
| Protects |
T1059.008
|
Network Device CLI
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1059.008
|
Network Device CLI
|
|
CM-06
|
Configuration Settings
| Protects |
T1059.008
|
Network Device CLI
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1059.008
|
Network Device CLI
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059.008
|
Network Device CLI
|
|
SI-10
|
Information Input Validation
| Protects |
T1059.008
|
Network Device CLI
|
|
SI-16
|
Memory Protection
| Protects |
T1059.008
|
Network Device CLI
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1059.008
|
Network Device CLI
|
|
SI-04
|
System Monitoring
| Protects |
T1059.008
|
Network Device CLI
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1059.008
|
Network Device CLI
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-17
|
Remote Access
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-18
|
Wireless Access
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-02
|
Account Management
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-06
|
Least Privilege
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-09
|
System Backup
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SI-12
|
Information Management and Retention
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SI-23
|
Information Fragmentation
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SI-04
|
System Monitoring
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.002
|
Clear Linux or Mac System Logs
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1071.003
|
Mail Protocols
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1071.003
|
Mail Protocols
|
|
CM-02
|
Baseline Configuration
| Protects |
T1071.003
|
Mail Protocols
|
|
CM-06
|
Configuration Settings
| Protects |
T1071.003
|
Mail Protocols
|
|
CM-07
|
Least Functionality
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-10
|
Network Disconnect
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-23
|
Session Authenticity
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-37
|
Out-of-band Channels
| Protects |
T1071.003
|
Mail Protocols
|
|
SC-07
|
Boundary Protection
| Protects |
T1071.003
|
Mail Protocols
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1071.003
|
Mail Protocols
|
|
SI-04
|
System Monitoring
| Protects |
T1071.003
|
Mail Protocols
|
|
AC-03
|
Access Enforcement
| Protects |
T1071.004
|
DNS
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1071.004
|
DNS
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1071.004
|
DNS
|
|
CM-02
|
Baseline Configuration
| Protects |
T1071.004
|
DNS
|
|
CM-06
|
Configuration Settings
| Protects |
T1071.004
|
DNS
|
|
CM-07
|
Least Functionality
| Protects |
T1071.004
|
DNS
|
|
SC-10
|
Network Disconnect
| Protects |
T1071.004
|
DNS
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1071.004
|
DNS
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1071.004
|
DNS
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1071.004
|
DNS
|
|
SC-23
|
Session Authenticity
| Protects |
T1071.004
|
DNS
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1071.004
|
DNS
|
|
SC-37
|
Out-of-band Channels
| Protects |
T1071.004
|
DNS
|
|
SC-07
|
Boundary Protection
| Protects |
T1071.004
|
DNS
|
|
SI-10
|
Information Input Validation
| Protects |
T1071.004
|
DNS
|
|
SI-15
|
Information Output Filtering
| Protects |
T1071.004
|
DNS
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1071.004
|
DNS
|
|
SI-04
|
System Monitoring
| Protects |
T1071.004
|
DNS
|
|
AC-02
|
Account Management
| Protects |
T1078.001
|
Default Accounts
|
|
AC-05
|
Separation of Duties
| Protects |
T1078.001
|
Default Accounts
|
|
AC-06
|
Least Privilege
| Protects |
T1078.001
|
Default Accounts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1078.001
|
Default Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.001
|
Default Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.001
|
Default Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.001
|
Default Accounts
|
|
SA-16
|
Developer-provided Training
| Protects |
T1078.001
|
Default Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.001
|
Default Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.001
|
Default Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.001
|
Default Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.001
|
Default Accounts
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1078.001
|
Default Accounts
|
|
SI-04
|
System Monitoring
| Protects |
T1078.001
|
Default Accounts
|
|
AC-02
|
Account Management
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-20
|
Use of External Systems
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-03
|
Access Enforcement
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-05
|
Separation of Duties
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-06
|
Least Privilege
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1078.002
|
Domain Accounts
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1078.002
|
Domain Accounts
|
|
CM-06
|
Configuration Settings
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-05
|
Authenticator Management
| Protects |
T1078.002
|
Domain Accounts
|
|
SI-04
|
System Monitoring
| Protects |
T1078.002
|
Domain Accounts
|
|
AC-02
|
Account Management
| Protects |
T1078.003
|
Local Accounts
|
|
AC-03
|
Access Enforcement
| Protects |
T1078.003
|
Local Accounts
|
|
AC-05
|
Separation of Duties
| Protects |
T1078.003
|
Local Accounts
|
|
AC-06
|
Least Privilege
| Protects |
T1078.003
|
Local Accounts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1078.003
|
Local Accounts
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1078.003
|
Local Accounts
|
|
CM-06
|
Configuration Settings
| Protects |
T1078.003
|
Local Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.003
|
Local Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1078.003
|
Local Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.003
|
Local Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.003
|
Local Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.003
|
Local Accounts
|
|
SA-16
|
Developer-provided Training
| Protects |
T1078.003
|
Local Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.003
|
Local Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.003
|
Local Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.003
|
Local Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.003
|
Local Accounts
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1078.003
|
Local Accounts
|
|
SI-04
|
System Monitoring
| Protects |
T1078.003
|
Local Accounts
|
|
CM-06
|
Configuration Settings
| Protects |
T1087.001
|
Local Account
|
|
CM-07
|
Least Functionality
| Protects |
T1087.001
|
Local Account
|
|
SI-04
|
System Monitoring
| Protects |
T1087.001
|
Local Account
|
|
AC-02
|
Account Management
| Protects |
T1087.004
|
Cloud Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1087.004
|
Cloud Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1087.004
|
Cloud Account
|
|
AC-06
|
Least Privilege
| Protects |
T1087.004
|
Cloud Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1087.004
|
Cloud Account
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1087.004
|
Cloud Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1090
|
Proxy
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1090
|
Proxy
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1090
|
Proxy
|
|
CM-02
|
Baseline Configuration
| Protects |
T1090
|
Proxy
|
|
CM-06
|
Configuration Settings
| Protects |
T1090
|
Proxy
|
|
CM-07
|
Least Functionality
| Protects |
T1090
|
Proxy
|
|
SC-07
|
Boundary Protection
| Protects |
T1090
|
Proxy
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1090
|
Proxy
|
|
SI-10
|
Information Input Validation
| Protects |
T1090
|
Proxy
|
|
SI-15
|
Information Output Filtering
| Protects |
T1090
|
Proxy
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1090
|
Proxy
|
|
SI-04
|
System Monitoring
| Protects |
T1090
|
Proxy
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1090.001
|
Internal Proxy
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1090.001
|
Internal Proxy
|
|
CM-02
|
Baseline Configuration
| Protects |
T1090.001
|
Internal Proxy
|
|
CM-06
|
Configuration Settings
| Protects |
T1090.001
|
Internal Proxy
|
|
CM-07
|
Least Functionality
| Protects |
T1090.001
|
Internal Proxy
|
|
SC-07
|
Boundary Protection
| Protects |
T1090.001
|
Internal Proxy
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1090.001
|
Internal Proxy
|
|
SI-04
|
System Monitoring
| Protects |
T1090.001
|
Internal Proxy
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1090.002
|
External Proxy
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1090.002
|
External Proxy
|
|
CM-02
|
Baseline Configuration
| Protects |
T1090.002
|
External Proxy
|
|
CM-06
|
Configuration Settings
| Protects |
T1090.002
|
External Proxy
|
|
CM-07
|
Least Functionality
| Protects |
T1090.002
|
External Proxy
|
|
SC-07
|
Boundary Protection
| Protects |
T1090.002
|
External Proxy
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1090.002
|
External Proxy
|
|
SI-04
|
System Monitoring
| Protects |
T1090.002
|
External Proxy
|
|
AC-03
|
Access Enforcement
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
CM-06
|
Configuration Settings
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
CM-07
|
Least Functionality
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
SC-07
|
Boundary Protection
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
SI-10
|
Information Input Validation
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
SI-15
|
Information Output Filtering
| Protects |
T1090.003
|
Multi-hop Proxy
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1090.004
|
Domain Fronting
|
|
CM-02
|
Baseline Configuration
| Protects |
T1092
|
Communication Through Removable Media
|
|
CM-06
|
Configuration Settings
| Protects |
T1092
|
Communication Through Removable Media
|
|
CM-07
|
Least Functionality
| Protects |
T1092
|
Communication Through Removable Media
|
|
CM-08
|
System Component Inventory
| Protects |
T1092
|
Communication Through Removable Media
|
|
MP-07
|
Media Use
| Protects |
T1092
|
Communication Through Removable Media
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1092
|
Communication Through Removable Media
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1092
|
Communication Through Removable Media
|
|
SI-04
|
System Monitoring
| Protects |
T1092
|
Communication Through Removable Media
|
|
AC-02
|
Account Management
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
AC-05
|
Separation of Duties
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
AC-06
|
Least Privilege
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
CM-06
|
Configuration Settings
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
IA-05
|
Authenticator Management
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
SI-04
|
System Monitoring
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
AC-20
|
Use of External Systems
| Protects |
T1098.002
|
Additional Email Delegate Permissions
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1102
|
Web Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1102
|
Web Service
|
|
CM-02
|
Baseline Configuration
| Protects |
T1102
|
Web Service
|
|
CM-06
|
Configuration Settings
| Protects |
T1102
|
Web Service
|
|
CM-07
|
Least Functionality
| Protects |
T1102
|
Web Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1102
|
Web Service
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1102
|
Web Service
|
|
SI-04
|
System Monitoring
| Protects |
T1102
|
Web Service
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
CM-02
|
Baseline Configuration
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
CM-06
|
Configuration Settings
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
CM-07
|
Least Functionality
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
SC-07
|
Boundary Protection
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
SI-04
|
System Monitoring
| Protects |
T1102.001
|
Dead Drop Resolver
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1102.002
|
Bidirectional Communication
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1102.002
|
Bidirectional Communication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1102.002
|
Bidirectional Communication
|
|
CM-06
|
Configuration Settings
| Protects |
T1102.002
|
Bidirectional Communication
|
|
CM-07
|
Least Functionality
| Protects |
T1102.002
|
Bidirectional Communication
|
|
SC-07
|
Boundary Protection
| Protects |
T1102.002
|
Bidirectional Communication
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1102.002
|
Bidirectional Communication
|
|
SI-04
|
System Monitoring
| Protects |
T1102.002
|
Bidirectional Communication
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1102.003
|
One-Way Communication
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1102.003
|
One-Way Communication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1102.003
|
One-Way Communication
|
|
CM-06
|
Configuration Settings
| Protects |
T1102.003
|
One-Way Communication
|
|
CM-07
|
Least Functionality
| Protects |
T1102.003
|
One-Way Communication
|
|
SC-07
|
Boundary Protection
| Protects |
T1102.003
|
One-Way Communication
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1102.003
|
One-Way Communication
|
|
SI-04
|
System Monitoring
| Protects |
T1102.003
|
One-Way Communication
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1104
|
Multi-Stage Channels
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1104
|
Multi-Stage Channels
|
|
CM-02
|
Baseline Configuration
| Protects |
T1104
|
Multi-Stage Channels
|
|
CM-06
|
Configuration Settings
| Protects |
T1104
|
Multi-Stage Channels
|
|
CM-07
|
Least Functionality
| Protects |
T1104
|
Multi-Stage Channels
|
|
SC-07
|
Boundary Protection
| Protects |
T1104
|
Multi-Stage Channels
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1104
|
Multi-Stage Channels
|
|
SI-04
|
System Monitoring
| Protects |
T1104
|
Multi-Stage Channels
|
|
AC-02
|
Account Management
| Protects |
T1110.001
|
Password Guessing
|
|
AC-20
|
Use of External Systems
| Protects |
T1110.001
|
Password Guessing
|
|
AC-03
|
Access Enforcement
| Protects |
T1110.001
|
Password Guessing
|
|
AC-05
|
Separation of Duties
| Protects |
T1110.001
|
Password Guessing
|
|
AC-06
|
Least Privilege
| Protects |
T1110.001
|
Password Guessing
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1110.001
|
Password Guessing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1110.001
|
Password Guessing
|
|
CM-02
|
Baseline Configuration
| Protects |
T1110.001
|
Password Guessing
|
|
CM-06
|
Configuration Settings
| Protects |
T1110.001
|
Password Guessing
|
|
IA-11
|
Re-authentication
| Protects |
T1110.001
|
Password Guessing
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1110.001
|
Password Guessing
|
|
IA-04
|
Identifier Management
| Protects |
T1110.001
|
Password Guessing
|
|
IA-05
|
Authenticator Management
| Protects |
T1110.001
|
Password Guessing
|
|
SI-04
|
System Monitoring
| Protects |
T1110.001
|
Password Guessing
|
|
AC-02
|
Account Management
| Protects |
T1110.002
|
Password Cracking
|
|
AC-20
|
Use of External Systems
| Protects |
T1110.002
|
Password Cracking
|
|
AC-03
|
Access Enforcement
| Protects |
T1110.002
|
Password Cracking
|
|
AC-05
|
Separation of Duties
| Protects |
T1110.002
|
Password Cracking
|
|
AC-06
|
Least Privilege
| Protects |
T1110.002
|
Password Cracking
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1110.002
|
Password Cracking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1110.002
|
Password Cracking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1110.002
|
Password Cracking
|
|
CM-06
|
Configuration Settings
| Protects |
T1110.002
|
Password Cracking
|
|
IA-11
|
Re-authentication
| Protects |
T1110.002
|
Password Cracking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1110.002
|
Password Cracking
|
|
IA-04
|
Identifier Management
| Protects |
T1110.002
|
Password Cracking
|
|
IA-05
|
Authenticator Management
| Protects |
T1110.002
|
Password Cracking
|
|
SI-04
|
System Monitoring
| Protects |
T1110.002
|
Password Cracking
|
|
AC-02
|
Account Management
| Protects |
T1110.003
|
Password Spraying
|
|
AC-20
|
Use of External Systems
| Protects |
T1110.003
|
Password Spraying
|
|
AC-03
|
Access Enforcement
| Protects |
T1110.003
|
Password Spraying
|
|
AC-05
|
Separation of Duties
| Protects |
T1110.003
|
Password Spraying
|
|
AC-06
|
Least Privilege
| Protects |
T1110.003
|
Password Spraying
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1110.003
|
Password Spraying
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1110.003
|
Password Spraying
|
|
CM-02
|
Baseline Configuration
| Protects |
T1110.003
|
Password Spraying
|
|
CM-06
|
Configuration Settings
| Protects |
T1110.003
|
Password Spraying
|
|
IA-11
|
Re-authentication
| Protects |
T1110.003
|
Password Spraying
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1110.003
|
Password Spraying
|
|
IA-04
|
Identifier Management
| Protects |
T1110.003
|
Password Spraying
|
|
IA-05
|
Authenticator Management
| Protects |
T1110.003
|
Password Spraying
|
|
SI-04
|
System Monitoring
| Protects |
T1110.003
|
Password Spraying
|
|
AC-02
|
Account Management
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-20
|
Use of External Systems
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-03
|
Access Enforcement
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-05
|
Separation of Duties
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-06
|
Least Privilege
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1110.004
|
Credential Stuffing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1110.004
|
Credential Stuffing
|
|
CM-02
|
Baseline Configuration
| Protects |
T1110.004
|
Credential Stuffing
|
|
CM-06
|
Configuration Settings
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-11
|
Re-authentication
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-04
|
Identifier Management
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-05
|
Authenticator Management
| Protects |
T1110.004
|
Credential Stuffing
|
|
SI-04
|
System Monitoring
| Protects |
T1110.004
|
Credential Stuffing
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1114.001
|
Local Email Collection
|
|
AC-17
|
Remote Access
| Protects |
T1114.001
|
Local Email Collection
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1114.001
|
Local Email Collection
|
|
AC-20
|
Use of External Systems
| Protects |
T1114.001
|
Local Email Collection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1114.001
|
Local Email Collection
|
|
SI-12
|
Information Management and Retention
| Protects |
T1114.001
|
Local Email Collection
|
|
SI-04
|
System Monitoring
| Protects |
T1114.001
|
Local Email Collection
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1114.001
|
Local Email Collection
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1119
|
Automated Collection
|
|
AC-17
|
Remote Access
| Protects |
T1119
|
Automated Collection
|
|
AC-18
|
Wireless Access
| Protects |
T1119
|
Automated Collection
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1119
|
Automated Collection
|
|
AC-20
|
Use of External Systems
| Protects |
T1119
|
Automated Collection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1119
|
Automated Collection
|
|
CM-06
|
Configuration Settings
| Protects |
T1119
|
Automated Collection
|
|
CM-08
|
System Component Inventory
| Protects |
T1119
|
Automated Collection
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1119
|
Automated Collection
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1119
|
Automated Collection
|
|
CP-09
|
System Backup
| Protects |
T1119
|
Automated Collection
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1119
|
Automated Collection
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1119
|
Automated Collection
|
|
SI-12
|
Information Management and Retention
| Protects |
T1119
|
Automated Collection
|
|
SI-23
|
Information Fragmentation
| Protects |
T1119
|
Automated Collection
|
|
SI-04
|
System Monitoring
| Protects |
T1119
|
Automated Collection
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1119
|
Automated Collection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
CM-08
|
System Component Inventory
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
SI-10
|
Information Input Validation
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1127.001
|
MSBuild
|
|
CM-06
|
Configuration Settings
| Protects |
T1127.001
|
MSBuild
|
|
CM-08
|
System Component Inventory
| Protects |
T1127.001
|
MSBuild
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1127.001
|
MSBuild
|
|
SI-04
|
System Monitoring
| Protects |
T1127.001
|
MSBuild
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
CM-02
|
Baseline Configuration
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
CM-06
|
Configuration Settings
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
SC-07
|
Boundary Protection
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
SI-04
|
System Monitoring
| Protects |
T1132.002
|
Non-Standard Encoding
|
|
AC-20
|
Use of External Systems
| Protects |
T1134.005
|
SID-History Injection
|
|
AC-03
|
Access Enforcement
| Protects |
T1134.005
|
SID-History Injection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1134.005
|
SID-History Injection
|
|
AC-05
|
Separation of Duties
| Protects |
T1134.005
|
SID-History Injection
|
|
AC-06
|
Least Privilege
| Protects |
T1134.005
|
SID-History Injection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1134.005
|
SID-History Injection
|
|
CM-06
|
Configuration Settings
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-04
|
Acquisition Process
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1134.005
|
SID-History Injection
|
|
SC-03
|
Security Function Isolation
| Protects |
T1134.005
|
SID-History Injection
|
|
AC-02
|
Account Management
| Protects |
T1136.002
|
Domain Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1136.002
|
Domain Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1136.002
|
Domain Account
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1136.002
|
Domain Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1136.002
|
Domain Account
|
|
AC-06
|
Least Privilege
| Protects |
T1136.002
|
Domain Account
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1136.002
|
Domain Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1136.002
|
Domain Account
|
|
CM-07
|
Least Functionality
| Protects |
T1136.002
|
Domain Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1136.002
|
Domain Account
|
|
IA-05
|
Authenticator Management
| Protects |
T1136.002
|
Domain Account
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1136.002
|
Domain Account
|
|
SC-07
|
Boundary Protection
| Protects |
T1136.002
|
Domain Account
|
|
SI-04
|
System Monitoring
| Protects |
T1136.002
|
Domain Account
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1136.002
|
Domain Account
|
|
AC-10
|
Concurrent Session Control
| Protects |
T1137
|
Office Application Startup
|
|
AC-17
|
Remote Access
| Protects |
T1137
|
Office Application Startup
|
|
AC-06
|
Least Privilege
| Protects |
T1137
|
Office Application Startup
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137
|
Office Application Startup
|
|
CM-06
|
Configuration Settings
| Protects |
T1137
|
Office Application Startup
|
|
CM-08
|
System Component Inventory
| Protects |
T1137
|
Office Application Startup
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1137
|
Office Application Startup
|
|
SC-18
|
Mobile Code
| Protects |
T1137
|
Office Application Startup
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137
|
Office Application Startup
|
|
SI-02
|
Flaw Remediation
| Protects |
T1137
|
Office Application Startup
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1137
|
Office Application Startup
|
|
SI-04
|
System Monitoring
| Protects |
T1137
|
Office Application Startup
|
|
SI-08
|
Spam Protection
| Protects |
T1137
|
Office Application Startup
|
|
AC-06
|
Least Privilege
| Protects |
T1137.001
|
Office Template Macros
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.001
|
Office Template Macros
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.001
|
Office Template Macros
|
|
CM-08
|
System Component Inventory
| Protects |
T1137.001
|
Office Template Macros
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1137.001
|
Office Template Macros
|
|
SC-18
|
Mobile Code
| Protects |
T1137.001
|
Office Template Macros
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.001
|
Office Template Macros
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1137.001
|
Office Template Macros
|
|
SI-04
|
System Monitoring
| Protects |
T1137.001
|
Office Template Macros
|
|
SI-08
|
Spam Protection
| Protects |
T1137.001
|
Office Template Macros
|
|
AC-10
|
Concurrent Session Control
| Protects |
T1137.002
|
Office Test
|
|
AC-14
|
Permitted Actions Without Identification or Authentication
| Protects |
T1137.002
|
Office Test
|
|
AC-17
|
Remote Access
| Protects |
T1137.002
|
Office Test
|
|
AC-06
|
Least Privilege
| Protects |
T1137.002
|
Office Test
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.002
|
Office Test
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1137.002
|
Office Test
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.002
|
Office Test
|
|
SC-18
|
Mobile Code
| Protects |
T1137.002
|
Office Test
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.002
|
Office Test
|
|
SI-08
|
Spam Protection
| Protects |
T1137.002
|
Office Test
|
|
AC-06
|
Least Privilege
| Protects |
T1137.003
|
Outlook Forms
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.003
|
Outlook Forms
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.003
|
Outlook Forms
|
|
SC-18
|
Mobile Code
| Protects |
T1137.003
|
Outlook Forms
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.003
|
Outlook Forms
|
|
SI-02
|
Flaw Remediation
| Protects |
T1137.003
|
Outlook Forms
|
|
SI-08
|
Spam Protection
| Protects |
T1137.003
|
Outlook Forms
|
|
AC-06
|
Least Privilege
| Protects |
T1137.004
|
Outlook Home Page
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.004
|
Outlook Home Page
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.004
|
Outlook Home Page
|
|
SC-18
|
Mobile Code
| Protects |
T1137.004
|
Outlook Home Page
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.004
|
Outlook Home Page
|
|
SI-02
|
Flaw Remediation
| Protects |
T1137.004
|
Outlook Home Page
|
|
SI-08
|
Spam Protection
| Protects |
T1137.004
|
Outlook Home Page
|
|
AC-06
|
Least Privilege
| Protects |
T1137.005
|
Outlook Rules
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.005
|
Outlook Rules
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.005
|
Outlook Rules
|
|
SC-18
|
Mobile Code
| Protects |
T1137.005
|
Outlook Rules
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.005
|
Outlook Rules
|
|
SI-02
|
Flaw Remediation
| Protects |
T1137.005
|
Outlook Rules
|
|
SI-08
|
Spam Protection
| Protects |
T1137.005
|
Outlook Rules
|
|
AC-06
|
Least Privilege
| Protects |
T1137.006
|
Add-ins
|
|
CM-02
|
Baseline Configuration
| Protects |
T1137.006
|
Add-ins
|
|
CM-06
|
Configuration Settings
| Protects |
T1137.006
|
Add-ins
|
|
SC-18
|
Mobile Code
| Protects |
T1137.006
|
Add-ins
|
|
SC-44
|
Detonation Chambers
| Protects |
T1137.006
|
Add-ins
|
|
SI-08
|
Spam Protection
| Protects |
T1137.006
|
Add-ins
|
|
AC-06
|
Least Privilege
| Protects |
T1176
|
Browser Extensions
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1176
|
Browser Extensions
|
|
CA-08
|
Penetration Testing
| Protects |
T1176
|
Browser Extensions
|
|
CM-11
|
User-installed Software
| Protects |
T1176
|
Browser Extensions
|
|
CM-02
|
Baseline Configuration
| Protects |
T1176
|
Browser Extensions
|
|
CM-03
|
Configuration Change Control
| Protects |
T1176
|
Browser Extensions
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1176
|
Browser Extensions
|
|
CM-06
|
Configuration Settings
| Protects |
T1176
|
Browser Extensions
|
|
CM-07
|
Least Functionality
| Protects |
T1176
|
Browser Extensions
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1176
|
Browser Extensions
|
|
SC-07
|
Boundary Protection
| Protects |
T1176
|
Browser Extensions
|
|
SI-10
|
Information Input Validation
| Protects |
T1176
|
Browser Extensions
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1176
|
Browser Extensions
|
|
SI-04
|
System Monitoring
| Protects |
T1176
|
Browser Extensions
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1176
|
Browser Extensions
|
|
AC-10
|
Concurrent Session Control
| Protects |
T1185
|
Browser Session Hijacking
|
|
AC-12
|
Session Termination
| Protects |
T1185
|
Browser Session Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1185
|
Browser Session Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1185
|
Browser Session Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1185
|
Browser Session Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1185
|
Browser Session Hijacking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1185
|
Browser Session Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1185
|
Browser Session Hijacking
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1185
|
Browser Session Hijacking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1185
|
Browser Session Hijacking
|
|
SC-23
|
Session Authenticity
| Protects |
T1185
|
Browser Session Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1185
|
Browser Session Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1185
|
Browser Session Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1185
|
Browser Session Hijacking
|
|
CA-02
|
Control Assessments
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CM-11
|
User-installed Software
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CM-07
|
Least Functionality
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
RA-10
|
Threat Hunting
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SI-02
|
Flaw Remediation
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CA-02
|
Control Assessments
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
CM-11
|
User-installed Software
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
CM-07
|
Least Functionality
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
RA-10
|
Threat Hunting
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
SI-02
|
Flaw Remediation
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
CA-08
|
Penetration Testing
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
CM-03
|
Configuration Change Control
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
CM-08
|
System Component Inventory
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
RA-09
|
Criticality Analysis
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SI-02
|
Flaw Remediation
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
AC-03
|
Access Enforcement
| Protects |
T1199
|
Trusted Relationship
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1199
|
Trusted Relationship
|
|
AC-06
|
Least Privilege
| Protects |
T1199
|
Trusted Relationship
|
|
AC-08
|
System Use Notification
| Protects |
T1199
|
Trusted Relationship
|
|
CM-06
|
Configuration Settings
| Protects |
T1199
|
Trusted Relationship
|
|
CM-07
|
Least Functionality
| Protects |
T1199
|
Trusted Relationship
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1199
|
Trusted Relationship
|
|
SC-07
|
Boundary Protection
| Protects |
T1199
|
Trusted Relationship
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1201
|
Password Policy Discovery
|
|
CM-02
|
Baseline Configuration
| Protects |
T1201
|
Password Policy Discovery
|
|
CM-06
|
Configuration Settings
| Protects |
T1201
|
Password Policy Discovery
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1201
|
Password Policy Discovery
|
|
SI-04
|
System Monitoring
| Protects |
T1201
|
Password Policy Discovery
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1203
|
Exploitation for Client Execution
|
|
AC-06
|
Least Privilege
| Protects |
T1203
|
Exploitation for Client Execution
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1203
|
Exploitation for Client Execution
|
|
CM-08
|
System Component Inventory
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-18
|
Mobile Code
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-29
|
Heterogeneity
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-03
|
Security Function Isolation
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-39
|
Process Isolation
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-44
|
Detonation Chambers
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SC-07
|
Boundary Protection
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1203
|
Exploitation for Client Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1203
|
Exploitation for Client Execution
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1204
|
User Execution
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1204
|
User Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1204
|
User Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1204
|
User Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1204
|
User Execution
|
|
SC-44
|
Detonation Chambers
| Protects |
T1204
|
User Execution
|
|
SC-07
|
Boundary Protection
| Protects |
T1204
|
User Execution
|
|
SI-10
|
Information Input Validation
| Protects |
T1204
|
User Execution
|
|
SI-02
|
Flaw Remediation
| Protects |
T1204
|
User Execution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1204
|
User Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1204
|
User Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1204
|
User Execution
|
|
SI-08
|
Spam Protection
| Protects |
T1204
|
User Execution
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1204.001
|
Malicious Link
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1204.001
|
Malicious Link
|
|
CM-02
|
Baseline Configuration
| Protects |
T1204.001
|
Malicious Link
|
|
CM-06
|
Configuration Settings
| Protects |
T1204.001
|
Malicious Link
|
|
CM-07
|
Least Functionality
| Protects |
T1204.001
|
Malicious Link
|
|
SC-44
|
Detonation Chambers
| Protects |
T1204.001
|
Malicious Link
|
|
SC-07
|
Boundary Protection
| Protects |
T1204.001
|
Malicious Link
|
|
SI-02
|
Flaw Remediation
| Protects |
T1204.001
|
Malicious Link
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1204.001
|
Malicious Link
|
|
SI-04
|
System Monitoring
| Protects |
T1204.001
|
Malicious Link
|
|
SI-08
|
Spam Protection
| Protects |
T1204.001
|
Malicious Link
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1204.002
|
Malicious File
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1204.002
|
Malicious File
|
|
CM-02
|
Baseline Configuration
| Protects |
T1204.002
|
Malicious File
|
|
CM-06
|
Configuration Settings
| Protects |
T1204.002
|
Malicious File
|
|
CM-07
|
Least Functionality
| Protects |
T1204.002
|
Malicious File
|
|
SC-44
|
Detonation Chambers
| Protects |
T1204.002
|
Malicious File
|
|
SC-07
|
Boundary Protection
| Protects |
T1204.002
|
Malicious File
|
|
SI-10
|
Information Input Validation
| Protects |
T1204.002
|
Malicious File
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1204.002
|
Malicious File
|
|
SI-04
|
System Monitoring
| Protects |
T1204.002
|
Malicious File
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1204.002
|
Malicious File
|
|
SI-08
|
Spam Protection
| Protects |
T1204.002
|
Malicious File
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1204.003
|
Malicious Image
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1204.003
|
Malicious Image
|
|
CA-08
|
Penetration Testing
| Protects |
T1204.003
|
Malicious Image
|
|
CM-02
|
Baseline Configuration
| Protects |
T1204.003
|
Malicious Image
|
|
CM-06
|
Configuration Settings
| Protects |
T1204.003
|
Malicious Image
|
|
CM-07
|
Least Functionality
| Protects |
T1204.003
|
Malicious Image
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1204.003
|
Malicious Image
|
|
SC-44
|
Detonation Chambers
| Protects |
T1204.003
|
Malicious Image
|
|
SC-07
|
Boundary Protection
| Protects |
T1204.003
|
Malicious Image
|
|
SI-02
|
Flaw Remediation
| Protects |
T1204.003
|
Malicious Image
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1204.003
|
Malicious Image
|
|
SI-04
|
System Monitoring
| Protects |
T1204.003
|
Malicious Image
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1204.003
|
Malicious Image
|
|
SI-08
|
Spam Protection
| Protects |
T1204.003
|
Malicious Image
|
|
SR-11
|
Component Authenticity
| Protects |
T1204.003
|
Malicious Image
|
|
SR-04
|
Provenance
| Protects |
T1204.003
|
Malicious Image
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1204.003
|
Malicious Image
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1204.003
|
Malicious Image
|
|
AC-03
|
Access Enforcement
| Protects |
T1205
|
Traffic Signaling
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1205
|
Traffic Signaling
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1205
|
Traffic Signaling
|
|
CM-02
|
Baseline Configuration
| Protects |
T1205
|
Traffic Signaling
|
|
CM-06
|
Configuration Settings
| Protects |
T1205
|
Traffic Signaling
|
|
CM-07
|
Least Functionality
| Protects |
T1205
|
Traffic Signaling
|
|
SC-07
|
Boundary Protection
| Protects |
T1205
|
Traffic Signaling
|
|
SI-15
|
Information Output Filtering
| Protects |
T1205
|
Traffic Signaling
|
|
SI-04
|
System Monitoring
| Protects |
T1205
|
Traffic Signaling
|
|
AC-03
|
Access Enforcement
| Protects |
T1205.001
|
Port Knocking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1205.001
|
Port Knocking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1205.001
|
Port Knocking
|
|
CM-06
|
Configuration Settings
| Protects |
T1205.001
|
Port Knocking
|
|
CM-07
|
Least Functionality
| Protects |
T1205.001
|
Port Knocking
|
|
SC-07
|
Boundary Protection
| Protects |
T1205.001
|
Port Knocking
|
|
SI-15
|
Information Output Filtering
| Protects |
T1205.001
|
Port Knocking
|
|
SI-04
|
System Monitoring
| Protects |
T1205.001
|
Port Knocking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1205.002
|
Socket Filters
|
|
SI-04
|
System Monitoring
| Protects |
T1205.002
|
Socket Filters
|
|
AC-02
|
Account Management
| Protects |
T1210
|
Exploitation of Remote Services
|
|
AC-03
|
Access Enforcement
| Protects |
T1210
|
Exploitation of Remote Services
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1210
|
Exploitation of Remote Services
|
|
AC-05
|
Separation of Duties
| Protects |
T1210
|
Exploitation of Remote Services
|
|
AC-06
|
Least Privilege
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CA-02
|
Control Assessments
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CA-08
|
Penetration Testing
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CM-02
|
Baseline Configuration
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CM-06
|
Configuration Settings
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CM-07
|
Least Functionality
| Protects |
T1210
|
Exploitation of Remote Services
|
|
CM-08
|
System Component Inventory
| Protects |
T1210
|
Exploitation of Remote Services
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1210
|
Exploitation of Remote Services
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1210
|
Exploitation of Remote Services
|
|
RA-10
|
Threat Hunting
| Protects |
T1210
|
Exploitation of Remote Services
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-18
|
Mobile Code
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-26
|
Decoys
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-29
|
Heterogeneity
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-03
|
Security Function Isolation
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-35
|
External Malicious Code Identification
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-39
|
Process Isolation
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SC-07
|
Boundary Protection
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SI-02
|
Flaw Remediation
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SI-04
|
System Monitoring
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SI-05
|
Security Alerts, Advisories, and Directives
| Protects |
T1210
|
Exploitation of Remote Services
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1210
|
Exploitation of Remote Services
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-17
|
Remote Access
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-02
|
Account Management
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-21
|
Information Sharing
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-23
|
Data Mining Protection
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-03
|
Access Enforcement
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-05
|
Separation of Duties
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-06
|
Least Privilege
| Protects |
T1213
|
Data from Information Repositories
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1213
|
Data from Information Repositories
|
|
CA-08
|
Penetration Testing
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-02
|
Baseline Configuration
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-03
|
Configuration Change Control
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-06
|
Configuration Settings
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-07
|
Least Functionality
| Protects |
T1213
|
Data from Information Repositories
|
|
CM-08
|
System Component Inventory
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-04
|
Identifier Management
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213
|
Data from Information Repositories
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1213
|
Data from Information Repositories
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1213
|
Data from Information Repositories
|
|
SI-04
|
System Monitoring
| Protects |
T1213
|
Data from Information Repositories
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1213
|
Data from Information Repositories
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1213.001
|
Confluence
|
|
AC-17
|
Remote Access
| Protects |
T1213.001
|
Confluence
|
|
AC-02
|
Account Management
| Protects |
T1213.001
|
Confluence
|
|
AC-21
|
Information Sharing
| Protects |
T1213.001
|
Confluence
|
|
AC-23
|
Data Mining Protection
| Protects |
T1213.001
|
Confluence
|
|
AC-03
|
Access Enforcement
| Protects |
T1213.001
|
Confluence
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1213.001
|
Confluence
|
|
AC-05
|
Separation of Duties
| Protects |
T1213.001
|
Confluence
|
|
AC-06
|
Least Privilege
| Protects |
T1213.001
|
Confluence
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1213.001
|
Confluence
|
|
CA-08
|
Penetration Testing
| Protects |
T1213.001
|
Confluence
|
|
CM-02
|
Baseline Configuration
| Protects |
T1213.001
|
Confluence
|
|
CM-03
|
Configuration Change Control
| Protects |
T1213.001
|
Confluence
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1213.001
|
Confluence
|
|
CM-06
|
Configuration Settings
| Protects |
T1213.001
|
Confluence
|
|
CM-07
|
Least Functionality
| Protects |
T1213.001
|
Confluence
|
|
CM-08
|
System Component Inventory
| Protects |
T1213.001
|
Confluence
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1213.001
|
Confluence
|
|
IA-04
|
Identifier Management
| Protects |
T1213.001
|
Confluence
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213.001
|
Confluence
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.001
|
Confluence
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1213.001
|
Confluence
|
|
SI-04
|
System Monitoring
| Protects |
T1213.001
|
Confluence
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1213.001
|
Confluence
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1213.002
|
Sharepoint
|
|
AC-17
|
Remote Access
| Protects |
T1213.002
|
Sharepoint
|
|
AC-02
|
Account Management
| Protects |
T1213.002
|
Sharepoint
|
|
AC-21
|
Information Sharing
| Protects |
T1213.002
|
Sharepoint
|
|
AC-23
|
Data Mining Protection
| Protects |
T1213.002
|
Sharepoint
|
|
AC-03
|
Access Enforcement
| Protects |
T1213.002
|
Sharepoint
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1213.002
|
Sharepoint
|
|
AC-05
|
Separation of Duties
| Protects |
T1213.002
|
Sharepoint
|
|
AC-06
|
Least Privilege
| Protects |
T1213.002
|
Sharepoint
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1213.002
|
Sharepoint
|
|
CA-08
|
Penetration Testing
| Protects |
T1213.002
|
Sharepoint
|
|
CM-02
|
Baseline Configuration
| Protects |
T1213.002
|
Sharepoint
|
|
CM-03
|
Configuration Change Control
| Protects |
T1213.002
|
Sharepoint
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1213.002
|
Sharepoint
|
|
CM-06
|
Configuration Settings
| Protects |
T1213.002
|
Sharepoint
|
|
CM-07
|
Least Functionality
| Protects |
T1213.002
|
Sharepoint
|
|
CM-08
|
System Component Inventory
| Protects |
T1213.002
|
Sharepoint
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1213.002
|
Sharepoint
|
|
IA-04
|
Identifier Management
| Protects |
T1213.002
|
Sharepoint
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213.002
|
Sharepoint
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.002
|
Sharepoint
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1213.002
|
Sharepoint
|
|
SI-04
|
System Monitoring
| Protects |
T1213.002
|
Sharepoint
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1213.002
|
Sharepoint
|
|
AC-02
|
Account Management
| Protects |
T1213.003
|
Code Repositories
|
|
AC-03
|
Access Enforcement
| Protects |
T1213.003
|
Code Repositories
|
|
AC-05
|
Separation of Duties
| Protects |
T1213.003
|
Code Repositories
|
|
AC-06
|
Least Privilege
| Protects |
T1213.003
|
Code Repositories
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1213.003
|
Code Repositories
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1213.003
|
Code Repositories
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1213.003
|
Code Repositories
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.003
|
Code Repositories
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1213.003
|
Code Repositories
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1213.003
|
Code Repositories
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1213.003
|
Code Repositories
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1213.003
|
Code Repositories
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1213.003
|
Code Repositories
|
|
SI-02
|
Flaw Remediation
| Protects |
T1213.003
|
Code Repositories
|
|
CM-02
|
Baseline Configuration
| Protects |
T1216
|
System Script Proxy Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1216
|
System Script Proxy Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1216
|
System Script Proxy Execution
|
|
SI-10
|
Information Input Validation
| Protects |
T1216
|
System Script Proxy Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1216
|
System Script Proxy Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1216
|
System Script Proxy Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1216.001
|
PubPrn
|
|
CM-06
|
Configuration Settings
| Protects |
T1216.001
|
PubPrn
|
|
CM-07
|
Least Functionality
| Protects |
T1216.001
|
PubPrn
|
|
SI-10
|
Information Input Validation
| Protects |
T1216.001
|
PubPrn
|
|
SI-04
|
System Monitoring
| Protects |
T1216.001
|
PubPrn
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1216.001
|
PubPrn
|
|
AC-02
|
Account Management
| Protects |
T1218
|
System Binary Proxy Execution
|
|
AC-06
|
Least Privilege
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-11
|
User-installed Software
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-08
|
System Component Inventory
| Protects |
T1218
|
System Binary Proxy Execution
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1218
|
System Binary Proxy Execution
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218
|
System Binary Proxy Execution
|
|
SI-10
|
Information Input Validation
| Protects |
T1218
|
System Binary Proxy Execution
|
|
SI-16
|
Memory Protection
| Protects |
T1218
|
System Binary Proxy Execution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218
|
System Binary Proxy Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1218
|
System Binary Proxy Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218
|
System Binary Proxy Execution
|
|
AC-03
|
Access Enforcement
| Protects |
T1218
|
System Binary Proxy Execution
|
|
AC-05
|
Separation of Duties
| Protects |
T1218
|
System Binary Proxy Execution
|
|
CM-11
|
User-installed Software
| Protects |
T1218.001
|
Compiled HTML File
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.001
|
Compiled HTML File
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.001
|
Compiled HTML File
|
|
CM-07
|
Least Functionality
| Protects |
T1218.001
|
Compiled HTML File
|
|
SC-18
|
Mobile Code
| Protects |
T1218.001
|
Compiled HTML File
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.001
|
Compiled HTML File
|
|
SI-16
|
Memory Protection
| Protects |
T1218.001
|
Compiled HTML File
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.001
|
Compiled HTML File
|
|
SI-04
|
System Monitoring
| Protects |
T1218.001
|
Compiled HTML File
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.001
|
Compiled HTML File
|
|
AC-03
|
Access Enforcement
| Protects |
T1218.002
|
Control Panel
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1218.002
|
Control Panel
|
|
CM-11
|
User-installed Software
| Protects |
T1218.002
|
Control Panel
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.002
|
Control Panel
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.002
|
Control Panel
|
|
CM-07
|
Least Functionality
| Protects |
T1218.002
|
Control Panel
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.002
|
Control Panel
|
|
SI-16
|
Memory Protection
| Protects |
T1218.002
|
Control Panel
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.002
|
Control Panel
|
|
SI-04
|
System Monitoring
| Protects |
T1218.002
|
Control Panel
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.002
|
Control Panel
|
|
CM-11
|
User-installed Software
| Protects |
T1218.003
|
CMSTP
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.003
|
CMSTP
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.003
|
CMSTP
|
|
CM-07
|
Least Functionality
| Protects |
T1218.003
|
CMSTP
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.003
|
CMSTP
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.003
|
CMSTP
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.003
|
CMSTP
|
|
SI-16
|
Memory Protection
| Protects |
T1218.003
|
CMSTP
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.003
|
CMSTP
|
|
SI-04
|
System Monitoring
| Protects |
T1218.003
|
CMSTP
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.003
|
CMSTP
|
|
CM-11
|
User-installed Software
| Protects |
T1218.004
|
InstallUtil
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.004
|
InstallUtil
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.004
|
InstallUtil
|
|
CM-07
|
Least Functionality
| Protects |
T1218.004
|
InstallUtil
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.004
|
InstallUtil
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.004
|
InstallUtil
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.004
|
InstallUtil
|
|
SI-16
|
Memory Protection
| Protects |
T1218.004
|
InstallUtil
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.004
|
InstallUtil
|
|
SI-04
|
System Monitoring
| Protects |
T1218.004
|
InstallUtil
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.004
|
InstallUtil
|
|
CM-11
|
User-installed Software
| Protects |
T1218.005
|
Mshta
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.005
|
Mshta
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.005
|
Mshta
|
|
CM-07
|
Least Functionality
| Protects |
T1218.005
|
Mshta
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.005
|
Mshta
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.005
|
Mshta
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.005
|
Mshta
|
|
SI-16
|
Memory Protection
| Protects |
T1218.005
|
Mshta
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.005
|
Mshta
|
|
SI-04
|
System Monitoring
| Protects |
T1218.005
|
Mshta
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.005
|
Mshta
|
|
AC-02
|
Account Management
| Protects |
T1218.007
|
Msiexec
|
|
AC-03
|
Access Enforcement
| Protects |
T1218.007
|
Msiexec
|
|
AC-05
|
Separation of Duties
| Protects |
T1218.007
|
Msiexec
|
|
AC-06
|
Least Privilege
| Protects |
T1218.007
|
Msiexec
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.007
|
Msiexec
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1218.007
|
Msiexec
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.007
|
Msiexec
|
|
CM-07
|
Least Functionality
| Protects |
T1218.007
|
Msiexec
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1218.007
|
Msiexec
|
|
CM-11
|
User-installed Software
| Protects |
T1218.008
|
Odbcconf
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.008
|
Odbcconf
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.008
|
Odbcconf
|
|
CM-07
|
Least Functionality
| Protects |
T1218.008
|
Odbcconf
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.008
|
Odbcconf
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.008
|
Odbcconf
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.008
|
Odbcconf
|
|
SI-16
|
Memory Protection
| Protects |
T1218.008
|
Odbcconf
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.008
|
Odbcconf
|
|
SI-04
|
System Monitoring
| Protects |
T1218.008
|
Odbcconf
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.008
|
Odbcconf
|
|
CM-11
|
User-installed Software
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
CM-07
|
Least Functionality
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
SI-16
|
Memory Protection
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
SI-04
|
System Monitoring
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1218.010
|
Regsvr32
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.010
|
Regsvr32
|
|
SI-04
|
System Monitoring
| Protects |
T1218.010
|
Regsvr32
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.010
|
Regsvr32
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1218.011
|
Rundll32
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.011
|
Rundll32
|
|
SI-04
|
System Monitoring
| Protects |
T1218.011
|
Rundll32
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.011
|
Rundll32
|
|
AC-03
|
Access Enforcement
| Protects |
T1218.012
|
Verclsid
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1218.012
|
Verclsid
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1218.012
|
Verclsid
|
|
CM-11
|
User-installed Software
| Protects |
T1218.012
|
Verclsid
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.012
|
Verclsid
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.012
|
Verclsid
|
|
CM-07
|
Least Functionality
| Protects |
T1218.012
|
Verclsid
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.012
|
Verclsid
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.012
|
Verclsid
|
|
SC-07
|
Boundary Protection
| Protects |
T1218.012
|
Verclsid
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.012
|
Verclsid
|
|
SI-15
|
Information Output Filtering
| Protects |
T1218.012
|
Verclsid
|
|
SI-16
|
Memory Protection
| Protects |
T1218.012
|
Verclsid
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.012
|
Verclsid
|
|
SI-04
|
System Monitoring
| Protects |
T1218.012
|
Verclsid
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.012
|
Verclsid
|
|
CM-11
|
User-installed Software
| Protects |
T1218.013
|
Mavinject
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.013
|
Mavinject
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.013
|
Mavinject
|
|
CM-07
|
Least Functionality
| Protects |
T1218.013
|
Mavinject
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.013
|
Mavinject
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.013
|
Mavinject
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.013
|
Mavinject
|
|
SI-16
|
Memory Protection
| Protects |
T1218.013
|
Mavinject
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.013
|
Mavinject
|
|
SI-04
|
System Monitoring
| Protects |
T1218.013
|
Mavinject
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.013
|
Mavinject
|
|
CM-11
|
User-installed Software
| Protects |
T1218.014
|
MMC
|
|
CM-02
|
Baseline Configuration
| Protects |
T1218.014
|
MMC
|
|
CM-06
|
Configuration Settings
| Protects |
T1218.014
|
MMC
|
|
CM-07
|
Least Functionality
| Protects |
T1218.014
|
MMC
|
|
CM-08
|
System Component Inventory
| Protects |
T1218.014
|
MMC
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.014
|
MMC
|
|
SI-10
|
Information Input Validation
| Protects |
T1218.014
|
MMC
|
|
SI-16
|
Memory Protection
| Protects |
T1218.014
|
MMC
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1218.014
|
MMC
|
|
SI-04
|
System Monitoring
| Protects |
T1218.014
|
MMC
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1218.014
|
MMC
|
|
CM-02
|
Baseline Configuration
| Protects |
T1220
|
XSL Script Processing
|
|
CM-06
|
Configuration Settings
| Protects |
T1220
|
XSL Script Processing
|
|
CM-07
|
Least Functionality
| Protects |
T1220
|
XSL Script Processing
|
|
SI-10
|
Information Input Validation
| Protects |
T1220
|
XSL Script Processing
|
|
SI-04
|
System Monitoring
| Protects |
T1220
|
XSL Script Processing
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1220
|
XSL Script Processing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1221
|
Template Injection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1221
|
Template Injection
|
|
CM-06
|
Configuration Settings
| Protects |
T1221
|
Template Injection
|
|
CM-07
|
Least Functionality
| Protects |
T1221
|
Template Injection
|
|
CM-08
|
System Component Inventory
| Protects |
T1221
|
Template Injection
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1221
|
Template Injection
|
|
SC-44
|
Detonation Chambers
| Protects |
T1221
|
Template Injection
|
|
SC-07
|
Boundary Protection
| Protects |
T1221
|
Template Injection
|
|
SI-10
|
Information Input Validation
| Protects |
T1221
|
Template Injection
|
|
SI-02
|
Flaw Remediation
| Protects |
T1221
|
Template Injection
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1221
|
Template Injection
|
|
SI-04
|
System Monitoring
| Protects |
T1221
|
Template Injection
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1221
|
Template Injection
|
|
SI-08
|
Spam Protection
| Protects |
T1221
|
Template Injection
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
AC-02
|
Account Management
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
AC-05
|
Separation of Duties
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
AC-02
|
Account Management
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
AC-05
|
Separation of Duties
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
AC-02
|
Account Management
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
AC-05
|
Separation of Duties
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1482
|
Domain Trust Discovery
|
|
CA-08
|
Penetration Testing
| Protects |
T1482
|
Domain Trust Discovery
|
|
CM-06
|
Configuration Settings
| Protects |
T1482
|
Domain Trust Discovery
|
|
CM-07
|
Least Functionality
| Protects |
T1482
|
Domain Trust Discovery
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1482
|
Domain Trust Discovery
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1482
|
Domain Trust Discovery
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1482
|
Domain Trust Discovery
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1482
|
Domain Trust Discovery
|
|
SC-07
|
Boundary Protection
| Protects |
T1482
|
Domain Trust Discovery
|
|
AC-02
|
Account Management
| Protects |
T1484
|
Domain Policy Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1484
|
Domain Policy Modification
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1484
|
Domain Policy Modification
|
|
AC-05
|
Separation of Duties
| Protects |
T1484
|
Domain Policy Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1484
|
Domain Policy Modification
|
|
CA-08
|
Penetration Testing
| Protects |
T1484
|
Domain Policy Modification
|
|
CM-02
|
Baseline Configuration
| Protects |
T1484
|
Domain Policy Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1484
|
Domain Policy Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1484
|
Domain Policy Modification
|
|
CM-07
|
Least Functionality
| Protects |
T1484
|
Domain Policy Modification
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1484
|
Domain Policy Modification
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1484
|
Domain Policy Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1484
|
Domain Policy Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1486
|
Data Encrypted for Impact
|
|
AC-06
|
Least Privilege
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CM-02
|
Baseline Configuration
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CP-02
|
Contingency Plan
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1486
|
Data Encrypted for Impact
|
|
CP-09
|
System Backup
| Protects |
T1486
|
Data Encrypted for Impact
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1486
|
Data Encrypted for Impact
|
|
SI-04
|
System Monitoring
| Protects |
T1486
|
Data Encrypted for Impact
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1486
|
Data Encrypted for Impact
|
|
AC-02
|
Account Management
| Protects |
T1489
|
Service Stop
|
|
AC-03
|
Access Enforcement
| Protects |
T1489
|
Service Stop
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1489
|
Service Stop
|
|
AC-05
|
Separation of Duties
| Protects |
T1489
|
Service Stop
|
|
AC-06
|
Least Privilege
| Protects |
T1489
|
Service Stop
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1489
|
Service Stop
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1489
|
Service Stop
|
|
CM-06
|
Configuration Settings
| Protects |
T1489
|
Service Stop
|
|
CM-07
|
Least Functionality
| Protects |
T1489
|
Service Stop
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1489
|
Service Stop
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1489
|
Service Stop
|
|
SC-07
|
Boundary Protection
| Protects |
T1489
|
Service Stop
|
|
SI-04
|
System Monitoring
| Protects |
T1489
|
Service Stop
|
|
AC-03
|
Access Enforcement
| Protects |
T1491
|
Defacement
|
|
AC-06
|
Least Privilege
| Protects |
T1491
|
Defacement
|
|
CM-02
|
Baseline Configuration
| Protects |
T1491
|
Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1491
|
Defacement
|
|
CP-02
|
Contingency Plan
| Protects |
T1491
|
Defacement
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1491
|
Defacement
|
|
CP-09
|
System Backup
| Protects |
T1491
|
Defacement
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1491
|
Defacement
|
|
SI-04
|
System Monitoring
| Protects |
T1491
|
Defacement
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1491
|
Defacement
|
|
AC-03
|
Access Enforcement
| Protects |
T1491.001
|
Internal Defacement
|
|
AC-06
|
Least Privilege
| Protects |
T1491.001
|
Internal Defacement
|
|
CM-02
|
Baseline Configuration
| Protects |
T1491.001
|
Internal Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1491.001
|
Internal Defacement
|
|
CP-02
|
Contingency Plan
| Protects |
T1491.001
|
Internal Defacement
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1491.001
|
Internal Defacement
|
|
CP-09
|
System Backup
| Protects |
T1491.001
|
Internal Defacement
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1491.001
|
Internal Defacement
|
|
SI-04
|
System Monitoring
| Protects |
T1491.001
|
Internal Defacement
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1491.001
|
Internal Defacement
|
|
AC-03
|
Access Enforcement
| Protects |
T1491.002
|
External Defacement
|
|
AC-06
|
Least Privilege
| Protects |
T1491.002
|
External Defacement
|
|
CM-02
|
Baseline Configuration
| Protects |
T1491.002
|
External Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1491.002
|
External Defacement
|
|
CP-02
|
Contingency Plan
| Protects |
T1491.002
|
External Defacement
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1491.002
|
External Defacement
|
|
CP-09
|
System Backup
| Protects |
T1491.002
|
External Defacement
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1491.002
|
External Defacement
|
|
SI-04
|
System Monitoring
| Protects |
T1491.002
|
External Defacement
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1491.002
|
External Defacement
|
|
AC-02
|
Account Management
| Protects |
T1495
|
Firmware Corruption
|
|
AC-03
|
Access Enforcement
| Protects |
T1495
|
Firmware Corruption
|
|
AC-05
|
Separation of Duties
| Protects |
T1495
|
Firmware Corruption
|
|
AC-06
|
Least Privilege
| Protects |
T1495
|
Firmware Corruption
|
|
CA-08
|
Penetration Testing
| Protects |
T1495
|
Firmware Corruption
|
|
CM-03
|
Configuration Change Control
| Protects |
T1495
|
Firmware Corruption
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1495
|
Firmware Corruption
|
|
CM-06
|
Configuration Settings
| Protects |
T1495
|
Firmware Corruption
|
|
CM-08
|
System Component Inventory
| Protects |
T1495
|
Firmware Corruption
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1495
|
Firmware Corruption
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1495
|
Firmware Corruption
|
|
RA-09
|
Criticality Analysis
| Protects |
T1495
|
Firmware Corruption
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1495
|
Firmware Corruption
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1495
|
Firmware Corruption
|
|
SI-02
|
Flaw Remediation
| Protects |
T1495
|
Firmware Corruption
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1495
|
Firmware Corruption
|
|
AC-03
|
Access Enforcement
| Protects |
T1498
|
Network Denial of Service
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1498
|
Network Denial of Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1498
|
Network Denial of Service
|
|
CM-06
|
Configuration Settings
| Protects |
T1498
|
Network Denial of Service
|
|
CM-07
|
Least Functionality
| Protects |
T1498
|
Network Denial of Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1498
|
Network Denial of Service
|
|
SI-10
|
Information Input Validation
| Protects |
T1498
|
Network Denial of Service
|
|
SI-15
|
Information Output Filtering
| Protects |
T1498
|
Network Denial of Service
|
|
AC-03
|
Access Enforcement
| Protects |
T1498.001
|
Direct Network Flood
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1498.001
|
Direct Network Flood
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1498.001
|
Direct Network Flood
|
|
CM-06
|
Configuration Settings
| Protects |
T1498.001
|
Direct Network Flood
|
|
CM-07
|
Least Functionality
| Protects |
T1498.001
|
Direct Network Flood
|
|
SC-07
|
Boundary Protection
| Protects |
T1498.001
|
Direct Network Flood
|
|
SI-10
|
Information Input Validation
| Protects |
T1498.001
|
Direct Network Flood
|
|
SI-15
|
Information Output Filtering
| Protects |
T1498.001
|
Direct Network Flood
|
|
AC-03
|
Access Enforcement
| Protects |
T1498.002
|
Reflection Amplification
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1498.002
|
Reflection Amplification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1498.002
|
Reflection Amplification
|
|
CM-06
|
Configuration Settings
| Protects |
T1498.002
|
Reflection Amplification
|
|
CM-07
|
Least Functionality
| Protects |
T1498.002
|
Reflection Amplification
|
|
SC-07
|
Boundary Protection
| Protects |
T1498.002
|
Reflection Amplification
|
|
SI-10
|
Information Input Validation
| Protects |
T1498.002
|
Reflection Amplification
|
|
SI-15
|
Information Output Filtering
| Protects |
T1498.002
|
Reflection Amplification
|
|
AC-03
|
Access Enforcement
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
CM-06
|
Configuration Settings
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
CM-07
|
Least Functionality
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
SC-07
|
Boundary Protection
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
SI-10
|
Information Input Validation
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
SI-15
|
Information Output Filtering
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
SI-04
|
System Monitoring
| Protects |
T1499.003
|
Application Exhaustion Flood
|
|
AC-03
|
Access Enforcement
| Protects |
T1499.004
|
Application or System Exploitation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1499.004
|
Application or System Exploitation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1499.004
|
Application or System Exploitation
|
|
CM-06
|
Configuration Settings
| Protects |
T1499.004
|
Application or System Exploitation
|
|
CM-07
|
Least Functionality
| Protects |
T1499.004
|
Application or System Exploitation
|
|
SC-07
|
Boundary Protection
| Protects |
T1499.004
|
Application or System Exploitation
|
|
SI-10
|
Information Input Validation
| Protects |
T1499.004
|
Application or System Exploitation
|
|
SI-15
|
Information Output Filtering
| Protects |
T1499.004
|
Application or System Exploitation
|
|
SI-04
|
System Monitoring
| Protects |
T1499.004
|
Application or System Exploitation
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1505
|
Server Software Component
|
|
AC-02
|
Account Management
| Protects |
T1505
|
Server Software Component
|
|
AC-03
|
Access Enforcement
| Protects |
T1505
|
Server Software Component
|
|
AC-05
|
Separation of Duties
| Protects |
T1505
|
Server Software Component
|
|
AC-06
|
Least Privilege
| Protects |
T1505
|
Server Software Component
|
|
CA-08
|
Penetration Testing
| Protects |
T1505
|
Server Software Component
|
|
CM-11
|
User-installed Software
| Protects |
T1505
|
Server Software Component
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505
|
Server Software Component
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1505
|
Server Software Component
|
|
CM-06
|
Configuration Settings
| Protects |
T1505
|
Server Software Component
|
|
CM-08
|
System Component Inventory
| Protects |
T1505
|
Server Software Component
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1505
|
Server Software Component
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505
|
Server Software Component
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505
|
Server Software Component
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505
|
Server Software Component
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| Protects |
T1505
|
Server Software Component
|
|
SI-14
|
Non-persistence
| Protects |
T1505
|
Server Software Component
|
|
SI-04
|
System Monitoring
| Protects |
T1505
|
Server Software Component
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1505
|
Server Software Component
|
|
SR-11
|
Component Authenticity
| Protects |
T1505
|
Server Software Component
|
|
SR-04
|
Provenance
| Protects |
T1505
|
Server Software Component
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1505
|
Server Software Component
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1505
|
Server Software Component
|
|
CA-08
|
Penetration Testing
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
CM-11
|
User-installed Software
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
CM-06
|
Configuration Settings
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
CM-08
|
System Component Inventory
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SI-14
|
Non-persistence
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SR-11
|
Component Authenticity
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SR-04
|
Provenance
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1505.002
|
Transport Agent
|
|
AC-02
|
Account Management
| Protects |
T1505.002
|
Transport Agent
|
|
AC-03
|
Access Enforcement
| Protects |
T1505.002
|
Transport Agent
|
|
AC-05
|
Separation of Duties
| Protects |
T1505.002
|
Transport Agent
|
|
AC-06
|
Least Privilege
| Protects |
T1505.002
|
Transport Agent
|
|
CA-08
|
Penetration Testing
| Protects |
T1505.002
|
Transport Agent
|
|
CM-11
|
User-installed Software
| Protects |
T1505.002
|
Transport Agent
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505.002
|
Transport Agent
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1505.002
|
Transport Agent
|
|
CM-06
|
Configuration Settings
| Protects |
T1505.002
|
Transport Agent
|
|
CM-08
|
System Component Inventory
| Protects |
T1505.002
|
Transport Agent
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1505.002
|
Transport Agent
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.002
|
Transport Agent
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.002
|
Transport Agent
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.002
|
Transport Agent
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| Protects |
T1505.002
|
Transport Agent
|
|
SI-14
|
Non-persistence
| Protects |
T1505.002
|
Transport Agent
|
|
SI-04
|
System Monitoring
| Protects |
T1505.002
|
Transport Agent
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1505.002
|
Transport Agent
|
|
SR-11
|
Component Authenticity
| Protects |
T1505.002
|
Transport Agent
|
|
SR-04
|
Provenance
| Protects |
T1505.002
|
Transport Agent
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1505.002
|
Transport Agent
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1505.002
|
Transport Agent
|
|
AC-02
|
Account Management
| Protects |
T1505.003
|
Web Shell
|
|
AC-03
|
Access Enforcement
| Protects |
T1505.003
|
Web Shell
|
|
AC-05
|
Separation of Duties
| Protects |
T1505.003
|
Web Shell
|
|
AC-06
|
Least Privilege
| Protects |
T1505.003
|
Web Shell
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505.003
|
Web Shell
|
|
CM-06
|
Configuration Settings
| Protects |
T1505.003
|
Web Shell
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.003
|
Web Shell
|
|
SI-04
|
System Monitoring
| Protects |
T1505.003
|
Web Shell
|
|
AC-17
|
Remote Access
| Protects |
T1505.004
|
IIS Components
|
|
AC-03
|
Access Enforcement
| Protects |
T1505.004
|
IIS Components
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1505.004
|
IIS Components
|
|
AC-06
|
Least Privilege
| Protects |
T1505.004
|
IIS Components
|
|
CA-08
|
Penetration Testing
| Protects |
T1505.004
|
IIS Components
|
|
CM-11
|
User-installed Software
| Protects |
T1505.004
|
IIS Components
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505.004
|
IIS Components
|
|
CM-06
|
Configuration Settings
| Protects |
T1505.004
|
IIS Components
|
|
CM-07
|
Least Functionality
| Protects |
T1505.004
|
IIS Components
|
|
CM-08
|
System Component Inventory
| Protects |
T1505.004
|
IIS Components
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1505.004
|
IIS Components
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.004
|
IIS Components
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.004
|
IIS Components
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.004
|
IIS Components
|
|
SC-07
|
Boundary Protection
| Protects |
T1505.004
|
IIS Components
|
|
SI-14
|
Non-persistence
| Protects |
T1505.004
|
IIS Components
|
|
SI-16
|
Memory Protection
| Protects |
T1505.004
|
IIS Components
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1505.004
|
IIS Components
|
|
SI-04
|
System Monitoring
| Protects |
T1505.004
|
IIS Components
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1505.004
|
IIS Components
|
|
SR-11
|
Component Authenticity
| Protects |
T1505.004
|
IIS Components
|
|
SR-04
|
Provenance
| Protects |
T1505.004
|
IIS Components
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1505.004
|
IIS Components
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1505.004
|
IIS Components
|
|
AC-12
|
Session Termination
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-17
|
Remote Access
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-02
|
Account Management
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-20
|
Use of External Systems
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-03
|
Access Enforcement
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-05
|
Separation of Duties
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-06
|
Least Privilege
| Protects |
T1505.005
|
Terminal Services DLL
|
|
CM-02
|
Baseline Configuration
| Protects |
T1505.005
|
Terminal Services DLL
|
|
CM-06
|
Configuration Settings
| Protects |
T1505.005
|
Terminal Services DLL
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.005
|
Terminal Services DLL
|
|
SI-04
|
System Monitoring
| Protects |
T1505.005
|
Terminal Services DLL
|
|
AC-02
|
Account Management
| Protects |
T1525
|
Implant Internal Image
|
|
AC-03
|
Access Enforcement
| Protects |
T1525
|
Implant Internal Image
|
|
AC-05
|
Separation of Duties
| Protects |
T1525
|
Implant Internal Image
|
|
AC-06
|
Least Privilege
| Protects |
T1525
|
Implant Internal Image
|
|
CA-08
|
Penetration Testing
| Protects |
T1525
|
Implant Internal Image
|
|
CM-02
|
Baseline Configuration
| Protects |
T1525
|
Implant Internal Image
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1525
|
Implant Internal Image
|
|
CM-06
|
Configuration Settings
| Protects |
T1525
|
Implant Internal Image
|
|
CM-07
|
Least Functionality
| Protects |
T1525
|
Implant Internal Image
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1525
|
Implant Internal Image
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1525
|
Implant Internal Image
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1525
|
Implant Internal Image
|
|
SI-02
|
Flaw Remediation
| Protects |
T1525
|
Implant Internal Image
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1525
|
Implant Internal Image
|
|
SI-04
|
System Monitoring
| Protects |
T1525
|
Implant Internal Image
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1525
|
Implant Internal Image
|
|
AC-10
|
Concurrent Session Control
| Protects |
T1528
|
Steal Application Access Token
|
|
AC-02
|
Account Management
| Protects |
T1528
|
Steal Application Access Token
|
|
AC-03
|
Access Enforcement
| Protects |
T1528
|
Steal Application Access Token
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1528
|
Steal Application Access Token
|
|
AC-05
|
Separation of Duties
| Protects |
T1528
|
Steal Application Access Token
|
|
AC-06
|
Least Privilege
| Protects |
T1528
|
Steal Application Access Token
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1528
|
Steal Application Access Token
|
|
CA-08
|
Penetration Testing
| Protects |
T1528
|
Steal Application Access Token
|
|
CM-02
|
Baseline Configuration
| Protects |
T1528
|
Steal Application Access Token
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1528
|
Steal Application Access Token
|
|
CM-06
|
Configuration Settings
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-04
|
Identifier Management
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-05
|
Authenticator Management
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1528
|
Steal Application Access Token
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1528
|
Steal Application Access Token
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1528
|
Steal Application Access Token
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1528
|
Steal Application Access Token
|
|
SI-04
|
System Monitoring
| Protects |
T1528
|
Steal Application Access Token
|
|
SC-23
|
Session Authenticity
| Protects |
T1535
|
Unused/Unsupported Cloud Regions
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-17
|
Remote Access
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-02
|
Account Management
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-06
|
Least Privilege
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
CM-07
|
Least Functionality
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-04
|
Identifier Management
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
SC-07
|
Boundary Protection
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
SI-10
|
Information Input Validation
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
SI-15
|
Information Output Filtering
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
SI-04
|
System Monitoring
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
AC-02
|
Account Management
| Protects |
T1538
|
Cloud Service Dashboard
|
|
AC-03
|
Access Enforcement
| Protects |
T1538
|
Cloud Service Dashboard
|
|
AC-05
|
Separation of Duties
| Protects |
T1538
|
Cloud Service Dashboard
|
|
AC-06
|
Least Privilege
| Protects |
T1538
|
Cloud Service Dashboard
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1538
|
Cloud Service Dashboard
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1538
|
Cloud Service Dashboard
|
|
AC-02
|
Account Management
| Protects |
T1542
|
Pre-OS Boot
|
|
AC-03
|
Access Enforcement
| Protects |
T1542
|
Pre-OS Boot
|
|
AC-05
|
Separation of Duties
| Protects |
T1542
|
Pre-OS Boot
|
|
AC-06
|
Least Privilege
| Protects |
T1542
|
Pre-OS Boot
|
|
CA-08
|
Penetration Testing
| Protects |
T1542
|
Pre-OS Boot
|
|
CM-03
|
Configuration Change Control
| Protects |
T1542
|
Pre-OS Boot
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1542
|
Pre-OS Boot
|
|
CM-06
|
Configuration Settings
| Protects |
T1542
|
Pre-OS Boot
|
|
CM-08
|
System Component Inventory
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542
|
Pre-OS Boot
|
|
RA-09
|
Criticality Analysis
| Protects |
T1542
|
Pre-OS Boot
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542
|
Pre-OS Boot
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542
|
Pre-OS Boot
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1542
|
Pre-OS Boot
|
|
SC-07
|
Boundary Protection
| Protects |
T1542
|
Pre-OS Boot
|
|
SI-02
|
Flaw Remediation
| Protects |
T1542
|
Pre-OS Boot
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1542
|
Pre-OS Boot
|
|
AC-03
|
Access Enforcement
| Protects |
T1542.004
|
ROMMONkit
|
|
AC-06
|
Least Privilege
| Protects |
T1542.004
|
ROMMONkit
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1542.004
|
ROMMONkit
|
|
CA-08
|
Penetration Testing
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-02
|
Baseline Configuration
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-03
|
Configuration Change Control
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-06
|
Configuration Settings
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-07
|
Least Functionality
| Protects |
T1542.004
|
ROMMONkit
|
|
CM-08
|
System Component Inventory
| Protects |
T1542.004
|
ROMMONkit
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1542.004
|
ROMMONkit
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1542.004
|
ROMMONkit
|
|
RA-09
|
Criticality Analysis
| Protects |
T1542.004
|
ROMMONkit
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.004
|
ROMMONkit
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.004
|
ROMMONkit
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1542.004
|
ROMMONkit
|
|
SC-07
|
Boundary Protection
| Protects |
T1542.004
|
ROMMONkit
|
|
SI-02
|
Flaw Remediation
| Protects |
T1542.004
|
ROMMONkit
|
|
SI-04
|
System Monitoring
| Protects |
T1542.004
|
ROMMONkit
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1542.004
|
ROMMONkit
|
|
AC-02
|
Account Management
| Protects |
T1542.005
|
TFTP Boot
|
|
AC-03
|
Access Enforcement
| Protects |
T1542.005
|
TFTP Boot
|
|
AC-05
|
Separation of Duties
| Protects |
T1542.005
|
TFTP Boot
|
|
AC-06
|
Least Privilege
| Protects |
T1542.005
|
TFTP Boot
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1542.005
|
TFTP Boot
|
|
CA-08
|
Penetration Testing
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-02
|
Baseline Configuration
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-03
|
Configuration Change Control
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-06
|
Configuration Settings
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-07
|
Least Functionality
| Protects |
T1542.005
|
TFTP Boot
|
|
CM-08
|
System Component Inventory
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.005
|
TFTP Boot
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1542.005
|
TFTP Boot
|
|
RA-09
|
Criticality Analysis
| Protects |
T1542.005
|
TFTP Boot
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.005
|
TFTP Boot
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.005
|
TFTP Boot
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1542.005
|
TFTP Boot
|
|
SC-07
|
Boundary Protection
| Protects |
T1542.005
|
TFTP Boot
|
|
SI-02
|
Flaw Remediation
| Protects |
T1542.005
|
TFTP Boot
|
|
SI-04
|
System Monitoring
| Protects |
T1542.005
|
TFTP Boot
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1542.005
|
TFTP Boot
|
|
AC-17
|
Remote Access
| Protects |
T1543
|
Create or Modify System Process
|
|
AC-02
|
Account Management
| Protects |
T1543
|
Create or Modify System Process
|
|
AC-03
|
Access Enforcement
| Protects |
T1543
|
Create or Modify System Process
|
|
AC-05
|
Separation of Duties
| Protects |
T1543
|
Create or Modify System Process
|
|
AC-06
|
Least Privilege
| Protects |
T1543
|
Create or Modify System Process
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1543
|
Create or Modify System Process
|
|
CA-08
|
Penetration Testing
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-11
|
User-installed Software
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-02
|
Baseline Configuration
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-03
|
Configuration Change Control
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-06
|
Configuration Settings
| Protects |
T1543
|
Create or Modify System Process
|
|
CM-07
|
Least Functionality
| Protects |
T1543
|
Create or Modify System Process
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1543
|
Create or Modify System Process
|
|
IA-04
|
Identifier Management
| Protects |
T1543
|
Create or Modify System Process
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1543
|
Create or Modify System Process
|
|
SA-22
|
Unsupported System Components
| Protects |
T1543
|
Create or Modify System Process
|
|
SI-16
|
Memory Protection
| Protects |
T1543
|
Create or Modify System Process
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1543
|
Create or Modify System Process
|
|
SI-04
|
System Monitoring
| Protects |
T1543
|
Create or Modify System Process
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1543
|
Create or Modify System Process
|
|
AC-02
|
Account Management
| Protects |
T1543.001
|
Launch Agent
|
|
AC-03
|
Access Enforcement
| Protects |
T1543.001
|
Launch Agent
|
|
AC-05
|
Separation of Duties
| Protects |
T1543.001
|
Launch Agent
|
|
AC-06
|
Least Privilege
| Protects |
T1543.001
|
Launch Agent
|
|
CM-11
|
User-installed Software
| Protects |
T1543.001
|
Launch Agent
|
|
CM-02
|
Baseline Configuration
| Protects |
T1543.001
|
Launch Agent
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1543.001
|
Launch Agent
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1543.001
|
Launch Agent
|
|
AC-02
|
Account Management
| Protects |
T1543.004
|
Launch Daemon
|
|
AC-03
|
Access Enforcement
| Protects |
T1543.004
|
Launch Daemon
|
|
AC-05
|
Separation of Duties
| Protects |
T1543.004
|
Launch Daemon
|
|
AC-06
|
Least Privilege
| Protects |
T1543.004
|
Launch Daemon
|
|
CM-11
|
User-installed Software
| Protects |
T1543.004
|
Launch Daemon
|
|
CM-02
|
Baseline Configuration
| Protects |
T1543.004
|
Launch Daemon
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1543.004
|
Launch Daemon
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1543.004
|
Launch Daemon
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546
|
Event Triggered Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1546
|
Event Triggered Execution
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1546
|
Event Triggered Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546
|
Event Triggered Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.002
|
Screensaver
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.002
|
Screensaver
|
|
CM-07
|
Least Functionality
| Protects |
T1546.002
|
Screensaver
|
|
CM-08
|
System Component Inventory
| Protects |
T1546.002
|
Screensaver
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1546.002
|
Screensaver
|
|
SI-10
|
Information Input Validation
| Protects |
T1546.002
|
Screensaver
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.002
|
Screensaver
|
|
SI-04
|
System Monitoring
| Protects |
T1546.002
|
Screensaver
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.002
|
Screensaver
|
|
AC-02
|
Account Management
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
AC-03
|
Access Enforcement
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
AC-05
|
Separation of Duties
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
AC-06
|
Least Privilege
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
SI-14
|
Non-persistence
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
SI-04
|
System Monitoring
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
AC-03
|
Access Enforcement
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.004
|
Unix Shell Configuration Modification
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
CM-07
|
Least Functionality
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
CM-08
|
System Component Inventory
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SI-10
|
Information Input Validation
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SI-02
|
Flaw Remediation
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SI-04
|
System Monitoring
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SR-11
|
Component Authenticity
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SR-04
|
Provenance
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1546.008
|
Accessibility Features
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.008
|
Accessibility Features
|
|
CM-07
|
Least Functionality
| Protects |
T1546.008
|
Accessibility Features
|
|
SI-10
|
Information Input Validation
| Protects |
T1546.008
|
Accessibility Features
|
|
SI-04
|
System Monitoring
| Protects |
T1546.008
|
Accessibility Features
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.008
|
Accessibility Features
|
|
CM-07
|
Least Functionality
| Protects |
T1546.009
|
AppCert DLLs
|
|
SI-10
|
Information Input Validation
| Protects |
T1546.009
|
AppCert DLLs
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.009
|
AppCert DLLs
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.010
|
AppInit DLLs
|
|
CM-07
|
Least Functionality
| Protects |
T1546.010
|
AppInit DLLs
|
|
SI-10
|
Information Input Validation
| Protects |
T1546.010
|
AppInit DLLs
|
|
SI-02
|
Flaw Remediation
| Protects |
T1546.010
|
AppInit DLLs
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.010
|
AppInit DLLs
|
|
AC-06
|
Least Privilege
| Protects |
T1546.011
|
Application Shimming
|
|
SI-02
|
Flaw Remediation
| Protects |
T1546.011
|
Application Shimming
|
|
AC-03
|
Access Enforcement
| Protects |
T1546.013
|
PowerShell Profile
|
|
AC-06
|
Least Privilege
| Protects |
T1546.013
|
PowerShell Profile
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1546.013
|
PowerShell Profile
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1546.013
|
PowerShell Profile
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.013
|
PowerShell Profile
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.013
|
PowerShell Profile
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1546.013
|
PowerShell Profile
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.013
|
PowerShell Profile
|
|
SI-04
|
System Monitoring
| Protects |
T1546.013
|
PowerShell Profile
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1546.013
|
PowerShell Profile
|
|
CM-02
|
Baseline Configuration
| Protects |
T1546.014
|
Emond
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.014
|
Emond
|
|
CM-08
|
System Component Inventory
| Protects |
T1546.014
|
Emond
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1546.014
|
Emond
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.014
|
Emond
|
|
SI-04
|
System Monitoring
| Protects |
T1546.014
|
Emond
|
|
AC-06
|
Least Privilege
| Protects |
T1546.016
|
Installer Packages
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1546.016
|
Installer Packages
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1546.016
|
Installer Packages
|
|
CM-06
|
Configuration Settings
| Protects |
T1546.016
|
Installer Packages
|
|
SI-02
|
Flaw Remediation
| Protects |
T1546.016
|
Installer Packages
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1546.016
|
Installer Packages
|
|
SI-04
|
System Monitoring
| Protects |
T1546.016
|
Installer Packages
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.002
|
Authentication Package
|
|
SC-39
|
Process Isolation
| Protects |
T1547.002
|
Authentication Package
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.002
|
Authentication Package
|
|
SI-04
|
System Monitoring
| Protects |
T1547.002
|
Authentication Package
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.002
|
Authentication Package
|
|
AC-17
|
Remote Access
| Protects |
T1547.003
|
Time Providers
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.003
|
Time Providers
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1547.003
|
Time Providers
|
|
AC-06
|
Least Privilege
| Protects |
T1547.003
|
Time Providers
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1547.003
|
Time Providers
|
|
CM-02
|
Baseline Configuration
| Protects |
T1547.003
|
Time Providers
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.003
|
Time Providers
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.003
|
Time Providers
|
|
SI-04
|
System Monitoring
| Protects |
T1547.003
|
Time Providers
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.003
|
Time Providers
|
|
AC-17
|
Remote Access
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
AC-02
|
Account Management
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
AC-05
|
Separation of Duties
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
AC-06
|
Least Privilege
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
CM-07
|
Least Functionality
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
SI-10
|
Information Input Validation
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
SI-14
|
Non-persistence
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
SI-16
|
Memory Protection
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
SI-04
|
System Monitoring
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.005
|
Security Support Provider
|
|
SC-39
|
Process Isolation
| Protects |
T1547.005
|
Security Support Provider
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.005
|
Security Support Provider
|
|
SI-04
|
System Monitoring
| Protects |
T1547.005
|
Security Support Provider
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.005
|
Security Support Provider
|
|
AC-02
|
Account Management
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
AC-05
|
Separation of Duties
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
AC-06
|
Least Privilege
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
CM-07
|
Least Functionality
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-04
|
Identifier Management
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-10
|
Information Input Validation
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-14
|
Non-persistence
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-16
|
Memory Protection
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-02
|
Flaw Remediation
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-04
|
System Monitoring
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1547.007
|
Re-opened Applications
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-02
|
Baseline Configuration
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-03
|
Configuration Change Control
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-07
|
Least Functionality
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-08
|
System Component Inventory
| Protects |
T1547.007
|
Re-opened Applications
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.007
|
Re-opened Applications
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.007
|
Re-opened Applications
|
|
SI-04
|
System Monitoring
| Protects |
T1547.007
|
Re-opened Applications
|
|
CM-02
|
Baseline Configuration
| Protects |
T1547.008
|
LSASS Driver
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.008
|
LSASS Driver
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.008
|
LSASS Driver
|
|
SC-39
|
Process Isolation
| Protects |
T1547.008
|
LSASS Driver
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.008
|
LSASS Driver
|
|
SI-04
|
System Monitoring
| Protects |
T1547.008
|
LSASS Driver
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.008
|
LSASS Driver
|
|
AC-17
|
Remote Access
| Protects |
T1547.009
|
Shortcut Modification
|
|
AC-02
|
Account Management
| Protects |
T1547.009
|
Shortcut Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.009
|
Shortcut Modification
|
|
AC-05
|
Separation of Duties
| Protects |
T1547.009
|
Shortcut Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1547.009
|
Shortcut Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.009
|
Shortcut Modification
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1547.009
|
Shortcut Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1547.009
|
Shortcut Modification
|
|
AC-02
|
Account Management
| Protects |
T1548.002
|
Bypass User Account Control
|
|
AC-03
|
Access Enforcement
| Protects |
T1548.002
|
Bypass User Account Control
|
|
AC-05
|
Separation of Duties
| Protects |
T1548.002
|
Bypass User Account Control
|
|
AC-06
|
Least Privilege
| Protects |
T1548.002
|
Bypass User Account Control
|
|
CA-08
|
Penetration Testing
| Protects |
T1548.002
|
Bypass User Account Control
|
|
CM-02
|
Baseline Configuration
| Protects |
T1548.002
|
Bypass User Account Control
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1548.002
|
Bypass User Account Control
|
|
CM-06
|
Configuration Settings
| Protects |
T1548.002
|
Bypass User Account Control
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1548.002
|
Bypass User Account Control
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1548.002
|
Bypass User Account Control
|
|
SI-02
|
Flaw Remediation
| Protects |
T1548.002
|
Bypass User Account Control
|
|
SI-04
|
System Monitoring
| Protects |
T1548.002
|
Bypass User Account Control
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
AC-02
|
Account Management
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
AC-03
|
Access Enforcement
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
AC-05
|
Separation of Duties
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
AC-06
|
Least Privilege
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CM-02
|
Baseline Configuration
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CM-06
|
Configuration Settings
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CM-07
|
Least Functionality
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
SI-04
|
System Monitoring
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
CM-02
|
Baseline Configuration
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
CM-06
|
Configuration Settings
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
CM-07
|
Least Functionality
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
CM-08
|
System Component Inventory
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SC-18
|
Mobile Code
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SI-12
|
Information Management and Retention
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SI-16
|
Memory Protection
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SI-04
|
System Monitoring
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1548.004
|
Elevated Execution with Prompt
|
|
AC-02
|
Account Management
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
AC-03
|
Access Enforcement
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
AC-05
|
Separation of Duties
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
AC-06
|
Least Privilege
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
CM-06
|
Configuration Settings
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
AC-02
|
Account Management
| Protects |
T1550.002
|
Pass the Hash
|
|
AC-03
|
Access Enforcement
| Protects |
T1550.002
|
Pass the Hash
|
|
AC-05
|
Separation of Duties
| Protects |
T1550.002
|
Pass the Hash
|
|
AC-06
|
Least Privilege
| Protects |
T1550.002
|
Pass the Hash
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1550.002
|
Pass the Hash
|
|
CM-06
|
Configuration Settings
| Protects |
T1550.002
|
Pass the Hash
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1550.002
|
Pass the Hash
|
|
SI-02
|
Flaw Remediation
| Protects |
T1550.002
|
Pass the Hash
|
|
AC-02
|
Account Management
| Protects |
T1550.003
|
Pass the Ticket
|
|
AC-03
|
Access Enforcement
| Protects |
T1550.003
|
Pass the Ticket
|
|
AC-05
|
Separation of Duties
| Protects |
T1550.003
|
Pass the Ticket
|
|
AC-06
|
Least Privilege
| Protects |
T1550.003
|
Pass the Ticket
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1550.003
|
Pass the Ticket
|
|
CM-02
|
Baseline Configuration
| Protects |
T1550.003
|
Pass the Ticket
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1550.003
|
Pass the Ticket
|
|
CM-06
|
Configuration Settings
| Protects |
T1550.003
|
Pass the Ticket
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1550.003
|
Pass the Ticket
|
|
IA-05
|
Authenticator Management
| Protects |
T1550.003
|
Pass the Ticket
|
|
SI-04
|
System Monitoring
| Protects |
T1550.003
|
Pass the Ticket
|
|
SC-23
|
Session Authenticity
| Protects |
T1550.004
|
Web Session Cookie
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1550.004
|
Web Session Cookie
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1550.004
|
Web Session Cookie
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.003
|
Bash History
|
|
CM-07
|
Least Functionality
| Protects |
T1552.003
|
Bash History
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1552.003
|
Bash History
|
|
SI-04
|
System Monitoring
| Protects |
T1552.003
|
Bash History
|
|
AC-02
|
Account Management
| Protects |
T1552.006
|
Group Policy Preferences
|
|
AC-05
|
Separation of Duties
| Protects |
T1552.006
|
Group Policy Preferences
|
|
AC-06
|
Least Privilege
| Protects |
T1552.006
|
Group Policy Preferences
|
|
CA-08
|
Penetration Testing
| Protects |
T1552.006
|
Group Policy Preferences
|
|
CM-02
|
Baseline Configuration
| Protects |
T1552.006
|
Group Policy Preferences
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.006
|
Group Policy Preferences
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552.006
|
Group Policy Preferences
|
|
IA-05
|
Authenticator Management
| Protects |
T1552.006
|
Group Policy Preferences
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SI-02
|
Flaw Remediation
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SI-04
|
System Monitoring
| Protects |
T1552.006
|
Group Policy Preferences
|
|
AC-17
|
Remote Access
| Protects |
T1552.007
|
Container API
|
|
AC-02
|
Account Management
| Protects |
T1552.007
|
Container API
|
|
AC-23
|
Data Mining Protection
| Protects |
T1552.007
|
Container API
|
|
AC-03
|
Access Enforcement
| Protects |
T1552.007
|
Container API
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1552.007
|
Container API
|
|
AC-05
|
Separation of Duties
| Protects |
T1552.007
|
Container API
|
|
AC-06
|
Least Privilege
| Protects |
T1552.007
|
Container API
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1552.007
|
Container API
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.007
|
Container API
|
|
CM-07
|
Least Functionality
| Protects |
T1552.007
|
Container API
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552.007
|
Container API
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1552.007
|
Container API
|
|
SC-07
|
Boundary Protection
| Protects |
T1552.007
|
Container API
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1552.007
|
Container API
|
|
AC-06
|
Least Privilege
| Protects |
T1553
|
Subvert Trust Controls
|
|
CA-08
|
Penetration Testing
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-02
|
Baseline Configuration
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-03
|
Configuration Change Control
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-06
|
Configuration Settings
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-07
|
Least Functionality
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-08
|
System Component Inventory
| Protects |
T1553
|
Subvert Trust Controls
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1553
|
Subvert Trust Controls
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1553
|
Subvert Trust Controls
|
|
RA-09
|
Criticality Analysis
| Protects |
T1553
|
Subvert Trust Controls
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1553
|
Subvert Trust Controls
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1553
|
Subvert Trust Controls
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1553
|
Subvert Trust Controls
|
|
SI-10
|
Information Input Validation
| Protects |
T1553
|
Subvert Trust Controls
|
|
SI-02
|
Flaw Remediation
| Protects |
T1553
|
Subvert Trust Controls
|
|
SI-04
|
System Monitoring
| Protects |
T1553
|
Subvert Trust Controls
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1553
|
Subvert Trust Controls
|
|
CM-02
|
Baseline Configuration
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
CM-06
|
Configuration Settings
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
CM-07
|
Least Functionality
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
SI-10
|
Information Input Validation
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
SI-04
|
System Monitoring
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1553.001
|
Gatekeeper Bypass
|
|
AC-03
|
Access Enforcement
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
SI-10
|
Information Input Validation
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1553.004
|
Install Root Certificate
|
|
CM-06
|
Configuration Settings
| Protects |
T1553.004
|
Install Root Certificate
|
|
CM-07
|
Least Functionality
| Protects |
T1553.004
|
Install Root Certificate
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1553.004
|
Install Root Certificate
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1553.004
|
Install Root Certificate
|
|
SI-04
|
System Monitoring
| Protects |
T1553.004
|
Install Root Certificate
|
|
AC-06
|
Least Privilege
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CA-08
|
Penetration Testing
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CM-03
|
Configuration Change Control
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CM-07
|
Least Functionality
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CM-08
|
System Component Inventory
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
RA-09
|
Criticality Analysis
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SI-02
|
Flaw Remediation
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1555.001
|
Keychain
|
|
IA-05
|
Authenticator Management
| Protects |
T1555.001
|
Keychain
|
|
SI-04
|
System Monitoring
| Protects |
T1555.001
|
Keychain
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1555.002
|
Securityd Memory
|
|
IA-05
|
Authenticator Management
| Protects |
T1555.002
|
Securityd Memory
|
|
SI-04
|
System Monitoring
| Protects |
T1555.002
|
Securityd Memory
|
|
CM-02
|
Baseline Configuration
| Protects |
T1555.004
|
Windows Credential Manager
|
|
CM-06
|
Configuration Settings
| Protects |
T1555.004
|
Windows Credential Manager
|
|
CM-07
|
Least Functionality
| Protects |
T1555.004
|
Windows Credential Manager
|
|
IA-05
|
Authenticator Management
| Protects |
T1555.004
|
Windows Credential Manager
|
|
SI-04
|
System Monitoring
| Protects |
T1555.004
|
Windows Credential Manager
|
|
CM-02
|
Baseline Configuration
| Protects |
T1555.005
|
Password Managers
|
|
CM-06
|
Configuration Settings
| Protects |
T1555.005
|
Password Managers
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1555.005
|
Password Managers
|
|
IA-05
|
Authenticator Management
| Protects |
T1555.005
|
Password Managers
|
|
SI-02
|
Flaw Remediation
| Protects |
T1555.005
|
Password Managers
|
|
SI-04
|
System Monitoring
| Protects |
T1555.005
|
Password Managers
|
|
AC-02
|
Account Management
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
AC-20
|
Use of External Systems
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
AC-05
|
Separation of Duties
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
AC-06
|
Least Privilege
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
CM-06
|
Configuration Settings
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
IA-05
|
Authenticator Management
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
SC-39
|
Process Isolation
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
SI-04
|
System Monitoring
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
CM-06
|
Configuration Settings
| Protects |
T1556.002
|
Password Filter DLL
|
|
CM-07
|
Least Functionality
| Protects |
T1556.002
|
Password Filter DLL
|
|
SI-04
|
System Monitoring
| Protects |
T1556.002
|
Password Filter DLL
|
|
AC-02
|
Account Management
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-20
|
Use of External Systems
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-05
|
Separation of Duties
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-06
|
Least Privilege
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
CM-06
|
Configuration Settings
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
IA-05
|
Authenticator Management
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
SI-04
|
System Monitoring
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
AC-02
|
Account Management
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-20
|
Use of External Systems
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-05
|
Separation of Duties
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-06
|
Least Privilege
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1556.004
|
Network Device Authentication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1556.004
|
Network Device Authentication
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1556.004
|
Network Device Authentication
|
|
CM-06
|
Configuration Settings
| Protects |
T1556.004
|
Network Device Authentication
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556.004
|
Network Device Authentication
|
|
IA-05
|
Authenticator Management
| Protects |
T1556.004
|
Network Device Authentication
|
|
SI-04
|
System Monitoring
| Protects |
T1556.004
|
Network Device Authentication
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1556.004
|
Network Device Authentication
|
|
AC-02
|
Account Management
| Protects |
T1556.005
|
Reversible Encryption
|
|
AC-05
|
Separation of Duties
| Protects |
T1556.005
|
Reversible Encryption
|
|
AC-06
|
Least Privilege
| Protects |
T1556.005
|
Reversible Encryption
|
|
IA-05
|
Authenticator Management
| Protects |
T1556.005
|
Reversible Encryption
|
|
AC-02
|
Account Management
| Protects |
T1556.006
|
Multi-Factor Authentication
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.006
|
Multi-Factor Authentication
|
|
AC-06
|
Least Privilege
| Protects |
T1556.006
|
Multi-Factor Authentication
|
|
IA-11
|
Re-authentication
| Protects |
T1556.006
|
Multi-Factor Authentication
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556.006
|
Multi-Factor Authentication
|
|
AC-02
|
Account Management
| Protects |
T1556.007
|
Hybrid Identity
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.007
|
Hybrid Identity
|
|
AC-06
|
Least Privilege
| Protects |
T1556.007
|
Hybrid Identity
|
|
IA-11
|
Re-authentication
| Protects |
T1556.007
|
Hybrid Identity
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556.007
|
Hybrid Identity
|
|
AC-03
|
Access Enforcement
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CM-02
|
Baseline Configuration
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CM-06
|
Configuration Settings
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CM-07
|
Least Functionality
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CM-08
|
System Component Inventory
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SC-23
|
Session Authenticity
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SC-07
|
Boundary Protection
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SI-10
|
Information Input Validation
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SI-15
|
Information Output Filtering
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
SI-04
|
System Monitoring
| Protects |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-17
|
Remote Access
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-18
|
Wireless Access
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-20
|
Use of External Systems
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-03
|
Access Enforcement
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
CM-02
|
Baseline Configuration
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
CM-06
|
Configuration Settings
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
CM-07
|
Least Functionality
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
CM-08
|
System Component Inventory
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SC-23
|
Session Authenticity
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SC-07
|
Boundary Protection
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-10
|
Information Input Validation
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-12
|
Information Management and Retention
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-15
|
Information Output Filtering
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-04
|
System Monitoring
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1557.002
|
ARP Cache Poisoning
|
|
AC-03
|
Access Enforcement
| Protects |
T1557.003
|
DHCP Spoofing
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1557.003
|
DHCP Spoofing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1557.003
|
DHCP Spoofing
|
|
CM-02
|
Baseline Configuration
| Protects |
T1557.003
|
DHCP Spoofing
|
|
CM-06
|
Configuration Settings
| Protects |
T1557.003
|
DHCP Spoofing
|
|
CM-07
|
Least Functionality
| Protects |
T1557.003
|
DHCP Spoofing
|
|
CM-08
|
System Component Inventory
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SC-23
|
Session Authenticity
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SC-07
|
Boundary Protection
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SI-10
|
Information Input Validation
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SI-15
|
Information Output Filtering
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1557.003
|
DHCP Spoofing
|
|
SI-04
|
System Monitoring
| Protects |
T1557.003
|
DHCP Spoofing
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-17
|
Remote Access
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-18
|
Wireless Access
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-02
|
Account Management
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-03
|
Access Enforcement
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-05
|
Separation of Duties
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-06
|
Least Privilege
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CM-02
|
Baseline Configuration
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CM-06
|
Configuration Settings
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
IA-05
|
Authenticator Management
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
SI-12
|
Information Management and Retention
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
SI-04
|
System Monitoring
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-02
|
Account Management
| Protects |
T1558.001
|
Golden Ticket
|
|
AC-03
|
Access Enforcement
| Protects |
T1558.001
|
Golden Ticket
|
|
AC-05
|
Separation of Duties
| Protects |
T1558.001
|
Golden Ticket
|
|
AC-06
|
Least Privilege
| Protects |
T1558.001
|
Golden Ticket
|
|
CM-02
|
Baseline Configuration
| Protects |
T1558.001
|
Golden Ticket
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1558.001
|
Golden Ticket
|
|
CM-06
|
Configuration Settings
| Protects |
T1558.001
|
Golden Ticket
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1558.001
|
Golden Ticket
|
|
IA-05
|
Authenticator Management
| Protects |
T1558.001
|
Golden Ticket
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-17
|
Remote Access
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-18
|
Wireless Access
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-02
|
Account Management
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-03
|
Access Enforcement
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-05
|
Separation of Duties
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-06
|
Least Privilege
| Protects |
T1558.002
|
Silver Ticket
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1558.002
|
Silver Ticket
|
|
CM-02
|
Baseline Configuration
| Protects |
T1558.002
|
Silver Ticket
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1558.002
|
Silver Ticket
|
|
CM-06
|
Configuration Settings
| Protects |
T1558.002
|
Silver Ticket
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1558.002
|
Silver Ticket
|
|
IA-05
|
Authenticator Management
| Protects |
T1558.002
|
Silver Ticket
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1558.002
|
Silver Ticket
|
|
SI-12
|
Information Management and Retention
| Protects |
T1558.002
|
Silver Ticket
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1558.002
|
Silver Ticket
|
|
SI-04
|
System Monitoring
| Protects |
T1558.002
|
Silver Ticket
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1558.002
|
Silver Ticket
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-17
|
Remote Access
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-18
|
Wireless Access
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-02
|
Account Management
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-03
|
Access Enforcement
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-05
|
Separation of Duties
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-06
|
Least Privilege
| Protects |
T1558.003
|
Kerberoasting
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1558.003
|
Kerberoasting
|
|
CM-02
|
Baseline Configuration
| Protects |
T1558.003
|
Kerberoasting
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1558.003
|
Kerberoasting
|
|
CM-06
|
Configuration Settings
| Protects |
T1558.003
|
Kerberoasting
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1558.003
|
Kerberoasting
|
|
IA-05
|
Authenticator Management
| Protects |
T1558.003
|
Kerberoasting
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1558.003
|
Kerberoasting
|
|
SI-12
|
Information Management and Retention
| Protects |
T1558.003
|
Kerberoasting
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1558.003
|
Kerberoasting
|
|
SI-04
|
System Monitoring
| Protects |
T1558.003
|
Kerberoasting
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1558.003
|
Kerberoasting
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-17
|
Remote Access
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-18
|
Wireless Access
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-02
|
Account Management
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-03
|
Access Enforcement
| Protects |
T1558.004
|
AS-REP Roasting
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1558.004
|
AS-REP Roasting
|
|
CA-08
|
Penetration Testing
| Protects |
T1558.004
|
AS-REP Roasting
|
|
CM-02
|
Baseline Configuration
| Protects |
T1558.004
|
AS-REP Roasting
|
|
CM-06
|
Configuration Settings
| Protects |
T1558.004
|
AS-REP Roasting
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1558.004
|
AS-REP Roasting
|
|
IA-05
|
Authenticator Management
| Protects |
T1558.004
|
AS-REP Roasting
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SI-12
|
Information Management and Retention
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SI-04
|
System Monitoring
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1558.004
|
AS-REP Roasting
|
|
AC-02
|
Account Management
| Protects |
T1559
|
Inter-Process Communication
|
|
AC-03
|
Access Enforcement
| Protects |
T1559
|
Inter-Process Communication
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1559
|
Inter-Process Communication
|
|
AC-05
|
Separation of Duties
| Protects |
T1559
|
Inter-Process Communication
|
|
AC-06
|
Least Privilege
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-06
|
Configuration Settings
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-07
|
Least Functionality
| Protects |
T1559
|
Inter-Process Communication
|
|
CM-08
|
System Component Inventory
| Protects |
T1559
|
Inter-Process Communication
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1559
|
Inter-Process Communication
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1559
|
Inter-Process Communication
|
|
SC-18
|
Mobile Code
| Protects |
T1559
|
Inter-Process Communication
|
|
SC-03
|
Security Function Isolation
| Protects |
T1559
|
Inter-Process Communication
|
|
SC-07
|
Boundary Protection
| Protects |
T1559
|
Inter-Process Communication
|
|
SI-02
|
Flaw Remediation
| Protects |
T1559
|
Inter-Process Communication
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1559
|
Inter-Process Communication
|
|
SI-04
|
System Monitoring
| Protects |
T1559
|
Inter-Process Communication
|
|
AC-02
|
Account Management
| Protects |
T1559.001
|
Component Object Model
|
|
AC-03
|
Access Enforcement
| Protects |
T1559.001
|
Component Object Model
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1559.001
|
Component Object Model
|
|
AC-05
|
Separation of Duties
| Protects |
T1559.001
|
Component Object Model
|
|
AC-06
|
Least Privilege
| Protects |
T1559.001
|
Component Object Model
|
|
CM-02
|
Baseline Configuration
| Protects |
T1559.001
|
Component Object Model
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1559.001
|
Component Object Model
|
|
CM-06
|
Configuration Settings
| Protects |
T1559.001
|
Component Object Model
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1559.001
|
Component Object Model
|
|
SC-18
|
Mobile Code
| Protects |
T1559.001
|
Component Object Model
|
|
SC-03
|
Security Function Isolation
| Protects |
T1559.001
|
Component Object Model
|
|
SC-07
|
Boundary Protection
| Protects |
T1559.001
|
Component Object Model
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1559.001
|
Component Object Model
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
AC-06
|
Least Privilege
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-02
|
Baseline Configuration
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-06
|
Configuration Settings
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-07
|
Least Functionality
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-08
|
System Component Inventory
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SC-18
|
Mobile Code
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SC-03
|
Security Function Isolation
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SC-07
|
Boundary Protection
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SI-02
|
Flaw Remediation
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
SI-04
|
System Monitoring
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1559.003
|
XPC Services
|
|
CM-06
|
Configuration Settings
| Protects |
T1559.003
|
XPC Services
|
|
CM-07
|
Least Functionality
| Protects |
T1559.003
|
XPC Services
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1559.003
|
XPC Services
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1559.003
|
XPC Services
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1559.003
|
XPC Services
|
|
SI-04
|
System Monitoring
| Protects |
T1559.003
|
XPC Services
|
|
CA-08
|
Penetration Testing
| Protects |
T1560
|
Archive Collected Data
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1560
|
Archive Collected Data
|
|
SC-07
|
Boundary Protection
| Protects |
T1560
|
Archive Collected Data
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1560
|
Archive Collected Data
|
|
SI-04
|
System Monitoring
| Protects |
T1560
|
Archive Collected Data
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.003
|
Impair Command History Logging
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.003
|
Impair Command History Logging
|
|
CM-07
|
Least Functionality
| Protects |
T1562.003
|
Impair Command History Logging
|
|
SI-04
|
System Monitoring
| Protects |
T1562.003
|
Impair Command History Logging
|
|
AC-02
|
Account Management
| Protects |
T1562.009
|
Safe Mode Boot
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.009
|
Safe Mode Boot
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.009
|
Safe Mode Boot
|
|
AC-06
|
Least Privilege
| Protects |
T1562.009
|
Safe Mode Boot
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1562.009
|
Safe Mode Boot
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.009
|
Safe Mode Boot
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.009
|
Safe Mode Boot
|
|
CM-07
|
Least Functionality
| Protects |
T1562.009
|
Safe Mode Boot
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.009
|
Safe Mode Boot
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1562.009
|
Safe Mode Boot
|
|
SC-23
|
Session Authenticity
| Protects |
T1562.009
|
Safe Mode Boot
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1562.009
|
Safe Mode Boot
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.009
|
Safe Mode Boot
|
|
AC-17
|
Remote Access
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CA-08
|
Penetration Testing
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
CM-08
|
System Component Inventory
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-04
|
Identifier Management
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-06
|
Authentication Feedback
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
AC-17
|
Remote Access
| Protects |
T1563.001
|
SSH Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1563.001
|
SSH Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1563.001
|
SSH Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1563.001
|
SSH Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1563.001
|
SSH Hijacking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1563.001
|
SSH Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1563.001
|
SSH Hijacking
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1563.001
|
SSH Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1563.001
|
SSH Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1563.001
|
SSH Hijacking
|
|
CM-08
|
System Component Inventory
| Protects |
T1563.001
|
SSH Hijacking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1563.001
|
SSH Hijacking
|
|
IA-05
|
Authenticator Management
| Protects |
T1563.001
|
SSH Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1563.001
|
SSH Hijacking
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1563.001
|
SSH Hijacking
|
|
SC-23
|
Session Authenticity
| Protects |
T1563.001
|
SSH Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1563.001
|
SSH Hijacking
|
|
AC-11
|
Device Lock
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-12
|
Session Termination
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-17
|
Remote Access
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1563.002
|
RDP Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-08
|
System Component Inventory
| Protects |
T1563.002
|
RDP Hijacking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1563.002
|
RDP Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1563.002
|
RDP Hijacking
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1563.002
|
RDP Hijacking
|
|
SC-07
|
Boundary Protection
| Protects |
T1563.002
|
RDP Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1563.002
|
RDP Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1564.002
|
Hidden Users
|
|
CM-07
|
Least Functionality
| Protects |
T1564.002
|
Hidden Users
|
|
SI-04
|
System Monitoring
| Protects |
T1564.002
|
Hidden Users
|
|
CM-07
|
Least Functionality
| Protects |
T1564.003
|
Hidden Window
|
|
SI-10
|
Information Input Validation
| Protects |
T1564.003
|
Hidden Window
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.003
|
Hidden Window
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1564.004
|
NTFS File Attributes
|
|
AC-03
|
Access Enforcement
| Protects |
T1564.004
|
NTFS File Attributes
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1564.004
|
NTFS File Attributes
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1564.004
|
NTFS File Attributes
|
|
SI-04
|
System Monitoring
| Protects |
T1564.004
|
NTFS File Attributes
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.004
|
NTFS File Attributes
|
|
CM-02
|
Baseline Configuration
| Protects |
T1564.006
|
Run Virtual Instance
|
|
CM-06
|
Configuration Settings
| Protects |
T1564.006
|
Run Virtual Instance
|
|
CM-07
|
Least Functionality
| Protects |
T1564.006
|
Run Virtual Instance
|
|
CM-08
|
System Component Inventory
| Protects |
T1564.006
|
Run Virtual Instance
|
|
SI-10
|
Information Input Validation
| Protects |
T1564.006
|
Run Virtual Instance
|
|
SI-04
|
System Monitoring
| Protects |
T1564.006
|
Run Virtual Instance
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.006
|
Run Virtual Instance
|
|
CM-02
|
Baseline Configuration
| Protects |
T1564.007
|
VBA Stomping
|
|
CM-06
|
Configuration Settings
| Protects |
T1564.007
|
VBA Stomping
|
|
CM-08
|
System Component Inventory
| Protects |
T1564.007
|
VBA Stomping
|
|
SI-04
|
System Monitoring
| Protects |
T1564.007
|
VBA Stomping
|
|
CM-11
|
User-installed Software
| Protects |
T1564.009
|
Resource Forking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1564.009
|
Resource Forking
|
|
CM-06
|
Configuration Settings
| Protects |
T1564.009
|
Resource Forking
|
|
CM-07
|
Least Functionality
| Protects |
T1564.009
|
Resource Forking
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1564.009
|
Resource Forking
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1564.009
|
Resource Forking
|
|
SC-44
|
Detonation Chambers
| Protects |
T1564.009
|
Resource Forking
|
|
SC-06
|
Resource Availability
| Protects |
T1564.009
|
Resource Forking
|
|
SI-10
|
Information Input Validation
| Protects |
T1564.009
|
Resource Forking
|
|
SI-15
|
Information Output Filtering
| Protects |
T1564.009
|
Resource Forking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1564.009
|
Resource Forking
|
|
SI-04
|
System Monitoring
| Protects |
T1564.009
|
Resource Forking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.009
|
Resource Forking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.010
|
Process Argument Spoofing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1564.010
|
Process Argument Spoofing
|
|
SI-04
|
System Monitoring
| Protects |
T1564.010
|
Process Argument Spoofing
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1565
|
Data Manipulation
|
|
AC-17
|
Remote Access
| Protects |
T1565
|
Data Manipulation
|
|
AC-18
|
Wireless Access
| Protects |
T1565
|
Data Manipulation
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1565
|
Data Manipulation
|
|
AC-20
|
Use of External Systems
| Protects |
T1565
|
Data Manipulation
|
|
AC-03
|
Access Enforcement
| Protects |
T1565
|
Data Manipulation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1565
|
Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1565
|
Data Manipulation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1565
|
Data Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1565
|
Data Manipulation
|
|
CM-07
|
Least Functionality
| Protects |
T1565
|
Data Manipulation
|
|
CM-08
|
System Component Inventory
| Protects |
T1565
|
Data Manipulation
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1565
|
Data Manipulation
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1565
|
Data Manipulation
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1565
|
Data Manipulation
|
|
CP-09
|
System Backup
| Protects |
T1565
|
Data Manipulation
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1565
|
Data Manipulation
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1565
|
Data Manipulation
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1565
|
Data Manipulation
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1565
|
Data Manipulation
|
|
SC-07
|
Boundary Protection
| Protects |
T1565
|
Data Manipulation
|
|
SI-12
|
Information Management and Retention
| Protects |
T1565
|
Data Manipulation
|
|
SI-16
|
Memory Protection
| Protects |
T1565
|
Data Manipulation
|
|
SI-23
|
Information Fragmentation
| Protects |
T1565
|
Data Manipulation
|
|
SI-04
|
System Monitoring
| Protects |
T1565
|
Data Manipulation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1565
|
Data Manipulation
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-17
|
Remote Access
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-18
|
Wireless Access
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-20
|
Use of External Systems
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-03
|
Access Enforcement
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CM-08
|
System Component Inventory
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
CP-09
|
System Backup
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SC-07
|
Boundary Protection
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SI-12
|
Information Management and Retention
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SI-16
|
Memory Protection
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SI-23
|
Information Fragmentation
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SI-04
|
System Monitoring
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1565.001
|
Stored Data Manipulation
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
AC-17
|
Remote Access
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
AC-18
|
Wireless Access
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
AC-20
|
Use of External Systems
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
CM-08
|
System Component Inventory
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
SI-12
|
Information Management and Retention
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
SI-04
|
System Monitoring
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1565.002
|
Transmitted Data Manipulation
|
|
AC-03
|
Access Enforcement
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
CM-07
|
Least Functionality
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
CP-09
|
System Backup
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SC-07
|
Boundary Protection
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SI-16
|
Memory Protection
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SI-04
|
System Monitoring
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1565.003
|
Runtime Data Manipulation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
CM-02
|
Baseline Configuration
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
CM-06
|
Configuration Settings
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SC-44
|
Detonation Chambers
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SC-07
|
Boundary Protection
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SI-02
|
Flaw Remediation
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SI-04
|
System Monitoring
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
SI-08
|
Spam Protection
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1566.003
|
Spearphishing via Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SC-44
|
Detonation Chambers
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SI-02
|
Flaw Remediation
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SI-04
|
System Monitoring
| Protects |
T1566.003
|
Spearphishing via Service
|
|
SI-08
|
Spam Protection
| Protects |
T1566.003
|
Spearphishing via Service
|
|
AC-20
|
Use of External Systems
| Protects |
T1567.001
|
Exfiltration to Code Repository
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1567.001
|
Exfiltration to Code Repository
|
|
SC-07
|
Boundary Protection
| Protects |
T1567.001
|
Exfiltration to Code Repository
|
|
AC-20
|
Use of External Systems
| Protects |
T1567.002
|
Exfiltration to Cloud Storage
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1567.002
|
Exfiltration to Cloud Storage
|
|
SC-07
|
Boundary Protection
| Protects |
T1567.002
|
Exfiltration to Cloud Storage
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1568
|
Dynamic Resolution
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1568
|
Dynamic Resolution
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1568
|
Dynamic Resolution
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1568
|
Dynamic Resolution
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1568
|
Dynamic Resolution
|
|
SC-07
|
Boundary Protection
| Protects |
T1568
|
Dynamic Resolution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1568
|
Dynamic Resolution
|
|
SI-04
|
System Monitoring
| Protects |
T1568
|
Dynamic Resolution
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SC-07
|
Boundary Protection
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
SI-04
|
System Monitoring
| Protects |
T1568.002
|
Domain Generation Algorithms
|
|
AC-02
|
Account Management
| Protects |
T1569
|
System Services
|
|
AC-03
|
Access Enforcement
| Protects |
T1569
|
System Services
|
|
AC-05
|
Separation of Duties
| Protects |
T1569
|
System Services
|
|
AC-06
|
Least Privilege
| Protects |
T1569
|
System Services
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1569
|
System Services
|
|
CM-11
|
User-installed Software
| Protects |
T1569
|
System Services
|
|
CM-02
|
Baseline Configuration
| Protects |
T1569
|
System Services
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1569
|
System Services
|
|
CM-06
|
Configuration Settings
| Protects |
T1569
|
System Services
|
|
CM-07
|
Least Functionality
| Protects |
T1569
|
System Services
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1569
|
System Services
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1569
|
System Services
|
|
SI-04
|
System Monitoring
| Protects |
T1569
|
System Services
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1569
|
System Services
|
|
AC-02
|
Account Management
| Protects |
T1569.001
|
Launchctl
|
|
AC-03
|
Access Enforcement
| Protects |
T1569.001
|
Launchctl
|
|
AC-05
|
Separation of Duties
| Protects |
T1569.001
|
Launchctl
|
|
AC-06
|
Least Privilege
| Protects |
T1569.001
|
Launchctl
|
|
CM-11
|
User-installed Software
| Protects |
T1569.001
|
Launchctl
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1569.001
|
Launchctl
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1569.001
|
Launchctl
|
|
AC-03
|
Access Enforcement
| Protects |
T1572
|
Protocol Tunneling
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1572
|
Protocol Tunneling
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1572
|
Protocol Tunneling
|
|
CM-02
|
Baseline Configuration
| Protects |
T1572
|
Protocol Tunneling
|
|
CM-06
|
Configuration Settings
| Protects |
T1572
|
Protocol Tunneling
|
|
CM-07
|
Least Functionality
| Protects |
T1572
|
Protocol Tunneling
|
|
SC-07
|
Boundary Protection
| Protects |
T1572
|
Protocol Tunneling
|
|
SI-10
|
Information Input Validation
| Protects |
T1572
|
Protocol Tunneling
|
|
SI-15
|
Information Output Filtering
| Protects |
T1572
|
Protocol Tunneling
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1572
|
Protocol Tunneling
|
|
SI-04
|
System Monitoring
| Protects |
T1572
|
Protocol Tunneling
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1573
|
Encrypted Channel
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1573
|
Encrypted Channel
|
|
CM-02
|
Baseline Configuration
| Protects |
T1573
|
Encrypted Channel
|
|
CM-06
|
Configuration Settings
| Protects |
T1573
|
Encrypted Channel
|
|
CM-07
|
Least Functionality
| Protects |
T1573
|
Encrypted Channel
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1573
|
Encrypted Channel
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| Protects |
T1573
|
Encrypted Channel
|
|
SC-23
|
Session Authenticity
| Protects |
T1573
|
Encrypted Channel
|
|
SC-07
|
Boundary Protection
| Protects |
T1573
|
Encrypted Channel
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1573
|
Encrypted Channel
|
|
SI-04
|
System Monitoring
| Protects |
T1573
|
Encrypted Channel
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
CM-02
|
Baseline Configuration
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
CM-06
|
Configuration Settings
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
CM-07
|
Least Functionality
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SC-23
|
Session Authenticity
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SC-07
|
Boundary Protection
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
SI-04
|
System Monitoring
| Protects |
T1573.001
|
Symmetric Cryptography
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
CM-02
|
Baseline Configuration
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
CM-06
|
Configuration Settings
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
CM-07
|
Least Functionality
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SC-23
|
Session Authenticity
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SC-07
|
Boundary Protection
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
SI-04
|
System Monitoring
| Protects |
T1573.002
|
Asymmetric Cryptography
|
|
AC-02
|
Account Management
| Protects |
T1574
|
Hijack Execution Flow
|
|
AC-03
|
Access Enforcement
| Protects |
T1574
|
Hijack Execution Flow
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574
|
Hijack Execution Flow
|
|
AC-05
|
Separation of Duties
| Protects |
T1574
|
Hijack Execution Flow
|
|
AC-06
|
Least Privilege
| Protects |
T1574
|
Hijack Execution Flow
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574
|
Hijack Execution Flow
|
|
CA-08
|
Penetration Testing
| Protects |
T1574
|
Hijack Execution Flow
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574
|
Hijack Execution Flow
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1574
|
Hijack Execution Flow
|
|
CM-06
|
Configuration Settings
| Protects |
T1574
|
Hijack Execution Flow
|
|
CM-07
|
Least Functionality
| Protects |
T1574
|
Hijack Execution Flow
|
|
CM-08
|
System Component Inventory
| Protects |
T1574
|
Hijack Execution Flow
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1574
|
Hijack Execution Flow
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574
|
Hijack Execution Flow
|
|
SI-10
|
Information Input Validation
| Protects |
T1574
|
Hijack Execution Flow
|
|
SI-02
|
Flaw Remediation
| Protects |
T1574
|
Hijack Execution Flow
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574
|
Hijack Execution Flow
|
|
SI-04
|
System Monitoring
| Protects |
T1574
|
Hijack Execution Flow
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574
|
Hijack Execution Flow
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-16
|
Developer-provided Training
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-04
|
Acquisition Process
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SI-02
|
Flaw Remediation
| Protects |
T1574.002
|
DLL Side-Loading
|
|
AC-02
|
Account Management
| Protects |
T1574.004
|
Dylib Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.004
|
Dylib Hijacking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.004
|
Dylib Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.004
|
Dylib Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1574.004
|
Dylib Hijacking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574.004
|
Dylib Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.004
|
Dylib Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.004
|
Dylib Hijacking
|
|
CM-08
|
System Component Inventory
| Protects |
T1574.004
|
Dylib Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.004
|
Dylib Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.004
|
Dylib Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1574.004
|
Dylib Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.004
|
Dylib Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
AC-06
|
Least Privilege
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
SI-04
|
System Monitoring
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.006
|
Dynamic Linker Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1574.006
|
Dynamic Linker Hijacking
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.006
|
Dynamic Linker Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.006
|
Dynamic Linker Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
AC-06
|
Least Privilege
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CM-07
|
Least Functionality
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CM-08
|
System Component Inventory
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
SI-04
|
System Monitoring
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
AC-02
|
Account Management
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
AC-06
|
Least Privilege
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CM-07
|
Least Functionality
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
CM-08
|
System Component Inventory
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
SI-04
|
System Monitoring
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
AC-02
|
Account Management
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
AC-06
|
Least Privilege
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
SI-04
|
System Monitoring
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
AC-06
|
Least Privilege
| Protects |
T1574.011
|
Services Registry Permissions Weakness
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1574.011
|
Services Registry Permissions Weakness
|
|
AC-02
|
Account Management
| Protects |
T1574.012
|
COR_PROFILER
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.012
|
COR_PROFILER
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.012
|
COR_PROFILER
|
|
AC-06
|
Least Privilege
| Protects |
T1574.012
|
COR_PROFILER
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1574.012
|
COR_PROFILER
|
|
CM-07
|
Least Functionality
| Protects |
T1574.012
|
COR_PROFILER
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1574.012
|
COR_PROFILER
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.012
|
COR_PROFILER
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.012
|
COR_PROFILER
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.013
|
KernelCallbackTable
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574.013
|
KernelCallbackTable
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.013
|
KernelCallbackTable
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.013
|
KernelCallbackTable
|
|
SI-02
|
Flaw Remediation
| Protects |
T1574.013
|
KernelCallbackTable
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.013
|
KernelCallbackTable
|
|
SI-04
|
System Monitoring
| Protects |
T1574.013
|
KernelCallbackTable
|
|
AC-02
|
Account Management
| Protects |
T1578.001
|
Create Snapshot
|
|
AC-03
|
Access Enforcement
| Protects |
T1578.001
|
Create Snapshot
|
|
AC-05
|
Separation of Duties
| Protects |
T1578.001
|
Create Snapshot
|
|
AC-06
|
Least Privilege
| Protects |
T1578.001
|
Create Snapshot
|
|
CA-08
|
Penetration Testing
| Protects |
T1578.001
|
Create Snapshot
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-04
|
Identifier Management
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-06
|
Authentication Feedback
| Protects |
T1578.001
|
Create Snapshot
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.001
|
Create Snapshot
|
|
SI-04
|
System Monitoring
| Protects |
T1578.001
|
Create Snapshot
|
|
AC-02
|
Account Management
| Protects |
T1578.002
|
Create Cloud Instance
|
|
AC-03
|
Access Enforcement
| Protects |
T1578.002
|
Create Cloud Instance
|
|
AC-05
|
Separation of Duties
| Protects |
T1578.002
|
Create Cloud Instance
|
|
AC-06
|
Least Privilege
| Protects |
T1578.002
|
Create Cloud Instance
|
|
CA-08
|
Penetration Testing
| Protects |
T1578.002
|
Create Cloud Instance
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-04
|
Identifier Management
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-06
|
Authentication Feedback
| Protects |
T1578.002
|
Create Cloud Instance
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.002
|
Create Cloud Instance
|
|
SI-04
|
System Monitoring
| Protects |
T1578.002
|
Create Cloud Instance
|
|
AC-02
|
Account Management
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
AC-03
|
Access Enforcement
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
AC-05
|
Separation of Duties
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
AC-06
|
Least Privilege
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
CA-08
|
Penetration Testing
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-04
|
Identifier Management
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-06
|
Authentication Feedback
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
SI-04
|
System Monitoring
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
AC-02
|
Account Management
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
AC-03
|
Access Enforcement
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
AC-05
|
Separation of Duties
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
AC-06
|
Least Privilege
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
AC-20
|
Use of External Systems
| Protects |
T1583.007
|
Serverless
|
|
SC-07
|
Boundary Protection
| Protects |
T1583.007
|
Serverless
|
|
AC-20
|
Use of External Systems
| Protects |
T1584.004
|
Server
|
|
SC-07
|
Boundary Protection
| Protects |
T1584.004
|
Server
|
|
AC-02
|
Account Management
| Protects |
T1585.003
|
Cloud Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1585.003
|
Cloud Accounts
|
|
AC-02
|
Account Management
| Protects |
T1586.003
|
Cloud Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1586.003
|
Cloud Accounts
|
|
CM-08
|
System Component Inventory
| Protects |
T1593.003
|
Code Repositories
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1595.003
|
Wordlist Scanning
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1598.001
|
Spearphishing Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1598.001
|
Spearphishing Service
|
|
SC-44
|
Detonation Chambers
| Protects |
T1598.001
|
Spearphishing Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1598.001
|
Spearphishing Service
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1598.001
|
Spearphishing Service
|
|
SI-04
|
System Monitoring
| Protects |
T1598.001
|
Spearphishing Service
|
|
SI-08
|
Spam Protection
| Protects |
T1598.001
|
Spearphishing Service
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
CM-02
|
Baseline Configuration
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
CM-06
|
Configuration Settings
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SC-44
|
Detonation Chambers
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SC-07
|
Boundary Protection
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SI-04
|
System Monitoring
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
SI-08
|
Spam Protection
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
AC-02
|
Account Management
| Protects |
T1599
|
Network Boundary Bridging
|
|
AC-03
|
Access Enforcement
| Protects |
T1599
|
Network Boundary Bridging
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1599
|
Network Boundary Bridging
|
|
AC-05
|
Separation of Duties
| Protects |
T1599
|
Network Boundary Bridging
|
|
AC-06
|
Least Privilege
| Protects |
T1599
|
Network Boundary Bridging
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1599
|
Network Boundary Bridging
|
|
CM-02
|
Baseline Configuration
| Protects |
T1599
|
Network Boundary Bridging
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1599
|
Network Boundary Bridging
|
|
CM-06
|
Configuration Settings
| Protects |
T1599
|
Network Boundary Bridging
|
|
CM-07
|
Least Functionality
| Protects |
T1599
|
Network Boundary Bridging
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1599
|
Network Boundary Bridging
|
|
IA-05
|
Authenticator Management
| Protects |
T1599
|
Network Boundary Bridging
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1599
|
Network Boundary Bridging
|
|
SC-07
|
Boundary Protection
| Protects |
T1599
|
Network Boundary Bridging
|
|
SI-10
|
Information Input Validation
| Protects |
T1599
|
Network Boundary Bridging
|
|
SI-15
|
Information Output Filtering
| Protects |
T1599
|
Network Boundary Bridging
|
|
SI-04
|
System Monitoring
| Protects |
T1599
|
Network Boundary Bridging
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1599
|
Network Boundary Bridging
|
|
AC-02
|
Account Management
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
AC-03
|
Access Enforcement
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
AC-05
|
Separation of Duties
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
AC-06
|
Least Privilege
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
CM-02
|
Baseline Configuration
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
CM-06
|
Configuration Settings
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
CM-07
|
Least Functionality
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
IA-05
|
Authenticator Management
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SC-07
|
Boundary Protection
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SI-10
|
Information Input Validation
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SI-15
|
Information Output Filtering
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SI-04
|
System Monitoring
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
AC-02
|
Account Management
| Protects |
T1601
|
Modify System Image
|
|
AC-03
|
Access Enforcement
| Protects |
T1601
|
Modify System Image
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1601
|
Modify System Image
|
|
AC-05
|
Separation of Duties
| Protects |
T1601
|
Modify System Image
|
|
AC-06
|
Least Privilege
| Protects |
T1601
|
Modify System Image
|
|
CA-08
|
Penetration Testing
| Protects |
T1601
|
Modify System Image
|
|
CM-02
|
Baseline Configuration
| Protects |
T1601
|
Modify System Image
|
|
CM-03
|
Configuration Change Control
| Protects |
T1601
|
Modify System Image
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1601
|
Modify System Image
|
|
CM-06
|
Configuration Settings
| Protects |
T1601
|
Modify System Image
|
|
CM-07
|
Least Functionality
| Protects |
T1601
|
Modify System Image
|
|
CM-08
|
System Component Inventory
| Protects |
T1601
|
Modify System Image
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1601
|
Modify System Image
|
|
IA-05
|
Authenticator Management
| Protects |
T1601
|
Modify System Image
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1601
|
Modify System Image
|
|
RA-09
|
Criticality Analysis
| Protects |
T1601
|
Modify System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601
|
Modify System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601
|
Modify System Image
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1601
|
Modify System Image
|
|
SI-02
|
Flaw Remediation
| Protects |
T1601
|
Modify System Image
|
|
SI-04
|
System Monitoring
| Protects |
T1601
|
Modify System Image
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1601
|
Modify System Image
|
|
SR-11
|
Component Authenticity
| Protects |
T1601
|
Modify System Image
|
|
SR-04
|
Provenance
| Protects |
T1601
|
Modify System Image
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1601
|
Modify System Image
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1601
|
Modify System Image
|
|
AC-02
|
Account Management
| Protects |
T1601.001
|
Patch System Image
|
|
AC-03
|
Access Enforcement
| Protects |
T1601.001
|
Patch System Image
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1601.001
|
Patch System Image
|
|
AC-05
|
Separation of Duties
| Protects |
T1601.001
|
Patch System Image
|
|
AC-06
|
Least Privilege
| Protects |
T1601.001
|
Patch System Image
|
|
CA-08
|
Penetration Testing
| Protects |
T1601.001
|
Patch System Image
|
|
CM-02
|
Baseline Configuration
| Protects |
T1601.001
|
Patch System Image
|
|
CM-03
|
Configuration Change Control
| Protects |
T1601.001
|
Patch System Image
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1601.001
|
Patch System Image
|
|
CM-06
|
Configuration Settings
| Protects |
T1601.001
|
Patch System Image
|
|
CM-07
|
Least Functionality
| Protects |
T1601.001
|
Patch System Image
|
|
CM-08
|
System Component Inventory
| Protects |
T1601.001
|
Patch System Image
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1601.001
|
Patch System Image
|
|
IA-05
|
Authenticator Management
| Protects |
T1601.001
|
Patch System Image
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1601.001
|
Patch System Image
|
|
RA-09
|
Criticality Analysis
| Protects |
T1601.001
|
Patch System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601.001
|
Patch System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601.001
|
Patch System Image
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1601.001
|
Patch System Image
|
|
SI-02
|
Flaw Remediation
| Protects |
T1601.001
|
Patch System Image
|
|
SI-04
|
System Monitoring
| Protects |
T1601.001
|
Patch System Image
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1601.001
|
Patch System Image
|
|
SR-11
|
Component Authenticity
| Protects |
T1601.001
|
Patch System Image
|
|
SR-04
|
Provenance
| Protects |
T1601.001
|
Patch System Image
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1601.001
|
Patch System Image
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1601.001
|
Patch System Image
|
|
AC-02
|
Account Management
| Protects |
T1601.002
|
Downgrade System Image
|
|
AC-03
|
Access Enforcement
| Protects |
T1601.002
|
Downgrade System Image
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1601.002
|
Downgrade System Image
|
|
AC-05
|
Separation of Duties
| Protects |
T1601.002
|
Downgrade System Image
|
|
AC-06
|
Least Privilege
| Protects |
T1601.002
|
Downgrade System Image
|
|
CA-08
|
Penetration Testing
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-02
|
Baseline Configuration
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-03
|
Configuration Change Control
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-06
|
Configuration Settings
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-07
|
Least Functionality
| Protects |
T1601.002
|
Downgrade System Image
|
|
CM-08
|
System Component Inventory
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-05
|
Authenticator Management
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1601.002
|
Downgrade System Image
|
|
RA-09
|
Criticality Analysis
| Protects |
T1601.002
|
Downgrade System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601.002
|
Downgrade System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601.002
|
Downgrade System Image
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1601.002
|
Downgrade System Image
|
|
SI-02
|
Flaw Remediation
| Protects |
T1601.002
|
Downgrade System Image
|
|
SI-04
|
System Monitoring
| Protects |
T1601.002
|
Downgrade System Image
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1601.002
|
Downgrade System Image
|
|
SR-11
|
Component Authenticity
| Protects |
T1601.002
|
Downgrade System Image
|
|
SR-04
|
Provenance
| Protects |
T1601.002
|
Downgrade System Image
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1601.002
|
Downgrade System Image
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1601.002
|
Downgrade System Image
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-17
|
Remote Access
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-18
|
Wireless Access
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-20
|
Use of External Systems
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-03
|
Access Enforcement
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1602
|
Data from Configuration Repository
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1602
|
Data from Configuration Repository
|
|
CM-02
|
Baseline Configuration
| Protects |
T1602
|
Data from Configuration Repository
|
|
CM-06
|
Configuration Settings
| Protects |
T1602
|
Data from Configuration Repository
|
|
CM-07
|
Least Functionality
| Protects |
T1602
|
Data from Configuration Repository
|
|
CM-08
|
System Component Inventory
| Protects |
T1602
|
Data from Configuration Repository
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1602
|
Data from Configuration Repository
|
|
IA-04
|
Identifier Management
| Protects |
T1602
|
Data from Configuration Repository
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1602
|
Data from Configuration Repository
|
|
SC-03
|
Security Function Isolation
| Protects |
T1602
|
Data from Configuration Repository
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1602
|
Data from Configuration Repository
|
|
SC-07
|
Boundary Protection
| Protects |
T1602
|
Data from Configuration Repository
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-10
|
Information Input Validation
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-12
|
Information Management and Retention
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-15
|
Information Output Filtering
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-04
|
System Monitoring
| Protects |
T1602
|
Data from Configuration Repository
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1602
|
Data from Configuration Repository
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-17
|
Remote Access
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-18
|
Wireless Access
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-20
|
Use of External Systems
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-03
|
Access Enforcement
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
CM-02
|
Baseline Configuration
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
CM-06
|
Configuration Settings
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
CM-07
|
Least Functionality
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
CM-08
|
System Component Inventory
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
IA-04
|
Identifier Management
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SC-03
|
Security Function Isolation
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SC-07
|
Boundary Protection
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-10
|
Information Input Validation
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-12
|
Information Management and Retention
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-15
|
Information Output Filtering
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-04
|
System Monitoring
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-17
|
Remote Access
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-18
|
Wireless Access
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-20
|
Use of External Systems
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-03
|
Access Enforcement
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
CM-02
|
Baseline Configuration
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
CM-06
|
Configuration Settings
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
CM-07
|
Least Functionality
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
CM-08
|
System Component Inventory
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
IA-04
|
Identifier Management
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SC-03
|
Security Function Isolation
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SC-07
|
Boundary Protection
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-10
|
Information Input Validation
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-12
|
Information Management and Retention
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-15
|
Information Output Filtering
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-04
|
System Monitoring
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
AC-02
|
Account Management
| Protects |
T1606.001
|
Web Cookies
|
|
AC-03
|
Access Enforcement
| Protects |
T1606.001
|
Web Cookies
|
|
AC-06
|
Least Privilege
| Protects |
T1606.001
|
Web Cookies
|
|
SI-02
|
Flaw Remediation
| Protects |
T1606.001
|
Web Cookies
|
|
AC-02
|
Account Management
| Protects |
T1606.002
|
SAML Tokens
|
|
AC-03
|
Access Enforcement
| Protects |
T1606.002
|
SAML Tokens
|
|
AC-06
|
Least Privilege
| Protects |
T1606.002
|
SAML Tokens
|
|
AC-17
|
Remote Access
| Protects |
T1610
|
Deploy Container
|
|
AC-02
|
Account Management
| Protects |
T1610
|
Deploy Container
|
|
AC-03
|
Access Enforcement
| Protects |
T1610
|
Deploy Container
|
|
AC-06
|
Least Privilege
| Protects |
T1610
|
Deploy Container
|
|
CM-06
|
Configuration Settings
| Protects |
T1610
|
Deploy Container
|
|
CM-07
|
Least Functionality
| Protects |
T1610
|
Deploy Container
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1610
|
Deploy Container
|
|
SC-07
|
Boundary Protection
| Protects |
T1610
|
Deploy Container
|
|
SI-04
|
System Monitoring
| Protects |
T1610
|
Deploy Container
|
|
AC-17
|
Remote Access
| Protects |
T1613
|
Container and Resource Discovery
|
|
AC-02
|
Account Management
| Protects |
T1613
|
Container and Resource Discovery
|
|
AC-03
|
Access Enforcement
| Protects |
T1613
|
Container and Resource Discovery
|
|
AC-06
|
Least Privilege
| Protects |
T1613
|
Container and Resource Discovery
|
|
CM-06
|
Configuration Settings
| Protects |
T1613
|
Container and Resource Discovery
|
|
CM-07
|
Least Functionality
| Protects |
T1613
|
Container and Resource Discovery
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1613
|
Container and Resource Discovery
|
|
SC-43
|
Usage Restrictions
| Protects |
T1613
|
Container and Resource Discovery
|
|
SC-07
|
Boundary Protection
| Protects |
T1613
|
Container and Resource Discovery
|
|
SI-04
|
System Monitoring
| Protects |
T1613
|
Container and Resource Discovery
|
|
AC-17
|
Remote Access
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
AC-02
|
Account Management
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
AC-03
|
Access Enforcement
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
AC-05
|
Separation of Duties
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
AC-06
|
Least Privilege
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
AC-03
|
Access Enforcement
| Protects |
T1622
|
Debugger Evasion
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1622
|
Debugger Evasion
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1622
|
Debugger Evasion
|
|
CM-02
|
Baseline Configuration
| Protects |
T1622
|
Debugger Evasion
|
|
CM-06
|
Configuration Settings
| Protects |
T1622
|
Debugger Evasion
|
|
CM-07
|
Least Functionality
| Protects |
T1622
|
Debugger Evasion
|
|
CM-08
|
System Component Inventory
| Protects |
T1622
|
Debugger Evasion
|
|
SC-23
|
Session Authenticity
| Protects |
T1622
|
Debugger Evasion
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1622
|
Debugger Evasion
|
|
SC-07
|
Boundary Protection
| Protects |
T1622
|
Debugger Evasion
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1622
|
Debugger Evasion
|
|
SI-10
|
Information Input Validation
| Protects |
T1622
|
Debugger Evasion
|
|
SI-15
|
Information Output Filtering
| Protects |
T1622
|
Debugger Evasion
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1622
|
Debugger Evasion
|
|
SI-04
|
System Monitoring
| Protects |
T1622
|
Debugger Evasion
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1647
|
Plist File Modification
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1647
|
Plist File Modification
|
|
AC-17
|
Remote Access
| Protects |
T1647
|
Plist File Modification
|
|
AC-03
|
Access Enforcement
| Protects |
T1647
|
Plist File Modification
|
|
AC-06
|
Least Privilege
| Protects |
T1647
|
Plist File Modification
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1647
|
Plist File Modification
|
|
CM-02
|
Baseline Configuration
| Protects |
T1647
|
Plist File Modification
|
|
CM-03
|
Configuration Change Control
| Protects |
T1647
|
Plist File Modification
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1647
|
Plist File Modification
|
|
CM-06
|
Configuration Settings
| Protects |
T1647
|
Plist File Modification
|
|
CM-07
|
Least Functionality
| Protects |
T1647
|
Plist File Modification
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1647
|
Plist File Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1647
|
Plist File Modification
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1647
|
Plist File Modification
|
|
SI-04
|
System Monitoring
| Protects |
T1647
|
Plist File Modification
|
|
AC-02
|
Account Management
| Protects |
T1648
|
Serverless Execution
|
|
AC-03
|
Access Enforcement
| Protects |
T1648
|
Serverless Execution
|
|
AC-06
|
Least Privilege
| Protects |
T1648
|
Serverless Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1648
|
Serverless Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1648
|
Serverless Execution
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1648
|
Serverless Execution
|
|
SC-07
|
Boundary Protection
| Protects |
T1648
|
Serverless Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1648
|
Serverless Execution
|
|
AC-02
|
Account Management
| Protects |
T1654
|
Log Enumeration
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1649
|
Steal or Forge Authentication Certificates
|
|
IA-05
|
Authenticator Management
| Protects |
T1649
|
Steal or Forge Authentication Certificates
|
|
AC-02
|
Account Management
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
AC-06
|
Least Privilege
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
IA-05
|
Authenticator Management
| Protects |
T1621
|
Multi-Factor Authentication Request Generation
|
|
AC-17
|
Remote Access
| Protects |
T1612
|
Build Image on Host
|
|
AC-02
|
Account Management
| Protects |
T1612
|
Build Image on Host
|
|
AC-03
|
Access Enforcement
| Protects |
T1612
|
Build Image on Host
|
|
AC-06
|
Least Privilege
| Protects |
T1612
|
Build Image on Host
|
|
CA-08
|
Penetration Testing
| Protects |
T1612
|
Build Image on Host
|
|
CM-06
|
Configuration Settings
| Protects |
T1612
|
Build Image on Host
|
|
CM-07
|
Least Functionality
| Protects |
T1612
|
Build Image on Host
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1612
|
Build Image on Host
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1612
|
Build Image on Host
|
|
SC-07
|
Boundary Protection
| Protects |
T1612
|
Build Image on Host
|
|
SI-04
|
System Monitoring
| Protects |
T1612
|
Build Image on Host
|
|
AC-02
|
Account Management
| Protects |
T1606
|
Forge Web Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1606
|
Forge Web Credentials
|
|
AC-05
|
Separation of Duties
| Protects |
T1606
|
Forge Web Credentials
|
|
AC-06
|
Least Privilege
| Protects |
T1606
|
Forge Web Credentials
|
|
SC-17
|
Public Key Infrastructure Certificates
| Protects |
T1606
|
Forge Web Credentials
|
|
SI-02
|
Flaw Remediation
| Protects |
T1606
|
Forge Web Credentials
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1598.003
|
Spearphishing Link
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1598.003
|
Spearphishing Link
|
|
CM-02
|
Baseline Configuration
| Protects |
T1598.003
|
Spearphishing Link
|
|
CM-06
|
Configuration Settings
| Protects |
T1598.003
|
Spearphishing Link
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1598.003
|
Spearphishing Link
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1598.003
|
Spearphishing Link
|
|
SC-44
|
Detonation Chambers
| Protects |
T1598.003
|
Spearphishing Link
|
|
SC-07
|
Boundary Protection
| Protects |
T1598.003
|
Spearphishing Link
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1598.003
|
Spearphishing Link
|
|
SI-04
|
System Monitoring
| Protects |
T1598.003
|
Spearphishing Link
|
|
SI-08
|
Spam Protection
| Protects |
T1598.003
|
Spearphishing Link
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1598
|
Phishing for Information
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1598
|
Phishing for Information
|
|
CM-02
|
Baseline Configuration
| Protects |
T1598
|
Phishing for Information
|
|
CM-06
|
Configuration Settings
| Protects |
T1598
|
Phishing for Information
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1598
|
Phishing for Information
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1598
|
Phishing for Information
|
|
SC-44
|
Detonation Chambers
| Protects |
T1598
|
Phishing for Information
|
|
SC-07
|
Boundary Protection
| Protects |
T1598
|
Phishing for Information
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1598
|
Phishing for Information
|
|
SI-04
|
System Monitoring
| Protects |
T1598
|
Phishing for Information
|
|
SI-08
|
Spam Protection
| Protects |
T1598
|
Phishing for Information
|
|
AC-02
|
Account Management
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
AC-03
|
Access Enforcement
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
AC-05
|
Separation of Duties
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
AC-06
|
Least Privilege
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CA-08
|
Penetration Testing
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CM-02
|
Baseline Configuration
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CM-06
|
Configuration Settings
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CM-07
|
Least Functionality
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CM-08
|
System Component Inventory
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
SI-10
|
Information Input Validation
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
SI-04
|
System Monitoring
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1571
|
Non-Standard Port
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1571
|
Non-Standard Port
|
|
CM-02
|
Baseline Configuration
| Protects |
T1571
|
Non-Standard Port
|
|
CM-06
|
Configuration Settings
| Protects |
T1571
|
Non-Standard Port
|
|
CM-07
|
Least Functionality
| Protects |
T1571
|
Non-Standard Port
|
|
SC-07
|
Boundary Protection
| Protects |
T1571
|
Non-Standard Port
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1571
|
Non-Standard Port
|
|
SI-04
|
System Monitoring
| Protects |
T1571
|
Non-Standard Port
|
|
AC-03
|
Access Enforcement
| Protects |
T1570
|
Lateral Tool Transfer
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1570
|
Lateral Tool Transfer
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1570
|
Lateral Tool Transfer
|
|
CM-02
|
Baseline Configuration
| Protects |
T1570
|
Lateral Tool Transfer
|
|
CM-06
|
Configuration Settings
| Protects |
T1570
|
Lateral Tool Transfer
|
|
CM-07
|
Least Functionality
| Protects |
T1570
|
Lateral Tool Transfer
|
|
SC-07
|
Boundary Protection
| Protects |
T1570
|
Lateral Tool Transfer
|
|
SI-10
|
Information Input Validation
| Protects |
T1570
|
Lateral Tool Transfer
|
|
SI-15
|
Information Output Filtering
| Protects |
T1570
|
Lateral Tool Transfer
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1570
|
Lateral Tool Transfer
|
|
SI-04
|
System Monitoring
| Protects |
T1570
|
Lateral Tool Transfer
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1566.002
|
Spearphishing Link
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1566.002
|
Spearphishing Link
|
|
CM-02
|
Baseline Configuration
| Protects |
T1566.002
|
Spearphishing Link
|
|
CM-06
|
Configuration Settings
| Protects |
T1566.002
|
Spearphishing Link
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1566.002
|
Spearphishing Link
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1566.002
|
Spearphishing Link
|
|
SC-44
|
Detonation Chambers
| Protects |
T1566.002
|
Spearphishing Link
|
|
SC-07
|
Boundary Protection
| Protects |
T1566.002
|
Spearphishing Link
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1566.002
|
Spearphishing Link
|
|
SI-04
|
System Monitoring
| Protects |
T1566.002
|
Spearphishing Link
|
|
SI-08
|
Spam Protection
| Protects |
T1566.002
|
Spearphishing Link
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1566
|
Phishing
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1566
|
Phishing
|
|
CM-02
|
Baseline Configuration
| Protects |
T1566
|
Phishing
|
|
CM-06
|
Configuration Settings
| Protects |
T1566
|
Phishing
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1566
|
Phishing
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1566
|
Phishing
|
|
SC-44
|
Detonation Chambers
| Protects |
T1566
|
Phishing
|
|
SC-07
|
Boundary Protection
| Protects |
T1566
|
Phishing
|
|
SI-02
|
Flaw Remediation
| Protects |
T1566
|
Phishing
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1566
|
Phishing
|
|
SI-04
|
System Monitoring
| Protects |
T1566
|
Phishing
|
|
SI-08
|
Spam Protection
| Protects |
T1566
|
Phishing
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1564.008
|
Email Hiding Rules
|
|
CM-03
|
Configuration Change Control
| Protects |
T1564.008
|
Email Hiding Rules
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1564.008
|
Email Hiding Rules
|
|
CM-07
|
Least Functionality
| Protects |
T1564.008
|
Email Hiding Rules
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1564.008
|
Email Hiding Rules
|
|
SI-04
|
System Monitoring
| Protects |
T1564.008
|
Email Hiding Rules
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1564.008
|
Email Hiding Rules
|
|
CM-03
|
Configuration Change Control
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
AC-06
|
Least Privilege
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
AC-02
|
Account Management
| Protects |
T1562.008
|
Disable or Modify Cloud Logs
|
|
AC-02
|
Account Management
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
AC-06
|
Least Privilege
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
AC-02
|
Account Management
| Protects |
T1562.006
|
Indicator Blocking
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.006
|
Indicator Blocking
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.006
|
Indicator Blocking
|
|
AC-06
|
Least Privilege
| Protects |
T1562.006
|
Indicator Blocking
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1562.006
|
Indicator Blocking
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1562.006
|
Indicator Blocking
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.006
|
Indicator Blocking
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.006
|
Indicator Blocking
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.006
|
Indicator Blocking
|
|
CM-07
|
Least Functionality
| Protects |
T1562.006
|
Indicator Blocking
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.006
|
Indicator Blocking
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1562.006
|
Indicator Blocking
|
|
SC-23
|
Session Authenticity
| Protects |
T1562.006
|
Indicator Blocking
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1562.006
|
Indicator Blocking
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562.006
|
Indicator Blocking
|
|
SI-04
|
System Monitoring
| Protects |
T1562.006
|
Indicator Blocking
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.006
|
Indicator Blocking
|
|
AC-02
|
Account Management
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
AC-06
|
Least Privilege
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
CM-07
|
Least Functionality
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
SI-04
|
System Monitoring
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
AC-02
|
Account Management
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
AC-06
|
Least Privilege
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
CM-07
|
Least Functionality
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
SI-04
|
System Monitoring
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1562
|
Impair Defenses
|
|
AC-03
|
Access Enforcement
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
AC-06
|
Least Privilege
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
CM-02
|
Baseline Configuration
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
CP-02
|
Contingency Plan
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
CP-09
|
System Backup
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
SI-04
|
System Monitoring
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1561.002
|
Disk Structure Wipe
|
|
AC-03
|
Access Enforcement
| Protects |
T1561.001
|
Disk Content Wipe
|
|
AC-06
|
Least Privilege
| Protects |
T1561.001
|
Disk Content Wipe
|
|
CM-02
|
Baseline Configuration
| Protects |
T1561.001
|
Disk Content Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1561.001
|
Disk Content Wipe
|
|
CP-02
|
Contingency Plan
| Protects |
T1561.001
|
Disk Content Wipe
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1561.001
|
Disk Content Wipe
|
|
CP-09
|
System Backup
| Protects |
T1561.001
|
Disk Content Wipe
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1561.001
|
Disk Content Wipe
|
|
SI-04
|
System Monitoring
| Protects |
T1561.001
|
Disk Content Wipe
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1561.001
|
Disk Content Wipe
|
|
AC-03
|
Access Enforcement
| Protects |
T1561
|
Disk Wipe
|
|
AC-06
|
Least Privilege
| Protects |
T1561
|
Disk Wipe
|
|
CM-02
|
Baseline Configuration
| Protects |
T1561
|
Disk Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1561
|
Disk Wipe
|
|
CP-02
|
Contingency Plan
| Protects |
T1561
|
Disk Wipe
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1561
|
Disk Wipe
|
|
CP-09
|
System Backup
| Protects |
T1561
|
Disk Wipe
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1561
|
Disk Wipe
|
|
SI-04
|
System Monitoring
| Protects |
T1561
|
Disk Wipe
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1561
|
Disk Wipe
|
|
CA-08
|
Penetration Testing
| Protects |
T1560.001
|
Archive via Utility
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1560.001
|
Archive via Utility
|
|
SC-07
|
Boundary Protection
| Protects |
T1560.001
|
Archive via Utility
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1560.001
|
Archive via Utility
|
|
SI-04
|
System Monitoring
| Protects |
T1560.001
|
Archive via Utility
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-17
|
Remote Access
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-18
|
Wireless Access
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-20
|
Use of External Systems
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-03
|
Access Enforcement
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CM-02
|
Baseline Configuration
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CM-06
|
Configuration Settings
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CM-07
|
Least Functionality
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CM-08
|
System Component Inventory
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SC-23
|
Session Authenticity
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SC-07
|
Boundary Protection
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-10
|
Information Input Validation
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-12
|
Information Management and Retention
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-15
|
Information Output Filtering
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-04
|
System Monitoring
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
CA-08
|
Penetration Testing
| Protects |
T1554
|
Compromise Client Software Binary
|
|
CM-02
|
Baseline Configuration
| Protects |
T1554
|
Compromise Client Software Binary
|
|
CM-06
|
Configuration Settings
| Protects |
T1554
|
Compromise Client Software Binary
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1554
|
Compromise Client Software Binary
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1554
|
Compromise Client Software Binary
|
|
SR-11
|
Component Authenticity
| Protects |
T1554
|
Compromise Client Software Binary
|
|
SR-04
|
Provenance
| Protects |
T1554
|
Compromise Client Software Binary
|
|
SR-05
|
Acquisition Strategies, Tools, and Methods
| Protects |
T1554
|
Compromise Client Software Binary
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1554
|
Compromise Client Software Binary
|
|
CM-02
|
Baseline Configuration
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
CM-06
|
Configuration Settings
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
CM-07
|
Least Functionality
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
SI-10
|
Information Input Validation
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
SI-04
|
System Monitoring
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1553.005
|
Mark-of-the-Web Bypass
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1552.004
|
Private Keys
|
|
AC-17
|
Remote Access
| Protects |
T1552.004
|
Private Keys
|
|
AC-18
|
Wireless Access
| Protects |
T1552.004
|
Private Keys
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1552.004
|
Private Keys
|
|
AC-02
|
Account Management
| Protects |
T1552.004
|
Private Keys
|
|
AC-20
|
Use of External Systems
| Protects |
T1552.004
|
Private Keys
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1552.004
|
Private Keys
|
|
CA-08
|
Penetration Testing
| Protects |
T1552.004
|
Private Keys
|
|
CM-02
|
Baseline Configuration
| Protects |
T1552.004
|
Private Keys
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.004
|
Private Keys
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552.004
|
Private Keys
|
|
IA-05
|
Authenticator Management
| Protects |
T1552.004
|
Private Keys
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.004
|
Private Keys
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.004
|
Private Keys
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.004
|
Private Keys
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1552.004
|
Private Keys
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1552.004
|
Private Keys
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1552.004
|
Private Keys
|
|
SC-07
|
Boundary Protection
| Protects |
T1552.004
|
Private Keys
|
|
SI-12
|
Information Management and Retention
| Protects |
T1552.004
|
Private Keys
|
|
SI-04
|
System Monitoring
| Protects |
T1552.004
|
Private Keys
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1552.004
|
Private Keys
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1550.001
|
Application Access Token
|
|
AC-17
|
Remote Access
| Protects |
T1550.001
|
Application Access Token
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1550.001
|
Application Access Token
|
|
AC-20
|
Use of External Systems
| Protects |
T1550.001
|
Application Access Token
|
|
CA-08
|
Penetration Testing
| Protects |
T1550.001
|
Application Access Token
|
|
CM-10
|
Software Usage Restrictions
| Protects |
T1550.001
|
Application Access Token
|
|
CM-11
|
User-installed Software
| Protects |
T1550.001
|
Application Access Token
|
|
CM-02
|
Baseline Configuration
| Protects |
T1550.001
|
Application Access Token
|
|
CM-06
|
Configuration Settings
| Protects |
T1550.001
|
Application Access Token
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1550.001
|
Application Access Token
|
|
IA-04
|
Identifier Management
| Protects |
T1550.001
|
Application Access Token
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1550.001
|
Application Access Token
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1550.001
|
Application Access Token
|
|
SI-12
|
Information Management and Retention
| Protects |
T1550.001
|
Application Access Token
|
|
SI-04
|
System Monitoring
| Protects |
T1550.001
|
Application Access Token
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1550.001
|
Application Access Token
|
|
CM-06
|
Configuration Settings
| Protects |
T1548.001
|
Setuid and Setgid
|
|
CM-07
|
Least Functionality
| Protects |
T1548.001
|
Setuid and Setgid
|
|
SI-04
|
System Monitoring
| Protects |
T1548.001
|
Setuid and Setgid
|
|
AC-17
|
Remote Access
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
AC-02
|
Account Management
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
AC-05
|
Separation of Duties
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
AC-06
|
Least Privilege
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CM-11
|
User-installed Software
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CM-02
|
Baseline Configuration
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CM-03
|
Configuration Change Control
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
CM-06
|
Configuration Settings
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
SI-04
|
System Monitoring
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
AC-17
|
Remote Access
| Protects |
T1547.012
|
Print Processors
|
|
AC-02
|
Account Management
| Protects |
T1547.012
|
Print Processors
|
|
AC-03
|
Access Enforcement
| Protects |
T1547.012
|
Print Processors
|
|
AC-05
|
Separation of Duties
| Protects |
T1547.012
|
Print Processors
|
|
AC-06
|
Least Privilege
| Protects |
T1547.012
|
Print Processors
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1547.012
|
Print Processors
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1547.012
|
Print Processors
|
|
SI-04
|
System Monitoring
| Protects |
T1547.012
|
Print Processors
|
|
AC-02
|
Account Management
| Protects |
T1543.002
|
Systemd Service
|
|
AC-03
|
Access Enforcement
| Protects |
T1543.002
|
Systemd Service
|
|
AC-05
|
Separation of Duties
| Protects |
T1543.002
|
Systemd Service
|
|
AC-06
|
Least Privilege
| Protects |
T1543.002
|
Systemd Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1543.002
|
Systemd Service
|
|
CM-11
|
User-installed Software
| Protects |
T1543.002
|
Systemd Service
|
|
CM-02
|
Baseline Configuration
| Protects |
T1543.002
|
Systemd Service
|
|
CM-03
|
Configuration Change Control
| Protects |
T1543.002
|
Systemd Service
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1543.002
|
Systemd Service
|
|
CM-06
|
Configuration Settings
| Protects |
T1543.002
|
Systemd Service
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1543.002
|
Systemd Service
|
|
SA-22
|
Unsupported System Components
| Protects |
T1543.002
|
Systemd Service
|
|
SI-16
|
Memory Protection
| Protects |
T1543.002
|
Systemd Service
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1543.002
|
Systemd Service
|
|
SI-04
|
System Monitoring
| Protects |
T1543.002
|
Systemd Service
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1543.002
|
Systemd Service
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-17
|
Remote Access
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-18
|
Wireless Access
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-02
|
Account Management
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-20
|
Use of External Systems
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-03
|
Access Enforcement
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-05
|
Separation of Duties
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-06
|
Least Privilege
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1530
|
Data from Cloud Storage
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1530
|
Data from Cloud Storage
|
|
CA-08
|
Penetration Testing
| Protects |
T1530
|
Data from Cloud Storage
|
|
CM-02
|
Baseline Configuration
| Protects |
T1530
|
Data from Cloud Storage
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1530
|
Data from Cloud Storage
|
|
CM-06
|
Configuration Settings
| Protects |
T1530
|
Data from Cloud Storage
|
|
CM-07
|
Least Functionality
| Protects |
T1530
|
Data from Cloud Storage
|
|
CM-08
|
System Component Inventory
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-04
|
Identifier Management
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-05
|
Authenticator Management
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-06
|
Authentication Feedback
| Protects |
T1530
|
Data from Cloud Storage
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1530
|
Data from Cloud Storage
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1530
|
Data from Cloud Storage
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1530
|
Data from Cloud Storage
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1530
|
Data from Cloud Storage
|
|
SC-07
|
Boundary Protection
| Protects |
T1530
|
Data from Cloud Storage
|
|
SI-10
|
Information Input Validation
| Protects |
T1530
|
Data from Cloud Storage
|
|
SI-12
|
Information Management and Retention
| Protects |
T1530
|
Data from Cloud Storage
|
|
SI-15
|
Information Output Filtering
| Protects |
T1530
|
Data from Cloud Storage
|
|
SI-04
|
System Monitoring
| Protects |
T1530
|
Data from Cloud Storage
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1530
|
Data from Cloud Storage
|
|
AC-17
|
Remote Access
| Protects |
T1219
|
Remote Access Software
|
|
AC-03
|
Access Enforcement
| Protects |
T1219
|
Remote Access Software
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1219
|
Remote Access Software
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1219
|
Remote Access Software
|
|
CM-02
|
Baseline Configuration
| Protects |
T1219
|
Remote Access Software
|
|
CM-06
|
Configuration Settings
| Protects |
T1219
|
Remote Access Software
|
|
CM-07
|
Least Functionality
| Protects |
T1219
|
Remote Access Software
|
|
SC-07
|
Boundary Protection
| Protects |
T1219
|
Remote Access Software
|
|
SI-10
|
Information Input Validation
| Protects |
T1219
|
Remote Access Software
|
|
SI-15
|
Information Output Filtering
| Protects |
T1219
|
Remote Access Software
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1219
|
Remote Access Software
|
|
SI-04
|
System Monitoring
| Protects |
T1219
|
Remote Access Software
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1219
|
Remote Access Software
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
AC-06
|
Least Privilege
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
CA-08
|
Penetration Testing
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
CM-02
|
Baseline Configuration
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
CM-06
|
Configuration Settings
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
CM-08
|
System Component Inventory
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
RA-10
|
Threat Hunting
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-18
|
Mobile Code
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-26
|
Decoys
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-29
|
Heterogeneity
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-03
|
Security Function Isolation
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-35
|
External Malicious Code Identification
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-39
|
Process Isolation
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SC-07
|
Boundary Protection
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SI-02
|
Flaw Remediation
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SI-04
|
System Monitoring
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SI-05
|
Security Alerts, Advisories, and Directives
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
AC-02
|
Account Management
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
AC-03
|
Access Enforcement
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
AC-05
|
Separation of Duties
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
AC-06
|
Least Privilege
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CA-02
|
Control Assessments
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CM-06
|
Configuration Settings
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CM-07
|
Least Functionality
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
CM-08
|
System Component Inventory
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
RA-10
|
Threat Hunting
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-18
|
Mobile Code
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-29
|
Heterogeneity
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-03
|
Security Function Isolation
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-39
|
Process Isolation
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SC-07
|
Boundary Protection
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SI-10
|
Information Input Validation
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SI-02
|
Flaw Remediation
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SI-04
|
System Monitoring
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1189
|
Drive-by Compromise
|
|
AC-06
|
Least Privilege
| Protects |
T1189
|
Drive-by Compromise
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1189
|
Drive-by Compromise
|
|
CM-02
|
Baseline Configuration
| Protects |
T1189
|
Drive-by Compromise
|
|
CM-06
|
Configuration Settings
| Protects |
T1189
|
Drive-by Compromise
|
|
CM-08
|
System Component Inventory
| Protects |
T1189
|
Drive-by Compromise
|
|
SA-22
|
Unsupported System Components
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-18
|
Mobile Code
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-29
|
Heterogeneity
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-03
|
Security Function Isolation
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-39
|
Process Isolation
| Protects |
T1189
|
Drive-by Compromise
|
|
SC-07
|
Boundary Protection
| Protects |
T1189
|
Drive-by Compromise
|
|
SI-02
|
Flaw Remediation
| Protects |
T1189
|
Drive-by Compromise
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1189
|
Drive-by Compromise
|
|
SI-04
|
System Monitoring
| Protects |
T1189
|
Drive-by Compromise
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1189
|
Drive-by Compromise
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1129
|
Shared Modules
|
|
CM-02
|
Baseline Configuration
| Protects |
T1129
|
Shared Modules
|
|
CM-07
|
Least Functionality
| Protects |
T1129
|
Shared Modules
|
|
SI-10
|
Information Input Validation
| Protects |
T1129
|
Shared Modules
|
|
SI-04
|
System Monitoring
| Protects |
T1129
|
Shared Modules
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1129
|
Shared Modules
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
AC-17
|
Remote Access
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
AC-20
|
Use of External Systems
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
CM-06
|
Configuration Settings
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SC-43
|
Usage Restrictions
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SC-07
|
Boundary Protection
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SI-12
|
Information Management and Retention
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SI-04
|
System Monitoring
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1114.003
|
Email Forwarding Rule
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1072
|
Software Deployment Tools
|
|
SA-09
|
External System Services
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-20
|
Use of External Systems
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
CM-02
|
Baseline Configuration
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
CM-06
|
Configuration Settings
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
IA-05
|
Authenticator Management
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
SI-04
|
System Monitoring
| Protects |
T1111
|
Multi-Factor Authentication Interception
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1105
|
Ingress Tool Transfer
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1105
|
Ingress Tool Transfer
|
|
CM-02
|
Baseline Configuration
| Protects |
T1105
|
Ingress Tool Transfer
|
|
CM-06
|
Configuration Settings
| Protects |
T1105
|
Ingress Tool Transfer
|
|
CM-07
|
Least Functionality
| Protects |
T1105
|
Ingress Tool Transfer
|
|
SC-07
|
Boundary Protection
| Protects |
T1105
|
Ingress Tool Transfer
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1105
|
Ingress Tool Transfer
|
|
SI-04
|
System Monitoring
| Protects |
T1105
|
Ingress Tool Transfer
|
|
AC-02
|
Account Management
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-20
|
Use of External Systems
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-05
|
Separation of Duties
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-06
|
Least Privilege
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
CM-06
|
Configuration Settings
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
CM-07
|
Least Functionality
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
IA-05
|
Authenticator Management
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
SC-07
|
Boundary Protection
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
SI-04
|
System Monitoring
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1095
|
Non-Application Layer Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1087
|
Account Discovery
|
|
CM-07
|
Least Functionality
| Protects |
T1087
|
Account Discovery
|
|
SI-04
|
System Monitoring
| Protects |
T1087
|
Account Discovery
|
|
AC-02
|
Account Management
| Protects |
T1070.009
|
Clear Persistence
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.009
|
Clear Persistence
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.009
|
Clear Persistence
|
|
AC-06
|
Least Privilege
| Protects |
T1070.009
|
Clear Persistence
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.009
|
Clear Persistence
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.009
|
Clear Persistence
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.009
|
Clear Persistence
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.009
|
Clear Persistence
|
|
SI-04
|
System Monitoring
| Protects |
T1070.009
|
Clear Persistence
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.009
|
Clear Persistence
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-17
|
Remote Access
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-18
|
Wireless Access
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-02
|
Account Management
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-06
|
Least Privilege
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
CP-09
|
System Backup
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SI-12
|
Information Management and Retention
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SI-23
|
Information Fragmentation
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SI-04
|
System Monitoring
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.001
|
Clear Windows Event Logs
|
|
AC-03
|
Access Enforcement
| Protects |
T1005
|
Data from Local System
|
|
AC-06
|
Least Privilege
| Protects |
T1005
|
Data from Local System
|
|
CM-12
|
Information Location
| Protects |
T1005
|
Data from Local System
|
|
CP-09
|
System Backup
| Protects |
T1005
|
Data from Local System
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1005
|
Data from Local System
|
|
SC-13
|
Cryptographic Protection
| Protects |
T1005
|
Data from Local System
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1005
|
Data from Local System
|
|
SC-38
|
Operations Security
| Protects |
T1005
|
Data from Local System
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1005
|
Data from Local System
|
|
SI-04
|
System Monitoring
| Protects |
T1005
|
Data from Local System
|
|
AC-17
|
Remote Access
| Protects |
T1552.002
|
Credentials in Registry
|
|
AC-02
|
Account Management
| Protects |
T1552.002
|
Credentials in Registry
|
|
AC-03
|
Access Enforcement
| Protects |
T1552.002
|
Credentials in Registry
|
|
AC-05
|
Separation of Duties
| Protects |
T1552.002
|
Credentials in Registry
|
|
AC-06
|
Least Privilege
| Protects |
T1552.002
|
Credentials in Registry
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1552.002
|
Credentials in Registry
|
|
CA-08
|
Penetration Testing
| Protects |
T1552.002
|
Credentials in Registry
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1552.002
|
Credentials in Registry
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.002
|
Credentials in Registry
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552.002
|
Credentials in Registry
|
|
IA-05
|
Authenticator Management
| Protects |
T1552.002
|
Credentials in Registry
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.002
|
Credentials in Registry
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.002
|
Credentials in Registry
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.002
|
Credentials in Registry
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1552.002
|
Credentials in Registry
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1552.002
|
Credentials in Registry
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1552.002
|
Credentials in Registry
|
|
SI-04
|
System Monitoring
| Protects |
T1552.002
|
Credentials in Registry
|
|
AC-02
|
Account Management
| Protects |
T1552.001
|
Credentials In Files
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1552.001
|
Credentials In Files
|
|
AC-05
|
Separation of Duties
| Protects |
T1552.001
|
Credentials In Files
|
|
AC-06
|
Least Privilege
| Protects |
T1552.001
|
Credentials In Files
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1552.001
|
Credentials In Files
|
|
CA-08
|
Penetration Testing
| Protects |
T1552.001
|
Credentials In Files
|
|
CM-02
|
Baseline Configuration
| Protects |
T1552.001
|
Credentials In Files
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.001
|
Credentials In Files
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552.001
|
Credentials In Files
|
|
IA-05
|
Authenticator Management
| Protects |
T1552.001
|
Credentials In Files
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.001
|
Credentials In Files
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.001
|
Credentials In Files
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.001
|
Credentials In Files
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1552.001
|
Credentials In Files
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1552.001
|
Credentials In Files
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1552.001
|
Credentials In Files
|
|
SC-07
|
Boundary Protection
| Protects |
T1552.001
|
Credentials In Files
|
|
SI-04
|
System Monitoring
| Protects |
T1552.001
|
Credentials In Files
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1542.003
|
Bootkit
|
|
AC-02
|
Account Management
| Protects |
T1542.003
|
Bootkit
|
|
AC-03
|
Access Enforcement
| Protects |
T1542.003
|
Bootkit
|
|
AC-05
|
Separation of Duties
| Protects |
T1542.003
|
Bootkit
|
|
AC-06
|
Least Privilege
| Protects |
T1542.003
|
Bootkit
|
|
CA-08
|
Penetration Testing
| Protects |
T1542.003
|
Bootkit
|
|
CM-03
|
Configuration Change Control
| Protects |
T1542.003
|
Bootkit
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1542.003
|
Bootkit
|
|
CM-06
|
Configuration Settings
| Protects |
T1542.003
|
Bootkit
|
|
CM-08
|
System Component Inventory
| Protects |
T1542.003
|
Bootkit
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1542.003
|
Bootkit
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1542.003
|
Bootkit
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.003
|
Bootkit
|
|
RA-09
|
Criticality Analysis
| Protects |
T1542.003
|
Bootkit
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.003
|
Bootkit
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.003
|
Bootkit
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1542.003
|
Bootkit
|
|
SI-02
|
Flaw Remediation
| Protects |
T1542.003
|
Bootkit
|
|
AC-03
|
Access Enforcement
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
CM-06
|
Configuration Settings
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
CM-07
|
Least Functionality
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
SC-07
|
Boundary Protection
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
SI-10
|
Information Input Validation
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
SI-15
|
Information Output Filtering
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
SI-04
|
System Monitoring
| Protects |
T1499.002
|
Service Exhaustion Flood
|
|
AC-03
|
Access Enforcement
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
CM-06
|
Configuration Settings
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
CM-07
|
Least Functionality
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
SC-07
|
Boundary Protection
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
SI-10
|
Information Input Validation
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
SI-15
|
Information Output Filtering
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
SI-04
|
System Monitoring
| Protects |
T1499.001
|
OS Exhaustion Flood
|
|
AC-03
|
Access Enforcement
| Protects |
T1499
|
Endpoint Denial of Service
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1499
|
Endpoint Denial of Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1499
|
Endpoint Denial of Service
|
|
CM-06
|
Configuration Settings
| Protects |
T1499
|
Endpoint Denial of Service
|
|
CM-07
|
Least Functionality
| Protects |
T1499
|
Endpoint Denial of Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1499
|
Endpoint Denial of Service
|
|
SI-10
|
Information Input Validation
| Protects |
T1499
|
Endpoint Denial of Service
|
|
SI-15
|
Information Output Filtering
| Protects |
T1499
|
Endpoint Denial of Service
|
|
SI-04
|
System Monitoring
| Protects |
T1499
|
Endpoint Denial of Service
|
|
AC-03
|
Access Enforcement
| Protects |
T1485
|
Data Destruction
|
|
AC-06
|
Least Privilege
| Protects |
T1485
|
Data Destruction
|
|
CM-02
|
Baseline Configuration
| Protects |
T1485
|
Data Destruction
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1485
|
Data Destruction
|
|
CP-02
|
Contingency Plan
| Protects |
T1485
|
Data Destruction
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1485
|
Data Destruction
|
|
CP-09
|
System Backup
| Protects |
T1485
|
Data Destruction
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1485
|
Data Destruction
|
|
SI-04
|
System Monitoring
| Protects |
T1485
|
Data Destruction
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1485
|
Data Destruction
|
|
AC-20
|
Use of External Systems
| Protects |
T1200
|
Hardware Additions
|
|
AC-03
|
Access Enforcement
| Protects |
T1200
|
Hardware Additions
|
|
AC-06
|
Least Privilege
| Protects |
T1200
|
Hardware Additions
|
|
MP-07
|
Media Use
| Protects |
T1200
|
Hardware Additions
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1200
|
Hardware Additions
|
|
AC-02
|
Account Management
| Protects |
T1197
|
BITS Jobs
|
|
AC-03
|
Access Enforcement
| Protects |
T1197
|
BITS Jobs
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1197
|
BITS Jobs
|
|
AC-05
|
Separation of Duties
| Protects |
T1197
|
BITS Jobs
|
|
AC-06
|
Least Privilege
| Protects |
T1197
|
BITS Jobs
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1197
|
BITS Jobs
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1197
|
BITS Jobs
|
|
CM-06
|
Configuration Settings
| Protects |
T1197
|
BITS Jobs
|
|
CM-07
|
Least Functionality
| Protects |
T1197
|
BITS Jobs
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1197
|
BITS Jobs
|
|
SC-07
|
Boundary Protection
| Protects |
T1197
|
BITS Jobs
|
|
SI-10
|
Information Input Validation
| Protects |
T1197
|
BITS Jobs
|
|
SI-15
|
Information Output Filtering
| Protects |
T1197
|
BITS Jobs
|
|
SI-04
|
System Monitoring
| Protects |
T1197
|
BITS Jobs
|
|
CA-02
|
Control Assessments
| Protects |
T1195
|
Supply Chain Compromise
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1195
|
Supply Chain Compromise
|
|
CM-11
|
User-installed Software
| Protects |
T1195
|
Supply Chain Compromise
|
|
CM-07
|
Least Functionality
| Protects |
T1195
|
Supply Chain Compromise
|
|
RA-10
|
Threat Hunting
| Protects |
T1195
|
Supply Chain Compromise
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1195
|
Supply Chain Compromise
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195
|
Supply Chain Compromise
|
|
SI-02
|
Flaw Remediation
| Protects |
T1195
|
Supply Chain Compromise
|
|
AC-03
|
Access Enforcement
| Protects |
T1187
|
Forced Authentication
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1187
|
Forced Authentication
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1187
|
Forced Authentication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1187
|
Forced Authentication
|
|
CM-06
|
Configuration Settings
| Protects |
T1187
|
Forced Authentication
|
|
CM-07
|
Least Functionality
| Protects |
T1187
|
Forced Authentication
|
|
SC-07
|
Boundary Protection
| Protects |
T1187
|
Forced Authentication
|
|
SI-10
|
Information Input Validation
| Protects |
T1187
|
Forced Authentication
|
|
SI-15
|
Information Output Filtering
| Protects |
T1187
|
Forced Authentication
|
|
SI-04
|
System Monitoring
| Protects |
T1187
|
Forced Authentication
|
|
AC-02
|
Account Management
| Protects |
T1136
|
Create Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1136
|
Create Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1136
|
Create Account
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1136
|
Create Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1136
|
Create Account
|
|
AC-06
|
Least Privilege
| Protects |
T1136
|
Create Account
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1136
|
Create Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1136
|
Create Account
|
|
CM-07
|
Least Functionality
| Protects |
T1136
|
Create Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1136
|
Create Account
|
|
IA-05
|
Authenticator Management
| Protects |
T1136
|
Create Account
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1136
|
Create Account
|
|
SC-07
|
Boundary Protection
| Protects |
T1136
|
Create Account
|
|
SI-04
|
System Monitoring
| Protects |
T1136
|
Create Account
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1136
|
Create Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1135
|
Network Share Discovery
|
|
CM-07
|
Least Functionality
| Protects |
T1135
|
Network Share Discovery
|
|
SI-04
|
System Monitoring
| Protects |
T1135
|
Network Share Discovery
|
|
AC-02
|
Account Management
| Protects |
T1134
|
Access Token Manipulation
|
|
AC-03
|
Access Enforcement
| Protects |
T1134
|
Access Token Manipulation
|
|
AC-05
|
Separation of Duties
| Protects |
T1134
|
Access Token Manipulation
|
|
AC-06
|
Least Privilege
| Protects |
T1134
|
Access Token Manipulation
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1134
|
Access Token Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1134
|
Access Token Manipulation
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1134
|
Access Token Manipulation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1132
|
Data Encoding
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1132
|
Data Encoding
|
|
CM-02
|
Baseline Configuration
| Protects |
T1132
|
Data Encoding
|
|
CM-06
|
Configuration Settings
| Protects |
T1132
|
Data Encoding
|
|
SC-07
|
Boundary Protection
| Protects |
T1132
|
Data Encoding
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1132
|
Data Encoding
|
|
SI-04
|
System Monitoring
| Protects |
T1132
|
Data Encoding
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1114
|
Email Collection
|
|
AC-17
|
Remote Access
| Protects |
T1114
|
Email Collection
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1114
|
Email Collection
|
|
AC-20
|
Use of External Systems
| Protects |
T1114
|
Email Collection
|
|
AC-03
|
Access Enforcement
| Protects |
T1114
|
Email Collection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1114
|
Email Collection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1114
|
Email Collection
|
|
CM-06
|
Configuration Settings
| Protects |
T1114
|
Email Collection
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1114
|
Email Collection
|
|
IA-05
|
Authenticator Management
| Protects |
T1114
|
Email Collection
|
|
SC-07
|
Boundary Protection
| Protects |
T1114
|
Email Collection
|
|
SI-12
|
Information Management and Retention
| Protects |
T1114
|
Email Collection
|
|
SI-04
|
System Monitoring
| Protects |
T1114
|
Email Collection
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1114
|
Email Collection
|
|
AC-02
|
Account Management
| Protects |
T1110
|
Brute Force
|
|
AC-20
|
Use of External Systems
| Protects |
T1110
|
Brute Force
|
|
AC-03
|
Access Enforcement
| Protects |
T1110
|
Brute Force
|
|
AC-05
|
Separation of Duties
| Protects |
T1110
|
Brute Force
|
|
AC-06
|
Least Privilege
| Protects |
T1110
|
Brute Force
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1110
|
Brute Force
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1110
|
Brute Force
|
|
CM-02
|
Baseline Configuration
| Protects |
T1110
|
Brute Force
|
|
CM-06
|
Configuration Settings
| Protects |
T1110
|
Brute Force
|
|
IA-11
|
Re-authentication
| Protects |
T1110
|
Brute Force
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1110
|
Brute Force
|
|
IA-04
|
Identifier Management
| Protects |
T1110
|
Brute Force
|
|
IA-05
|
Authenticator Management
| Protects |
T1110
|
Brute Force
|
|
SI-04
|
System Monitoring
| Protects |
T1110
|
Brute Force
|
|
AC-03
|
Access Enforcement
| Protects |
T1091
|
Replication Through Removable Media
|
|
AC-06
|
Least Privilege
| Protects |
T1091
|
Replication Through Removable Media
|
|
CM-02
|
Baseline Configuration
| Protects |
T1091
|
Replication Through Removable Media
|
|
CM-06
|
Configuration Settings
| Protects |
T1091
|
Replication Through Removable Media
|
|
CM-08
|
System Component Inventory
| Protects |
T1091
|
Replication Through Removable Media
|
|
MP-07
|
Media Use
| Protects |
T1091
|
Replication Through Removable Media
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1091
|
Replication Through Removable Media
|
|
SC-41
|
Port and I/O Device Access
| Protects |
T1091
|
Replication Through Removable Media
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1091
|
Replication Through Removable Media
|
|
SI-04
|
System Monitoring
| Protects |
T1091
|
Replication Through Removable Media
|
|
AC-02
|
Account Management
| Protects |
T1070.003
|
Clear Command History
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.003
|
Clear Command History
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.003
|
Clear Command History
|
|
AC-06
|
Least Privilege
| Protects |
T1070.003
|
Clear Command History
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.003
|
Clear Command History
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.003
|
Clear Command History
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.003
|
Clear Command History
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.003
|
Clear Command History
|
|
SI-04
|
System Monitoring
| Protects |
T1070.003
|
Clear Command History
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.003
|
Clear Command History
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1046
|
Network Service Discovery
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1046
|
Network Service Discovery
|
|
CM-02
|
Baseline Configuration
| Protects |
T1046
|
Network Service Discovery
|
|
CM-06
|
Configuration Settings
| Protects |
T1046
|
Network Service Discovery
|
|
CM-07
|
Least Functionality
| Protects |
T1046
|
Network Service Discovery
|
|
CM-08
|
System Component Inventory
| Protects |
T1046
|
Network Service Discovery
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1046
|
Network Service Discovery
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1046
|
Network Service Discovery
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1046
|
Network Service Discovery
|
|
SI-04
|
System Monitoring
| Protects |
T1046
|
Network Service Discovery
|
|
SC-07
|
Boundary Protection
| Protects |
T1046
|
Network Service Discovery
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-02
|
Account Management
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-20
|
Use of External Systems
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-23
|
Data Mining Protection
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-03
|
Access Enforcement
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-06
|
Least Privilege
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
CA-03
|
Information Exchange
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SA-09
|
External System Services
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SC-13
|
Cryptographic Protection
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SC-07
|
Boundary Protection
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SI-04
|
System Monitoring
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SR-04
|
Provenance
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
AC-17
|
Remote Access
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
AC-03
|
Access Enforcement
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
CM-02
|
Baseline Configuration
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
CM-06
|
Configuration Settings
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
CM-07
|
Least Functionality
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
SI-04
|
System Monitoring
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1037
|
Boot or Logon Initialization Scripts
|
|
AC-02
|
Account Management
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
AC-06
|
Least Privilege
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CA-08
|
Penetration Testing
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CM-06
|
Configuration Settings
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CM-07
|
Least Functionality
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
CM-08
|
System Component Inventory
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
RA-10
|
Threat Hunting
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-18
|
Mobile Code
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-03
|
Security Function Isolation
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-39
|
Process Isolation
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SC-07
|
Boundary Protection
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SI-02
|
Flaw Remediation
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SI-04
|
System Monitoring
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SI-05
|
Security Alerts, Advisories, and Directives
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
AC-02
|
Account Management
| Protects |
T1542.001
|
System Firmware
|
|
AC-03
|
Access Enforcement
| Protects |
T1542.001
|
System Firmware
|
|
AC-05
|
Separation of Duties
| Protects |
T1542.001
|
System Firmware
|
|
AC-06
|
Least Privilege
| Protects |
T1542.001
|
System Firmware
|
|
CM-03
|
Configuration Change Control
| Protects |
T1542.001
|
System Firmware
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1542.001
|
System Firmware
|
|
CM-06
|
Configuration Settings
| Protects |
T1542.001
|
System Firmware
|
|
CM-08
|
System Component Inventory
| Protects |
T1542.001
|
System Firmware
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1542.001
|
System Firmware
|
|
IA-07
|
Cryptographic Module Authentication
| Protects |
T1542.001
|
System Firmware
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.001
|
System Firmware
|
|
RA-09
|
Criticality Analysis
| Protects |
T1542.001
|
System Firmware
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.001
|
System Firmware
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.001
|
System Firmware
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1542.001
|
System Firmware
|
|
SI-02
|
Flaw Remediation
| Protects |
T1542.001
|
System Firmware
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1542.001
|
System Firmware
|
|
AC-02
|
Account Management
| Protects |
T1053
|
Scheduled Task/Job
|
|
AC-03
|
Access Enforcement
| Protects |
T1053
|
Scheduled Task/Job
|
|
AC-05
|
Separation of Duties
| Protects |
T1053
|
Scheduled Task/Job
|
|
AC-06
|
Least Privilege
| Protects |
T1053
|
Scheduled Task/Job
|
|
CM-02
|
Baseline Configuration
| Protects |
T1053
|
Scheduled Task/Job
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053
|
Scheduled Task/Job
|
|
CM-06
|
Configuration Settings
| Protects |
T1053
|
Scheduled Task/Job
|
|
CM-07
|
Least Functionality
| Protects |
T1053
|
Scheduled Task/Job
|
|
CM-08
|
System Component Inventory
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-04
|
Identifier Management
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-08
|
Identification and Authentication (non-organizational Users)
| Protects |
T1053
|
Scheduled Task/Job
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1053
|
Scheduled Task/Job
|
|
SI-04
|
System Monitoring
| Protects |
T1053
|
Scheduled Task/Job
|
|
AC-17
|
Remote Access
| Protects |
T1133
|
External Remote Services
|
|
AC-20
|
Use of External Systems
| Protects |
T1133
|
External Remote Services
|
|
AC-03
|
Access Enforcement
| Protects |
T1133
|
External Remote Services
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1133
|
External Remote Services
|
|
AC-06
|
Least Privilege
| Protects |
T1133
|
External Remote Services
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1133
|
External Remote Services
|
|
CM-02
|
Baseline Configuration
| Protects |
T1133
|
External Remote Services
|
|
CM-06
|
Configuration Settings
| Protects |
T1133
|
External Remote Services
|
|
CM-07
|
Least Functionality
| Protects |
T1133
|
External Remote Services
|
|
CM-08
|
System Component Inventory
| Protects |
T1133
|
External Remote Services
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1133
|
External Remote Services
|
|
IA-05
|
Authenticator Management
| Protects |
T1133
|
External Remote Services
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1133
|
External Remote Services
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1133
|
External Remote Services
|
|
SC-07
|
Boundary Protection
| Protects |
T1133
|
External Remote Services
|
|
SI-04
|
System Monitoring
| Protects |
T1133
|
External Remote Services
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1133
|
External Remote Services
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1070
|
Indicator Removal
|
|
AC-17
|
Remote Access
| Protects |
T1070
|
Indicator Removal
|
|
AC-18
|
Wireless Access
| Protects |
T1070
|
Indicator Removal
|
|
AC-02
|
Account Management
| Protects |
T1070
|
Indicator Removal
|
|
AC-03
|
Access Enforcement
| Protects |
T1070
|
Indicator Removal
|
|
AC-05
|
Separation of Duties
| Protects |
T1070
|
Indicator Removal
|
|
AC-06
|
Least Privilege
| Protects |
T1070
|
Indicator Removal
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070
|
Indicator Removal
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070
|
Indicator Removal
|
|
CM-06
|
Configuration Settings
| Protects |
T1070
|
Indicator Removal
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1070
|
Indicator Removal
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1070
|
Indicator Removal
|
|
CP-09
|
System Backup
| Protects |
T1070
|
Indicator Removal
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1070
|
Indicator Removal
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1070
|
Indicator Removal
|
|
SI-12
|
Information Management and Retention
| Protects |
T1070
|
Indicator Removal
|
|
SI-23
|
Information Fragmentation
| Protects |
T1070
|
Indicator Removal
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070
|
Indicator Removal
|
|
SI-04
|
System Monitoring
| Protects |
T1070
|
Indicator Removal
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070
|
Indicator Removal
|
|
AC-02
|
Account Management
| Protects |
T1003.001
|
LSASS Memory
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.001
|
LSASS Memory
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1003.001
|
LSASS Memory
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.001
|
LSASS Memory
|
|
AC-06
|
Least Privilege
| Protects |
T1003.001
|
LSASS Memory
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.001
|
LSASS Memory
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.001
|
LSASS Memory
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.001
|
LSASS Memory
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.001
|
LSASS Memory
|
|
CM-07
|
Least Functionality
| Protects |
T1003.001
|
LSASS Memory
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.001
|
LSASS Memory
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.001
|
LSASS Memory
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.001
|
LSASS Memory
|
|
SC-03
|
Security Function Isolation
| Protects |
T1003.001
|
LSASS Memory
|
|
SC-39
|
Process Isolation
| Protects |
T1003.001
|
LSASS Memory
|
|
SI-16
|
Memory Protection
| Protects |
T1003.001
|
LSASS Memory
|
|
SI-02
|
Flaw Remediation
| Protects |
T1003.001
|
LSASS Memory
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.001
|
LSASS Memory
|
|
SI-04
|
System Monitoring
| Protects |
T1003.001
|
LSASS Memory
|
|
AC-02
|
Account Management
| Protects |
T1003.002
|
Security Account Manager
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.002
|
Security Account Manager
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.002
|
Security Account Manager
|
|
AC-06
|
Least Privilege
| Protects |
T1003.002
|
Security Account Manager
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.002
|
Security Account Manager
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.002
|
Security Account Manager
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.002
|
Security Account Manager
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.002
|
Security Account Manager
|
|
CM-07
|
Least Functionality
| Protects |
T1003.002
|
Security Account Manager
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.002
|
Security Account Manager
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.002
|
Security Account Manager
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.002
|
Security Account Manager
|
|
SC-39
|
Process Isolation
| Protects |
T1003.002
|
Security Account Manager
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.002
|
Security Account Manager
|
|
SI-04
|
System Monitoring
| Protects |
T1003.002
|
Security Account Manager
|
|
AC-11
|
Device Lock
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-12
|
Session Termination
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-17
|
Remote Access
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-02
|
Account Management
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-20
|
Use of External Systems
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-06
|
Least Privilege
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CA-08
|
Penetration Testing
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-04
|
Identifier Management
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-05
|
Authenticator Management
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-06
|
Authentication Feedback
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
AC-17
|
Remote Access
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-02
|
Account Management
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-06
|
Least Privilege
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
CM-07
|
Least Functionality
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
SI-10
|
Information Input Validation
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
SI-15
|
Information Output Filtering
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
SI-04
|
System Monitoring
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
AC-17
|
Remote Access
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-02
|
Account Management
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-06
|
Least Privilege
| Protects |
T1021.006
|
Windows Remote Management
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021.006
|
Windows Remote Management
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.006
|
Windows Remote Management
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.006
|
Windows Remote Management
|
|
CM-07
|
Least Functionality
| Protects |
T1021.006
|
Windows Remote Management
|
|
CM-08
|
System Component Inventory
| Protects |
T1021.006
|
Windows Remote Management
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.006
|
Windows Remote Management
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.006
|
Windows Remote Management
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1021.006
|
Windows Remote Management
|
|
SC-07
|
Boundary Protection
| Protects |
T1021.006
|
Windows Remote Management
|
|
SI-04
|
System Monitoring
| Protects |
T1021.006
|
Windows Remote Management
|
|
AC-02
|
Account Management
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
AC-03
|
Access Enforcement
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
AC-06
|
Least Privilege
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
CM-06
|
Configuration Settings
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
CM-07
|
Least Functionality
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
SI-10
|
Information Input Validation
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
SI-04
|
System Monitoring
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
AC-17
|
Remote Access
| Protects |
T1047
|
Windows Management Instrumentation
|
|
AC-02
|
Account Management
| Protects |
T1047
|
Windows Management Instrumentation
|
|
AC-03
|
Access Enforcement
| Protects |
T1047
|
Windows Management Instrumentation
|
|
AC-05
|
Separation of Duties
| Protects |
T1047
|
Windows Management Instrumentation
|
|
AC-06
|
Least Privilege
| Protects |
T1047
|
Windows Management Instrumentation
|
|
CM-02
|
Baseline Configuration
| Protects |
T1047
|
Windows Management Instrumentation
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1047
|
Windows Management Instrumentation
|
|
CM-06
|
Configuration Settings
| Protects |
T1047
|
Windows Management Instrumentation
|
|
CM-07
|
Least Functionality
| Protects |
T1047
|
Windows Management Instrumentation
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1047
|
Windows Management Instrumentation
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SC-03
|
Security Function Isolation
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SI-16
|
Memory Protection
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SI-02
|
Flaw Remediation
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SI-04
|
System Monitoring
| Protects |
T1047
|
Windows Management Instrumentation
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1047
|
Windows Management Instrumentation
|
|
AC-02
|
Account Management
| Protects |
T1053.002
|
At
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.002
|
At
|
|
AC-06
|
Least Privilege
| Protects |
T1053.002
|
At
|
|
CA-08
|
Penetration Testing
| Protects |
T1053.002
|
At
|
|
CM-02
|
Baseline Configuration
| Protects |
T1053.002
|
At
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.002
|
At
|
|
CM-06
|
Configuration Settings
| Protects |
T1053.002
|
At
|
|
CM-07
|
Least Functionality
| Protects |
T1053.002
|
At
|
|
CM-08
|
System Component Inventory
| Protects |
T1053.002
|
At
|
|
IA-04
|
Identifier Management
| Protects |
T1053.002
|
At
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.002
|
At
|
|
SI-04
|
System Monitoring
| Protects |
T1053.002
|
At
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.002
|
At
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.002
|
At
|
|
AC-02
|
Account Management
| Protects |
T1053.005
|
Scheduled Task
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.005
|
Scheduled Task
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.005
|
Scheduled Task
|
|
AC-06
|
Least Privilege
| Protects |
T1053.005
|
Scheduled Task
|
|
CA-08
|
Penetration Testing
| Protects |
T1053.005
|
Scheduled Task
|
|
CM-02
|
Baseline Configuration
| Protects |
T1053.005
|
Scheduled Task
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.005
|
Scheduled Task
|
|
CM-06
|
Configuration Settings
| Protects |
T1053.005
|
Scheduled Task
|
|
CM-07
|
Least Functionality
| Protects |
T1053.005
|
Scheduled Task
|
|
CM-08
|
System Component Inventory
| Protects |
T1053.005
|
Scheduled Task
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.005
|
Scheduled Task
|
|
IA-04
|
Identifier Management
| Protects |
T1053.005
|
Scheduled Task
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.005
|
Scheduled Task
|
|
SI-04
|
System Monitoring
| Protects |
T1053.005
|
Scheduled Task
|
|
AC-06
|
Least Privilege
| Protects |
T1055.012
|
Process Hollowing
|
|
SC-18
|
Mobile Code
| Protects |
T1055.012
|
Process Hollowing
|
|
SC-07
|
Boundary Protection
| Protects |
T1055.012
|
Process Hollowing
|
|
SI-02
|
Flaw Remediation
| Protects |
T1055.012
|
Process Hollowing
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1055.012
|
Process Hollowing
|
|
SI-04
|
System Monitoring
| Protects |
T1055.012
|
Process Hollowing
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-17
|
Remote Access
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-20
|
Use of External Systems
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-03
|
Access Enforcement
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1114.002
|
Remote Email Collection
|
|
CM-02
|
Baseline Configuration
| Protects |
T1114.002
|
Remote Email Collection
|
|
CM-06
|
Configuration Settings
| Protects |
T1114.002
|
Remote Email Collection
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1114.002
|
Remote Email Collection
|
|
IA-05
|
Authenticator Management
| Protects |
T1114.002
|
Remote Email Collection
|
|
SI-12
|
Information Management and Retention
| Protects |
T1114.002
|
Remote Email Collection
|
|
SI-04
|
System Monitoring
| Protects |
T1114.002
|
Remote Email Collection
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1114.002
|
Remote Email Collection
|
|
AC-02
|
Account Management
| Protects |
T1543.003
|
Windows Service
|
|
AC-03
|
Access Enforcement
| Protects |
T1543.003
|
Windows Service
|
|
AC-05
|
Separation of Duties
| Protects |
T1543.003
|
Windows Service
|
|
AC-06
|
Least Privilege
| Protects |
T1543.003
|
Windows Service
|
|
CM-11
|
User-installed Software
| Protects |
T1543.003
|
Windows Service
|
|
CM-02
|
Baseline Configuration
| Protects |
T1543.003
|
Windows Service
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1543.003
|
Windows Service
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1543.003
|
Windows Service
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-02
|
Account Management
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-20
|
Use of External Systems
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-23
|
Data Mining Protection
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-03
|
Access Enforcement
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-06
|
Least Privilege
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
CA-03
|
Information Exchange
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SA-09
|
External System Services
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SC-07
|
Boundary Protection
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SI-04
|
System Monitoring
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SR-04
|
Provenance
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
AC-02
|
Account Management
| Protects |
T1569.002
|
Service Execution
|
|
AC-03
|
Access Enforcement
| Protects |
T1569.002
|
Service Execution
|
|
AC-05
|
Separation of Duties
| Protects |
T1569.002
|
Service Execution
|
|
AC-06
|
Least Privilege
| Protects |
T1569.002
|
Service Execution
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1569.002
|
Service Execution
|
|
CM-02
|
Baseline Configuration
| Protects |
T1569.002
|
Service Execution
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1569.002
|
Service Execution
|
|
CM-06
|
Configuration Settings
| Protects |
T1569.002
|
Service Execution
|
|
CM-07
|
Least Functionality
| Protects |
T1569.002
|
Service Execution
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1569.002
|
Service Execution
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1569.002
|
Service Execution
|
|
SI-04
|
System Monitoring
| Protects |
T1569.002
|
Service Execution
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1569.002
|
Service Execution
|
|
AC-02
|
Account Management
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
AC-03
|
Access Enforcement
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
AC-05
|
Separation of Duties
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
AC-06
|
Least Privilege
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
CA-08
|
Penetration Testing
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-04
|
Identifier Management
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-06
|
Authentication Feedback
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
SI-04
|
System Monitoring
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
AC-02
|
Account Management
| Protects |
T1611
|
Escape to Host
|
|
AC-03
|
Access Enforcement
| Protects |
T1611
|
Escape to Host
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1611
|
Escape to Host
|
|
AC-05
|
Separation of Duties
| Protects |
T1611
|
Escape to Host
|
|
AC-06
|
Least Privilege
| Protects |
T1611
|
Escape to Host
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1611
|
Escape to Host
|
|
CM-06
|
Configuration Settings
| Protects |
T1611
|
Escape to Host
|
|
CM-07
|
Least Functionality
| Protects |
T1611
|
Escape to Host
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1611
|
Escape to Host
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1611
|
Escape to Host
|
|
SC-03
|
Security Function Isolation
| Protects |
T1611
|
Escape to Host
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1611
|
Escape to Host
|
|
SC-39
|
Process Isolation
| Protects |
T1611
|
Escape to Host
|
|
SC-07
|
Boundary Protection
| Protects |
T1611
|
Escape to Host
|
|
SI-16
|
Memory Protection
| Protects |
T1611
|
Escape to Host
|
|
SI-02
|
Flaw Remediation
| Protects |
T1611
|
Escape to Host
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1611
|
Escape to Host
|
|
SI-04
|
System Monitoring
| Protects |
T1611
|
Escape to Host
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1611
|
Escape to Host
|
|
AC-17
|
Remote Access
| Protects |
T1609
|
Container Administration Command
|
|
AC-02
|
Account Management
| Protects |
T1609
|
Container Administration Command
|
|
AC-03
|
Access Enforcement
| Protects |
T1609
|
Container Administration Command
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1609
|
Container Administration Command
|
|
AC-05
|
Separation of Duties
| Protects |
T1609
|
Container Administration Command
|
|
AC-06
|
Least Privilege
| Protects |
T1609
|
Container Administration Command
|
|
CM-06
|
Configuration Settings
| Protects |
T1609
|
Container Administration Command
|
|
CM-07
|
Least Functionality
| Protects |
T1609
|
Container Administration Command
|
|
SC-07
|
Boundary Protection
| Protects |
T1609
|
Container Administration Command
|
|
SI-10
|
Information Input Validation
| Protects |
T1609
|
Container Administration Command
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1609
|
Container Administration Command
|
|
CM-07
|
Least Functionality
| Protects |
T1562.010
|
Downgrade Attack
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.010
|
Downgrade Attack
|
|
AC-02
|
Account Management
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
AC-05
|
Separation of Duties
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
AC-06
|
Least Privilege
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-07
|
Least Functionality
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
SI-04
|
System Monitoring
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
AC-02
|
Account Management
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-20
|
Use of External Systems
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-03
|
Access Enforcement
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-05
|
Separation of Duties
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-06
|
Least Privilege
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1556
|
Modify Authentication Process
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1556
|
Modify Authentication Process
|
|
CM-02
|
Baseline Configuration
| Protects |
T1556
|
Modify Authentication Process
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1556
|
Modify Authentication Process
|
|
CM-06
|
Configuration Settings
| Protects |
T1556
|
Modify Authentication Process
|
|
CM-07
|
Least Functionality
| Protects |
T1556
|
Modify Authentication Process
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1556
|
Modify Authentication Process
|
|
IA-05
|
Authenticator Management
| Protects |
T1556
|
Modify Authentication Process
|
|
SC-39
|
Process Isolation
| Protects |
T1556
|
Modify Authentication Process
|
|
SI-04
|
System Monitoring
| Protects |
T1556
|
Modify Authentication Process
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1556
|
Modify Authentication Process
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-17
|
Remote Access
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-18
|
Wireless Access
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-02
|
Account Management
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-20
|
Use of External Systems
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-03
|
Access Enforcement
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-05
|
Separation of Duties
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-06
|
Least Privilege
| Protects |
T1552
|
Unsecured Credentials
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1552
|
Unsecured Credentials
|
|
CA-08
|
Penetration Testing
| Protects |
T1552
|
Unsecured Credentials
|
|
CM-02
|
Baseline Configuration
| Protects |
T1552
|
Unsecured Credentials
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1552
|
Unsecured Credentials
|
|
CM-06
|
Configuration Settings
| Protects |
T1552
|
Unsecured Credentials
|
|
CM-07
|
Least Functionality
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-04
|
Identifier Management
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-05
|
Authenticator Management
| Protects |
T1552
|
Unsecured Credentials
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1552
|
Unsecured Credentials
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552
|
Unsecured Credentials
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552
|
Unsecured Credentials
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1552
|
Unsecured Credentials
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1552
|
Unsecured Credentials
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1552
|
Unsecured Credentials
|
|
SC-07
|
Boundary Protection
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-10
|
Information Input Validation
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-12
|
Information Management and Retention
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-15
|
Information Output Filtering
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-02
|
Flaw Remediation
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-04
|
System Monitoring
| Protects |
T1552
|
Unsecured Credentials
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1552
|
Unsecured Credentials
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
AC-02
|
Account Management
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
AC-03
|
Access Enforcement
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
AC-05
|
Separation of Duties
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
AC-06
|
Least Privilege
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CA-08
|
Penetration Testing
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-02
|
Baseline Configuration
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-06
|
Configuration Settings
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-07
|
Least Functionality
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-08
|
System Component Inventory
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SC-18
|
Mobile Code
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SC-34
|
Non-modifiable Executable Programs
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SI-12
|
Information Management and Retention
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SI-16
|
Memory Protection
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SI-04
|
System Monitoring
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
AC-02
|
Account Management
| Protects |
T1490
|
Inhibit System Recovery
|
|
AC-03
|
Access Enforcement
| Protects |
T1490
|
Inhibit System Recovery
|
|
AC-06
|
Least Privilege
| Protects |
T1490
|
Inhibit System Recovery
|
|
CM-02
|
Baseline Configuration
| Protects |
T1490
|
Inhibit System Recovery
|
|
CM-06
|
Configuration Settings
| Protects |
T1490
|
Inhibit System Recovery
|
|
CM-07
|
Least Functionality
| Protects |
T1490
|
Inhibit System Recovery
|
|
CP-10
|
System Recovery and Reconstitution
| Protects |
T1490
|
Inhibit System Recovery
|
|
CP-02
|
Contingency Plan
| Protects |
T1490
|
Inhibit System Recovery
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1490
|
Inhibit System Recovery
|
|
CP-09
|
System Backup
| Protects |
T1490
|
Inhibit System Recovery
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1490
|
Inhibit System Recovery
|
|
SI-04
|
System Monitoring
| Protects |
T1490
|
Inhibit System Recovery
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1490
|
Inhibit System Recovery
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CA-03
|
Information Exchange
| Protects |
T1078
|
Valid Accounts
|
|
SC-43
|
Usage Restrictions
| Protects |
T1078
|
Valid Accounts
|
|
SI-12
|
Information Management and Retention
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-20
|
Use of External Systems
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-17
|
Remote Access
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-18
|
Wireless Access
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-02
|
Account Management
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-06
|
Least Privilege
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CP-06
|
Alternate Storage Site
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CP-07
|
Alternate Processing Site
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
CP-09
|
System Backup
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SC-36
|
Distributed Processing and Storage
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SI-12
|
Information Management and Retention
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SI-04
|
System Monitoring
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.008
|
Clear Mailbox Data
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-02
|
Account Management
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-20
|
Use of External Systems
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-23
|
Data Mining Protection
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-03
|
Access Enforcement
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
AC-06
|
Least Privilege
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CA-03
|
Information Exchange
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SR-04
|
Provenance
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1053.006
|
Systemd Timers
|
|
AC-17
|
Remote Access
| Protects |
T1659
|
Content Injection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1659
|
Content Injection
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1654
|
Log Enumeration
|
|
AC-03
|
Access Enforcement
| Protects |
T1654
|
Log Enumeration
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1651
|
Cloud Administration Command
|
|
SI-04
|
System Monitoring
| Protects |
T1651
|
Cloud Administration Command
|
|
AC-17
|
Remote Access
| Protects |
T1651
|
Cloud Administration Command
|
|
AC-06
|
Least Privilege
| Protects |
T1651
|
Cloud Administration Command
|
|
AC-03
|
Access Enforcement
| Protects |
T1651
|
Cloud Administration Command
|
|
AC-20
|
Use of External Systems
| Protects |
T1578.005
|
Modify Cloud Compute Configurations
|
|
CM-03
|
Configuration Change Control
| Protects |
T1578.005
|
Modify Cloud Compute Configurations
|
|
AC-06
|
Least Privilege
| Protects |
T1578.005
|
Modify Cloud Compute Configurations
|
|
AC-03
|
Access Enforcement
| Protects |
T1578.005
|
Modify Cloud Compute Configurations
|
|
AC-17
|
Remote Access
| Protects |
T1567.004
|
Exfiltration Over Webhook
|
|
SC-07
|
Boundary Protection
| Protects |
T1567.004
|
Exfiltration Over Webhook
|
|
SC-07
|
Boundary Protection
| Protects |
T1567.003
|
Exfiltration to Text Storage Sites
|
|
AC-17
|
Remote Access
| Protects |
T1567.003
|
Exfiltration to Text Storage Sites
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
CM-03
|
Configuration Change Control
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
AC-06
|
Least Privilege
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
AC-03
|
Access Enforcement
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
AC-02
|
Account Management
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562.011
|
Spoof Security Alerting
|
|
SI-04
|
System Monitoring
| Protects |
T1562.011
|
Spoof Security Alerting
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.011
|
Spoof Security Alerting
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562.011
|
Spoof Security Alerting
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-03
|
Configuration Change Control
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-07
|
Least Functionality
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-06
|
Configuration Settings
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1556.008
|
Network Provider DLL
|
|
AC-06
|
Least Privilege
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-02
|
Baseline Configuration
| Protects |
T1556.008
|
Network Provider DLL
|
|
SI-04
|
System Monitoring
| Protects |
T1556.008
|
Network Provider DLL
|
|
AC-03
|
Access Enforcement
| Protects |
T1556.008
|
Network Provider DLL
|
|
CM-07
|
Least Functionality
| Protects |
T1555.006
|
Cloud Secrets Management Stores
|
|
AC-06
|
Least Privilege
| Protects |
T1555.006
|
Cloud Secrets Management Stores
|
|
AC-03
|
Access Enforcement
| Protects |
T1555.006
|
Cloud Secrets Management Stores
|
|
AC-02
|
Account Management
| Protects |
T1555.006
|
Cloud Secrets Management Stores
|
|
SI-04
|
System Monitoring
| Protects |
T1552.008
|
Chat Messages
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1552.008
|
Chat Messages
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1548.005
|
Temporary Elevated Cloud Access
|
|
AC-03
|
Access Enforcement
| Protects |
T1548.005
|
Temporary Elevated Cloud Access
|
|
AC-02
|
Account Management
| Protects |
T1548.005
|
Temporary Elevated Cloud Access
|
|
AC-06
|
Least Privilege
| Protects |
T1548.005
|
Temporary Elevated Cloud Access
|
|
IA-05
|
Authenticator Management
| Protects |
T1098.006
|
Additional Container Cluster Roles
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.006
|
Additional Container Cluster Roles
|
|
AC-02
|
Account Management
| Protects |
T1098.006
|
Additional Container Cluster Roles
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1059.009
|
Cloud API
|
|
SI-04
|
System Monitoring
| Protects |
T1059.009
|
Cloud API
|
|
CM-07
|
Least Functionality
| Protects |
T1059.009
|
Cloud API
|
|
AC-06
|
Least Privilege
| Protects |
T1059.009
|
Cloud API
|
|
AC-03
|
Access Enforcement
| Protects |
T1059.009
|
Cloud API
|
|
AC-02
|
Account Management
| Protects |
T1059.009
|
Cloud API
|
|
CM-07
|
Least Functionality
| Protects |
T1036.008
|
Masquerade File Type
|
|
SI-10
|
Information Input Validation
| Protects |
T1036.008
|
Masquerade File Type
|
|
SI-04
|
System Monitoring
| Protects |
T1036.008
|
Masquerade File Type
|
|
SC-07
|
Boundary Protection
| Protects |
T1036.008
|
Masquerade File Type
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.012
|
LNK Icon Smuggling
|
|
SI-10
|
Information Input Validation
| Protects |
T1027.010
|
Command Obfuscation
|
|
SI-04
|
System Monitoring
| Protects |
T1027.010
|
Command Obfuscation
|
|
CM-06
|
Configuration Settings
| Protects |
T1027.010
|
Command Obfuscation
|
|
IA-05
|
Authenticator Management
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
CM-07
|
Least Functionality
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
CM-06
|
Configuration Settings
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
AC-20
|
Use of External Systems
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
AC-17
|
Remote Access
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
SI-04
|
System Monitoring
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
IA-05
|
Authenticator Management
| Protects |
T1021.007
|
Cloud Services
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021.007
|
Cloud Services
|
|
AC-20
|
Use of External Systems
| Protects |
T1021.007
|
Cloud Services
|
|
AC-03
|
Access Enforcement
| Protects |
T1021.007
|
Cloud Services
|
|
AC-06
|
Least Privilege
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
AC-05
|
Separation of Duties
| Protects |
T1021.007
|
Cloud Services
|
|
AC-06
|
Least Privilege
| Protects |
T1021.007
|
Cloud Services
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1112
|
Modify Registry
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1562.010
|
Downgrade Attack
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562.010
|
Downgrade Attack
|
|
CM-06
|
Configuration Settings
| Protects |
T1562.010
|
Downgrade Attack
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1562.010
|
Downgrade Attack
|
|
SI-04
|
System Monitoring
| Protects |
T1562.010
|
Downgrade Attack
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1562
|
Impair Defenses
|
|
AC-02
|
Account Management
| Protects |
T1562
|
Impair Defenses
|
|
AC-03
|
Access Enforcement
| Protects |
T1562
|
Impair Defenses
|
|
AC-05
|
Separation of Duties
| Protects |
T1562
|
Impair Defenses
|
|
AC-06
|
Least Privilege
| Protects |
T1562
|
Impair Defenses
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1562
|
Impair Defenses
|
|
CA-08
|
Penetration Testing
| Protects |
T1562
|
Impair Defenses
|
|
CM-02
|
Baseline Configuration
| Protects |
T1562
|
Impair Defenses
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562
|
Impair Defenses
|
|
CM-06
|
Configuration Settings
| Protects |
T1562
|
Impair Defenses
|
|
CM-07
|
Least Functionality
| Protects |
T1562
|
Impair Defenses
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1562
|
Impair Defenses
|
|
IA-04
|
Identifier Management
| Protects |
T1562
|
Impair Defenses
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1562
|
Impair Defenses
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1562
|
Impair Defenses
|
|
SI-04
|
System Monitoring
| Protects |
T1562
|
Impair Defenses
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1562
|
Impair Defenses
|
|
AC-20
|
Use of External Systems
| Protects |
T1555
|
Credentials from Password Stores
|
|
AC-06
|
Least Privilege
| Protects |
T1555
|
Credentials from Password Stores
|
|
AC-03
|
Access Enforcement
| Protects |
T1555
|
Credentials from Password Stores
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1555
|
Credentials from Password Stores
|
|
IA-05
|
Authenticator Management
| Protects |
T1555
|
Credentials from Password Stores
|
|
SI-04
|
System Monitoring
| Protects |
T1555
|
Credentials from Password Stores
|
|
AC-17
|
Remote Access
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
AC-20
|
Use of External Systems
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
AC-03
|
Access Enforcement
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
CM-06
|
Configuration Settings
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
CM-07
|
Least Functionality
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
IA-03
|
Device Identification and Authentication
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
IA-04
|
Identifier Management
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
SC-07
|
Boundary Protection
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
SI-10
|
Information Input Validation
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
SI-15
|
Information Output Filtering
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
SI-04
|
System Monitoring
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
IA-05
|
Authenticator Management
| Protects |
T1212
|
Exploitation for Credential Access
|
|
AC-02
|
Account Management
| Protects |
T1212
|
Exploitation for Credential Access
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1212
|
Exploitation for Credential Access
|
|
AC-06
|
Least Privilege
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CA-08
|
Penetration Testing
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CM-02
|
Baseline Configuration
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CM-06
|
Configuration Settings
| Protects |
T1212
|
Exploitation for Credential Access
|
|
CM-08
|
System Component Inventory
| Protects |
T1212
|
Exploitation for Credential Access
|
|
RA-10
|
Threat Hunting
| Protects |
T1212
|
Exploitation for Credential Access
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-18
|
Mobile Code
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-02
|
Separation of System and User Functionality
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-26
|
Decoys
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-03
|
Security Function Isolation
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-30
|
Concealment and Misdirection
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-35
|
External Malicious Code Identification
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-39
|
Process Isolation
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-07
|
Boundary Protection
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SI-02
|
Flaw Remediation
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SI-04
|
System Monitoring
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SI-05
|
Security Alerts, Advisories, and Directives
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1212
|
Exploitation for Credential Access
|
|
SC-43
|
Usage Restrictions
| Protects |
T1078.004
|
Cloud Accounts
|
|
SC-07
|
Boundary Protection
| Protects |
T1078
|
Valid Accounts
|
|
CM-07
|
Least Functionality
| Protects |
T1078
|
Valid Accounts
|
|
AC-02
|
Account Management
| Protects |
T1078
|
Valid Accounts
|
|
AC-03
|
Access Enforcement
| Protects |
T1078
|
Valid Accounts
|
|
AC-05
|
Separation of Duties
| Protects |
T1078
|
Valid Accounts
|
|
AC-06
|
Least Privilege
| Protects |
T1078
|
Valid Accounts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1078
|
Valid Accounts
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1078
|
Valid Accounts
|
|
CM-06
|
Configuration Settings
| Protects |
T1078
|
Valid Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078
|
Valid Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1078
|
Valid Accounts
|
|
IA-05
|
Authenticator Management
| Protects |
T1078
|
Valid Accounts
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1078
|
Valid Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078
|
Valid Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078
|
Valid Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078
|
Valid Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078
|
Valid Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078
|
Valid Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078
|
Valid Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078
|
Valid Accounts
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1078
|
Valid Accounts
|
|
SI-04
|
System Monitoring
| Protects |
T1078
|
Valid Accounts
|
|
SR-06
|
Supplier Assessments and Reviews
| Protects |
T1078
|
Valid Accounts
|
|
CM-07
|
Least Functionality
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-02
|
Account Management
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-20
|
Use of External Systems
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-03
|
Access Enforcement
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-05
|
Separation of Duties
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-06
|
Least Privilege
| Protects |
T1078.004
|
Cloud Accounts
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1078.004
|
Cloud Accounts
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1078.004
|
Cloud Accounts
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1078.004
|
Cloud Accounts
|
|
CM-06
|
Configuration Settings
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-05
|
Authenticator Management
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.004
|
Cloud Accounts
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1078.004
|
Cloud Accounts
|
|
SI-04
|
System Monitoring
| Protects |
T1078.004
|
Cloud Accounts
|
|
CM-11
|
User-installed Software
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-12
|
Session Termination
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-02
|
Account Management
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-20
|
Use of External Systems
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-03
|
Access Enforcement
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-05
|
Separation of Duties
| Protects |
T1072
|
Software Deployment Tools
|
|
AC-06
|
Least Privilege
| Protects |
T1072
|
Software Deployment Tools
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-02
|
Baseline Configuration
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-06
|
Configuration Settings
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-07
|
Least Functionality
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-08
|
System Component Inventory
| Protects |
T1072
|
Software Deployment Tools
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1072
|
Software Deployment Tools
|
|
IA-05
|
Authenticator Management
| Protects |
T1072
|
Software Deployment Tools
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1072
|
Software Deployment Tools
|
|
SC-17
|
Public Key Infrastructure Certificates
| Protects |
T1072
|
Software Deployment Tools
|
|
SC-46
|
Cross Domain Policy Enforcement
| Protects |
T1072
|
Software Deployment Tools
|
|
SC-07
|
Boundary Protection
| Protects |
T1072
|
Software Deployment Tools
|
|
SI-02
|
Flaw Remediation
| Protects |
T1072
|
Software Deployment Tools
|
|
SI-23
|
Information Fragmentation
| Protects |
T1072
|
Software Deployment Tools
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1072
|
Software Deployment Tools
|
|
SI-04
|
System Monitoring
| Protects |
T1072
|
Software Deployment Tools
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1072
|
Software Deployment Tools
|
|
CM-07
|
Least Functionality
| Protects |
T1040
|
Network Sniffing
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1040
|
Network Sniffing
|
|
AC-17
|
Remote Access
| Protects |
T1040
|
Network Sniffing
|
|
AC-18
|
Wireless Access
| Protects |
T1040
|
Network Sniffing
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1040
|
Network Sniffing
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1040
|
Network Sniffing
|
|
IA-05
|
Authenticator Management
| Protects |
T1040
|
Network Sniffing
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1040
|
Network Sniffing
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1040
|
Network Sniffing
|
|
SI-12
|
Information Management and Retention
| Protects |
T1040
|
Network Sniffing
|
|
SI-04
|
System Monitoring
| Protects |
T1040
|
Network Sniffing
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1040
|
Network Sniffing
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1036
|
Masquerading
|
|
AC-02
|
Account Management
| Protects |
T1036
|
Masquerading
|
|
AC-03
|
Access Enforcement
| Protects |
T1036
|
Masquerading
|
|
AC-06
|
Least Privilege
| Protects |
T1036
|
Masquerading
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1036
|
Masquerading
|
|
CM-02
|
Baseline Configuration
| Protects |
T1036
|
Masquerading
|
|
CM-06
|
Configuration Settings
| Protects |
T1036
|
Masquerading
|
|
CM-07
|
Least Functionality
| Protects |
T1036
|
Masquerading
|
|
IA-09
|
Service Identification and Authentication
| Protects |
T1036
|
Masquerading
|
|
SI-10
|
Information Input Validation
| Protects |
T1036
|
Masquerading
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1036
|
Masquerading
|
|
SI-04
|
System Monitoring
| Protects |
T1036
|
Masquerading
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1036
|
Masquerading
|
|
CM-07
|
Least Functionality
| Protects |
T1027
|
Obfuscated Files or Information
|
|
AC-03
|
Access Enforcement
| Protects |
T1027
|
Obfuscated Files or Information
|
|
CM-02
|
Baseline Configuration
| Protects |
T1027
|
Obfuscated Files or Information
|
|
CM-06
|
Configuration Settings
| Protects |
T1027
|
Obfuscated Files or Information
|
|
SI-02
|
Flaw Remediation
| Protects |
T1027
|
Obfuscated Files or Information
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027
|
Obfuscated Files or Information
|
|
SI-04
|
System Monitoring
| Protects |
T1027
|
Obfuscated Files or Information
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1027
|
Obfuscated Files or Information
|
|
CM-07
|
Least Functionality
| Protects |
T1021
|
Remote Services
|
|
CM-02
|
Baseline Configuration
| Protects |
T1021
|
Remote Services
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-06
|
Least Privilege
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-03
|
Access Enforcement
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-02
|
Account Management
| Protects |
T1020.001
|
Traffic Duplication
|
|
SC-43
|
Usage Restrictions
| Protects |
T1011
|
Exfiltration Over Other Network Medium
|
|
CM-07
|
Least Functionality
| Protects |
T1653
|
Power Settings
|
|
CM-03
|
Configuration Change Control
| Protects |
T1653
|
Power Settings
|
|
CM-02
|
Baseline Configuration
| Protects |
T1653
|
Power Settings
|
|
AC-06
|
Least Privilege
| Protects |
T1657
|
Financial Theft
|
|
AC-02
|
Account Management
| Protects |
T1003.007
|
Proc Filesystem
|
|
AC-03
|
Access Enforcement
| Protects |
T1003.007
|
Proc Filesystem
|
|
AC-05
|
Separation of Duties
| Protects |
T1003.007
|
Proc Filesystem
|
|
AC-06
|
Least Privilege
| Protects |
T1003.007
|
Proc Filesystem
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1003.007
|
Proc Filesystem
|
|
CM-02
|
Baseline Configuration
| Protects |
T1003.007
|
Proc Filesystem
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1003.007
|
Proc Filesystem
|
|
CM-06
|
Configuration Settings
| Protects |
T1003.007
|
Proc Filesystem
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1003.007
|
Proc Filesystem
|
|
IA-05
|
Authenticator Management
| Protects |
T1003.007
|
Proc Filesystem
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1003.007
|
Proc Filesystem
|
|
SC-39
|
Process Isolation
| Protects |
T1003.007
|
Proc Filesystem
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1003.007
|
Proc Filesystem
|
|
SI-04
|
System Monitoring
| Protects |
T1003.007
|
Proc Filesystem
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1005
|
Data from Local System
|
|
AC-02
|
Account Management
| Protects |
T1005
|
Data from Local System
|
|
AC-23
|
Data Mining Protection
| Protects |
T1005
|
Data from Local System
|
|
AC-18
|
Wireless Access
| Protects |
T1011
|
Exfiltration Over Other Network Medium
|
|
CM-06
|
Configuration Settings
| Protects |
T1011
|
Exfiltration Over Other Network Medium
|
|
CM-07
|
Least Functionality
| Protects |
T1011
|
Exfiltration Over Other Network Medium
|
|
SI-04
|
System Monitoring
| Protects |
T1011
|
Exfiltration Over Other Network Medium
|
|
AC-18
|
Wireless Access
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
CM-02
|
Baseline Configuration
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
CM-06
|
Configuration Settings
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
CM-07
|
Least Functionality
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
CM-08
|
System Component Inventory
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
SI-04
|
System Monitoring
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-17
|
Remote Access
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-18
|
Wireless Access
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-19
|
Access Control for Mobile Devices
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-20
|
Use of External Systems
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1020.001
|
Traffic Duplication
|
|
CA-03
|
Information Exchange
| Protects |
T1020.001
|
Traffic Duplication
|
|
CM-02
|
Baseline Configuration
| Protects |
T1020.001
|
Traffic Duplication
|
|
CM-06
|
Configuration Settings
| Protects |
T1020.001
|
Traffic Duplication
|
|
CM-08
|
System Component Inventory
| Protects |
T1020.001
|
Traffic Duplication
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1020.001
|
Traffic Duplication
|
|
SC-07
|
Boundary Protection
| Protects |
T1020.001
|
Traffic Duplication
|
|
SC-08
|
Transmission Confidentiality and Integrity
| Protects |
T1020.001
|
Traffic Duplication
|
|
SI-12
|
Information Management and Retention
| Protects |
T1020.001
|
Traffic Duplication
|
|
SI-04
|
System Monitoring
| Protects |
T1020.001
|
Traffic Duplication
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1020.001
|
Traffic Duplication
|
|
AC-17
|
Remote Access
| Protects |
T1021
|
Remote Services
|
|
AC-02
|
Account Management
| Protects |
T1021
|
Remote Services
|
|
AC-20
|
Use of External Systems
| Protects |
T1021
|
Remote Services
|
|
AC-03
|
Access Enforcement
| Protects |
T1021
|
Remote Services
|
|
AC-05
|
Separation of Duties
| Protects |
T1021
|
Remote Services
|
|
AC-06
|
Least Privilege
| Protects |
T1021
|
Remote Services
|
|
AC-07
|
Unsuccessful Logon Attempts
| Protects |
T1021
|
Remote Services
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1021
|
Remote Services
|
|
CM-06
|
Configuration Settings
| Protects |
T1021
|
Remote Services
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1021
|
Remote Services
|
|
IA-05
|
Authenticator Management
| Protects |
T1021
|
Remote Services
|
|
SI-04
|
System Monitoring
| Protects |
T1021
|
Remote Services
|
|
AC-02
|
Account Management
| Protects |
T1021.007
|
Cloud Services
|
|
AC-02
|
Account Management
| Protects |
T1021.008
|
Direct Cloud VM Connections
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1027.010
|
Command Obfuscation
|
|
SI-04
|
System Monitoring
| Protects |
T1027.011
|
Fileless Storage
|
|
SI-04
|
System Monitoring
| Protects |
T1027.012
|
LNK Icon Smuggling
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1036.008
|
Masquerade File Type
|
|
AC-16
|
Security and Privacy Attributes
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-20
|
Use of External Systems
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-23
|
Data Mining Protection
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-03
|
Access Enforcement
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-06
|
Least Privilege
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CA-03
|
Information Exchange
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SC-13
|
Cryptographic Protection
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SC-28
|
Protection of Information at Rest
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SI-10
|
Information Input Validation
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SI-15
|
Information Output Filtering
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SR-04
|
Provenance
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-02
|
Account Management
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
AC-02
|
Account Management
| Protects |
T1053.006
|
Systemd Timers
|
|
AC-03
|
Access Enforcement
| Protects |
T1053.006
|
Systemd Timers
|
|
AC-05
|
Separation of Duties
| Protects |
T1053.006
|
Systemd Timers
|
|
AC-06
|
Least Privilege
| Protects |
T1053.006
|
Systemd Timers
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1053.006
|
Systemd Timers
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1053.006
|
Systemd Timers
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1053.006
|
Systemd Timers
|
|
SI-04
|
System Monitoring
| Protects |
T1053.006
|
Systemd Timers
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1053.006
|
Systemd Timers
|
|
AC-02
|
Account Management
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
AC-03
|
Access Enforcement
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
AC-05
|
Separation of Duties
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
AC-06
|
Least Privilege
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
CM-02
|
Baseline Configuration
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
CM-06
|
Configuration Settings
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
SI-04
|
System Monitoring
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1070.007
|
Clear Network Connection History and Configurations
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1071
|
Application Layer Protocol
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1071
|
Application Layer Protocol
|
|
CM-02
|
Baseline Configuration
| Protects |
T1071
|
Application Layer Protocol
|
|
CM-06
|
Configuration Settings
| Protects |
T1071
|
Application Layer Protocol
|
|
CM-07
|
Least Functionality
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-10
|
Network Disconnect
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-23
|
Session Authenticity
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-37
|
Out-of-band Channels
| Protects |
T1071
|
Application Layer Protocol
|
|
SC-07
|
Boundary Protection
| Protects |
T1071
|
Application Layer Protocol
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1071
|
Application Layer Protocol
|
|
SI-04
|
System Monitoring
| Protects |
T1071
|
Application Layer Protocol
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1071.001
|
Web Protocols
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1071.001
|
Web Protocols
|
|
CM-02
|
Baseline Configuration
| Protects |
T1071.001
|
Web Protocols
|
|
CM-06
|
Configuration Settings
| Protects |
T1071.001
|
Web Protocols
|
|
CM-07
|
Least Functionality
| Protects |
T1071.001
|
Web Protocols
|
|
SC-10
|
Network Disconnect
| Protects |
T1071.001
|
Web Protocols
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1071.001
|
Web Protocols
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1071.001
|
Web Protocols
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1071.001
|
Web Protocols
|
|
SC-23
|
Session Authenticity
| Protects |
T1071.001
|
Web Protocols
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1071.001
|
Web Protocols
|
|
SC-37
|
Out-of-band Channels
| Protects |
T1071.001
|
Web Protocols
|
|
SC-07
|
Boundary Protection
| Protects |
T1071.001
|
Web Protocols
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1071.001
|
Web Protocols
|
|
SI-04
|
System Monitoring
| Protects |
T1071.001
|
Web Protocols
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1071.002
|
File Transfer Protocols
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1071.002
|
File Transfer Protocols
|
|
CM-02
|
Baseline Configuration
| Protects |
T1071.002
|
File Transfer Protocols
|
|
CM-06
|
Configuration Settings
| Protects |
T1071.002
|
File Transfer Protocols
|
|
CM-07
|
Least Functionality
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-10
|
Network Disconnect
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-20
|
Secure Name/address Resolution Service (authoritative Source)
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-21
|
Secure Name/address Resolution Service (recursive or Caching Resolver)
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-22
|
Architecture and Provisioning for Name/address Resolution Service
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-23
|
Session Authenticity
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-31
|
Covert Channel Analysis
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-37
|
Out-of-band Channels
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SC-07
|
Boundary Protection
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1071.002
|
File Transfer Protocols
|
|
SI-04
|
System Monitoring
| Protects |
T1071.002
|
File Transfer Protocols
|
|
AC-03
|
Access Enforcement
| Protects |
T1080
|
Taint Shared Content
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1080
|
Taint Shared Content
|
|
CM-02
|
Baseline Configuration
| Protects |
T1080
|
Taint Shared Content
|
|
CM-07
|
Least Functionality
| Protects |
T1080
|
Taint Shared Content
|
|
SC-04
|
Information in Shared System Resources
| Protects |
T1080
|
Taint Shared Content
|
|
SC-07
|
Boundary Protection
| Protects |
T1080
|
Taint Shared Content
|
|
SI-10
|
Information Input Validation
| Protects |
T1080
|
Taint Shared Content
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1080
|
Taint Shared Content
|
|
SI-04
|
System Monitoring
| Protects |
T1080
|
Taint Shared Content
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1080
|
Taint Shared Content
|
|
CM-06
|
Configuration Settings
| Protects |
T1087.002
|
Domain Account
|
|
CM-07
|
Least Functionality
| Protects |
T1087.002
|
Domain Account
|
|
SI-04
|
System Monitoring
| Protects |
T1087.002
|
Domain Account
|
|
AC-02
|
Account Management
| Protects |
T1098
|
Account Manipulation
|
|
AC-03
|
Access Enforcement
| Protects |
T1098
|
Account Manipulation
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1098
|
Account Manipulation
|
|
AC-05
|
Separation of Duties
| Protects |
T1098
|
Account Manipulation
|
|
AC-06
|
Least Privilege
| Protects |
T1098
|
Account Manipulation
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098
|
Account Manipulation
|
|
CM-06
|
Configuration Settings
| Protects |
T1098
|
Account Manipulation
|
|
CM-07
|
Least Functionality
| Protects |
T1098
|
Account Manipulation
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1098
|
Account Manipulation
|
|
SC-07
|
Boundary Protection
| Protects |
T1098
|
Account Manipulation
|
|
SI-04
|
System Monitoring
| Protects |
T1098
|
Account Manipulation
|
|
AC-02
|
Account Management
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
AC-05
|
Separation of Duties
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
CM-06
|
Configuration Settings
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
IA-05
|
Authenticator Management
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
SI-04
|
System Monitoring
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
AC-20
|
Use of External Systems
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
AC-06
|
Least Privilege
| Protects |
T1098.003
|
Additional Cloud Roles
|
|
AC-20
|
Use of External Systems
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
AC-05
|
Separation of Duties
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
AC-06
|
Least Privilege
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
CM-02
|
Baseline Configuration
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
CM-06
|
Configuration Settings
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
CM-07
|
Least Functionality
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
CM-08
|
System Component Inventory
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
IA-05
|
Authenticator Management
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
RA-05
|
Vulnerability Monitoring and Scanning
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
SC-12
|
Cryptographic Key Establishment and Management
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
SI-04
|
System Monitoring
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
AC-02
|
Account Management
| Protects |
T1098.005
|
Device Registration
|
|
AC-20
|
Use of External Systems
| Protects |
T1098.005
|
Device Registration
|
|
AC-03
|
Access Enforcement
| Protects |
T1098.005
|
Device Registration
|
|
AC-05
|
Separation of Duties
| Protects |
T1098.005
|
Device Registration
|
|
AC-06
|
Least Privilege
| Protects |
T1098.005
|
Device Registration
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1098.005
|
Device Registration
|
|
CM-06
|
Configuration Settings
| Protects |
T1098.005
|
Device Registration
|
|
AC-06
|
Least Privilege
| Protects |
T1098.006
|
Additional Container Cluster Roles
|
|
AC-06
|
Least Privilege
| Protects |
T1106
|
Native API
|
|
CM-02
|
Baseline Configuration
| Protects |
T1106
|
Native API
|
|
CM-06
|
Configuration Settings
| Protects |
T1106
|
Native API
|
|
CM-07
|
Least Functionality
| Protects |
T1106
|
Native API
|
|
SI-02
|
Flaw Remediation
| Protects |
T1106
|
Native API
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1106
|
Native API
|
|
SI-04
|
System Monitoring
| Protects |
T1106
|
Native API
|
|
AC-06
|
Least Privilege
| Protects |
T1112
|
Modify Registry
|
|
CM-07
|
Least Functionality
| Protects |
T1112
|
Modify Registry
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1132.001
|
Standard Encoding
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1132.001
|
Standard Encoding
|
|
CM-02
|
Baseline Configuration
| Protects |
T1132.001
|
Standard Encoding
|
|
CM-06
|
Configuration Settings
| Protects |
T1132.001
|
Standard Encoding
|
|
SC-07
|
Boundary Protection
| Protects |
T1132.001
|
Standard Encoding
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1132.001
|
Standard Encoding
|
|
SI-04
|
System Monitoring
| Protects |
T1132.001
|
Standard Encoding
|
|
AC-02
|
Account Management
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
AC-03
|
Access Enforcement
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
AC-05
|
Separation of Duties
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
AC-06
|
Least Privilege
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
CM-06
|
Configuration Settings
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
AC-02
|
Account Management
| Protects |
T1134.002
|
Create Process with Token
|
|
AC-03
|
Access Enforcement
| Protects |
T1134.002
|
Create Process with Token
|
|
AC-05
|
Separation of Duties
| Protects |
T1134.002
|
Create Process with Token
|
|
AC-06
|
Least Privilege
| Protects |
T1134.002
|
Create Process with Token
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1134.002
|
Create Process with Token
|
|
CM-06
|
Configuration Settings
| Protects |
T1134.002
|
Create Process with Token
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1134.002
|
Create Process with Token
|
|
AC-02
|
Account Management
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
AC-03
|
Access Enforcement
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
AC-05
|
Separation of Duties
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
AC-06
|
Least Privilege
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
CM-06
|
Configuration Settings
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
AC-02
|
Account Management
| Protects |
T1136.001
|
Local Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1136.001
|
Local Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1136.001
|
Local Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1136.001
|
Local Account
|
|
AC-06
|
Least Privilege
| Protects |
T1136.001
|
Local Account
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1136.001
|
Local Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1136.001
|
Local Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1136.001
|
Local Account
|
|
IA-05
|
Authenticator Management
| Protects |
T1136.001
|
Local Account
|
|
SI-04
|
System Monitoring
| Protects |
T1136.001
|
Local Account
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1136.001
|
Local Account
|
|
AC-02
|
Account Management
| Protects |
T1136.003
|
Cloud Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1136.003
|
Cloud Account
|
|
AC-03
|
Access Enforcement
| Protects |
T1136.003
|
Cloud Account
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1136.003
|
Cloud Account
|
|
AC-05
|
Separation of Duties
| Protects |
T1136.003
|
Cloud Account
|
|
AC-06
|
Least Privilege
| Protects |
T1136.003
|
Cloud Account
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1136.003
|
Cloud Account
|
|
CM-06
|
Configuration Settings
| Protects |
T1136.003
|
Cloud Account
|
|
CM-07
|
Least Functionality
| Protects |
T1136.003
|
Cloud Account
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1136.003
|
Cloud Account
|
|
IA-05
|
Authenticator Management
| Protects |
T1136.003
|
Cloud Account
|
|
SC-07
|
Boundary Protection
| Protects |
T1136.003
|
Cloud Account
|
|
SI-04
|
System Monitoring
| Protects |
T1136.003
|
Cloud Account
|
|
SI-07
|
Software, Firmware, and Information Integrity
| Protects |
T1136.003
|
Cloud Account
|
|
AC-20
|
Use of External Systems
| Protects |
T1539
|
Steal Web Session Cookie
|
|
AC-03
|
Access Enforcement
| Protects |
T1539
|
Steal Web Session Cookie
|
|
AC-06
|
Least Privilege
| Protects |
T1539
|
Steal Web Session Cookie
|
|
CA-07
|
Continuous Monitoring
| Protects |
T1539
|
Steal Web Session Cookie
|
|
CM-02
|
Baseline Configuration
| Protects |
T1539
|
Steal Web Session Cookie
|
|
CM-06
|
Configuration Settings
| Protects |
T1539
|
Steal Web Session Cookie
|
|
IA-02
|
Identification and Authentication (organizational Users)
| Protects |
T1539
|
Steal Web Session Cookie
|
|
IA-05
|
Authenticator Management
| Protects |
T1539
|
Steal Web Session Cookie
|
|
SI-03
|
Malicious Code Protection
| Protects |
T1539
|
Steal Web Session Cookie
|
|
SI-04
|
System Monitoring
| Protects |
T1539
|
Steal Web Session Cookie
|
|
CM-05
|
Access Restrictions for Change
| Protects |
T1562.011
|
Spoof Security Alerting
|
|
SI-04
|
System Monitoring
| Protects |
T1562.012
|
Disable or Modify Linux Audit System
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1567.003
|
Exfiltration to Text Storage Sites
|
|
AC-04
|
Information Flow Enforcement
| Protects |
T1567.004
|
Exfiltration Over Webhook
|
|
AC-02
|
Account Management
| Protects |
T1578.005
|
Modify Cloud Compute Configurations
|
|
AC-02
|
Account Management
| Protects |
T1651
|
Cloud Administration Command
|
|
SI-04
|
System Monitoring
| Protects |
T1653
|
Power Settings
|
|
AC-06
|
Least Privilege
| Protects |
T1654
|
Log Enumeration
|
|
AC-05
|
Separation of Duties
| Protects |
T1657
|
Financial Theft
|
|
SC-07
|
Boundary Protection
| Protects |
T1659
|
Content Injection
|
