NIST 800-53 Security Assessment and Authorization Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CA-07 Continuous Monitoring Protects T1001 Data Obfuscation
CA-07 Continuous Monitoring Protects T1001.001 Junk Data
CA-07 Continuous Monitoring Protects T1001.002 Steganography
CA-07 Continuous Monitoring Protects T1001.003 Protocol Impersonation
CA-07 Continuous Monitoring Protects T1003 OS Credential Dumping
CA-07 Continuous Monitoring Protects T1003.003 NTDS
CA-07 Continuous Monitoring Protects T1003.004 LSA Secrets
CA-07 Continuous Monitoring Protects T1003.005 Cached Domain Credentials
CA-07 Continuous Monitoring Protects T1003.006 DCSync
CA-07 Continuous Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
CA-07 Continuous Monitoring Protects T1008 Fallback Channels
CA-07 Continuous Monitoring Protects T1021.005 VNC
CA-08 Penetration Testing Protects T1021.005 VNC
CA-07 Continuous Monitoring Protects T1029 Scheduled Transfer
CA-07 Continuous Monitoring Protects T1030 Data Transfer Size Limits
CA-07 Continuous Monitoring Protects T1036.003 Rename System Utilities
CA-07 Continuous Monitoring Protects T1036.007 Double File Extension
CA-07 Continuous Monitoring Protects T1037.002 Login Hook
CA-07 Continuous Monitoring Protects T1037.003 Network Logon Script
CA-07 Continuous Monitoring Protects T1037.004 RC Scripts
CA-07 Continuous Monitoring Protects T1037.005 Startup Items
CA-07 Continuous Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CA-03 Information Exchange Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1052 Exfiltration Over Physical Medium
CA-07 Continuous Monitoring Protects T1052.001 Exfiltration over USB
CA-08 Penetration Testing Protects T1053.003 Cron
CA-07 Continuous Monitoring Protects T1055.009 Proc Memory
CA-07 Continuous Monitoring Protects T1056.002 GUI Input Capture
CA-07 Continuous Monitoring Protects T1059 Command and Scripting Interpreter
CA-08 Penetration Testing Protects T1059 Command and Scripting Interpreter
CA-07 Continuous Monitoring Protects T1059.005 Visual Basic
CA-07 Continuous Monitoring Protects T1059.007 JavaScript
CA-07 Continuous Monitoring Protects T1070.002 Clear Linux or Mac System Logs
CA-07 Continuous Monitoring Protects T1071.003 Mail Protocols
CA-07 Continuous Monitoring Protects T1071.004 DNS
CA-07 Continuous Monitoring Protects T1078.001 Default Accounts
CA-07 Continuous Monitoring Protects T1078.003 Local Accounts
CA-07 Continuous Monitoring Protects T1090 Proxy
CA-07 Continuous Monitoring Protects T1090.001 Internal Proxy
CA-07 Continuous Monitoring Protects T1090.002 External Proxy
CA-07 Continuous Monitoring Protects T1090.003 Multi-hop Proxy
CA-07 Continuous Monitoring Protects T1102 Web Service
CA-07 Continuous Monitoring Protects T1102.001 Dead Drop Resolver
CA-07 Continuous Monitoring Protects T1102.002 Bidirectional Communication
CA-07 Continuous Monitoring Protects T1102.003 One-Way Communication
CA-07 Continuous Monitoring Protects T1104 Multi-Stage Channels
CA-07 Continuous Monitoring Protects T1110.001 Password Guessing
CA-07 Continuous Monitoring Protects T1110.002 Password Cracking
CA-07 Continuous Monitoring Protects T1110.003 Password Spraying
CA-07 Continuous Monitoring Protects T1110.004 Credential Stuffing
CA-07 Continuous Monitoring Protects T1132.002 Non-Standard Encoding
CA-07 Continuous Monitoring Protects T1176 Browser Extensions
CA-08 Penetration Testing Protects T1176 Browser Extensions
CA-07 Continuous Monitoring Protects T1185 Browser Session Hijacking
CA-02 Control Assessments Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-07 Continuous Monitoring Protects T1195.001 Compromise Software Dependencies and Development Tools
CA-02 Control Assessments Protects T1195.002 Compromise Software Supply Chain
CA-07 Continuous Monitoring Protects T1195.002 Compromise Software Supply Chain
CA-08 Penetration Testing Protects T1195.003 Compromise Hardware Supply Chain
CA-07 Continuous Monitoring Protects T1201 Password Policy Discovery
CA-07 Continuous Monitoring Protects T1203 Exploitation for Client Execution
CA-07 Continuous Monitoring Protects T1204 User Execution
CA-07 Continuous Monitoring Protects T1204.001 Malicious Link
CA-07 Continuous Monitoring Protects T1204.002 Malicious File
CA-07 Continuous Monitoring Protects T1204.003 Malicious Image
CA-08 Penetration Testing Protects T1204.003 Malicious Image
CA-07 Continuous Monitoring Protects T1205 Traffic Signaling
CA-07 Continuous Monitoring Protects T1205.001 Port Knocking
CA-02 Control Assessments Protects T1210 Exploitation of Remote Services
CA-07 Continuous Monitoring Protects T1210 Exploitation of Remote Services
CA-08 Penetration Testing Protects T1210 Exploitation of Remote Services
CA-07 Continuous Monitoring Protects T1213 Data from Information Repositories
CA-08 Penetration Testing Protects T1213 Data from Information Repositories
CA-07 Continuous Monitoring Protects T1213.001 Confluence
CA-08 Penetration Testing Protects T1213.001 Confluence
CA-07 Continuous Monitoring Protects T1213.002 Sharepoint
CA-08 Penetration Testing Protects T1213.002 Sharepoint
CA-07 Continuous Monitoring Protects T1213.003 Code Repositories
CA-07 Continuous Monitoring Protects T1218 System Binary Proxy Execution
CA-07 Continuous Monitoring Protects T1218.002 Control Panel
CA-07 Continuous Monitoring Protects T1218.010 Regsvr32
CA-07 Continuous Monitoring Protects T1218.011 Rundll32
CA-07 Continuous Monitoring Protects T1218.012 Verclsid
CA-07 Continuous Monitoring Protects T1221 Template Injection
CA-07 Continuous Monitoring Protects T1222 File and Directory Permissions Modification
CA-07 Continuous Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
CA-07 Continuous Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CA-08 Penetration Testing Protects T1482 Domain Trust Discovery
CA-08 Penetration Testing Protects T1484 Domain Policy Modification
CA-07 Continuous Monitoring Protects T1489 Service Stop
CA-08 Penetration Testing Protects T1495 Firmware Corruption
CA-07 Continuous Monitoring Protects T1498 Network Denial of Service
CA-07 Continuous Monitoring Protects T1498.001 Direct Network Flood
CA-07 Continuous Monitoring Protects T1498.002 Reflection Amplification
CA-07 Continuous Monitoring Protects T1499.003 Application Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499.004 Application or System Exploitation
CA-08 Penetration Testing Protects T1505 Server Software Component
CA-08 Penetration Testing Protects T1505.001 SQL Stored Procedures
CA-08 Penetration Testing Protects T1505.002 Transport Agent
CA-08 Penetration Testing Protects T1505.004 IIS Components
CA-08 Penetration Testing Protects T1525 Implant Internal Image
CA-07 Continuous Monitoring Protects T1528 Steal Application Access Token
CA-08 Penetration Testing Protects T1528 Steal Application Access Token
CA-07 Continuous Monitoring Protects T1537 Transfer Data to Cloud Account
CA-08 Penetration Testing Protects T1542 Pre-OS Boot
CA-07 Continuous Monitoring Protects T1542.004 ROMMONkit
CA-08 Penetration Testing Protects T1542.004 ROMMONkit
CA-07 Continuous Monitoring Protects T1542.005 TFTP Boot
CA-08 Penetration Testing Protects T1542.005 TFTP Boot
CA-07 Continuous Monitoring Protects T1543 Create or Modify System Process
CA-08 Penetration Testing Protects T1543 Create or Modify System Process
CA-07 Continuous Monitoring Protects T1546.003 Windows Management Instrumentation Event Subscription
CA-07 Continuous Monitoring Protects T1546.004 Unix Shell Configuration Modification
CA-07 Continuous Monitoring Protects T1546.013 PowerShell Profile
CA-07 Continuous Monitoring Protects T1546.016 Installer Packages
CA-07 Continuous Monitoring Protects T1547.003 Time Providers
CA-08 Penetration Testing Protects T1548.002 Bypass User Account Control
CA-07 Continuous Monitoring Protects T1548.003 Sudo and Sudo Caching
CA-07 Continuous Monitoring Protects T1550.003 Pass the Ticket
CA-08 Penetration Testing Protects T1552.006 Group Policy Preferences
CA-08 Penetration Testing Protects T1553 Subvert Trust Controls
CA-07 Continuous Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
CA-08 Penetration Testing Protects T1553.006 Code Signing Policy Modification
CA-07 Continuous Monitoring Protects T1555.001 Keychain
CA-07 Continuous Monitoring Protects T1555.002 Securityd Memory
CA-07 Continuous Monitoring Protects T1556.001 Domain Controller Authentication
CA-07 Continuous Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CA-07 Continuous Monitoring Protects T1557.002 ARP Cache Poisoning
CA-07 Continuous Monitoring Protects T1557.003 DHCP Spoofing
CA-07 Continuous Monitoring Protects T1558 Steal or Forge Kerberos Tickets
CA-07 Continuous Monitoring Protects T1558.002 Silver Ticket
CA-07 Continuous Monitoring Protects T1558.003 Kerberoasting
CA-07 Continuous Monitoring Protects T1558.004 AS-REP Roasting
CA-08 Penetration Testing Protects T1558.004 AS-REP Roasting
CA-08 Penetration Testing Protects T1560 Archive Collected Data
CA-08 Penetration Testing Protects T1563 Remote Service Session Hijacking
CA-07 Continuous Monitoring Protects T1563.001 SSH Hijacking
CA-07 Continuous Monitoring Protects T1564.004 NTFS File Attributes
CA-07 Continuous Monitoring Protects T1564.010 Process Argument Spoofing
CA-07 Continuous Monitoring Protects T1565 Data Manipulation
CA-07 Continuous Monitoring Protects T1565.001 Stored Data Manipulation
CA-07 Continuous Monitoring Protects T1565.003 Runtime Data Manipulation
CA-07 Continuous Monitoring Protects T1566.001 Spearphishing Attachment
CA-07 Continuous Monitoring Protects T1566.003 Spearphishing via Service
CA-07 Continuous Monitoring Protects T1568 Dynamic Resolution
CA-07 Continuous Monitoring Protects T1568.002 Domain Generation Algorithms
CA-07 Continuous Monitoring Protects T1569 System Services
CA-07 Continuous Monitoring Protects T1572 Protocol Tunneling
CA-07 Continuous Monitoring Protects T1573 Encrypted Channel
CA-07 Continuous Monitoring Protects T1573.001 Symmetric Cryptography
CA-07 Continuous Monitoring Protects T1573.002 Asymmetric Cryptography
CA-07 Continuous Monitoring Protects T1574 Hijack Execution Flow
CA-08 Penetration Testing Protects T1574 Hijack Execution Flow
CA-08 Penetration Testing Protects T1574.001 DLL Search Order Hijacking
CA-07 Continuous Monitoring Protects T1574.004 Dylib Hijacking
CA-08 Penetration Testing Protects T1574.005 Executable Installer File Permissions Weakness
CA-07 Continuous Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
CA-08 Penetration Testing Protects T1574.008 Path Interception by Search Order Hijacking
CA-07 Continuous Monitoring Protects T1574.009 Path Interception by Unquoted Path
CA-08 Penetration Testing Protects T1574.009 Path Interception by Unquoted Path
CA-08 Penetration Testing Protects T1574.010 Services File Permissions Weakness
CA-07 Continuous Monitoring Protects T1574.013 KernelCallbackTable
CA-08 Penetration Testing Protects T1574.013 KernelCallbackTable
CA-08 Penetration Testing Protects T1578.001 Create Snapshot
CA-08 Penetration Testing Protects T1578.002 Create Cloud Instance
CA-08 Penetration Testing Protects T1578.003 Delete Cloud Instance
CA-07 Continuous Monitoring Protects T1598.001 Spearphishing Service
CA-07 Continuous Monitoring Protects T1598.002 Spearphishing Attachment
CA-07 Continuous Monitoring Protects T1599 Network Boundary Bridging
CA-07 Continuous Monitoring Protects T1599.001 Network Address Translation Traversal
CA-08 Penetration Testing Protects T1601 Modify System Image
CA-08 Penetration Testing Protects T1601.001 Patch System Image
CA-08 Penetration Testing Protects T1601.002 Downgrade System Image
CA-07 Continuous Monitoring Protects T1602 Data from Configuration Repository
CA-07 Continuous Monitoring Protects T1602.001 SNMP (MIB Dump)
CA-07 Continuous Monitoring Protects T1602.002 Network Device Configuration Dump
CA-07 Continuous Monitoring Protects T1622 Debugger Evasion
CA-07 Continuous Monitoring Protects T1647 Plist File Modification
CA-08 Penetration Testing Protects T1612 Build Image on Host
CA-07 Continuous Monitoring Protects T1598.003 Spearphishing Link
CA-07 Continuous Monitoring Protects T1598 Phishing for Information
CA-07 Continuous Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
CA-08 Penetration Testing Protects T1574.007 Path Interception by PATH Environment Variable
CA-07 Continuous Monitoring Protects T1571 Non-Standard Port
CA-07 Continuous Monitoring Protects T1570 Lateral Tool Transfer
CA-07 Continuous Monitoring Protects T1566.002 Spearphishing Link
CA-07 Continuous Monitoring Protects T1566 Phishing
CA-07 Continuous Monitoring Protects T1562.006 Indicator Blocking
CA-07 Continuous Monitoring Protects T1562.002 Disable Windows Event Logging
CA-07 Continuous Monitoring Protects T1562.001 Disable or Modify Tools
CA-08 Penetration Testing Protects T1560.001 Archive via Utility
CA-07 Continuous Monitoring Protects T1557 Adversary-in-the-Middle
CA-08 Penetration Testing Protects T1554 Compromise Client Software Binary
CA-07 Continuous Monitoring Protects T1552.004 Private Keys
CA-08 Penetration Testing Protects T1552.004 Private Keys
CA-08 Penetration Testing Protects T1550.001 Application Access Token
CA-07 Continuous Monitoring Protects T1547.013 XDG Autostart Entries
CA-07 Continuous Monitoring Protects T1543.002 Systemd Service
CA-07 Continuous Monitoring Protects T1530 Data from Cloud Storage
CA-08 Penetration Testing Protects T1530 Data from Cloud Storage
CA-07 Continuous Monitoring Protects T1219 Remote Access Software
CA-07 Continuous Monitoring Protects T1211 Exploitation for Defense Evasion
CA-08 Penetration Testing Protects T1211 Exploitation for Defense Evasion
CA-02 Control Assessments Protects T1190 Exploit Public-Facing Application
CA-07 Continuous Monitoring Protects T1190 Exploit Public-Facing Application
CA-07 Continuous Monitoring Protects T1189 Drive-by Compromise
CA-07 Continuous Monitoring Protects T1111 Multi-Factor Authentication Interception
CA-07 Continuous Monitoring Protects T1105 Ingress Tool Transfer
CA-07 Continuous Monitoring Protects T1095 Non-Application Layer Protocol
CA-07 Continuous Monitoring Protects T1070.009 Clear Persistence
CA-07 Continuous Monitoring Protects T1070.001 Clear Windows Event Logs
CA-07 Continuous Monitoring Protects T1552.002 Credentials in Registry
CA-08 Penetration Testing Protects T1552.002 Credentials in Registry
CA-07 Continuous Monitoring Protects T1552.001 Credentials In Files
CA-08 Penetration Testing Protects T1552.001 Credentials In Files
CA-08 Penetration Testing Protects T1542.003 Bootkit
CA-07 Continuous Monitoring Protects T1499.002 Service Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499.001 OS Exhaustion Flood
CA-07 Continuous Monitoring Protects T1499 Endpoint Denial of Service
CA-07 Continuous Monitoring Protects T1197 BITS Jobs
CA-02 Control Assessments Protects T1195 Supply Chain Compromise
CA-07 Continuous Monitoring Protects T1195 Supply Chain Compromise
CA-07 Continuous Monitoring Protects T1187 Forced Authentication
CA-07 Continuous Monitoring Protects T1132 Data Encoding
CA-07 Continuous Monitoring Protects T1110 Brute Force
CA-07 Continuous Monitoring Protects T1070.003 Clear Command History
CA-07 Continuous Monitoring Protects T1046 Network Service Discovery
CA-03 Information Exchange Protects T1041 Exfiltration Over C2 Channel
CA-07 Continuous Monitoring Protects T1041 Exfiltration Over C2 Channel
CA-07 Continuous Monitoring Protects T1037 Boot or Logon Initialization Scripts
CA-07 Continuous Monitoring Protects T1068 Exploitation for Privilege Escalation
CA-08 Penetration Testing Protects T1068 Exploitation for Privilege Escalation
CA-07 Continuous Monitoring Protects T1070 Indicator Removal
CA-07 Continuous Monitoring Protects T1003.001 LSASS Memory
CA-07 Continuous Monitoring Protects T1003.002 Security Account Manager
CA-08 Penetration Testing Protects T1021.001 Remote Desktop Protocol
CA-07 Continuous Monitoring Protects T1021.002 SMB/Windows Admin Shares
CA-07 Continuous Monitoring Protects T1036.005 Match Legitimate Name or Location
CA-08 Penetration Testing Protects T1053.002 At
CA-08 Penetration Testing Protects T1053.005 Scheduled Task
CA-03 Information Exchange Protects T1567 Exfiltration Over Web Service
CA-07 Continuous Monitoring Protects T1567 Exfiltration Over Web Service
CA-07 Continuous Monitoring Protects T1569.002 Service Execution
CA-08 Penetration Testing Protects T1578 Modify Cloud Compute Infrastructure
CA-07 Continuous Monitoring Protects T1562.004 Disable or Modify System Firewall
CA-07 Continuous Monitoring Protects T1556 Modify Authentication Process
CA-07 Continuous Monitoring Protects T1552 Unsecured Credentials
CA-08 Penetration Testing Protects T1552 Unsecured Credentials
CA-07 Continuous Monitoring Protects T1548 Abuse Elevation Control Mechanism
CA-08 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CA-03 Information Exchange Protects T1078 Valid Accounts
CA-07 Continuous Monitoring Protects T1070.008 Clear Mailbox Data
CA-03 Information Exchange Protects T1048 Exfiltration Over Alternative Protocol
CA-07 Continuous Monitoring Protects T1048 Exfiltration Over Alternative Protocol
CA-07 Continuous Monitoring Protects T1562 Impair Defenses
CA-08 Penetration Testing Protects T1562 Impair Defenses
CA-07 Continuous Monitoring Protects T1555 Credentials from Password Stores
CA-07 Continuous Monitoring Protects T1552.005 Cloud Instance Metadata API
CA-07 Continuous Monitoring Protects T1212 Exploitation for Credential Access
CA-08 Penetration Testing Protects T1212 Exploitation for Credential Access
CA-07 Continuous Monitoring Protects T1078 Valid Accounts
CA-07 Continuous Monitoring Protects T1078.004 Cloud Accounts
CA-07 Continuous Monitoring Protects T1072 Software Deployment Tools
CA-07 Continuous Monitoring Protects T1036 Masquerading
CA-07 Continuous Monitoring Protects T1003.007 Proc Filesystem
CA-03 Information Exchange Protects T1020.001 Traffic Duplication
CA-03 Information Exchange Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-07 Continuous Monitoring Protects T1053.006 Systemd Timers
CA-07 Continuous Monitoring Protects T1070.007 Clear Network Connection History and Configurations
CA-07 Continuous Monitoring Protects T1071 Application Layer Protocol
CA-07 Continuous Monitoring Protects T1071.001 Web Protocols
CA-07 Continuous Monitoring Protects T1071.002 File Transfer Protocols
CA-07 Continuous Monitoring Protects T1080 Taint Shared Content
CA-07 Continuous Monitoring Protects T1132.001 Standard Encoding
CA-07 Continuous Monitoring Protects T1539 Steal Web Session Cookie

Capabilities

Capability ID Capability Name Number of Mappings
CA-08 Penetration Testing 63
CA-03 Information Exchange 7
CA-07 Continuous Monitoring 202
CA-02 Control Assessments 5