1. Home
  2. Mapping Frameworks
  3. NIST 800-53 Home
  4. Configuration Management Capability Group

NIST 800-53 Configuration Management Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-02 Baseline Configuration Protects T1001 Data Obfuscation
CM-06 Configuration Settings Protects T1001 Data Obfuscation
CM-02 Baseline Configuration Protects T1001.001 Junk Data
CM-06 Configuration Settings Protects T1001.001 Junk Data
CM-02 Baseline Configuration Protects T1001.002 Steganography
CM-06 Configuration Settings Protects T1001.002 Steganography
CM-02 Baseline Configuration Protects T1001.003 Protocol Impersonation
CM-06 Configuration Settings Protects T1001.003 Protocol Impersonation
CM-02 Baseline Configuration Protects T1003 OS Credential Dumping
CM-05 Access Restrictions for Change Protects T1003 OS Credential Dumping
CM-06 Configuration Settings Protects T1003 OS Credential Dumping
CM-07 Least Functionality Protects T1003 OS Credential Dumping
CM-02 Baseline Configuration Protects T1003.003 NTDS
CM-05 Access Restrictions for Change Protects T1003.003 NTDS
CM-06 Configuration Settings Protects T1003.003 NTDS
CM-02 Baseline Configuration Protects T1003.004 LSA Secrets
CM-05 Access Restrictions for Change Protects T1003.004 LSA Secrets
CM-06 Configuration Settings Protects T1003.004 LSA Secrets
CM-02 Baseline Configuration Protects T1003.005 Cached Domain Credentials
CM-05 Access Restrictions for Change Protects T1003.005 Cached Domain Credentials
CM-06 Configuration Settings Protects T1003.005 Cached Domain Credentials
CM-07 Least Functionality Protects T1003.005 Cached Domain Credentials
CM-02 Baseline Configuration Protects T1003.006 DCSync
CM-05 Access Restrictions for Change Protects T1003.006 DCSync
CM-06 Configuration Settings Protects T1003.006 DCSync
CM-02 Baseline Configuration Protects T1003.008 /etc/passwd and /etc/shadow
CM-05 Access Restrictions for Change Protects T1003.008 /etc/passwd and /etc/shadow
CM-06 Configuration Settings Protects T1003.008 /etc/passwd and /etc/shadow
CM-02 Baseline Configuration Protects T1008 Fallback Channels
CM-06 Configuration Settings Protects T1008 Fallback Channels
CM-07 Least Functionality Protects T1008 Fallback Channels
CM-02 Baseline Configuration Protects T1021.003 Distributed Component Object Model
CM-05 Access Restrictions for Change Protects T1021.003 Distributed Component Object Model
CM-06 Configuration Settings Protects T1021.003 Distributed Component Object Model
CM-07 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-08 System Component Inventory Protects T1021.003 Distributed Component Object Model
CM-02 Baseline Configuration Protects T1021.004 SSH
CM-05 Access Restrictions for Change Protects T1021.004 SSH
CM-06 Configuration Settings Protects T1021.004 SSH
CM-08 System Component Inventory Protects T1021.004 SSH
CM-11 User-installed Software Protects T1021.005 VNC
CM-02 Baseline Configuration Protects T1021.005 VNC
CM-03 Configuration Change Control Protects T1021.005 VNC
CM-05 Access Restrictions for Change Protects T1021.005 VNC
CM-06 Configuration Settings Protects T1021.005 VNC
CM-07 Least Functionality Protects T1021.005 VNC
CM-08 System Component Inventory Protects T1021.005 VNC
CM-12 Information Location Protects T1025 Data from Removable Media
CM-02 Baseline Configuration Protects T1029 Scheduled Transfer
CM-06 Configuration Settings Protects T1029 Scheduled Transfer
CM-02 Baseline Configuration Protects T1030 Data Transfer Size Limits
CM-06 Configuration Settings Protects T1030 Data Transfer Size Limits
CM-02 Baseline Configuration Protects T1036.001 Invalid Code Signature
CM-06 Configuration Settings Protects T1036.001 Invalid Code Signature
CM-02 Baseline Configuration Protects T1036.003 Rename System Utilities
CM-06 Configuration Settings Protects T1036.003 Rename System Utilities
CM-02 Baseline Configuration Protects T1036.007 Double File Extension
CM-06 Configuration Settings Protects T1036.007 Double File Extension
CM-07 Least Functionality Protects T1036.007 Double File Extension
CM-07 Least Functionality Protects T1037.001 Logon Script (Windows)
CM-02 Baseline Configuration Protects T1037.002 Login Hook
CM-06 Configuration Settings Protects T1037.002 Login Hook
CM-02 Baseline Configuration Protects T1037.003 Network Logon Script
CM-06 Configuration Settings Protects T1037.003 Network Logon Script
CM-02 Baseline Configuration Protects T1037.004 RC Scripts
CM-06 Configuration Settings Protects T1037.004 RC Scripts
CM-02 Baseline Configuration Protects T1037.005 Startup Items
CM-06 Configuration Settings Protects T1037.005 Startup Items
CM-02 Baseline Configuration Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration Protects T1052 Exfiltration Over Physical Medium
CM-06 Configuration Settings Protects T1052 Exfiltration Over Physical Medium
CM-07 Least Functionality Protects T1052 Exfiltration Over Physical Medium
CM-08 System Component Inventory Protects T1052 Exfiltration Over Physical Medium
CM-02 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-06 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-07 Least Functionality Protects T1052.001 Exfiltration over USB
CM-08 System Component Inventory Protects T1052.001 Exfiltration over USB
CM-05 Access Restrictions for Change Protects T1053.003 Cron
CM-05 Access Restrictions for Change Protects T1053.007 Container Orchestration Job
CM-05 Access Restrictions for Change Protects T1055 Process Injection
CM-06 Configuration Settings Protects T1055 Process Injection
CM-05 Access Restrictions for Change Protects T1055.008 Ptrace System Calls
CM-06 Configuration Settings Protects T1055.008 Ptrace System Calls
CM-05 Access Restrictions for Change Protects T1056.003 Web Portal Capture
CM-06 Configuration Settings Protects T1056.003 Web Portal Capture
CM-11 User-installed Software Protects T1059 Command and Scripting Interpreter
CM-02 Baseline Configuration Protects T1059 Command and Scripting Interpreter
CM-05 Access Restrictions for Change Protects T1059 Command and Scripting Interpreter
CM-06 Configuration Settings Protects T1059 Command and Scripting Interpreter
CM-07 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-08 System Component Inventory Protects T1059 Command and Scripting Interpreter
CM-02 Baseline Configuration Protects T1059.001 PowerShell
CM-05 Access Restrictions for Change Protects T1059.001 PowerShell
CM-06 Configuration Settings Protects T1059.001 PowerShell
CM-08 System Component Inventory Protects T1059.001 PowerShell
CM-02 Baseline Configuration Protects T1059.002 AppleScript
CM-06 Configuration Settings Protects T1059.002 AppleScript
CM-02 Baseline Configuration Protects T1059.003 Windows Command Shell
CM-06 Configuration Settings Protects T1059.003 Windows Command Shell
CM-02 Baseline Configuration Protects T1059.004 Unix Shell
CM-06 Configuration Settings Protects T1059.004 Unix Shell
CM-02 Baseline Configuration Protects T1059.005 Visual Basic
CM-06 Configuration Settings Protects T1059.005 Visual Basic
CM-07 Least Functionality Protects T1059.005 Visual Basic
CM-08 System Component Inventory Protects T1059.005 Visual Basic
CM-11 User-installed Software Protects T1059.006 Python
CM-02 Baseline Configuration Protects T1059.006 Python
CM-03 Configuration Change Control Protects T1059.006 Python
CM-05 Access Restrictions for Change Protects T1059.006 Python
CM-06 Configuration Settings Protects T1059.006 Python
CM-02 Baseline Configuration Protects T1059.007 JavaScript
CM-06 Configuration Settings Protects T1059.007 JavaScript
CM-07 Least Functionality Protects T1059.007 JavaScript
CM-08 System Component Inventory Protects T1059.007 JavaScript
CM-02 Baseline Configuration Protects T1059.008 Network Device CLI
CM-05 Access Restrictions for Change Protects T1059.008 Network Device CLI
CM-06 Configuration Settings Protects T1059.008 Network Device CLI
CM-02 Baseline Configuration Protects T1070.002 Clear Linux or Mac System Logs
CM-06 Configuration Settings Protects T1070.002 Clear Linux or Mac System Logs
CM-02 Baseline Configuration Protects T1071.003 Mail Protocols
CM-06 Configuration Settings Protects T1071.003 Mail Protocols
CM-07 Least Functionality Protects T1071.003 Mail Protocols
CM-02 Baseline Configuration Protects T1071.004 DNS
CM-06 Configuration Settings Protects T1071.004 DNS
CM-07 Least Functionality Protects T1071.004 DNS
CM-05 Access Restrictions for Change Protects T1078.002 Domain Accounts
CM-06 Configuration Settings Protects T1078.002 Domain Accounts
CM-05 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-06 Configuration Settings Protects T1078.003 Local Accounts
CM-06 Configuration Settings Protects T1087.001 Local Account
CM-07 Least Functionality Protects T1087.001 Local Account
CM-02 Baseline Configuration Protects T1090 Proxy
CM-06 Configuration Settings Protects T1090 Proxy
CM-07 Least Functionality Protects T1090 Proxy
CM-02 Baseline Configuration Protects T1090.001 Internal Proxy
CM-06 Configuration Settings Protects T1090.001 Internal Proxy
CM-07 Least Functionality Protects T1090.001 Internal Proxy
CM-02 Baseline Configuration Protects T1090.002 External Proxy
CM-06 Configuration Settings Protects T1090.002 External Proxy
CM-07 Least Functionality Protects T1090.002 External Proxy
CM-06 Configuration Settings Protects T1090.003 Multi-hop Proxy
CM-07 Least Functionality Protects T1090.003 Multi-hop Proxy
CM-02 Baseline Configuration Protects T1092 Communication Through Removable Media
CM-06 Configuration Settings Protects T1092 Communication Through Removable Media
CM-07 Least Functionality Protects T1092 Communication Through Removable Media
CM-08 System Component Inventory Protects T1092 Communication Through Removable Media
CM-05 Access Restrictions for Change Protects T1098.002 Additional Email Delegate Permissions
CM-06 Configuration Settings Protects T1098.002 Additional Email Delegate Permissions
CM-02 Baseline Configuration Protects T1102 Web Service
CM-06 Configuration Settings Protects T1102 Web Service
CM-07 Least Functionality Protects T1102 Web Service
CM-02 Baseline Configuration Protects T1102.001 Dead Drop Resolver
CM-06 Configuration Settings Protects T1102.001 Dead Drop Resolver
CM-07 Least Functionality Protects T1102.001 Dead Drop Resolver
CM-02 Baseline Configuration Protects T1102.002 Bidirectional Communication
CM-06 Configuration Settings Protects T1102.002 Bidirectional Communication
CM-07 Least Functionality Protects T1102.002 Bidirectional Communication
CM-02 Baseline Configuration Protects T1102.003 One-Way Communication
CM-06 Configuration Settings Protects T1102.003 One-Way Communication
CM-07 Least Functionality Protects T1102.003 One-Way Communication
CM-02 Baseline Configuration Protects T1104 Multi-Stage Channels
CM-06 Configuration Settings Protects T1104 Multi-Stage Channels
CM-07 Least Functionality Protects T1104 Multi-Stage Channels
CM-02 Baseline Configuration Protects T1110.001 Password Guessing
CM-06 Configuration Settings Protects T1110.001 Password Guessing
CM-02 Baseline Configuration Protects T1110.002 Password Cracking
CM-06 Configuration Settings Protects T1110.002 Password Cracking
CM-02 Baseline Configuration Protects T1110.003 Password Spraying
CM-06 Configuration Settings Protects T1110.003 Password Spraying
CM-02 Baseline Configuration Protects T1110.004 Credential Stuffing
CM-06 Configuration Settings Protects T1110.004 Credential Stuffing
CM-02 Baseline Configuration Protects T1119 Automated Collection
CM-06 Configuration Settings Protects T1119 Automated Collection
CM-08 System Component Inventory Protects T1119 Automated Collection
CM-02 Baseline Configuration Protects T1127 Trusted Developer Utilities Proxy Execution
CM-06 Configuration Settings Protects T1127 Trusted Developer Utilities Proxy Execution
CM-07 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-08 System Component Inventory Protects T1127 Trusted Developer Utilities Proxy Execution
CM-02 Baseline Configuration Protects T1127.001 MSBuild
CM-06 Configuration Settings Protects T1127.001 MSBuild
CM-08 System Component Inventory Protects T1127.001 MSBuild
CM-02 Baseline Configuration Protects T1132.002 Non-Standard Encoding
CM-06 Configuration Settings Protects T1132.002 Non-Standard Encoding
CM-02 Baseline Configuration Protects T1134.005 SID-History Injection
CM-06 Configuration Settings Protects T1134.005 SID-History Injection
CM-05 Access Restrictions for Change Protects T1136.002 Domain Account
CM-06 Configuration Settings Protects T1136.002 Domain Account
CM-07 Least Functionality Protects T1136.002 Domain Account
CM-02 Baseline Configuration Protects T1137 Office Application Startup
CM-06 Configuration Settings Protects T1137 Office Application Startup
CM-08 System Component Inventory Protects T1137 Office Application Startup
CM-02 Baseline Configuration Protects T1137.001 Office Template Macros
CM-06 Configuration Settings Protects T1137.001 Office Template Macros
CM-08 System Component Inventory Protects T1137.001 Office Template Macros
CM-02 Baseline Configuration Protects T1137.002 Office Test
CM-05 Access Restrictions for Change Protects T1137.002 Office Test
CM-06 Configuration Settings Protects T1137.002 Office Test
CM-02 Baseline Configuration Protects T1137.003 Outlook Forms
CM-06 Configuration Settings Protects T1137.003 Outlook Forms
CM-02 Baseline Configuration Protects T1137.004 Outlook Home Page
CM-06 Configuration Settings Protects T1137.004 Outlook Home Page
CM-02 Baseline Configuration Protects T1137.005 Outlook Rules
CM-06 Configuration Settings Protects T1137.005 Outlook Rules
CM-02 Baseline Configuration Protects T1137.006 Add-ins
CM-06 Configuration Settings Protects T1137.006 Add-ins
CM-11 User-installed Software Protects T1176 Browser Extensions
CM-02 Baseline Configuration Protects T1176 Browser Extensions
CM-03 Configuration Change Control Protects T1176 Browser Extensions
CM-05 Access Restrictions for Change Protects T1176 Browser Extensions
CM-06 Configuration Settings Protects T1176 Browser Extensions
CM-07 Least Functionality Protects T1176 Browser Extensions
CM-02 Baseline Configuration Protects T1185 Browser Session Hijacking
CM-05 Access Restrictions for Change Protects T1185 Browser Session Hijacking
CM-11 User-installed Software Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-07 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software Protects T1195.002 Compromise Software Supply Chain
CM-07 Least Functionality Protects T1195.002 Compromise Software Supply Chain
CM-03 Configuration Change Control Protects T1195.003 Compromise Hardware Supply Chain
CM-05 Access Restrictions for Change Protects T1195.003 Compromise Hardware Supply Chain
CM-08 System Component Inventory Protects T1195.003 Compromise Hardware Supply Chain
CM-06 Configuration Settings Protects T1199 Trusted Relationship
CM-07 Least Functionality Protects T1199 Trusted Relationship
CM-02 Baseline Configuration Protects T1201 Password Policy Discovery
CM-06 Configuration Settings Protects T1201 Password Policy Discovery
CM-08 System Component Inventory Protects T1203 Exploitation for Client Execution
CM-02 Baseline Configuration Protects T1204 User Execution
CM-06 Configuration Settings Protects T1204 User Execution
CM-07 Least Functionality Protects T1204 User Execution
CM-02 Baseline Configuration Protects T1204.001 Malicious Link
CM-06 Configuration Settings Protects T1204.001 Malicious Link
CM-07 Least Functionality Protects T1204.001 Malicious Link
CM-02 Baseline Configuration Protects T1204.002 Malicious File
CM-06 Configuration Settings Protects T1204.002 Malicious File
CM-07 Least Functionality Protects T1204.002 Malicious File
CM-02 Baseline Configuration Protects T1204.003 Malicious Image
CM-06 Configuration Settings Protects T1204.003 Malicious Image
CM-07 Least Functionality Protects T1204.003 Malicious Image
CM-02 Baseline Configuration Protects T1205 Traffic Signaling
CM-06 Configuration Settings Protects T1205 Traffic Signaling
CM-07 Least Functionality Protects T1205 Traffic Signaling
CM-06 Configuration Settings Protects T1205.001 Port Knocking
CM-07 Least Functionality Protects T1205.001 Port Knocking
CM-02 Baseline Configuration Protects T1210 Exploitation of Remote Services
CM-05 Access Restrictions for Change Protects T1210 Exploitation of Remote Services
CM-06 Configuration Settings Protects T1210 Exploitation of Remote Services
CM-07 Least Functionality Protects T1210 Exploitation of Remote Services
CM-08 System Component Inventory Protects T1210 Exploitation of Remote Services
CM-02 Baseline Configuration Protects T1213 Data from Information Repositories
CM-03 Configuration Change Control Protects T1213 Data from Information Repositories
CM-05 Access Restrictions for Change Protects T1213 Data from Information Repositories
CM-06 Configuration Settings Protects T1213 Data from Information Repositories
CM-07 Least Functionality Protects T1213 Data from Information Repositories
CM-08 System Component Inventory Protects T1213 Data from Information Repositories
CM-02 Baseline Configuration Protects T1213.001 Confluence
CM-03 Configuration Change Control Protects T1213.001 Confluence
CM-05 Access Restrictions for Change Protects T1213.001 Confluence
CM-06 Configuration Settings Protects T1213.001 Confluence
CM-07 Least Functionality Protects T1213.001 Confluence
CM-08 System Component Inventory Protects T1213.001 Confluence
CM-02 Baseline Configuration Protects T1213.002 Sharepoint
CM-03 Configuration Change Control Protects T1213.002 Sharepoint
CM-05 Access Restrictions for Change Protects T1213.002 Sharepoint
CM-06 Configuration Settings Protects T1213.002 Sharepoint
CM-07 Least Functionality Protects T1213.002 Sharepoint
CM-08 System Component Inventory Protects T1213.002 Sharepoint
CM-02 Baseline Configuration Protects T1216 System Script Proxy Execution
CM-06 Configuration Settings Protects T1216 System Script Proxy Execution
CM-07 Least Functionality Protects T1216 System Script Proxy Execution
CM-02 Baseline Configuration Protects T1216.001 PubPrn
CM-06 Configuration Settings Protects T1216.001 PubPrn
CM-07 Least Functionality Protects T1216.001 PubPrn
CM-11 User-installed Software Protects T1218 System Binary Proxy Execution
CM-02 Baseline Configuration Protects T1218 System Binary Proxy Execution
CM-05 Access Restrictions for Change Protects T1218 System Binary Proxy Execution
CM-06 Configuration Settings Protects T1218 System Binary Proxy Execution
CM-07 Least Functionality Protects T1218 System Binary Proxy Execution
CM-08 System Component Inventory Protects T1218 System Binary Proxy Execution
CM-11 User-installed Software Protects T1218.001 Compiled HTML File
CM-02 Baseline Configuration Protects T1218.001 Compiled HTML File
CM-06 Configuration Settings Protects T1218.001 Compiled HTML File
CM-07 Least Functionality Protects T1218.001 Compiled HTML File
CM-11 User-installed Software Protects T1218.002 Control Panel
CM-02 Baseline Configuration Protects T1218.002 Control Panel
CM-06 Configuration Settings Protects T1218.002 Control Panel
CM-07 Least Functionality Protects T1218.002 Control Panel
CM-11 User-installed Software Protects T1218.003 CMSTP
CM-02 Baseline Configuration Protects T1218.003 CMSTP
CM-06 Configuration Settings Protects T1218.003 CMSTP
CM-07 Least Functionality Protects T1218.003 CMSTP
CM-08 System Component Inventory Protects T1218.003 CMSTP
CM-11 User-installed Software Protects T1218.004 InstallUtil
CM-02 Baseline Configuration Protects T1218.004 InstallUtil
CM-06 Configuration Settings Protects T1218.004 InstallUtil
CM-07 Least Functionality Protects T1218.004 InstallUtil
CM-08 System Component Inventory Protects T1218.004 InstallUtil
CM-11 User-installed Software Protects T1218.005 Mshta
CM-02 Baseline Configuration Protects T1218.005 Mshta
CM-06 Configuration Settings Protects T1218.005 Mshta
CM-07 Least Functionality Protects T1218.005 Mshta
CM-08 System Component Inventory Protects T1218.005 Mshta
CM-02 Baseline Configuration Protects T1218.007 Msiexec
CM-05 Access Restrictions for Change Protects T1218.007 Msiexec
CM-06 Configuration Settings Protects T1218.007 Msiexec
CM-07 Least Functionality Protects T1218.007 Msiexec
CM-11 User-installed Software Protects T1218.008 Odbcconf
CM-02 Baseline Configuration Protects T1218.008 Odbcconf
CM-06 Configuration Settings Protects T1218.008 Odbcconf
CM-07 Least Functionality Protects T1218.008 Odbcconf
CM-08 System Component Inventory Protects T1218.008 Odbcconf
CM-11 User-installed Software Protects T1218.009 Regsvcs/Regasm
CM-02 Baseline Configuration Protects T1218.009 Regsvcs/Regasm
CM-06 Configuration Settings Protects T1218.009 Regsvcs/Regasm
CM-07 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-08 System Component Inventory Protects T1218.009 Regsvcs/Regasm
CM-11 User-installed Software Protects T1218.012 Verclsid
CM-02 Baseline Configuration Protects T1218.012 Verclsid
CM-06 Configuration Settings Protects T1218.012 Verclsid
CM-07 Least Functionality Protects T1218.012 Verclsid
CM-08 System Component Inventory Protects T1218.012 Verclsid
CM-11 User-installed Software Protects T1218.013 Mavinject
CM-02 Baseline Configuration Protects T1218.013 Mavinject
CM-06 Configuration Settings Protects T1218.013 Mavinject
CM-07 Least Functionality Protects T1218.013 Mavinject
CM-08 System Component Inventory Protects T1218.013 Mavinject
CM-11 User-installed Software Protects T1218.014 MMC
CM-02 Baseline Configuration Protects T1218.014 MMC
CM-06 Configuration Settings Protects T1218.014 MMC
CM-07 Least Functionality Protects T1218.014 MMC
CM-08 System Component Inventory Protects T1218.014 MMC
CM-02 Baseline Configuration Protects T1220 XSL Script Processing
CM-06 Configuration Settings Protects T1220 XSL Script Processing
CM-07 Least Functionality Protects T1220 XSL Script Processing
CM-02 Baseline Configuration Protects T1221 Template Injection
CM-06 Configuration Settings Protects T1221 Template Injection
CM-07 Least Functionality Protects T1221 Template Injection
CM-08 System Component Inventory Protects T1221 Template Injection
CM-05 Access Restrictions for Change Protects T1222 File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222 File and Directory Permissions Modification
CM-05 Access Restrictions for Change Protects T1222.001 Windows File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222.001 Windows File and Directory Permissions Modification
CM-05 Access Restrictions for Change Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1222.002 Linux and Mac File and Directory Permissions Modification
CM-06 Configuration Settings Protects T1482 Domain Trust Discovery
CM-07 Least Functionality Protects T1482 Domain Trust Discovery
CM-02 Baseline Configuration Protects T1484 Domain Policy Modification
CM-05 Access Restrictions for Change Protects T1484 Domain Policy Modification
CM-06 Configuration Settings Protects T1484 Domain Policy Modification
CM-07 Least Functionality Protects T1484 Domain Policy Modification
CM-02 Baseline Configuration Protects T1486 Data Encrypted for Impact
CM-05 Access Restrictions for Change Protects T1489 Service Stop
CM-06 Configuration Settings Protects T1489 Service Stop
CM-07 Least Functionality Protects T1489 Service Stop
CM-02 Baseline Configuration Protects T1491 Defacement
CM-02 Baseline Configuration Protects T1491.001 Internal Defacement
CM-02 Baseline Configuration Protects T1491.002 External Defacement
CM-03 Configuration Change Control Protects T1495 Firmware Corruption
CM-05 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-06 Configuration Settings Protects T1495 Firmware Corruption
CM-08 System Component Inventory Protects T1495 Firmware Corruption
CM-06 Configuration Settings Protects T1498 Network Denial of Service
CM-07 Least Functionality Protects T1498 Network Denial of Service
CM-06 Configuration Settings Protects T1498.001 Direct Network Flood
CM-07 Least Functionality Protects T1498.001 Direct Network Flood
CM-06 Configuration Settings Protects T1498.002 Reflection Amplification
CM-07 Least Functionality Protects T1498.002 Reflection Amplification
CM-06 Configuration Settings Protects T1499.003 Application Exhaustion Flood
CM-07 Least Functionality Protects T1499.003 Application Exhaustion Flood
CM-06 Configuration Settings Protects T1499.004 Application or System Exploitation
CM-07 Least Functionality Protects T1499.004 Application or System Exploitation
CM-11 User-installed Software Protects T1505 Server Software Component
CM-02 Baseline Configuration Protects T1505 Server Software Component
CM-05 Access Restrictions for Change Protects T1505 Server Software Component
CM-06 Configuration Settings Protects T1505 Server Software Component
CM-08 System Component Inventory Protects T1505 Server Software Component
CM-11 User-installed Software Protects T1505.001 SQL Stored Procedures
CM-02 Baseline Configuration Protects T1505.001 SQL Stored Procedures
CM-06 Configuration Settings Protects T1505.001 SQL Stored Procedures
CM-08 System Component Inventory Protects T1505.001 SQL Stored Procedures
CM-11 User-installed Software Protects T1505.002 Transport Agent
CM-02 Baseline Configuration Protects T1505.002 Transport Agent
CM-05 Access Restrictions for Change Protects T1505.002 Transport Agent
CM-06 Configuration Settings Protects T1505.002 Transport Agent
CM-08 System Component Inventory Protects T1505.002 Transport Agent
CM-02 Baseline Configuration Protects T1505.003 Web Shell
CM-06 Configuration Settings Protects T1505.003 Web Shell
CM-11 User-installed Software Protects T1505.004 IIS Components
CM-02 Baseline Configuration Protects T1505.004 IIS Components
CM-06 Configuration Settings Protects T1505.004 IIS Components
CM-07 Least Functionality Protects T1505.004 IIS Components
CM-08 System Component Inventory Protects T1505.004 IIS Components
CM-02 Baseline Configuration Protects T1505.005 Terminal Services DLL
CM-06 Configuration Settings Protects T1505.005 Terminal Services DLL
CM-02 Baseline Configuration Protects T1525 Implant Internal Image
CM-05 Access Restrictions for Change Protects T1525 Implant Internal Image
CM-06 Configuration Settings Protects T1525 Implant Internal Image
CM-07 Least Functionality Protects T1525 Implant Internal Image
CM-02 Baseline Configuration Protects T1528 Steal Application Access Token
CM-05 Access Restrictions for Change Protects T1528 Steal Application Access Token
CM-06 Configuration Settings Protects T1528 Steal Application Access Token
CM-05 Access Restrictions for Change Protects T1537 Transfer Data to Cloud Account
CM-06 Configuration Settings Protects T1537 Transfer Data to Cloud Account
CM-07 Least Functionality Protects T1537 Transfer Data to Cloud Account
CM-03 Configuration Change Control Protects T1542 Pre-OS Boot
CM-05 Access Restrictions for Change Protects T1542 Pre-OS Boot
CM-06 Configuration Settings Protects T1542 Pre-OS Boot
CM-08 System Component Inventory Protects T1542 Pre-OS Boot
CM-02 Baseline Configuration Protects T1542.004 ROMMONkit
CM-03 Configuration Change Control Protects T1542.004 ROMMONkit
CM-05 Access Restrictions for Change Protects T1542.004 ROMMONkit
CM-06 Configuration Settings Protects T1542.004 ROMMONkit
CM-07 Least Functionality Protects T1542.004 ROMMONkit
CM-08 System Component Inventory Protects T1542.004 ROMMONkit
CM-02 Baseline Configuration Protects T1542.005 TFTP Boot
CM-03 Configuration Change Control Protects T1542.005 TFTP Boot
CM-05 Access Restrictions for Change Protects T1542.005 TFTP Boot
CM-06 Configuration Settings Protects T1542.005 TFTP Boot
CM-07 Least Functionality Protects T1542.005 TFTP Boot
CM-08 System Component Inventory Protects T1542.005 TFTP Boot
CM-11 User-installed Software Protects T1543 Create or Modify System Process
CM-02 Baseline Configuration Protects T1543 Create or Modify System Process
CM-03 Configuration Change Control Protects T1543 Create or Modify System Process
CM-05 Access Restrictions for Change Protects T1543 Create or Modify System Process
CM-06 Configuration Settings Protects T1543 Create or Modify System Process
CM-07 Least Functionality Protects T1543 Create or Modify System Process
CM-11 User-installed Software Protects T1543.001 Launch Agent
CM-02 Baseline Configuration Protects T1543.001 Launch Agent
CM-05 Access Restrictions for Change Protects T1543.001 Launch Agent
CM-11 User-installed Software Protects T1543.004 Launch Daemon
CM-02 Baseline Configuration Protects T1543.004 Launch Daemon
CM-05 Access Restrictions for Change Protects T1543.004 Launch Daemon
CM-02 Baseline Configuration Protects T1546 Event Triggered Execution
CM-06 Configuration Settings Protects T1546 Event Triggered Execution
CM-02 Baseline Configuration Protects T1546.002 Screensaver
CM-06 Configuration Settings Protects T1546.002 Screensaver
CM-07 Least Functionality Protects T1546.002 Screensaver
CM-08 System Component Inventory Protects T1546.002 Screensaver
CM-02 Baseline Configuration Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-05 Access Restrictions for Change Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-06 Configuration Settings Protects T1546.003 Windows Management Instrumentation Event Subscription
CM-02 Baseline Configuration Protects T1546.004 Unix Shell Configuration Modification
CM-06 Configuration Settings Protects T1546.004 Unix Shell Configuration Modification
CM-02 Baseline Configuration Protects T1546.006 LC_LOAD_DYLIB Addition
CM-06 Configuration Settings Protects T1546.006 LC_LOAD_DYLIB Addition
CM-07 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-08 System Component Inventory Protects T1546.006 LC_LOAD_DYLIB Addition
CM-10 Software Usage Restrictions Protects T1546.008 Accessibility Features
CM-06 Configuration Settings Protects T1546.008 Accessibility Features
CM-07 Least Functionality Protects T1546.008 Accessibility Features
CM-07 Least Functionality Protects T1546.009 AppCert DLLs
CM-02 Baseline Configuration Protects T1546.010 AppInit DLLs
CM-07 Least Functionality Protects T1546.010 AppInit DLLs
CM-10 Software Usage Restrictions Protects T1546.013 PowerShell Profile
CM-02 Baseline Configuration Protects T1546.013 PowerShell Profile
CM-06 Configuration Settings Protects T1546.013 PowerShell Profile
CM-02 Baseline Configuration Protects T1546.014 Emond
CM-06 Configuration Settings Protects T1546.014 Emond
CM-08 System Component Inventory Protects T1546.014 Emond
CM-05 Access Restrictions for Change Protects T1546.016 Installer Packages
CM-06 Configuration Settings Protects T1546.016 Installer Packages
CM-06 Configuration Settings Protects T1547.002 Authentication Package
CM-02 Baseline Configuration Protects T1547.003 Time Providers
CM-05 Access Restrictions for Change Protects T1547.003 Time Providers
CM-06 Configuration Settings Protects T1547.003 Time Providers
CM-05 Access Restrictions for Change Protects T1547.004 Winlogon Helper DLL
CM-07 Least Functionality Protects T1547.004 Winlogon Helper DLL
CM-06 Configuration Settings Protects T1547.005 Security Support Provider
CM-05 Access Restrictions for Change Protects T1547.006 Kernel Modules and Extensions
CM-06 Configuration Settings Protects T1547.006 Kernel Modules and Extensions
CM-07 Least Functionality Protects T1547.006 Kernel Modules and Extensions
CM-02 Baseline Configuration Protects T1547.007 Re-opened Applications
CM-03 Configuration Change Control Protects T1547.007 Re-opened Applications
CM-05 Access Restrictions for Change Protects T1547.007 Re-opened Applications
CM-06 Configuration Settings Protects T1547.007 Re-opened Applications
CM-07 Least Functionality Protects T1547.007 Re-opened Applications
CM-08 System Component Inventory Protects T1547.007 Re-opened Applications
CM-02 Baseline Configuration Protects T1547.008 LSASS Driver
CM-06 Configuration Settings Protects T1547.008 LSASS Driver
CM-05 Access Restrictions for Change Protects T1547.009 Shortcut Modification
CM-02 Baseline Configuration Protects T1548.002 Bypass User Account Control
CM-05 Access Restrictions for Change Protects T1548.002 Bypass User Account Control
CM-06 Configuration Settings Protects T1548.002 Bypass User Account Control
CM-02 Baseline Configuration Protects T1548.003 Sudo and Sudo Caching
CM-05 Access Restrictions for Change Protects T1548.003 Sudo and Sudo Caching
CM-06 Configuration Settings Protects T1548.003 Sudo and Sudo Caching
CM-07 Least Functionality Protects T1548.003 Sudo and Sudo Caching
CM-02 Baseline Configuration Protects T1548.004 Elevated Execution with Prompt
CM-06 Configuration Settings Protects T1548.004 Elevated Execution with Prompt
CM-07 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-08 System Component Inventory Protects T1548.004 Elevated Execution with Prompt
CM-05 Access Restrictions for Change Protects T1550 Use Alternate Authentication Material
CM-06 Configuration Settings Protects T1550 Use Alternate Authentication Material
CM-05 Access Restrictions for Change Protects T1550.002 Pass the Hash
CM-06 Configuration Settings Protects T1550.002 Pass the Hash
CM-02 Baseline Configuration Protects T1550.003 Pass the Ticket
CM-05 Access Restrictions for Change Protects T1550.003 Pass the Ticket
CM-06 Configuration Settings Protects T1550.003 Pass the Ticket
CM-06 Configuration Settings Protects T1552.003 Bash History
CM-07 Least Functionality Protects T1552.003 Bash History
CM-02 Baseline Configuration Protects T1552.006 Group Policy Preferences
CM-06 Configuration Settings Protects T1552.006 Group Policy Preferences
CM-05 Access Restrictions for Change Protects T1552.007 Container API
CM-06 Configuration Settings Protects T1552.007 Container API
CM-07 Least Functionality Protects T1552.007 Container API
CM-10 Software Usage Restrictions Protects T1553 Subvert Trust Controls
CM-02 Baseline Configuration Protects T1553 Subvert Trust Controls
CM-03 Configuration Change Control Protects T1553 Subvert Trust Controls
CM-05 Access Restrictions for Change Protects T1553 Subvert Trust Controls
CM-06 Configuration Settings Protects T1553 Subvert Trust Controls
CM-07 Least Functionality Protects T1553 Subvert Trust Controls
CM-08 System Component Inventory Protects T1553 Subvert Trust Controls
CM-02 Baseline Configuration Protects T1553.001 Gatekeeper Bypass
CM-06 Configuration Settings Protects T1553.001 Gatekeeper Bypass
CM-07 Least Functionality Protects T1553.001 Gatekeeper Bypass
CM-02 Baseline Configuration Protects T1553.003 SIP and Trust Provider Hijacking
CM-06 Configuration Settings Protects T1553.003 SIP and Trust Provider Hijacking
CM-07 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
CM-10 Software Usage Restrictions Protects T1553.004 Install Root Certificate
CM-06 Configuration Settings Protects T1553.004 Install Root Certificate
CM-07 Least Functionality Protects T1553.004 Install Root Certificate
CM-03 Configuration Change Control Protects T1553.006 Code Signing Policy Modification
CM-05 Access Restrictions for Change Protects T1553.006 Code Signing Policy Modification
CM-07 Least Functionality Protects T1553.006 Code Signing Policy Modification
CM-08 System Component Inventory Protects T1553.006 Code Signing Policy Modification
CM-02 Baseline Configuration Protects T1555.004 Windows Credential Manager
CM-06 Configuration Settings Protects T1555.004 Windows Credential Manager
CM-07 Least Functionality Protects T1555.004 Windows Credential Manager
CM-02 Baseline Configuration Protects T1555.005 Password Managers
CM-06 Configuration Settings Protects T1555.005 Password Managers
CM-05 Access Restrictions for Change Protects T1556.001 Domain Controller Authentication
CM-06 Configuration Settings Protects T1556.001 Domain Controller Authentication
CM-06 Configuration Settings Protects T1556.002 Password Filter DLL
CM-07 Least Functionality Protects T1556.002 Password Filter DLL
CM-05 Access Restrictions for Change Protects T1556.003 Pluggable Authentication Modules
CM-06 Configuration Settings Protects T1556.003 Pluggable Authentication Modules
CM-02 Baseline Configuration Protects T1556.004 Network Device Authentication
CM-05 Access Restrictions for Change Protects T1556.004 Network Device Authentication
CM-06 Configuration Settings Protects T1556.004 Network Device Authentication
CM-02 Baseline Configuration Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-06 Configuration Settings Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-07 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-08 System Component Inventory Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-02 Baseline Configuration Protects T1557.002 ARP Cache Poisoning
CM-06 Configuration Settings Protects T1557.002 ARP Cache Poisoning
CM-07 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-08 System Component Inventory Protects T1557.002 ARP Cache Poisoning
CM-02 Baseline Configuration Protects T1557.003 DHCP Spoofing
CM-06 Configuration Settings Protects T1557.003 DHCP Spoofing
CM-07 Least Functionality Protects T1557.003 DHCP Spoofing
CM-08 System Component Inventory Protects T1557.003 DHCP Spoofing
CM-02 Baseline Configuration Protects T1558 Steal or Forge Kerberos Tickets
CM-05 Access Restrictions for Change Protects T1558 Steal or Forge Kerberos Tickets
CM-06 Configuration Settings Protects T1558 Steal or Forge Kerberos Tickets
CM-02 Baseline Configuration Protects T1558.001 Golden Ticket
CM-05 Access Restrictions for Change Protects T1558.001 Golden Ticket
CM-06 Configuration Settings Protects T1558.001 Golden Ticket
CM-02 Baseline Configuration Protects T1558.002 Silver Ticket
CM-05 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-06 Configuration Settings Protects T1558.002 Silver Ticket
CM-02 Baseline Configuration Protects T1558.003 Kerberoasting
CM-05 Access Restrictions for Change Protects T1558.003 Kerberoasting
CM-06 Configuration Settings Protects T1558.003 Kerberoasting
CM-02 Baseline Configuration Protects T1558.004 AS-REP Roasting
CM-06 Configuration Settings Protects T1558.004 AS-REP Roasting
CM-10 Software Usage Restrictions Protects T1559 Inter-Process Communication
CM-02 Baseline Configuration Protects T1559 Inter-Process Communication
CM-05 Access Restrictions for Change Protects T1559 Inter-Process Communication
CM-06 Configuration Settings Protects T1559 Inter-Process Communication
CM-07 Least Functionality Protects T1559 Inter-Process Communication
CM-08 System Component Inventory Protects T1559 Inter-Process Communication
CM-02 Baseline Configuration Protects T1559.001 Component Object Model
CM-05 Access Restrictions for Change Protects T1559.001 Component Object Model
CM-06 Configuration Settings Protects T1559.001 Component Object Model
CM-10 Software Usage Restrictions Protects T1559.002 Dynamic Data Exchange
CM-02 Baseline Configuration Protects T1559.002 Dynamic Data Exchange
CM-06 Configuration Settings Protects T1559.002 Dynamic Data Exchange
CM-07 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-08 System Component Inventory Protects T1559.002 Dynamic Data Exchange
CM-05 Access Restrictions for Change Protects T1559.003 XPC Services
CM-06 Configuration Settings Protects T1559.003 XPC Services
CM-07 Least Functionality Protects T1559.003 XPC Services
CM-02 Baseline Configuration Protects T1562.003 Impair Command History Logging
CM-06 Configuration Settings Protects T1562.003 Impair Command History Logging
CM-07 Least Functionality Protects T1562.003 Impair Command History Logging
CM-10 Software Usage Restrictions Protects T1562.009 Safe Mode Boot
CM-05 Access Restrictions for Change Protects T1562.009 Safe Mode Boot
CM-06 Configuration Settings Protects T1562.009 Safe Mode Boot
CM-07 Least Functionality Protects T1562.009 Safe Mode Boot
CM-02 Baseline Configuration Protects T1563 Remote Service Session Hijacking
CM-05 Access Restrictions for Change Protects T1563 Remote Service Session Hijacking
CM-06 Configuration Settings Protects T1563 Remote Service Session Hijacking
CM-07 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-08 System Component Inventory Protects T1563 Remote Service Session Hijacking
CM-02 Baseline Configuration Protects T1563.001 SSH Hijacking
CM-05 Access Restrictions for Change Protects T1563.001 SSH Hijacking
CM-06 Configuration Settings Protects T1563.001 SSH Hijacking
CM-07 Least Functionality Protects T1563.001 SSH Hijacking
CM-08 System Component Inventory Protects T1563.001 SSH Hijacking
CM-02 Baseline Configuration Protects T1563.002 RDP Hijacking
CM-05 Access Restrictions for Change Protects T1563.002 RDP Hijacking
CM-06 Configuration Settings Protects T1563.002 RDP Hijacking
CM-07 Least Functionality Protects T1563.002 RDP Hijacking
CM-08 System Component Inventory Protects T1563.002 RDP Hijacking
CM-06 Configuration Settings Protects T1564.002 Hidden Users
CM-07 Least Functionality Protects T1564.002 Hidden Users
CM-07 Least Functionality Protects T1564.003 Hidden Window
CM-02 Baseline Configuration Protects T1564.006 Run Virtual Instance
CM-06 Configuration Settings Protects T1564.006 Run Virtual Instance
CM-07 Least Functionality Protects T1564.006 Run Virtual Instance
CM-08 System Component Inventory Protects T1564.006 Run Virtual Instance
CM-02 Baseline Configuration Protects T1564.007 VBA Stomping
CM-06 Configuration Settings Protects T1564.007 VBA Stomping
CM-08 System Component Inventory Protects T1564.007 VBA Stomping
CM-11 User-installed Software Protects T1564.009 Resource Forking
CM-02 Baseline Configuration Protects T1564.009 Resource Forking
CM-06 Configuration Settings Protects T1564.009 Resource Forking
CM-07 Least Functionality Protects T1564.009 Resource Forking
CM-02 Baseline Configuration Protects T1565 Data Manipulation
CM-06 Configuration Settings Protects T1565 Data Manipulation
CM-07 Least Functionality Protects T1565 Data Manipulation
CM-08 System Component Inventory Protects T1565 Data Manipulation
CM-02 Baseline Configuration Protects T1565.001 Stored Data Manipulation
CM-06 Configuration Settings Protects T1565.001 Stored Data Manipulation
CM-08 System Component Inventory Protects T1565.001 Stored Data Manipulation
CM-02 Baseline Configuration Protects T1565.002 Transmitted Data Manipulation
CM-06 Configuration Settings Protects T1565.002 Transmitted Data Manipulation
CM-08 System Component Inventory Protects T1565.002 Transmitted Data Manipulation
CM-06 Configuration Settings Protects T1565.003 Runtime Data Manipulation
CM-07 Least Functionality Protects T1565.003 Runtime Data Manipulation
CM-02 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-06 Configuration Settings Protects T1566.001 Spearphishing Attachment
CM-11 User-installed Software Protects T1569 System Services
CM-02 Baseline Configuration Protects T1569 System Services
CM-05 Access Restrictions for Change Protects T1569 System Services
CM-06 Configuration Settings Protects T1569 System Services
CM-07 Least Functionality Protects T1569 System Services
CM-11 User-installed Software Protects T1569.001 Launchctl
CM-05 Access Restrictions for Change Protects T1569.001 Launchctl
CM-02 Baseline Configuration Protects T1572 Protocol Tunneling
CM-06 Configuration Settings Protects T1572 Protocol Tunneling
CM-07 Least Functionality Protects T1572 Protocol Tunneling
CM-02 Baseline Configuration Protects T1573 Encrypted Channel
CM-06 Configuration Settings Protects T1573 Encrypted Channel
CM-07 Least Functionality Protects T1573 Encrypted Channel
CM-02 Baseline Configuration Protects T1573.001 Symmetric Cryptography
CM-06 Configuration Settings Protects T1573.001 Symmetric Cryptography
CM-07 Least Functionality Protects T1573.001 Symmetric Cryptography
CM-02 Baseline Configuration Protects T1573.002 Asymmetric Cryptography
CM-06 Configuration Settings Protects T1573.002 Asymmetric Cryptography
CM-07 Least Functionality Protects T1573.002 Asymmetric Cryptography
CM-02 Baseline Configuration Protects T1574 Hijack Execution Flow
CM-05 Access Restrictions for Change Protects T1574 Hijack Execution Flow
CM-06 Configuration Settings Protects T1574 Hijack Execution Flow
CM-07 Least Functionality Protects T1574 Hijack Execution Flow
CM-08 System Component Inventory Protects T1574 Hijack Execution Flow
CM-02 Baseline Configuration Protects T1574.001 DLL Search Order Hijacking
CM-06 Configuration Settings Protects T1574.001 DLL Search Order Hijacking
CM-07 Least Functionality Protects T1574.001 DLL Search Order Hijacking
CM-02 Baseline Configuration Protects T1574.004 Dylib Hijacking
CM-06 Configuration Settings Protects T1574.004 Dylib Hijacking
CM-08 System Component Inventory Protects T1574.004 Dylib Hijacking
CM-02 Baseline Configuration Protects T1574.005 Executable Installer File Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.005 Executable Installer File Permissions Weakness
CM-06 Configuration Settings Protects T1574.005 Executable Installer File Permissions Weakness
CM-06 Configuration Settings Protects T1574.006 Dynamic Linker Hijacking
CM-07 Least Functionality Protects T1574.006 Dynamic Linker Hijacking
CM-02 Baseline Configuration Protects T1574.008 Path Interception by Search Order Hijacking
CM-06 Configuration Settings Protects T1574.008 Path Interception by Search Order Hijacking
CM-07 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-08 System Component Inventory Protects T1574.008 Path Interception by Search Order Hijacking
CM-02 Baseline Configuration Protects T1574.009 Path Interception by Unquoted Path
CM-06 Configuration Settings Protects T1574.009 Path Interception by Unquoted Path
CM-07 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-08 System Component Inventory Protects T1574.009 Path Interception by Unquoted Path
CM-02 Baseline Configuration Protects T1574.010 Services File Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.010 Services File Permissions Weakness
CM-06 Configuration Settings Protects T1574.010 Services File Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.011 Services Registry Permissions Weakness
CM-05 Access Restrictions for Change Protects T1574.012 COR_PROFILER
CM-07 Least Functionality Protects T1574.012 COR_PROFILER
CM-05 Access Restrictions for Change Protects T1578.001 Create Snapshot
CM-05 Access Restrictions for Change Protects T1578.002 Create Cloud Instance
CM-05 Access Restrictions for Change Protects T1578.003 Delete Cloud Instance
CM-08 System Component Inventory Protects T1593.003 Code Repositories
CM-02 Baseline Configuration Protects T1598.002 Spearphishing Attachment
CM-06 Configuration Settings Protects T1598.002 Spearphishing Attachment
CM-02 Baseline Configuration Protects T1599 Network Boundary Bridging
CM-05 Access Restrictions for Change Protects T1599 Network Boundary Bridging
CM-06 Configuration Settings Protects T1599 Network Boundary Bridging
CM-07 Least Functionality Protects T1599 Network Boundary Bridging
CM-02 Baseline Configuration Protects T1599.001 Network Address Translation Traversal
CM-05 Access Restrictions for Change Protects T1599.001 Network Address Translation Traversal
CM-06 Configuration Settings Protects T1599.001 Network Address Translation Traversal
CM-07 Least Functionality Protects T1599.001 Network Address Translation Traversal
CM-02 Baseline Configuration Protects T1601 Modify System Image
CM-03 Configuration Change Control Protects T1601 Modify System Image
CM-05 Access Restrictions for Change Protects T1601 Modify System Image
CM-06 Configuration Settings Protects T1601 Modify System Image
CM-07 Least Functionality Protects T1601 Modify System Image
CM-08 System Component Inventory Protects T1601 Modify System Image
CM-02 Baseline Configuration Protects T1601.001 Patch System Image
CM-03 Configuration Change Control Protects T1601.001 Patch System Image
CM-05 Access Restrictions for Change Protects T1601.001 Patch System Image
CM-06 Configuration Settings Protects T1601.001 Patch System Image
CM-07 Least Functionality Protects T1601.001 Patch System Image
CM-08 System Component Inventory Protects T1601.001 Patch System Image
CM-02 Baseline Configuration Protects T1601.002 Downgrade System Image
CM-03 Configuration Change Control Protects T1601.002 Downgrade System Image
CM-05 Access Restrictions for Change Protects T1601.002 Downgrade System Image
CM-06 Configuration Settings Protects T1601.002 Downgrade System Image
CM-07 Least Functionality Protects T1601.002 Downgrade System Image
CM-08 System Component Inventory Protects T1601.002 Downgrade System Image
CM-02 Baseline Configuration Protects T1602 Data from Configuration Repository
CM-06 Configuration Settings Protects T1602 Data from Configuration Repository
CM-07 Least Functionality Protects T1602 Data from Configuration Repository
CM-08 System Component Inventory Protects T1602 Data from Configuration Repository
CM-02 Baseline Configuration Protects T1602.001 SNMP (MIB Dump)
CM-06 Configuration Settings Protects T1602.001 SNMP (MIB Dump)
CM-07 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-08 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
CM-02 Baseline Configuration Protects T1602.002 Network Device Configuration Dump
CM-06 Configuration Settings Protects T1602.002 Network Device Configuration Dump
CM-07 Least Functionality Protects T1602.002 Network Device Configuration Dump
CM-08 System Component Inventory Protects T1602.002 Network Device Configuration Dump
CM-06 Configuration Settings Protects T1610 Deploy Container
CM-07 Least Functionality Protects T1610 Deploy Container
CM-06 Configuration Settings Protects T1613 Container and Resource Discovery
CM-07 Least Functionality Protects T1613 Container and Resource Discovery
CM-05 Access Restrictions for Change Protects T1619 Cloud Storage Object Discovery
CM-02 Baseline Configuration Protects T1622 Debugger Evasion
CM-06 Configuration Settings Protects T1622 Debugger Evasion
CM-07 Least Functionality Protects T1622 Debugger Evasion
CM-08 System Component Inventory Protects T1622 Debugger Evasion
CM-02 Baseline Configuration Protects T1647 Plist File Modification
CM-03 Configuration Change Control Protects T1647 Plist File Modification
CM-05 Access Restrictions for Change Protects T1647 Plist File Modification
CM-06 Configuration Settings Protects T1647 Plist File Modification
CM-07 Least Functionality Protects T1647 Plist File Modification
CM-06 Configuration Settings Protects T1648 Serverless Execution
CM-07 Least Functionality Protects T1648 Serverless Execution
CM-05 Access Restrictions for Change Protects T1621 Multi-Factor Authentication Request Generation
CM-06 Configuration Settings Protects T1612 Build Image on Host
CM-07 Least Functionality Protects T1612 Build Image on Host
CM-02 Baseline Configuration Protects T1598.003 Spearphishing Link
CM-06 Configuration Settings Protects T1598.003 Spearphishing Link
CM-02 Baseline Configuration Protects T1598 Phishing for Information
CM-06 Configuration Settings Protects T1598 Phishing for Information
CM-02 Baseline Configuration Protects T1574.007 Path Interception by PATH Environment Variable
CM-06 Configuration Settings Protects T1574.007 Path Interception by PATH Environment Variable
CM-07 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-08 System Component Inventory Protects T1574.007 Path Interception by PATH Environment Variable
CM-02 Baseline Configuration Protects T1571 Non-Standard Port
CM-06 Configuration Settings Protects T1571 Non-Standard Port
CM-07 Least Functionality Protects T1571 Non-Standard Port
CM-02 Baseline Configuration Protects T1570 Lateral Tool Transfer
CM-06 Configuration Settings Protects T1570 Lateral Tool Transfer
CM-07 Least Functionality Protects T1570 Lateral Tool Transfer
CM-02 Baseline Configuration Protects T1566.002 Spearphishing Link
CM-06 Configuration Settings Protects T1566.002 Spearphishing Link
CM-02 Baseline Configuration Protects T1566 Phishing
CM-06 Configuration Settings Protects T1566 Phishing
CM-03 Configuration Change Control Protects T1564.008 Email Hiding Rules
CM-05 Access Restrictions for Change Protects T1564.008 Email Hiding Rules
CM-07 Least Functionality Protects T1564.008 Email Hiding Rules
CM-03 Configuration Change Control Protects T1562.008 Disable or Modify Cloud Logs
CM-05 Access Restrictions for Change Protects T1562.008 Disable or Modify Cloud Logs
CM-05 Access Restrictions for Change Protects T1562.007 Disable or Modify Cloud Firewall
CM-10 Software Usage Restrictions Protects T1562.006 Indicator Blocking
CM-02 Baseline Configuration Protects T1562.006 Indicator Blocking
CM-05 Access Restrictions for Change Protects T1562.006 Indicator Blocking
CM-06 Configuration Settings Protects T1562.006 Indicator Blocking
CM-07 Least Functionality Protects T1562.006 Indicator Blocking
CM-02 Baseline Configuration Protects T1562.002 Disable Windows Event Logging
CM-05 Access Restrictions for Change Protects T1562.002 Disable Windows Event Logging
CM-06 Configuration Settings Protects T1562.002 Disable Windows Event Logging
CM-07 Least Functionality Protects T1562.002 Disable Windows Event Logging
CM-02 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-05 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-06 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-07 Least Functionality Protects T1562.001 Disable or Modify Tools
CM-02 Baseline Configuration Protects T1561.002 Disk Structure Wipe
CM-02 Baseline Configuration Protects T1561.001 Disk Content Wipe
CM-02 Baseline Configuration Protects T1561 Disk Wipe
CM-02 Baseline Configuration Protects T1557 Adversary-in-the-Middle
CM-06 Configuration Settings Protects T1557 Adversary-in-the-Middle
CM-07 Least Functionality Protects T1557 Adversary-in-the-Middle
CM-08 System Component Inventory Protects T1557 Adversary-in-the-Middle
CM-02 Baseline Configuration Protects T1554 Compromise Client Software Binary
CM-06 Configuration Settings Protects T1554 Compromise Client Software Binary
CM-02 Baseline Configuration Protects T1553.005 Mark-of-the-Web Bypass
CM-06 Configuration Settings Protects T1553.005 Mark-of-the-Web Bypass
CM-07 Least Functionality Protects T1553.005 Mark-of-the-Web Bypass
CM-02 Baseline Configuration Protects T1552.004 Private Keys
CM-06 Configuration Settings Protects T1552.004 Private Keys
CM-10 Software Usage Restrictions Protects T1550.001 Application Access Token
CM-11 User-installed Software Protects T1550.001 Application Access Token
CM-02 Baseline Configuration Protects T1550.001 Application Access Token
CM-06 Configuration Settings Protects T1550.001 Application Access Token
CM-06 Configuration Settings Protects T1548.001 Setuid and Setgid
CM-07 Least Functionality Protects T1548.001 Setuid and Setgid
CM-11 User-installed Software Protects T1547.013 XDG Autostart Entries
CM-02 Baseline Configuration Protects T1547.013 XDG Autostart Entries
CM-03 Configuration Change Control Protects T1547.013 XDG Autostart Entries
CM-05 Access Restrictions for Change Protects T1547.013 XDG Autostart Entries
CM-06 Configuration Settings Protects T1547.013 XDG Autostart Entries
CM-05 Access Restrictions for Change Protects T1547.012 Print Processors
CM-11 User-installed Software Protects T1543.002 Systemd Service
CM-02 Baseline Configuration Protects T1543.002 Systemd Service
CM-03 Configuration Change Control Protects T1543.002 Systemd Service
CM-05 Access Restrictions for Change Protects T1543.002 Systemd Service
CM-06 Configuration Settings Protects T1543.002 Systemd Service
CM-02 Baseline Configuration Protects T1530 Data from Cloud Storage
CM-05 Access Restrictions for Change Protects T1530 Data from Cloud Storage
CM-06 Configuration Settings Protects T1530 Data from Cloud Storage
CM-07 Least Functionality Protects T1530 Data from Cloud Storage
CM-08 System Component Inventory Protects T1530 Data from Cloud Storage
CM-02 Baseline Configuration Protects T1219 Remote Access Software
CM-06 Configuration Settings Protects T1219 Remote Access Software
CM-07 Least Functionality Protects T1219 Remote Access Software
CM-02 Baseline Configuration Protects T1211 Exploitation for Defense Evasion
CM-06 Configuration Settings Protects T1211 Exploitation for Defense Evasion
CM-08 System Component Inventory Protects T1211 Exploitation for Defense Evasion
CM-05 Access Restrictions for Change Protects T1190 Exploit Public-Facing Application
CM-06 Configuration Settings Protects T1190 Exploit Public-Facing Application
CM-07 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-08 System Component Inventory Protects T1190 Exploit Public-Facing Application
CM-02 Baseline Configuration Protects T1189 Drive-by Compromise
CM-06 Configuration Settings Protects T1189 Drive-by Compromise
CM-08 System Component Inventory Protects T1189 Drive-by Compromise
CM-02 Baseline Configuration Protects T1129 Shared Modules
CM-07 Least Functionality Protects T1129 Shared Modules
CM-06 Configuration Settings Protects T1114.003 Email Forwarding Rule
CM-02 Baseline Configuration Protects T1111 Multi-Factor Authentication Interception
CM-06 Configuration Settings Protects T1111 Multi-Factor Authentication Interception
CM-02 Baseline Configuration Protects T1105 Ingress Tool Transfer
CM-06 Configuration Settings Protects T1105 Ingress Tool Transfer
CM-07 Least Functionality Protects T1105 Ingress Tool Transfer
CM-05 Access Restrictions for Change Protects T1098.001 Additional Cloud Credentials
CM-06 Configuration Settings Protects T1098.001 Additional Cloud Credentials
CM-07 Least Functionality Protects T1098.001 Additional Cloud Credentials
CM-02 Baseline Configuration Protects T1095 Non-Application Layer Protocol
CM-06 Configuration Settings Protects T1095 Non-Application Layer Protocol
CM-07 Least Functionality Protects T1095 Non-Application Layer Protocol
CM-06 Configuration Settings Protects T1087 Account Discovery
CM-07 Least Functionality Protects T1087 Account Discovery
CM-02 Baseline Configuration Protects T1070.009 Clear Persistence
CM-06 Configuration Settings Protects T1070.009 Clear Persistence
CM-02 Baseline Configuration Protects T1070.001 Clear Windows Event Logs
CM-06 Configuration Settings Protects T1070.001 Clear Windows Event Logs
CM-12 Information Location Protects T1005 Data from Local System
CM-05 Access Restrictions for Change Protects T1552.002 Credentials in Registry
CM-06 Configuration Settings Protects T1552.002 Credentials in Registry
CM-02 Baseline Configuration Protects T1552.001 Credentials In Files
CM-06 Configuration Settings Protects T1552.001 Credentials In Files
CM-03 Configuration Change Control Protects T1542.003 Bootkit
CM-05 Access Restrictions for Change Protects T1542.003 Bootkit
CM-06 Configuration Settings Protects T1542.003 Bootkit
CM-08 System Component Inventory Protects T1542.003 Bootkit
CM-06 Configuration Settings Protects T1499.002 Service Exhaustion Flood
CM-07 Least Functionality Protects T1499.002 Service Exhaustion Flood
CM-06 Configuration Settings Protects T1499.001 OS Exhaustion Flood
CM-07 Least Functionality Protects T1499.001 OS Exhaustion Flood
CM-06 Configuration Settings Protects T1499 Endpoint Denial of Service
CM-07 Least Functionality Protects T1499 Endpoint Denial of Service
CM-02 Baseline Configuration Protects T1485 Data Destruction
CM-05 Access Restrictions for Change Protects T1197 BITS Jobs
CM-06 Configuration Settings Protects T1197 BITS Jobs
CM-07 Least Functionality Protects T1197 BITS Jobs
CM-11 User-installed Software Protects T1195 Supply Chain Compromise
CM-07 Least Functionality Protects T1195 Supply Chain Compromise
CM-02 Baseline Configuration Protects T1187 Forced Authentication
CM-06 Configuration Settings Protects T1187 Forced Authentication
CM-07 Least Functionality Protects T1187 Forced Authentication
CM-05 Access Restrictions for Change Protects T1136 Create Account
CM-06 Configuration Settings Protects T1136 Create Account
CM-07 Least Functionality Protects T1136 Create Account
CM-06 Configuration Settings Protects T1135 Network Share Discovery
CM-07 Least Functionality Protects T1135 Network Share Discovery
CM-05 Access Restrictions for Change Protects T1134 Access Token Manipulation
CM-06 Configuration Settings Protects T1134 Access Token Manipulation
CM-02 Baseline Configuration Protects T1132 Data Encoding
CM-06 Configuration Settings Protects T1132 Data Encoding
CM-02 Baseline Configuration Protects T1114 Email Collection
CM-06 Configuration Settings Protects T1114 Email Collection
CM-02 Baseline Configuration Protects T1110 Brute Force
CM-06 Configuration Settings Protects T1110 Brute Force
CM-02 Baseline Configuration Protects T1091 Replication Through Removable Media
CM-06 Configuration Settings Protects T1091 Replication Through Removable Media
CM-08 System Component Inventory Protects T1091 Replication Through Removable Media
CM-02 Baseline Configuration Protects T1070.003 Clear Command History
CM-06 Configuration Settings Protects T1070.003 Clear Command History
CM-02 Baseline Configuration Protects T1046 Network Service Discovery
CM-06 Configuration Settings Protects T1046 Network Service Discovery
CM-07 Least Functionality Protects T1046 Network Service Discovery
CM-08 System Component Inventory Protects T1046 Network Service Discovery
CM-02 Baseline Configuration Protects T1037 Boot or Logon Initialization Scripts
CM-06 Configuration Settings Protects T1037 Boot or Logon Initialization Scripts
CM-07 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
CM-02 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-06 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-07 Least Functionality Protects T1068 Exploitation for Privilege Escalation
CM-08 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
CM-03 Configuration Change Control Protects T1542.001 System Firmware
CM-05 Access Restrictions for Change Protects T1542.001 System Firmware
CM-06 Configuration Settings Protects T1542.001 System Firmware
CM-08 System Component Inventory Protects T1542.001 System Firmware
CM-02 Baseline Configuration Protects T1053 Scheduled Task/Job
CM-05 Access Restrictions for Change Protects T1053 Scheduled Task/Job
CM-06 Configuration Settings Protects T1053 Scheduled Task/Job
CM-07 Least Functionality Protects T1053 Scheduled Task/Job
CM-08 System Component Inventory Protects T1053 Scheduled Task/Job
CM-02 Baseline Configuration Protects T1133 External Remote Services
CM-06 Configuration Settings Protects T1133 External Remote Services
CM-07 Least Functionality Protects T1133 External Remote Services
CM-08 System Component Inventory Protects T1133 External Remote Services
CM-02 Baseline Configuration Protects T1070 Indicator Removal
CM-06 Configuration Settings Protects T1070 Indicator Removal
CM-02 Baseline Configuration Protects T1003.001 LSASS Memory
CM-05 Access Restrictions for Change Protects T1003.001 LSASS Memory
CM-06 Configuration Settings Protects T1003.001 LSASS Memory
CM-07 Least Functionality Protects T1003.001 LSASS Memory
CM-02 Baseline Configuration Protects T1003.002 Security Account Manager
CM-05 Access Restrictions for Change Protects T1003.002 Security Account Manager
CM-06 Configuration Settings Protects T1003.002 Security Account Manager
CM-07 Least Functionality Protects T1003.002 Security Account Manager
CM-02 Baseline Configuration Protects T1021.001 Remote Desktop Protocol
CM-05 Access Restrictions for Change Protects T1021.001 Remote Desktop Protocol
CM-06 Configuration Settings Protects T1021.001 Remote Desktop Protocol
CM-07 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-08 System Component Inventory Protects T1021.001 Remote Desktop Protocol
CM-02 Baseline Configuration Protects T1021.002 SMB/Windows Admin Shares
CM-05 Access Restrictions for Change Protects T1021.002 SMB/Windows Admin Shares
CM-06 Configuration Settings Protects T1021.002 SMB/Windows Admin Shares
CM-07 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
CM-02 Baseline Configuration Protects T1021.006 Windows Remote Management
CM-05 Access Restrictions for Change Protects T1021.006 Windows Remote Management
CM-06 Configuration Settings Protects T1021.006 Windows Remote Management
CM-07 Least Functionality Protects T1021.006 Windows Remote Management
CM-08 System Component Inventory Protects T1021.006 Windows Remote Management
CM-02 Baseline Configuration Protects T1036.005 Match Legitimate Name or Location
CM-06 Configuration Settings Protects T1036.005 Match Legitimate Name or Location
CM-07 Least Functionality Protects T1036.005 Match Legitimate Name or Location
CM-02 Baseline Configuration Protects T1047 Windows Management Instrumentation
CM-05 Access Restrictions for Change Protects T1047 Windows Management Instrumentation
CM-06 Configuration Settings Protects T1047 Windows Management Instrumentation
CM-07 Least Functionality Protects T1047 Windows Management Instrumentation
CM-02 Baseline Configuration Protects T1053.002 At
CM-05 Access Restrictions for Change Protects T1053.002 At
CM-06 Configuration Settings Protects T1053.002 At
CM-07 Least Functionality Protects T1053.002 At
CM-08 System Component Inventory Protects T1053.002 At
CM-02 Baseline Configuration Protects T1053.005 Scheduled Task
CM-05 Access Restrictions for Change Protects T1053.005 Scheduled Task
CM-06 Configuration Settings Protects T1053.005 Scheduled Task
CM-07 Least Functionality Protects T1053.005 Scheduled Task
CM-08 System Component Inventory Protects T1053.005 Scheduled Task
CM-02 Baseline Configuration Protects T1114.002 Remote Email Collection
CM-06 Configuration Settings Protects T1114.002 Remote Email Collection
CM-11 User-installed Software Protects T1543.003 Windows Service
CM-02 Baseline Configuration Protects T1543.003 Windows Service
CM-05 Access Restrictions for Change Protects T1543.003 Windows Service
CM-02 Baseline Configuration Protects T1569.002 Service Execution
CM-05 Access Restrictions for Change Protects T1569.002 Service Execution
CM-06 Configuration Settings Protects T1569.002 Service Execution
CM-07 Least Functionality Protects T1569.002 Service Execution
CM-05 Access Restrictions for Change Protects T1578 Modify Cloud Compute Infrastructure
CM-05 Access Restrictions for Change Protects T1611 Escape to Host
CM-06 Configuration Settings Protects T1611 Escape to Host
CM-07 Least Functionality Protects T1611 Escape to Host
CM-06 Configuration Settings Protects T1609 Container Administration Command
CM-07 Least Functionality Protects T1609 Container Administration Command
CM-07 Least Functionality Protects T1562.010 Downgrade Attack
CM-02 Baseline Configuration Protects T1562.004 Disable or Modify System Firewall
CM-05 Access Restrictions for Change Protects T1562.004 Disable or Modify System Firewall
CM-06 Configuration Settings Protects T1562.004 Disable or Modify System Firewall
CM-07 Least Functionality Protects T1562.004 Disable or Modify System Firewall
CM-02 Baseline Configuration Protects T1556 Modify Authentication Process
CM-05 Access Restrictions for Change Protects T1556 Modify Authentication Process
CM-06 Configuration Settings Protects T1556 Modify Authentication Process
CM-07 Least Functionality Protects T1556 Modify Authentication Process
CM-02 Baseline Configuration Protects T1552 Unsecured Credentials
CM-05 Access Restrictions for Change Protects T1552 Unsecured Credentials
CM-06 Configuration Settings Protects T1552 Unsecured Credentials
CM-07 Least Functionality Protects T1552 Unsecured Credentials
CM-02 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-05 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-06 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-07 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-08 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
CM-02 Baseline Configuration Protects T1490 Inhibit System Recovery
CM-06 Configuration Settings Protects T1490 Inhibit System Recovery
CM-07 Least Functionality Protects T1490 Inhibit System Recovery
CM-02 Baseline Configuration Protects T1070.008 Clear Mailbox Data
CM-06 Configuration Settings Protects T1070.008 Clear Mailbox Data
CM-02 Baseline Configuration Protects T1048 Exfiltration Over Alternative Protocol
CM-06 Configuration Settings Protects T1048 Exfiltration Over Alternative Protocol
CM-07 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
CM-06 Configuration Settings Protects T1053.006 Systemd Timers
CM-03 Configuration Change Control Protects T1578.005 Modify Cloud Compute Configurations
CM-06 Configuration Settings Protects T1562.012 Disable or Modify Linux Audit System
CM-05 Access Restrictions for Change Protects T1562.012 Disable or Modify Linux Audit System
CM-03 Configuration Change Control Protects T1562.012 Disable or Modify Linux Audit System
CM-06 Configuration Settings Protects T1562.011 Spoof Security Alerting
CM-03 Configuration Change Control Protects T1556.008 Network Provider DLL
CM-07 Least Functionality Protects T1556.008 Network Provider DLL
CM-06 Configuration Settings Protects T1556.008 Network Provider DLL
CM-05 Access Restrictions for Change Protects T1556.008 Network Provider DLL
CM-02 Baseline Configuration Protects T1556.008 Network Provider DLL
CM-07 Least Functionality Protects T1555.006 Cloud Secrets Management Stores
CM-05 Access Restrictions for Change Protects T1548.005 Temporary Elevated Cloud Access
CM-07 Least Functionality Protects T1059.009 Cloud API
CM-07 Least Functionality Protects T1036.008 Masquerade File Type
CM-06 Configuration Settings Protects T1027.010 Command Obfuscation
CM-07 Least Functionality Protects T1021.008 Direct Cloud VM Connections
CM-06 Configuration Settings Protects T1021.008 Direct Cloud VM Connections
CM-05 Access Restrictions for Change Protects T1021.008 Direct Cloud VM Connections
CM-02 Baseline Configuration Protects T1562.010 Downgrade Attack
CM-06 Configuration Settings Protects T1562.010 Downgrade Attack
CM-02 Baseline Configuration Protects T1562 Impair Defenses
CM-05 Access Restrictions for Change Protects T1562 Impair Defenses
CM-06 Configuration Settings Protects T1562 Impair Defenses
CM-07 Least Functionality Protects T1562 Impair Defenses
CM-06 Configuration Settings Protects T1552.005 Cloud Instance Metadata API
CM-07 Least Functionality Protects T1552.005 Cloud Instance Metadata API
CM-02 Baseline Configuration Protects T1212 Exploitation for Credential Access
CM-06 Configuration Settings Protects T1212 Exploitation for Credential Access
CM-08 System Component Inventory Protects T1212 Exploitation for Credential Access
CM-07 Least Functionality Protects T1078 Valid Accounts
CM-05 Access Restrictions for Change Protects T1078 Valid Accounts
CM-06 Configuration Settings Protects T1078 Valid Accounts
CM-07 Least Functionality Protects T1078.004 Cloud Accounts
CM-05 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-06 Configuration Settings Protects T1078.004 Cloud Accounts
CM-11 User-installed Software Protects T1072 Software Deployment Tools
CM-02 Baseline Configuration Protects T1072 Software Deployment Tools
CM-05 Access Restrictions for Change Protects T1072 Software Deployment Tools
CM-06 Configuration Settings Protects T1072 Software Deployment Tools
CM-07 Least Functionality Protects T1072 Software Deployment Tools
CM-08 System Component Inventory Protects T1072 Software Deployment Tools
CM-07 Least Functionality Protects T1040 Network Sniffing
CM-02 Baseline Configuration Protects T1036 Masquerading
CM-06 Configuration Settings Protects T1036 Masquerading
CM-07 Least Functionality Protects T1036 Masquerading
CM-07 Least Functionality Protects T1027 Obfuscated Files or Information
CM-02 Baseline Configuration Protects T1027 Obfuscated Files or Information
CM-06 Configuration Settings Protects T1027 Obfuscated Files or Information
CM-07 Least Functionality Protects T1021 Remote Services
CM-02 Baseline Configuration Protects T1021 Remote Services
CM-07 Least Functionality Protects T1653 Power Settings
CM-03 Configuration Change Control Protects T1653 Power Settings
CM-02 Baseline Configuration Protects T1653 Power Settings
CM-02 Baseline Configuration Protects T1003.007 Proc Filesystem
CM-05 Access Restrictions for Change Protects T1003.007 Proc Filesystem
CM-06 Configuration Settings Protects T1003.007 Proc Filesystem
CM-06 Configuration Settings Protects T1011 Exfiltration Over Other Network Medium
CM-07 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
CM-02 Baseline Configuration Protects T1011.001 Exfiltration Over Bluetooth
CM-06 Configuration Settings Protects T1011.001 Exfiltration Over Bluetooth
CM-07 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-08 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
CM-02 Baseline Configuration Protects T1020.001 Traffic Duplication
CM-06 Configuration Settings Protects T1020.001 Traffic Duplication
CM-08 System Component Inventory Protects T1020.001 Traffic Duplication
CM-05 Access Restrictions for Change Protects T1021 Remote Services
CM-06 Configuration Settings Protects T1021 Remote Services
CM-02 Baseline Configuration Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-06 Configuration Settings Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-07 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-05 Access Restrictions for Change Protects T1053.006 Systemd Timers
CM-02 Baseline Configuration Protects T1070.007 Clear Network Connection History and Configurations
CM-06 Configuration Settings Protects T1070.007 Clear Network Connection History and Configurations
CM-02 Baseline Configuration Protects T1071 Application Layer Protocol
CM-06 Configuration Settings Protects T1071 Application Layer Protocol
CM-07 Least Functionality Protects T1071 Application Layer Protocol
CM-02 Baseline Configuration Protects T1071.001 Web Protocols
CM-06 Configuration Settings Protects T1071.001 Web Protocols
CM-07 Least Functionality Protects T1071.001 Web Protocols
CM-02 Baseline Configuration Protects T1071.002 File Transfer Protocols
CM-06 Configuration Settings Protects T1071.002 File Transfer Protocols
CM-07 Least Functionality Protects T1071.002 File Transfer Protocols
CM-02 Baseline Configuration Protects T1080 Taint Shared Content
CM-07 Least Functionality Protects T1080 Taint Shared Content
CM-06 Configuration Settings Protects T1087.002 Domain Account
CM-07 Least Functionality Protects T1087.002 Domain Account
CM-05 Access Restrictions for Change Protects T1098 Account Manipulation
CM-06 Configuration Settings Protects T1098 Account Manipulation
CM-07 Least Functionality Protects T1098 Account Manipulation
CM-05 Access Restrictions for Change Protects T1098.003 Additional Cloud Roles
CM-06 Configuration Settings Protects T1098.003 Additional Cloud Roles
CM-02 Baseline Configuration Protects T1098.004 SSH Authorized Keys
CM-05 Access Restrictions for Change Protects T1098.004 SSH Authorized Keys
CM-06 Configuration Settings Protects T1098.004 SSH Authorized Keys
CM-07 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-08 System Component Inventory Protects T1098.004 SSH Authorized Keys
CM-05 Access Restrictions for Change Protects T1098.005 Device Registration
CM-06 Configuration Settings Protects T1098.005 Device Registration
CM-02 Baseline Configuration Protects T1106 Native API
CM-06 Configuration Settings Protects T1106 Native API
CM-07 Least Functionality Protects T1106 Native API
CM-07 Least Functionality Protects T1112 Modify Registry
CM-02 Baseline Configuration Protects T1132.001 Standard Encoding
CM-06 Configuration Settings Protects T1132.001 Standard Encoding
CM-05 Access Restrictions for Change Protects T1134.001 Token Impersonation/Theft
CM-06 Configuration Settings Protects T1134.001 Token Impersonation/Theft
CM-05 Access Restrictions for Change Protects T1134.002 Create Process with Token
CM-06 Configuration Settings Protects T1134.002 Create Process with Token
CM-05 Access Restrictions for Change Protects T1134.003 Make and Impersonate Token
CM-06 Configuration Settings Protects T1134.003 Make and Impersonate Token
CM-05 Access Restrictions for Change Protects T1136.001 Local Account
CM-06 Configuration Settings Protects T1136.001 Local Account
CM-05 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-06 Configuration Settings Protects T1136.003 Cloud Account
CM-07 Least Functionality Protects T1136.003 Cloud Account
CM-02 Baseline Configuration Protects T1539 Steal Web Session Cookie
CM-06 Configuration Settings Protects T1539 Steal Web Session Cookie
CM-05 Access Restrictions for Change Protects T1562.011 Spoof Security Alerting

Capabilities

Capability ID Capability Name Number of Mappings
CM-05 Access Restrictions for Change 153
CM-07 Least Functionality 212
CM-02 Baseline Configuration 262
CM-08 System Component Inventory 94
CM-10 Software Usage Restrictions 9
CM-12 Information Location 2
CM-03 Configuration Change Control 29
CM-11 User-installed Software 33
CM-06 Configuration Settings 327