|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1025
|
Data from Removable Media
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1052.001
|
Exfiltration over USB
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.001
|
Default Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.001
|
Default Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.001
|
Default Accounts
|
|
SA-16
|
Developer-provided Training
| Protects |
T1078.001
|
Default Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.001
|
Default Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.001
|
Default Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.001
|
Default Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.001
|
Default Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.003
|
Local Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.003
|
Local Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.003
|
Local Accounts
|
|
SA-16
|
Developer-provided Training
| Protects |
T1078.003
|
Local Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.003
|
Local Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.003
|
Local Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.003
|
Local Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.003
|
Local Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-04
|
Acquisition Process
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1134.005
|
SID-History Injection
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1213.003
|
Code Repositories
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1213.003
|
Code Repositories
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1213.003
|
Code Repositories
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1213.003
|
Code Repositories
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1213.003
|
Code Repositories
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1482
|
Domain Trust Discovery
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1482
|
Domain Trust Discovery
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1495
|
Firmware Corruption
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1495
|
Firmware Corruption
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505
|
Server Software Component
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505
|
Server Software Component
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.002
|
Transport Agent
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.002
|
Transport Agent
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1505.004
|
IIS Components
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1505.004
|
IIS Components
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1528
|
Steal Application Access Token
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1528
|
Steal Application Access Token
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542
|
Pre-OS Boot
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542
|
Pre-OS Boot
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.004
|
ROMMONkit
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.004
|
ROMMONkit
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.005
|
TFTP Boot
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.005
|
TFTP Boot
|
|
SA-22
|
Unsupported System Components
| Protects |
T1543
|
Create or Modify System Process
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.006
|
Group Policy Preferences
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1553
|
Subvert Trust Controls
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1553
|
Subvert Trust Controls
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1558.004
|
AS-REP Roasting
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1559.003
|
XPC Services
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1559.003
|
XPC Services
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1559.003
|
XPC Services
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1564.009
|
Resource Forking
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-16
|
Developer-provided Training
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-04
|
Acquisition Process
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1574.002
|
DLL Side-Loading
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601
|
Modify System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601
|
Modify System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601.001
|
Patch System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601.001
|
Patch System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1601.002
|
Downgrade System Image
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1601.002
|
Downgrade System Image
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1647
|
Plist File Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1647
|
Plist File Modification
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1647
|
Plist File Modification
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1612
|
Build Image on Host
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.004
|
Private Keys
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.004
|
Private Keys
|
|
SA-22
|
Unsupported System Components
| Protects |
T1543.002
|
Systemd Service
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
SA-22
|
Unsupported System Components
| Protects |
T1189
|
Drive-by Compromise
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1072
|
Software Deployment Tools
|
|
SA-09
|
External System Services
| Protects |
T1072
|
Software Deployment Tools
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1005
|
Data from Local System
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.002
|
Credentials in Registry
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.002
|
Credentials in Registry
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552.001
|
Credentials In Files
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552.001
|
Credentials In Files
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.003
|
Bootkit
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.003
|
Bootkit
|
|
SA-22
|
Unsupported System Components
| Protects |
T1195
|
Supply Chain Compromise
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SA-09
|
External System Services
| Protects |
T1041
|
Exfiltration Over C2 Channel
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1542.001
|
System Firmware
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1542.001
|
System Firmware
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SA-09
|
External System Services
| Protects |
T1567
|
Exfiltration Over Web Service
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1552
|
Unsecured Credentials
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1552
|
Unsecured Credentials
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048
|
Exfiltration Over Alternative Protocol
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078
|
Valid Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078
|
Valid Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078
|
Valid Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078
|
Valid Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078
|
Valid Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078
|
Valid Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078
|
Valid Accounts
|
|
SA-10
|
Developer Configuration Management
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-03
|
System Development Life Cycle
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-04
|
Acquisition Process
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1078.004
|
Cloud Accounts
|
|
SA-08
|
Security and Privacy Engineering Principles
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
SA-09
|
External System Services
| Protects |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
