| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1025 |
Data from Removable Media |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SA-09 |
External System Services |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1052.001 |
Exfiltration over USB |
| SA-10 |
Developer Configuration Management |
Protects |
T1078.001 |
Default Accounts |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1078.001 |
Default Accounts |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1078.001 |
Default Accounts |
| SA-16 |
Developer-provided Training |
Protects |
T1078.001 |
Default Accounts |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1078.001 |
Default Accounts |
| SA-03 |
System Development Life Cycle |
Protects |
T1078.001 |
Default Accounts |
| SA-04 |
Acquisition Process |
Protects |
T1078.001 |
Default Accounts |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1078.001 |
Default Accounts |
| SA-10 |
Developer Configuration Management |
Protects |
T1078.003 |
Local Accounts |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1078.003 |
Local Accounts |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1078.003 |
Local Accounts |
| SA-16 |
Developer-provided Training |
Protects |
T1078.003 |
Local Accounts |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1078.003 |
Local Accounts |
| SA-03 |
System Development Life Cycle |
Protects |
T1078.003 |
Local Accounts |
| SA-04 |
Acquisition Process |
Protects |
T1078.003 |
Local Accounts |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1078.003 |
Local Accounts |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1134.005 |
SID-History Injection |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1134.005 |
SID-History Injection |
| SA-04 |
Acquisition Process |
Protects |
T1134.005 |
SID-History Injection |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1134.005 |
SID-History Injection |
| SA-22 |
Unsupported System Components |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
| SA-22 |
Unsupported System Components |
Protects |
T1195.002 |
Compromise Software Supply Chain |
| SA-10 |
Developer Configuration Management |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |
| SA-10 |
Developer Configuration Management |
Protects |
T1213.003 |
Code Repositories |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1213.003 |
Code Repositories |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1213.003 |
Code Repositories |
| SA-03 |
System Development Life Cycle |
Protects |
T1213.003 |
Code Repositories |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1213.003 |
Code Repositories |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1482 |
Domain Trust Discovery |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1482 |
Domain Trust Discovery |
| SA-10 |
Developer Configuration Management |
Protects |
T1495 |
Firmware Corruption |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1495 |
Firmware Corruption |
| SA-10 |
Developer Configuration Management |
Protects |
T1505 |
Server Software Component |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1505 |
Server Software Component |
| SA-10 |
Developer Configuration Management |
Protects |
T1505.001 |
SQL Stored Procedures |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1505.001 |
SQL Stored Procedures |
| SA-10 |
Developer Configuration Management |
Protects |
T1505.002 |
Transport Agent |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1505.002 |
Transport Agent |
| SA-10 |
Developer Configuration Management |
Protects |
T1505.004 |
IIS Components |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1505.004 |
IIS Components |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1528 |
Steal Application Access Token |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1528 |
Steal Application Access Token |
| SA-10 |
Developer Configuration Management |
Protects |
T1542 |
Pre-OS Boot |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1542 |
Pre-OS Boot |
| SA-10 |
Developer Configuration Management |
Protects |
T1542.004 |
ROMMONkit |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1542.004 |
ROMMONkit |
| SA-10 |
Developer Configuration Management |
Protects |
T1542.005 |
TFTP Boot |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1542.005 |
TFTP Boot |
| SA-22 |
Unsupported System Components |
Protects |
T1543 |
Create or Modify System Process |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1552.006 |
Group Policy Preferences |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1552.006 |
Group Policy Preferences |
| SA-10 |
Developer Configuration Management |
Protects |
T1553 |
Subvert Trust Controls |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1553 |
Subvert Trust Controls |
| SA-10 |
Developer Configuration Management |
Protects |
T1553.006 |
Code Signing Policy Modification |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1553.006 |
Code Signing Policy Modification |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1558.004 |
AS-REP Roasting |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1558.004 |
AS-REP Roasting |
| SA-10 |
Developer Configuration Management |
Protects |
T1559.003 |
XPC Services |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1559.003 |
XPC Services |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1559.003 |
XPC Services |
| SA-10 |
Developer Configuration Management |
Protects |
T1564.009 |
Resource Forking |
| SA-10 |
Developer Configuration Management |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-16 |
Developer-provided Training |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-03 |
System Development Life Cycle |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-04 |
Acquisition Process |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1574.002 |
DLL Side-Loading |
| SA-10 |
Developer Configuration Management |
Protects |
T1601 |
Modify System Image |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1601 |
Modify System Image |
| SA-10 |
Developer Configuration Management |
Protects |
T1601.001 |
Patch System Image |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1601.001 |
Patch System Image |
| SA-10 |
Developer Configuration Management |
Protects |
T1601.002 |
Downgrade System Image |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1601.002 |
Downgrade System Image |
| SA-10 |
Developer Configuration Management |
Protects |
T1647 |
Plist File Modification |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1647 |
Plist File Modification |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1647 |
Plist File Modification |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1612 |
Build Image on Host |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1552.004 |
Private Keys |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1552.004 |
Private Keys |
| SA-22 |
Unsupported System Components |
Protects |
T1543.002 |
Systemd Service |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1190 |
Exploit Public-Facing Application |
| SA-22 |
Unsupported System Components |
Protects |
T1189 |
Drive-by Compromise |
| SA-10 |
Developer Configuration Management |
Protects |
T1072 |
Software Deployment Tools |
| SA-09 |
External System Services |
Protects |
T1072 |
Software Deployment Tools |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1005 |
Data from Local System |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1552.002 |
Credentials in Registry |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1552.002 |
Credentials in Registry |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1552.001 |
Credentials In Files |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1552.001 |
Credentials In Files |
| SA-10 |
Developer Configuration Management |
Protects |
T1542.003 |
Bootkit |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1542.003 |
Bootkit |
| SA-22 |
Unsupported System Components |
Protects |
T1195 |
Supply Chain Compromise |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1041 |
Exfiltration Over C2 Channel |
| SA-09 |
External System Services |
Protects |
T1041 |
Exfiltration Over C2 Channel |
| SA-10 |
Developer Configuration Management |
Protects |
T1542.001 |
System Firmware |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1542.001 |
System Firmware |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1567 |
Exfiltration Over Web Service |
| SA-09 |
External System Services |
Protects |
T1567 |
Exfiltration Over Web Service |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1552 |
Unsecured Credentials |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1552 |
Unsecured Credentials |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1048 |
Exfiltration Over Alternative Protocol |
| SA-09 |
External System Services |
Protects |
T1048 |
Exfiltration Over Alternative Protocol |
| SA-10 |
Developer Configuration Management |
Protects |
T1078 |
Valid Accounts |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1078 |
Valid Accounts |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1078 |
Valid Accounts |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1078 |
Valid Accounts |
| SA-03 |
System Development Life Cycle |
Protects |
T1078 |
Valid Accounts |
| SA-04 |
Acquisition Process |
Protects |
T1078 |
Valid Accounts |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1078 |
Valid Accounts |
| SA-10 |
Developer Configuration Management |
Protects |
T1078.004 |
Cloud Accounts |
| SA-11 |
Developer Testing and Evaluation |
Protects |
T1078.004 |
Cloud Accounts |
| SA-15 |
Development Process, Standards, and Tools |
Protects |
T1078.004 |
Cloud Accounts |
| SA-17 |
Developer Security and Privacy Architecture and Design |
Protects |
T1078.004 |
Cloud Accounts |
| SA-03 |
System Development Life Cycle |
Protects |
T1078.004 |
Cloud Accounts |
| SA-04 |
Acquisition Process |
Protects |
T1078.004 |
Cloud Accounts |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1078.004 |
Cloud Accounts |
| SA-08 |
Security and Privacy Engineering Principles |
Protects |
T1048.003 |
Exfiltration Over Unencrypted Non-C2 Protocol |
| SA-09 |
External System Services |
Protects |
T1048.003 |
Exfiltration Over Unencrypted Non-C2 Protocol |
