NIST 800-53 Supply Chain Risk Management Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SR-04 Provenance Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SR-04 Provenance Protects T1052 Exfiltration Over Physical Medium
SR-04 Provenance Protects T1052.001 Exfiltration over USB
SR-11 Component Authenticity Protects T1059.002 AppleScript
SR-04 Provenance Protects T1059.002 AppleScript
SR-05 Acquisition Strategies, Tools, and Methods Protects T1059.002 AppleScript
SR-06 Supplier Assessments and Reviews Protects T1059.002 AppleScript
SR-11 Component Authenticity Protects T1204.003 Malicious Image
SR-04 Provenance Protects T1204.003 Malicious Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1204.003 Malicious Image
SR-06 Supplier Assessments and Reviews Protects T1204.003 Malicious Image
SR-11 Component Authenticity Protects T1505 Server Software Component
SR-04 Provenance Protects T1505 Server Software Component
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505 Server Software Component
SR-06 Supplier Assessments and Reviews Protects T1505 Server Software Component
SR-11 Component Authenticity Protects T1505.001 SQL Stored Procedures
SR-04 Provenance Protects T1505.001 SQL Stored Procedures
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.001 SQL Stored Procedures
SR-06 Supplier Assessments and Reviews Protects T1505.001 SQL Stored Procedures
SR-11 Component Authenticity Protects T1505.002 Transport Agent
SR-04 Provenance Protects T1505.002 Transport Agent
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.002 Transport Agent
SR-06 Supplier Assessments and Reviews Protects T1505.002 Transport Agent
SR-11 Component Authenticity Protects T1505.004 IIS Components
SR-04 Provenance Protects T1505.004 IIS Components
SR-05 Acquisition Strategies, Tools, and Methods Protects T1505.004 IIS Components
SR-06 Supplier Assessments and Reviews Protects T1505.004 IIS Components
SR-11 Component Authenticity Protects T1546.006 LC_LOAD_DYLIB Addition
SR-04 Provenance Protects T1546.006 LC_LOAD_DYLIB Addition
SR-05 Acquisition Strategies, Tools, and Methods Protects T1546.006 LC_LOAD_DYLIB Addition
SR-06 Supplier Assessments and Reviews Protects T1546.006 LC_LOAD_DYLIB Addition
SR-11 Component Authenticity Protects T1601 Modify System Image
SR-04 Provenance Protects T1601 Modify System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601 Modify System Image
SR-06 Supplier Assessments and Reviews Protects T1601 Modify System Image
SR-11 Component Authenticity Protects T1601.001 Patch System Image
SR-04 Provenance Protects T1601.001 Patch System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601.001 Patch System Image
SR-06 Supplier Assessments and Reviews Protects T1601.001 Patch System Image
SR-11 Component Authenticity Protects T1601.002 Downgrade System Image
SR-04 Provenance Protects T1601.002 Downgrade System Image
SR-05 Acquisition Strategies, Tools, and Methods Protects T1601.002 Downgrade System Image
SR-06 Supplier Assessments and Reviews Protects T1601.002 Downgrade System Image
SR-11 Component Authenticity Protects T1554 Compromise Client Software Binary
SR-04 Provenance Protects T1554 Compromise Client Software Binary
SR-05 Acquisition Strategies, Tools, and Methods Protects T1554 Compromise Client Software Binary
SR-06 Supplier Assessments and Reviews Protects T1554 Compromise Client Software Binary
SR-04 Provenance Protects T1041 Exfiltration Over C2 Channel
SR-04 Provenance Protects T1567 Exfiltration Over Web Service
SR-04 Provenance Protects T1048 Exfiltration Over Alternative Protocol
SR-06 Supplier Assessments and Reviews Protects T1078 Valid Accounts
SR-04 Provenance Protects T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol

Capabilities

Capability ID Capability Name Number of Mappings
SR-06 Supplier Assessments and Reviews 12
SR-05 Acquisition Strategies, Tools, and Methods 11
SR-04 Provenance 18
SR-11 Component Authenticity 11