|
CM-03
|
Configuration Change Control
| mitigates |
T1666
|
Modify Cloud Resource Hierarchy
|
|
AC-02
|
Account Management
| mitigates |
T1556.009
|
Conditional Access Policies
|
|
SC-05
|
Denial-of-service Protection
| mitigates |
T1496.003
|
SMS Pumping
|
|
AC-06
|
Least Privilege
| mitigates |
T1110
|
Brute Force
|
|
AC-02
|
Account Management
| mitigates |
T1613
|
Container and Resource Discovery
|
|
AC-02
|
Account Management
| mitigates |
T1619
|
Cloud Storage Object Discovery
|
|
AC-04
|
Information Flow Enforcement
| mitigates |
T1001
|
Data Obfuscation
|
|
AC-02
|
Account Management
| mitigates |
T1070.009
|
Clear Persistence
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001
|
Data Obfuscation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001.001
|
Junk Data
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001.003
|
Protocol or Service Impersonation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003
|
OS Credential Dumping
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.001
|
LSASS Memory
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.005
|
Cached Domain Credentials
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.007
|
Proc Filesystem
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1036
|
Masquerading
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037
|
Boot or Logon Initialization Scripts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1056.002
|
GUI Input Capture
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059.010
|
AutoHotKey & AutoIT
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.003
|
Clear Command History
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071
|
Application Layer Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.003
|
Mail Protocols
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1072
|
Software Deployment Tools
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078
|
Valid Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.001
|
Default Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.003
|
Local Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.004
|
Cloud Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1090.003
|
Multi-hop Proxy
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1102
|
Web Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1105
|
Ingress Tool Transfer
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110
|
Brute Force
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1176
|
Browser Extensions
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1203
|
Exploitation for Client Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204
|
User Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204.002
|
Malicious File
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213
|
Data from Information Repositories
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.001
|
Confluence
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.002
|
Sharepoint
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.003
|
Code Repositories
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.005
|
Messaging Applications
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218
|
System Binary Proxy Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.011
|
Rundll32
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.015
|
Electron Applications
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1219
|
Remote Access Software
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1489
|
Service Stop
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1528
|
Steal Application Access Token
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1530
|
Data from Cloud Storage
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1539
|
Steal Web Session Cookie
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1543
|
Create or Modify System Process
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1543.002
|
Systemd Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.016
|
Installer Packages
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1547.003
|
Time Providers
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1548
|
Abuse Elevation Control Mechanism
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1548.006
|
TCC Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552
|
Unsecured Credentials
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.001
|
Credentials In Files
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.004
|
Private Keys
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1555
|
Credentials from Password Stores
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1555.002
|
Securityd Memory
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1556
|
Modify Authentication Process
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1556.001
|
Domain Controller Authentication
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557
|
Adversary-in-the-Middle
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557.004
|
Evil Twin
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558.005
|
Ccache Files
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562
|
Impair Defenses
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.004
|
Disable or Modify System Firewall
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.006
|
Indicator Blocking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1564.004
|
NTFS File Attributes
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1565
|
Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566
|
Phishing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.001
|
Spearphishing Attachment
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.002
|
Spearphishing Link
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.003
|
Spearphishing via Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1572
|
Protocol Tunneling
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1573
|
Encrypted Channel
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.014
|
AppDomainManager
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1598.003
|
Spearphishing Link
|
|
CM-06
|
Configuration Settings
| mitigates |
T1001
|
Data Obfuscation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1001.001
|
Junk Data
|
|
CM-06
|
Configuration Settings
| mitigates |
T1001.003
|
Protocol or Service Impersonation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1003
|
OS Credential Dumping
|
|
CM-06
|
Configuration Settings
| mitigates |
T1003.001
|
LSASS Memory
|
|
CM-06
|
Configuration Settings
| mitigates |
T1003.005
|
Cached Domain Credentials
|
|
CM-06
|
Configuration Settings
| mitigates |
T1003.007
|
Proc Filesystem
|
|
CM-06
|
Configuration Settings
| mitigates |
T1020.001
|
Traffic Duplication
|
|
CM-06
|
Configuration Settings
| mitigates |
T1021
|
Remote Services
|
|
CM-06
|
Configuration Settings
| mitigates |
T1027
|
Obfuscated Files or Information
|
|
CM-06
|
Configuration Settings
| mitigates |
T1036
|
Masquerading
|
|
CM-06
|
Configuration Settings
| mitigates |
T1036.010
|
Masquerade Account Name
|
|
CM-06
|
Configuration Settings
| mitigates |
T1037
|
Boot or Logon Initialization Scripts
|
|
CM-06
|
Configuration Settings
| mitigates |
T1047
|
Windows Management Instrumentation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1053
|
Scheduled Task/Job
|
|
CM-06
|
Configuration Settings
| mitigates |
T1053.002
|
At
|
|
CM-06
|
Configuration Settings
| mitigates |
T1053.005
|
Scheduled Task
|
|
CM-06
|
Configuration Settings
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
CM-06
|
Configuration Settings
| mitigates |
T1059.006
|
Python
|
|
CM-06
|
Configuration Settings
| mitigates |
T1059.010
|
AutoHotKey & AutoIT
|
|
CM-06
|
Configuration Settings
| mitigates |
T1059.011
|
Lua
|
|
CM-06
|
Configuration Settings
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CM-06
|
Configuration Settings
| mitigates |
T1070.003
|
Clear Command History
|
|
CM-06
|
Configuration Settings
| mitigates |
T1071
|
Application Layer Protocol
|
|
CM-06
|
Configuration Settings
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
CM-06
|
Configuration Settings
| mitigates |
T1071.003
|
Mail Protocols
|
|
CM-06
|
Configuration Settings
| mitigates |
T1072
|
Software Deployment Tools
|
|
CM-06
|
Configuration Settings
| mitigates |
T1078
|
Valid Accounts
|
|
CM-06
|
Configuration Settings
| mitigates |
T1078.003
|
Local Accounts
|
|
CM-06
|
Configuration Settings
| mitigates |
T1078.004
|
Cloud Accounts
|
|
CM-06
|
Configuration Settings
| mitigates |
T1087
|
Account Discovery
|
|
CM-06
|
Configuration Settings
| mitigates |
T1087.001
|
Local Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1087.002
|
Domain Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1090.003
|
Multi-hop Proxy
|
|
CM-06
|
Configuration Settings
| mitigates |
T1092
|
Communication Through Removable Media
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098
|
Account Manipulation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098.001
|
Additional Cloud Credentials
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098.002
|
Additional Email Delegate Permissions
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098.003
|
Additional Cloud Roles
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098.005
|
Device Registration
|
|
CM-06
|
Configuration Settings
| mitigates |
T1098.007
|
Additional Local or Domain Groups
|
|
CM-06
|
Configuration Settings
| mitigates |
T1102
|
Web Service
|
|
CM-06
|
Configuration Settings
| mitigates |
T1105
|
Ingress Tool Transfer
|
|
CM-06
|
Configuration Settings
| mitigates |
T1110
|
Brute Force
|
|
CM-06
|
Configuration Settings
| mitigates |
T1114
|
Email Collection
|
|
CM-06
|
Configuration Settings
| mitigates |
T1114.002
|
Remote Email Collection
|
|
CM-06
|
Configuration Settings
| mitigates |
T1114.003
|
Email Forwarding Rule
|
|
CM-06
|
Configuration Settings
| mitigates |
T1119
|
Automated Collection
|
|
CM-06
|
Configuration Settings
| mitigates |
T1127.002
|
ClickOnce
|
|
CM-06
|
Configuration Settings
| mitigates |
T1134.001
|
Token Impersonation/Theft
|
|
CM-06
|
Configuration Settings
| mitigates |
T1134.003
|
Make and Impersonate Token
|
|
CM-06
|
Configuration Settings
| mitigates |
T1136
|
Create Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1136.002
|
Domain Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1136.003
|
Cloud Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1137.002
|
Office Test
|
|
CM-06
|
Configuration Settings
| mitigates |
T1176
|
Browser Extensions
|
|
CM-06
|
Configuration Settings
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CM-06
|
Configuration Settings
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CM-06
|
Configuration Settings
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CM-06
|
Configuration Settings
| mitigates |
T1204
|
User Execution
|
|
CM-06
|
Configuration Settings
| mitigates |
T1204.002
|
Malicious File
|
|
CM-06
|
Configuration Settings
| mitigates |
T1213
|
Data from Information Repositories
|
|
CM-06
|
Configuration Settings
| mitigates |
T1213.001
|
Confluence
|
|
CM-06
|
Configuration Settings
| mitigates |
T1213.002
|
Sharepoint
|
|
CM-06
|
Configuration Settings
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
CM-06
|
Configuration Settings
| mitigates |
T1213.005
|
Messaging Applications
|
|
CM-06
|
Configuration Settings
| mitigates |
T1216.002
|
SyncAppvPublishingServer
|
|
CM-06
|
Configuration Settings
| mitigates |
T1218
|
System Binary Proxy Execution
|
|
CM-06
|
Configuration Settings
| mitigates |
T1218.015
|
Electron Applications
|
|
CM-06
|
Configuration Settings
| mitigates |
T1219
|
Remote Access Software
|
|
CM-06
|
Configuration Settings
| mitigates |
T1484
|
Domain or Tenant Policy Modification
|
|
CM-06
|
Configuration Settings
| mitigates |
T1489
|
Service Stop
|
|
CM-06
|
Configuration Settings
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CM-06
|
Configuration Settings
| mitigates |
T1505.003
|
Web Shell
|
|
CM-06
|
Configuration Settings
| mitigates |
T1528
|
Steal Application Access Token
|
|
CM-06
|
Configuration Settings
| mitigates |
T1530
|
Data from Cloud Storage
|
|
CM-06
|
Configuration Settings
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
CM-06
|
Configuration Settings
| mitigates |
T1539
|
Steal Web Session Cookie
|
|
CM-06
|
Configuration Settings
| mitigates |
T1542
|
Pre-OS Boot
|
|
CM-06
|
Configuration Settings
| mitigates |
T1542.001
|
System Firmware
|
|
CM-06
|
Configuration Settings
| mitigates |
T1543
|
Create or Modify System Process
|
|
CM-06
|
Configuration Settings
| mitigates |
T1543.002
|
Systemd Service
|
|
CM-06
|
Configuration Settings
| mitigates |
T1546
|
Event Triggered Execution
|
|
CM-06
|
Configuration Settings
| mitigates |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CM-06
|
Configuration Settings
| mitigates |
T1546.016
|
Installer Packages
|
|
CM-06
|
Configuration Settings
| mitigates |
T1547.003
|
Time Providers
|
|
CM-06
|
Configuration Settings
| mitigates |
T1547.009
|
Shortcut Modification
|
|
CM-06
|
Configuration Settings
| mitigates |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-06
|
Configuration Settings
| mitigates |
T1548.006
|
TCC Manipulation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1550
|
Use Alternate Authentication Material
|
|
CM-06
|
Configuration Settings
| mitigates |
T1550.001
|
Application Access Token
|
|
CM-06
|
Configuration Settings
| mitigates |
T1552
|
Unsecured Credentials
|
|
CM-06
|
Configuration Settings
| mitigates |
T1552.001
|
Credentials In Files
|
|
CM-06
|
Configuration Settings
| mitigates |
T1552.004
|
Private Keys
|
|
CM-06
|
Configuration Settings
| mitigates |
T1553
|
Subvert Trust Controls
|
|
CM-06
|
Configuration Settings
| mitigates |
T1554
|
Compromise Host Software Binary
|
|
CM-06
|
Configuration Settings
| mitigates |
T1555.005
|
Password Managers
|
|
CM-06
|
Configuration Settings
| mitigates |
T1556
|
Modify Authentication Process
|
|
CM-06
|
Configuration Settings
| mitigates |
T1556.001
|
Domain Controller Authentication
|
|
CM-06
|
Configuration Settings
| mitigates |
T1556.009
|
Conditional Access Policies
|
|
CM-06
|
Configuration Settings
| mitigates |
T1557
|
Adversary-in-the-Middle
|
|
CM-06
|
Configuration Settings
| mitigates |
T1557.004
|
Evil Twin
|
|
CM-06
|
Configuration Settings
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CM-06
|
Configuration Settings
| mitigates |
T1562
|
Impair Defenses
|
|
CM-06
|
Configuration Settings
| mitigates |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-06
|
Configuration Settings
| mitigates |
T1562.006
|
Indicator Blocking
|
|
CM-06
|
Configuration Settings
| mitigates |
T1563
|
Remote Service Session Hijacking
|
|
CM-06
|
Configuration Settings
| mitigates |
T1565
|
Data Manipulation
|
|
CM-06
|
Configuration Settings
| mitigates |
T1566
|
Phishing
|
|
CM-06
|
Configuration Settings
| mitigates |
T1566.001
|
Spearphishing Attachment
|
|
CM-06
|
Configuration Settings
| mitigates |
T1566.002
|
Spearphishing Link
|
|
CM-06
|
Configuration Settings
| mitigates |
T1572
|
Protocol Tunneling
|
|
CM-06
|
Configuration Settings
| mitigates |
T1573
|
Encrypted Channel
|
|
CM-06
|
Configuration Settings
| mitigates |
T1574.001
|
DLL Search Order Hijacking
|
|
CM-06
|
Configuration Settings
| mitigates |
T1574.014
|
AppDomainManager
|
|
CM-06
|
Configuration Settings
| mitigates |
T1590.002
|
DNS
|
|
CM-06
|
Configuration Settings
| mitigates |
T1598.003
|
Spearphishing Link
|
|
CM-06
|
Configuration Settings
| mitigates |
T1610
|
Deploy Container
|
|
CM-06
|
Configuration Settings
| mitigates |
T1611
|
Escape to Host
|
|
CM-06
|
Configuration Settings
| mitigates |
T1648
|
Serverless Execution
|
|
SC-07
|
Boundary Protection
| mitigates |
T1001
|
Data Obfuscation
|
|
SI-03
|
Malicious Code Protection
| mitigates |
T1001
|
Data Obfuscation
|
|
SI-04
|
System Monitoring
| mitigates |
T1001
|
Data Obfuscation
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1003
|
OS Credential Dumping
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1003.001
|
LSASS Memory
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1003.005
|
Cached Domain Credentials
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1003.007
|
Proc Filesystem
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1020.001
|
Traffic Duplication
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1021
|
Remote Services
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1047
|
Windows Management Instrumentation
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1053
|
Scheduled Task/Job
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1053.002
|
At
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1053.005
|
Scheduled Task
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1059.006
|
Python
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1072
|
Software Deployment Tools
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1078
|
Valid Accounts
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1078.003
|
Local Accounts
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1078.004
|
Cloud Accounts
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098
|
Account Manipulation
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098.001
|
Additional Cloud Credentials
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098.002
|
Additional Email Delegate Permissions
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098.003
|
Additional Cloud Roles
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098.005
|
Device Registration
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1098.007
|
Additional Local or Domain Groups
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1134.001
|
Token Impersonation/Theft
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1134.003
|
Make and Impersonate Token
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1136
|
Create Account
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1136.002
|
Domain Account
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1136.003
|
Cloud Account
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1137.002
|
Office Test
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1176
|
Browser Extensions
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1213
|
Data from Information Repositories
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1213.001
|
Confluence
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1213.002
|
Sharepoint
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1213.005
|
Messaging Applications
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1218
|
System Binary Proxy Execution
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1218.015
|
Electron Applications
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1484
|
Domain or Tenant Policy Modification
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1489
|
Service Stop
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1528
|
Steal Application Access Token
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1530
|
Data from Cloud Storage
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1542
|
Pre-OS Boot
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1542.001
|
System Firmware
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1543
|
Create or Modify System Process
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1543.002
|
Systemd Service
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1543.003
|
Windows Service
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1546.016
|
Installer Packages
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1547.003
|
Time Providers
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1547.004
|
Winlogon Helper DLL
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1547.009
|
Shortcut Modification
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1548
|
Abuse Elevation Control Mechanism
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1548.005
|
Temporary Elevated Cloud Access
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1548.006
|
TCC Manipulation
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1550
|
Use Alternate Authentication Material
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1552
|
Unsecured Credentials
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1553
|
Subvert Trust Controls
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1554
|
Compromise Host Software Binary
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1556
|
Modify Authentication Process
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1556.001
|
Domain Controller Authentication
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1556.009
|
Conditional Access Policies
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1562
|
Impair Defenses
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1562.004
|
Disable or Modify System Firewall
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1562.006
|
Indicator Blocking
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1563
|
Remote Service Session Hijacking
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1574.014
|
AppDomainManager
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1611
|
Escape to Host
|
|
CM-05
|
Access Restrictions for Change
| mitigates |
T1621
|
Multi-Factor Authentication Request Generation
|
|
CM-07
|
Least Functionality
| mitigates |
T1003
|
OS Credential Dumping
|
|
CP-09
|
System Backup
| mitigates |
T1003
|
OS Credential Dumping
|
|
IA-02
|
Identification and Authentication (Organizational Users)
| mitigates |
T1003
|
OS Credential Dumping
|
|
IA-04
|
Identifier Management
| mitigates |
T1003
|
OS Credential Dumping
|
|
IA-05
|
Authenticator Management
| mitigates |
T1003
|
OS Credential Dumping
|
|
IA-05
|
Authenticator Management
| mitigates |
T1003.001
|
LSASS Memory
|
|
IA-05
|
Authenticator Management
| mitigates |
T1003.005
|
Cached Domain Credentials
|
|
IA-05
|
Authenticator Management
| mitigates |
T1003.007
|
Proc Filesystem
|
|
IA-05
|
Authenticator Management
| mitigates |
T1021
|
Remote Services
|
|
IA-05
|
Authenticator Management
| mitigates |
T1040
|
Network Sniffing
|
|
IA-05
|
Authenticator Management
| mitigates |
T1072
|
Software Deployment Tools
|
|
IA-05
|
Authenticator Management
| mitigates |
T1078
|
Valid Accounts
|
|
IA-05
|
Authenticator Management
| mitigates |
T1078.004
|
Cloud Accounts
|
|
IA-05
|
Authenticator Management
| mitigates |
T1098.001
|
Additional Cloud Credentials
|
|
IA-05
|
Authenticator Management
| mitigates |
T1098.002
|
Additional Email Delegate Permissions
|
|
IA-05
|
Authenticator Management
| mitigates |
T1098.003
|
Additional Cloud Roles
|
|
IA-05
|
Authenticator Management
| mitigates |
T1110
|
Brute Force
|
|
IA-05
|
Authenticator Management
| mitigates |
T1114
|
Email Collection
|
|
IA-05
|
Authenticator Management
| mitigates |
T1114.002
|
Remote Email Collection
|
|
IA-05
|
Authenticator Management
| mitigates |
T1136
|
Create Account
|
|
IA-05
|
Authenticator Management
| mitigates |
T1136.002
|
Domain Account
|
|
IA-05
|
Authenticator Management
| mitigates |
T1136.003
|
Cloud Account
|
|
IA-05
|
Authenticator Management
| mitigates |
T1528
|
Steal Application Access Token
|
|
IA-05
|
Authenticator Management
| mitigates |
T1530
|
Data from Cloud Storage
|
|
IA-05
|
Authenticator Management
| mitigates |
T1539
|
Steal Web Session Cookie
|
|
IA-05
|
Authenticator Management
| mitigates |
T1552
|
Unsecured Credentials
|
|
IA-05
|
Authenticator Management
| mitigates |
T1552.001
|
Credentials In Files
|
|
IA-05
|
Authenticator Management
| mitigates |
T1552.004
|
Private Keys
|
|
IA-05
|
Authenticator Management
| mitigates |
T1555
|
Credentials from Password Stores
|
|
IA-05
|
Authenticator Management
| mitigates |
T1555.002
|
Securityd Memory
|
|
IA-05
|
Authenticator Management
| mitigates |
T1555.005
|
Password Managers
|
|
IA-05
|
Authenticator Management
| mitigates |
T1556
|
Modify Authentication Process
|
|
IA-05
|
Authenticator Management
| mitigates |
T1556.001
|
Domain Controller Authentication
|
|
IA-05
|
Authenticator Management
| mitigates |
T1556.009
|
Conditional Access Policies
|
|
IA-05
|
Authenticator Management
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
IA-05
|
Authenticator Management
| mitigates |
T1558.005
|
Ccache Files
|
|
IA-05
|
Authenticator Management
| mitigates |
T1621
|
Multi-Factor Authentication Request Generation
|
|
IA-05
|
Authenticator Management
| mitigates |
T1649
|
Steal or Forge Authentication Certificates
|
|
SC-28
|
Protection of Information at Rest
| mitigates |
T1003
|
OS Credential Dumping
|
|
SC-39
|
Process Isolation
| mitigates |
T1003
|
OS Credential Dumping
|
|
SI-12
|
Information Management and Retention
| mitigates |
T1003
|
OS Credential Dumping
|
|
SI-02
|
Flaw Remediation
| mitigates |
T1003
|
OS Credential Dumping
|
|
SI-07
|
Software, Firmware, and Information Integrity
| mitigates |
T1003
|
OS Credential Dumping
|
|
SC-03
|
Security Function Isolation
| mitigates |
T1003.001
|
LSASS Memory
|
|
SI-16
|
Memory Protection
| mitigates |
T1003.001
|
LSASS Memory
|
|
AC-17
|
Remote Access
| mitigates |
T1020.001
|
Traffic Duplication
|
|
AC-17
|
Remote Access
| mitigates |
T1021
|
Remote Services
|
|
AC-17
|
Remote Access
| mitigates |
T1037
|
Boot or Logon Initialization Scripts
|
|
AC-17
|
Remote Access
| mitigates |
T1040
|
Network Sniffing
|
|
AC-17
|
Remote Access
| mitigates |
T1047
|
Windows Management Instrumentation
|
|
AC-17
|
Remote Access
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
AC-17
|
Remote Access
| mitigates |
T1059.006
|
Python
|
|
AC-17
|
Remote Access
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
AC-17
|
Remote Access
| mitigates |
T1114
|
Email Collection
|
|
AC-17
|
Remote Access
| mitigates |
T1114.002
|
Remote Email Collection
|
|
AC-17
|
Remote Access
| mitigates |
T1114.003
|
Email Forwarding Rule
|
|
AC-17
|
Remote Access
| mitigates |
T1119
|
Automated Collection
|
|
AC-17
|
Remote Access
| mitigates |
T1127.002
|
ClickOnce
|
|
AC-17
|
Remote Access
| mitigates |
T1137.002
|
Office Test
|
|
AC-17
|
Remote Access
| mitigates |
T1213
|
Data from Information Repositories
|
|
AC-17
|
Remote Access
| mitigates |
T1213.001
|
Confluence
|
|
AC-17
|
Remote Access
| mitigates |
T1213.002
|
Sharepoint
|
|
AC-17
|
Remote Access
| mitigates |
T1213.005
|
Messaging Applications
|
|
AC-17
|
Remote Access
| mitigates |
T1219
|
Remote Access Software
|
|
AC-17
|
Remote Access
| mitigates |
T1530
|
Data from Cloud Storage
|
|
AC-17
|
Remote Access
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
AC-17
|
Remote Access
| mitigates |
T1543
|
Create or Modify System Process
|
|
AC-17
|
Remote Access
| mitigates |
T1547.003
|
Time Providers
|
|
AC-17
|
Remote Access
| mitigates |
T1547.004
|
Winlogon Helper DLL
|
|
AC-17
|
Remote Access
| mitigates |
T1547.009
|
Shortcut Modification
|
|
AC-17
|
Remote Access
| mitigates |
T1550.001
|
Application Access Token
|
|
AC-17
|
Remote Access
| mitigates |
T1552
|
Unsecured Credentials
|
|
AC-17
|
Remote Access
| mitigates |
T1552.004
|
Private Keys
|
|
AC-17
|
Remote Access
| mitigates |
T1557
|
Adversary-in-the-Middle
|
|
AC-17
|
Remote Access
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
AC-17
|
Remote Access
| mitigates |
T1563
|
Remote Service Session Hijacking
|
|
AC-17
|
Remote Access
| mitigates |
T1565
|
Data Manipulation
|
|
AC-17
|
Remote Access
| mitigates |
T1610
|
Deploy Container
|
|
AC-17
|
Remote Access
| mitigates |
T1651
|
Cloud Administration Command
|
|
CA-03
|
Information Exchange
| mitigates |
T1020.001
|
Traffic Duplication
|
|
SC-04
|
Information in Shared System Resources
| mitigates |
T1020.001
|
Traffic Duplication
|
|
SC-08
|
Transmission Confidentiality and Integrity
| mitigates |
T1020.001
|
Traffic Duplication
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1036
|
Masquerading
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1036
|
Masquerading
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1213.003
|
Code Repositories
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1546
|
Event Triggered Execution
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1553
|
Subvert Trust Controls
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1554
|
Compromise Host Software Binary
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1562.006
|
Indicator Blocking
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1566
|
Phishing
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1566.001
|
Spearphishing Attachment
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1566.002
|
Spearphishing Link
|
|
IA-09
|
Service Identification and Authentication
| mitigates |
T1598.003
|
Spearphishing Link
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1053
|
Scheduled Task/Job
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1213
|
Data from Information Repositories
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1213.001
|
Confluence
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1213.002
|
Sharepoint
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1213.005
|
Messaging Applications
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1528
|
Steal Application Access Token
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1530
|
Data from Cloud Storage
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1542
|
Pre-OS Boot
|
|
IA-08
|
Identification and Authentication (Non-Organizational Users)
| mitigates |
T1542.001
|
System Firmware
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1119
|
Automated Collection
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1485
|
Data Destruction
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1565
|
Data Manipulation
|
|
SC-10
|
Network Disconnect
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-20
|
Secure Name/Address Resolution Service (Authoritative Source)
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-21
|
Secure Name/Address Resolution Service (Recursive or Caching Resolver)
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-22
|
Architecture and Provisioning for Name/Address Resolution Service
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-23
|
Session Authenticity
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-10
|
Network Disconnect
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
SC-10
|
Network Disconnect
| mitigates |
T1071.003
|
Mail Protocols
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1072
|
Software Deployment Tools
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1078
|
Valid Accounts
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1078.001
|
Default Accounts
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1078.003
|
Local Accounts
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1078.004
|
Cloud Accounts
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1213.003
|
Code Repositories
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1542
|
Pre-OS Boot
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1542.001
|
System Firmware
|
|
SA-10
|
Developer Configuration Management
| mitigates |
T1553
|
Subvert Trust Controls
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1072
|
Software Deployment Tools
|
|
SC-17
|
Public Key Infrastructure Certificates
| mitigates |
T1072
|
Software Deployment Tools
|
|
IA-12
|
Identity Proofing
| mitigates |
T1078
|
Valid Accounts
|
|
IA-12
|
Identity Proofing
| mitigates |
T1078.003
|
Local Accounts
|
|
IA-12
|
Identity Proofing
| mitigates |
T1078.004
|
Cloud Accounts
|
|
SA-11
|
Developer Testing and Evaluation
| mitigates |
T1078
|
Valid Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1078
|
Valid Accounts
|
|
SA-17
|
Developer Security and Privacy Architecture and Design
| mitigates |
T1078
|
Valid Accounts
|
|
SA-03
|
System Development Life Cycle
| mitigates |
T1078
|
Valid Accounts
|
|
SA-04
|
Acquisition Process
| mitigates |
T1078
|
Valid Accounts
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1078
|
Valid Accounts
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1078.002
|
Domain Accounts
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1078.004
|
Cloud Accounts
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1111
|
Multi-Factor Authentication Interception
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1134
|
Access Token Manipulation
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1134.001
|
Token Impersonation/Theft
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1134.003
|
Make and Impersonate Token
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1134.005
|
SID-History Injection
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1528
|
Steal Application Access Token
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1556
|
Modify Authentication Process
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1556.006
|
Multi-Factor Authentication
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1556.007
|
Hybrid Identity
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1556.009
|
Conditional Access Policies
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1606
|
Forge Web Credentials
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1606.002
|
SAML Tokens
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1621
|
Multi-Factor Authentication Request Generation
|
|
IA-13
|
Identity Providers and Authorization Servers
| mitigates |
T1649
|
Steal or Forge Authentication Certificates
|
|
SA-16
|
Developer-provided Training
| mitigates |
T1078.001
|
Default Accounts
|
|
IA-11
|
Re-authentication
| mitigates |
T1110
|
Brute Force
|
|
IA-11
|
Re-authentication
| mitigates |
T1556.006
|
Multi-Factor Authentication
|
|
IA-11
|
Re-authentication
| mitigates |
T1556.007
|
Hybrid Identity
|
|
CA-02
|
Control Assessments
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CM-08
|
System Component Inventory
| mitigates |
T1195
|
Supply Chain Compromise
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
IA-07
|
Cryptographic Module Authentication
| mitigates |
T1542
|
Pre-OS Boot
|
|
IA-07
|
Cryptographic Module Authentication
| mitigates |
T1542.001
|
System Firmware
|
|
IA-07
|
Cryptographic Module Authentication
| mitigates |
T1553
|
Subvert Trust Controls
|
|
MP-07
|
Media Use
| mitigates |
T1092
|
Communication Through Removable Media
|
|
CA-02
|
Control Assessments
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CA-02
|
Control Assessments
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SC-29
|
Heterogeneity
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
SC-29
|
Heterogeneity
| mitigates |
T1203
|
Exploitation for Client Execution
|
|
RA-10
|
Threat Hunting
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
RA-10
|
Threat Hunting
| mitigates |
T1195
|
Supply Chain Compromise
|
|
RA-10
|
Threat Hunting
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SC-30
|
Concealment and Misdirection
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
SC-30
|
Concealment and Misdirection
| mitigates |
T1203
|
Exploitation for Client Execution
|
|
AC-21
|
Information Sharing
| mitigates |
T1213
|
Data from Information Repositories
|
|
AC-21
|
Information Sharing
| mitigates |
T1213.001
|
Confluence
|
|
AC-21
|
Information Sharing
| mitigates |
T1213.002
|
Sharepoint
|
|
AC-21
|
Information Sharing
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
AC-21
|
Information Sharing
| mitigates |
T1213.005
|
Messaging Applications
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1485
|
Data Destruction
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1485.001
|
Lifecycle-Triggered Deletion
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1565
|
Data Manipulation
|
|
CP-02
|
Contingency Plan
| mitigates |
T1485
|
Data Destruction
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1071.003
|
Mail Protocols
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1114
|
Email Collection
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1114.001
|
Local Email Collection
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1114.002
|
Remote Email Collection
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1114.003
|
Email Forwarding Rule
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1213
|
Data from Information Repositories
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1213.005
|
Messaging Applications
|
|
SC-37
|
Out-of-band Channels
| mitigates |
T1489
|
Service Stop
|
|
IA-03
|
Device Identification and Authentication
| mitigates |
T1530
|
Data from Cloud Storage
|
|
SA-22
|
Unsupported System Components
| mitigates |
T1195
|
Supply Chain Compromise
|
|
SA-22
|
Unsupported System Components
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
SA-22
|
Unsupported System Components
| mitigates |
T1543
|
Create or Modify System Process
|
|
SA-22
|
Unsupported System Components
| mitigates |
T1543.002
|
Systemd Service
|
|
SI-14
|
Non-persistence
| mitigates |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
SI-14
|
Non-persistence
| mitigates |
T1547.004
|
Winlogon Helper DLL
|
|
SC-13
|
Cryptographic Protection
| mitigates |
T1557.004
|
Evil Twin
|
|
SC-40
|
Wireless Link Protection
| mitigates |
T1557.004
|
Evil Twin
|
|
SC-18
|
Mobile Code
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
SC-18
|
Mobile Code
| mitigates |
T1127.002
|
ClickOnce
|
|
SC-18
|
Mobile Code
| mitigates |
T1137.002
|
Office Test
|
|
SC-18
|
Mobile Code
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
SC-18
|
Mobile Code
| mitigates |
T1203
|
Exploitation for Client Execution
|
|
SC-18
|
Mobile Code
| mitigates |
T1218.015
|
Electron Applications
|
|
SC-18
|
Mobile Code
| mitigates |
T1548
|
Abuse Elevation Control Mechanism
|
|
CP-02
|
Contingency Plan
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CM-10
|
Software Usage Restrictions
| mitigates |
T1550.001
|
Application Access Token
|
|
CM-10
|
Software Usage Restrictions
| mitigates |
T1553
|
Subvert Trust Controls
|
|
CM-10
|
Software Usage Restrictions
| mitigates |
T1562.006
|
Indicator Blocking
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1119
|
Automated Collection
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1565
|
Data Manipulation
|
|
SC-36
|
Distributed Processing and Storage
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
SC-36
|
Distributed Processing and Storage
| mitigates |
T1119
|
Automated Collection
|
|
SC-36
|
Distributed Processing and Storage
| mitigates |
T1565
|
Data Manipulation
|
|
SI-23
|
Information Fragmentation
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
SI-23
|
Information Fragmentation
| mitigates |
T1072
|
Software Deployment Tools
|
|
SI-23
|
Information Fragmentation
| mitigates |
T1119
|
Automated Collection
|
|
SI-23
|
Information Fragmentation
| mitigates |
T1565
|
Data Manipulation
|
|
CP-09
|
System Backup
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-09
|
System Backup
| mitigates |
T1119
|
Automated Collection
|
|
CP-09
|
System Backup
| mitigates |
T1485
|
Data Destruction
|
|
CP-09
|
System Backup
| mitigates |
T1485.001
|
Lifecycle-Triggered Deletion
|
|
CP-09
|
System Backup
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-09
|
System Backup
| mitigates |
T1565
|
Data Manipulation
|
|
AC-23
|
Data Mining Protection
| mitigates |
T1213
|
Data from Information Repositories
|
|
AC-23
|
Data Mining Protection
| mitigates |
T1213.001
|
Confluence
|
|
AC-23
|
Data Mining Protection
| mitigates |
T1213.002
|
Sharepoint
|
|
AC-23
|
Data Mining Protection
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
AC-23
|
Data Mining Protection
| mitigates |
T1213.005
|
Messaging Applications
|
|
CA-03
|
Information Exchange
| mitigates |
T1078
|
Valid Accounts
|
|
SA-09
|
External System Services
| mitigates |
T1072
|
Software Deployment Tools
|
|
SC-31
|
Covert Channel Analysis
| mitigates |
T1071
|
Application Layer Protocol
|
|
SC-31
|
Covert Channel Analysis
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
SC-31
|
Covert Channel Analysis
| mitigates |
T1071.003
|
Mail Protocols
|
|
SC-31
|
Covert Channel Analysis
| mitigates |
T1071.005
|
Publish/Subscribe Protocols
|
|
SC-21
|
Secure Name/Address Resolution Service (Recursive or Caching Resolver)
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
SC-21
|
Secure Name/Address Resolution Service (Recursive or Caching Resolver)
| mitigates |
T1071.003
|
Mail Protocols
|
|
SC-22
|
Architecture and Provisioning for Name/Address Resolution Service
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
SC-22
|
Architecture and Provisioning for Name/Address Resolution Service
| mitigates |
T1071.003
|
Mail Protocols
|
|
CM-11
|
User-installed Software
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
CM-11
|
User-installed Software
| mitigates |
T1059.006
|
Python
|
|
CM-11
|
User-installed Software
| mitigates |
T1072
|
Software Deployment Tools
|
|
CM-11
|
User-installed Software
| mitigates |
T1176
|
Browser Extensions
|
|
CM-11
|
User-installed Software
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CM-11
|
User-installed Software
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CM-11
|
User-installed Software
| mitigates |
T1218
|
System Binary Proxy Execution
|
|
CM-11
|
User-installed Software
| mitigates |
T1543
|
Create or Modify System Process
|
|
CM-11
|
User-installed Software
| mitigates |
T1543.002
|
Systemd Service
|
|
CM-11
|
User-installed Software
| mitigates |
T1543.003
|
Windows Service
|
|
CM-11
|
User-installed Software
| mitigates |
T1550.001
|
Application Access Token
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1521.003
|
SSL Pinning
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1552
|
Unsecured Credentials
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1552.001
|
Credentials In Files
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1552.004
|
Private Keys
|
|
SC-12
|
Cryptographic Key Establishment and Management
| mitigates |
T1573
|
Encrypted Channel
|
|
SC-16
|
Transmission of Security and Privacy Attributes
| mitigates |
T1573
|
Encrypted Channel
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1078.001
|
Default Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1078.003
|
Local Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1078.004
|
Cloud Accounts
|
|
SA-15
|
Development Process, Standards, and Tools
| mitigates |
T1213.003
|
Code Repositories
|
