1. Home
  2. Mapping Frameworks
  3. NIST 800-53 Home

NIST 800-53

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. These mappings provide resources for assessing security control coverage of real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat intelligence into the risk management process. Shared understanding of how the implementation of NIST 800-53 security controls in an environment can mitigate adversary techniques of interest is an important step to bring security operations teams and risk management teams together to build a structured, threat-informed approach to securing systems and environments.

NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 16.1, 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise

NIST 800-53 Mapping Methodology | Mapping Scope

Download Mapping Artifacts:

download JSON

download YAML

download CSV

download Excel

download STIX Bundles

download Navigator Layers

SELECT VERSIONS

NIST 800-53 Version

ATT&CK Version

ATT&CK Domain

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
AC Access Control 1400 18
CA Security Assessment and Authorization 222 3
CM Configuration Management 1245 9
SC System and Communications Protection 538 34
SI System and Information Integrity 1146 12
CP Contingency Planning 67 5
IA Identification and Authentication 382 11
SA System and Services Acquisition 129 10
RA Risk Assessment 127 3
MP Media Protection 6 1
SR Supply Chain Risk Management 52 3

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-03 Configuration Change Control mitigates T1666 Modify Cloud Resource Hierarchy
AC-02 Account Management mitigates T1556.009 Conditional Access Policies
SC-05 Denial-of-service Protection mitigates T1496.003 SMS Pumping
AC-06 Least Privilege mitigates T1110 Brute Force
AC-02 Account Management mitigates T1613 Container and Resource Discovery
AC-02 Account Management mitigates T1619 Cloud Storage Object Discovery
AC-04 Information Flow Enforcement mitigates T1001 Data Obfuscation
AC-02 Account Management mitigates T1070.009 Clear Persistence
CA-07 Continuous Monitoring mitigates T1001 Data Obfuscation
CA-07 Continuous Monitoring mitigates T1001.001 Junk Data
CA-07 Continuous Monitoring mitigates T1001.003 Protocol or Service Impersonation
CA-07 Continuous Monitoring mitigates T1003 OS Credential Dumping
CA-07 Continuous Monitoring mitigates T1003.001 LSASS Memory
CA-07 Continuous Monitoring mitigates T1003.005 Cached Domain Credentials
CA-07 Continuous Monitoring mitigates T1003.007 Proc Filesystem
CA-07 Continuous Monitoring mitigates T1036 Masquerading
CA-07 Continuous Monitoring mitigates T1037 Boot or Logon Initialization Scripts
CA-07 Continuous Monitoring mitigates T1056.002 GUI Input Capture
CA-07 Continuous Monitoring mitigates T1059 Command and Scripting Interpreter
CA-07 Continuous Monitoring mitigates T1059.010 AutoHotKey & AutoIT
CA-07 Continuous Monitoring mitigates T1070.001 Clear Windows Event Logs
CA-07 Continuous Monitoring mitigates T1070.003 Clear Command History
CA-07 Continuous Monitoring mitigates T1071 Application Layer Protocol
CA-07 Continuous Monitoring mitigates T1071.002 File Transfer Protocols
CA-07 Continuous Monitoring mitigates T1071.003 Mail Protocols
CA-07 Continuous Monitoring mitigates T1072 Software Deployment Tools
CA-07 Continuous Monitoring mitigates T1078 Valid Accounts
CA-07 Continuous Monitoring mitigates T1078.001 Default Accounts
CA-07 Continuous Monitoring mitigates T1078.003 Local Accounts
CA-07 Continuous Monitoring mitigates T1078.004 Cloud Accounts
CA-07 Continuous Monitoring mitigates T1090.003 Multi-hop Proxy
CA-07 Continuous Monitoring mitigates T1102 Web Service
CA-07 Continuous Monitoring mitigates T1105 Ingress Tool Transfer
CA-07 Continuous Monitoring mitigates T1110 Brute Force
CA-07 Continuous Monitoring mitigates T1176 Browser Extensions
CA-07 Continuous Monitoring mitigates T1190 Exploit Public-Facing Application
CA-07 Continuous Monitoring mitigates T1195 Supply Chain Compromise
CA-07 Continuous Monitoring mitigates T1195.001 Compromise Software Dependencies and Development Tools
CA-07 Continuous Monitoring mitigates T1203 Exploitation for Client Execution
CA-07 Continuous Monitoring mitigates T1204 User Execution
CA-07 Continuous Monitoring mitigates T1204.002 Malicious File
CA-07 Continuous Monitoring mitigates T1213 Data from Information Repositories
CA-07 Continuous Monitoring mitigates T1213.001 Confluence
CA-07 Continuous Monitoring mitigates T1213.002 Sharepoint
CA-07 Continuous Monitoring mitigates T1213.003 Code Repositories
CA-07 Continuous Monitoring mitigates T1213.004 Customer Relationship Management Software
CA-07 Continuous Monitoring mitigates T1213.005 Messaging Applications
CA-07 Continuous Monitoring mitigates T1218 System Binary Proxy Execution
CA-07 Continuous Monitoring mitigates T1218.011 Rundll32
CA-07 Continuous Monitoring mitigates T1218.015 Electron Applications
CA-07 Continuous Monitoring mitigates T1219 Remote Access Software
CA-07 Continuous Monitoring mitigates T1489 Service Stop
CA-07 Continuous Monitoring mitigates T1528 Steal Application Access Token
CA-07 Continuous Monitoring mitigates T1530 Data from Cloud Storage
CA-07 Continuous Monitoring mitigates T1537 Transfer Data to Cloud Account
CA-07 Continuous Monitoring mitigates T1539 Steal Web Session Cookie
CA-07 Continuous Monitoring mitigates T1543 Create or Modify System Process
CA-07 Continuous Monitoring mitigates T1543.002 Systemd Service
CA-07 Continuous Monitoring mitigates T1546.003 Windows Management Instrumentation Event Subscription
CA-07 Continuous Monitoring mitigates T1546.016 Installer Packages
CA-07 Continuous Monitoring mitigates T1547.003 Time Providers
CA-07 Continuous Monitoring mitigates T1548 Abuse Elevation Control Mechanism
CA-07 Continuous Monitoring mitigates T1548.006 TCC Manipulation
CA-07 Continuous Monitoring mitigates T1552 Unsecured Credentials
CA-07 Continuous Monitoring mitigates T1552.001 Credentials In Files
CA-07 Continuous Monitoring mitigates T1552.004 Private Keys
CA-07 Continuous Monitoring mitigates T1555 Credentials from Password Stores
CA-07 Continuous Monitoring mitigates T1555.002 Securityd Memory
CA-07 Continuous Monitoring mitigates T1556 Modify Authentication Process
CA-07 Continuous Monitoring mitigates T1556.001 Domain Controller Authentication
CA-07 Continuous Monitoring mitigates T1557 Adversary-in-the-Middle
CA-07 Continuous Monitoring mitigates T1557.004 Evil Twin
CA-07 Continuous Monitoring mitigates T1558 Steal or Forge Kerberos Tickets
CA-07 Continuous Monitoring mitigates T1558.005 Ccache Files
CA-07 Continuous Monitoring mitigates T1562 Impair Defenses
CA-07 Continuous Monitoring mitigates T1562.004 Disable or Modify System Firewall
CA-07 Continuous Monitoring mitigates T1562.006 Indicator Blocking
CA-07 Continuous Monitoring mitigates T1564.004 NTFS File Attributes
CA-07 Continuous Monitoring mitigates T1565 Data Manipulation
CA-07 Continuous Monitoring mitigates T1566 Phishing
CA-07 Continuous Monitoring mitigates T1566.001 Spearphishing Attachment
CA-07 Continuous Monitoring mitigates T1566.002 Spearphishing Link
CA-07 Continuous Monitoring mitigates T1566.003 Spearphishing via Service
CA-07 Continuous Monitoring mitigates T1572 Protocol Tunneling
CA-07 Continuous Monitoring mitigates T1573 Encrypted Channel
CA-07 Continuous Monitoring mitigates T1574.014 AppDomainManager
CA-07 Continuous Monitoring mitigates T1598.003 Spearphishing Link
CM-06 Configuration Settings mitigates T1001 Data Obfuscation
CM-06 Configuration Settings mitigates T1001.001 Junk Data
CM-06 Configuration Settings mitigates T1001.003 Protocol or Service Impersonation
CM-06 Configuration Settings mitigates T1003 OS Credential Dumping
CM-06 Configuration Settings mitigates T1003.001 LSASS Memory
CM-06 Configuration Settings mitigates T1003.005 Cached Domain Credentials
CM-06 Configuration Settings mitigates T1003.007 Proc Filesystem
CM-06 Configuration Settings mitigates T1020.001 Traffic Duplication
CM-06 Configuration Settings mitigates T1021 Remote Services
CM-06 Configuration Settings mitigates T1027 Obfuscated Files or Information
CM-06 Configuration Settings mitigates T1036 Masquerading
CM-06 Configuration Settings mitigates T1036.010 Masquerade Account Name
CM-06 Configuration Settings mitigates T1037 Boot or Logon Initialization Scripts
CM-06 Configuration Settings mitigates T1047 Windows Management Instrumentation
CM-06 Configuration Settings mitigates T1053 Scheduled Task/Job
CM-06 Configuration Settings mitigates T1053.002 At
CM-06 Configuration Settings mitigates T1053.005 Scheduled Task
CM-06 Configuration Settings mitigates T1059 Command and Scripting Interpreter
CM-06 Configuration Settings mitigates T1059.006 Python
CM-06 Configuration Settings mitigates T1059.010 AutoHotKey & AutoIT
CM-06 Configuration Settings mitigates T1059.011 Lua
CM-06 Configuration Settings mitigates T1070.001 Clear Windows Event Logs
CM-06 Configuration Settings mitigates T1070.003 Clear Command History
CM-06 Configuration Settings mitigates T1071 Application Layer Protocol
CM-06 Configuration Settings mitigates T1071.002 File Transfer Protocols
CM-06 Configuration Settings mitigates T1071.003 Mail Protocols
CM-06 Configuration Settings mitigates T1072 Software Deployment Tools
CM-06 Configuration Settings mitigates T1078 Valid Accounts
CM-06 Configuration Settings mitigates T1078.003 Local Accounts
CM-06 Configuration Settings mitigates T1078.004 Cloud Accounts
CM-06 Configuration Settings mitigates T1087 Account Discovery
CM-06 Configuration Settings mitigates T1087.001 Local Account
CM-06 Configuration Settings mitigates T1087.002 Domain Account
CM-06 Configuration Settings mitigates T1090.003 Multi-hop Proxy
CM-06 Configuration Settings mitigates T1092 Communication Through Removable Media
CM-06 Configuration Settings mitigates T1098 Account Manipulation
CM-06 Configuration Settings mitigates T1098.001 Additional Cloud Credentials
CM-06 Configuration Settings mitigates T1098.002 Additional Email Delegate Permissions
CM-06 Configuration Settings mitigates T1098.003 Additional Cloud Roles
CM-06 Configuration Settings mitigates T1098.005 Device Registration
CM-06 Configuration Settings mitigates T1098.007 Additional Local or Domain Groups
CM-06 Configuration Settings mitigates T1102 Web Service
CM-06 Configuration Settings mitigates T1105 Ingress Tool Transfer
CM-06 Configuration Settings mitigates T1110 Brute Force
CM-06 Configuration Settings mitigates T1114 Email Collection
CM-06 Configuration Settings mitigates T1114.002 Remote Email Collection
CM-06 Configuration Settings mitigates T1114.003 Email Forwarding Rule
CM-06 Configuration Settings mitigates T1119 Automated Collection
CM-06 Configuration Settings mitigates T1127.002 ClickOnce
CM-06 Configuration Settings mitigates T1134.001 Token Impersonation/Theft
CM-06 Configuration Settings mitigates T1134.003 Make and Impersonate Token
CM-06 Configuration Settings mitigates T1136 Create Account
CM-06 Configuration Settings mitigates T1136.002 Domain Account
CM-06 Configuration Settings mitigates T1136.003 Cloud Account
CM-06 Configuration Settings mitigates T1137.002 Office Test
CM-06 Configuration Settings mitigates T1176 Browser Extensions
CM-06 Configuration Settings mitigates T1190 Exploit Public-Facing Application
CM-06 Configuration Settings mitigates T1195 Supply Chain Compromise
CM-06 Configuration Settings mitigates T1195.001 Compromise Software Dependencies and Development Tools
CM-06 Configuration Settings mitigates T1204 User Execution
CM-06 Configuration Settings mitigates T1204.002 Malicious File
CM-06 Configuration Settings mitigates T1213 Data from Information Repositories
CM-06 Configuration Settings mitigates T1213.001 Confluence
CM-06 Configuration Settings mitigates T1213.002 Sharepoint
CM-06 Configuration Settings mitigates T1213.004 Customer Relationship Management Software
CM-06 Configuration Settings mitigates T1213.005 Messaging Applications
CM-06 Configuration Settings mitigates T1216.002 SyncAppvPublishingServer
CM-06 Configuration Settings mitigates T1218 System Binary Proxy Execution
CM-06 Configuration Settings mitigates T1218.015 Electron Applications
CM-06 Configuration Settings mitigates T1219 Remote Access Software
CM-06 Configuration Settings mitigates T1484 Domain or Tenant Policy Modification
CM-06 Configuration Settings mitigates T1489 Service Stop
CM-06 Configuration Settings mitigates T1490 Inhibit System Recovery
CM-06 Configuration Settings mitigates T1505.003 Web Shell
CM-06 Configuration Settings mitigates T1528 Steal Application Access Token
CM-06 Configuration Settings mitigates T1530 Data from Cloud Storage
CM-06 Configuration Settings mitigates T1537 Transfer Data to Cloud Account
CM-06 Configuration Settings mitigates T1539 Steal Web Session Cookie
CM-06 Configuration Settings mitigates T1542 Pre-OS Boot
CM-06 Configuration Settings mitigates T1542.001 System Firmware
CM-06 Configuration Settings mitigates T1543 Create or Modify System Process
CM-06 Configuration Settings mitigates T1543.002 Systemd Service
CM-06 Configuration Settings mitigates T1546 Event Triggered Execution
CM-06 Configuration Settings mitigates T1546.003 Windows Management Instrumentation Event Subscription
CM-06 Configuration Settings mitigates T1546.016 Installer Packages
CM-06 Configuration Settings mitigates T1547.003 Time Providers
CM-06 Configuration Settings mitigates T1547.009 Shortcut Modification
CM-06 Configuration Settings mitigates T1548 Abuse Elevation Control Mechanism
CM-06 Configuration Settings mitigates T1548.006 TCC Manipulation
CM-06 Configuration Settings mitigates T1550 Use Alternate Authentication Material
CM-06 Configuration Settings mitigates T1550.001 Application Access Token
CM-06 Configuration Settings mitigates T1552 Unsecured Credentials
CM-06 Configuration Settings mitigates T1552.001 Credentials In Files
CM-06 Configuration Settings mitigates T1552.004 Private Keys
CM-06 Configuration Settings mitigates T1553 Subvert Trust Controls
CM-06 Configuration Settings mitigates T1554 Compromise Host Software Binary
CM-06 Configuration Settings mitigates T1555.005 Password Managers
CM-06 Configuration Settings mitigates T1556 Modify Authentication Process
CM-06 Configuration Settings mitigates T1556.001 Domain Controller Authentication
CM-06 Configuration Settings mitigates T1556.009 Conditional Access Policies
CM-06 Configuration Settings mitigates T1557 Adversary-in-the-Middle
CM-06 Configuration Settings mitigates T1557.004 Evil Twin
CM-06 Configuration Settings mitigates T1558 Steal or Forge Kerberos Tickets
CM-06 Configuration Settings mitigates T1562 Impair Defenses
CM-06 Configuration Settings mitigates T1562.004 Disable or Modify System Firewall
CM-06 Configuration Settings mitigates T1562.006 Indicator Blocking
CM-06 Configuration Settings mitigates T1563 Remote Service Session Hijacking
CM-06 Configuration Settings mitigates T1565 Data Manipulation
CM-06 Configuration Settings mitigates T1566 Phishing
CM-06 Configuration Settings mitigates T1566.001 Spearphishing Attachment
CM-06 Configuration Settings mitigates T1566.002 Spearphishing Link
CM-06 Configuration Settings mitigates T1572 Protocol Tunneling
CM-06 Configuration Settings mitigates T1573 Encrypted Channel
CM-06 Configuration Settings mitigates T1574.001 DLL Search Order Hijacking
CM-06 Configuration Settings mitigates T1574.014 AppDomainManager
CM-06 Configuration Settings mitigates T1590.002 DNS
CM-06 Configuration Settings mitigates T1598.003 Spearphishing Link
CM-06 Configuration Settings mitigates T1610 Deploy Container
CM-06 Configuration Settings mitigates T1611 Escape to Host
CM-06 Configuration Settings mitigates T1648 Serverless Execution
SC-07 Boundary Protection mitigates T1001 Data Obfuscation
SI-03 Malicious Code Protection mitigates T1001 Data Obfuscation
SI-04 System Monitoring mitigates T1001 Data Obfuscation
CM-05 Access Restrictions for Change mitigates T1003 OS Credential Dumping
CM-05 Access Restrictions for Change mitigates T1003.001 LSASS Memory
CM-05 Access Restrictions for Change mitigates T1003.005 Cached Domain Credentials
CM-05 Access Restrictions for Change mitigates T1003.007 Proc Filesystem
CM-05 Access Restrictions for Change mitigates T1020.001 Traffic Duplication
CM-05 Access Restrictions for Change mitigates T1021 Remote Services
CM-05 Access Restrictions for Change mitigates T1047 Windows Management Instrumentation
CM-05 Access Restrictions for Change mitigates T1053 Scheduled Task/Job
CM-05 Access Restrictions for Change mitigates T1053.002 At
CM-05 Access Restrictions for Change mitigates T1053.005 Scheduled Task
CM-05 Access Restrictions for Change mitigates T1059 Command and Scripting Interpreter
CM-05 Access Restrictions for Change mitigates T1059.006 Python
CM-05 Access Restrictions for Change mitigates T1072 Software Deployment Tools
CM-05 Access Restrictions for Change mitigates T1078 Valid Accounts
CM-05 Access Restrictions for Change mitigates T1078.003 Local Accounts
CM-05 Access Restrictions for Change mitigates T1078.004 Cloud Accounts
CM-05 Access Restrictions for Change mitigates T1098 Account Manipulation
CM-05 Access Restrictions for Change mitigates T1098.001 Additional Cloud Credentials
CM-05 Access Restrictions for Change mitigates T1098.002 Additional Email Delegate Permissions
CM-05 Access Restrictions for Change mitigates T1098.003 Additional Cloud Roles
CM-05 Access Restrictions for Change mitigates T1098.005 Device Registration
CM-05 Access Restrictions for Change mitigates T1098.007 Additional Local or Domain Groups
CM-05 Access Restrictions for Change mitigates T1134.001 Token Impersonation/Theft
CM-05 Access Restrictions for Change mitigates T1134.003 Make and Impersonate Token
CM-05 Access Restrictions for Change mitigates T1136 Create Account
CM-05 Access Restrictions for Change mitigates T1136.002 Domain Account
CM-05 Access Restrictions for Change mitigates T1136.003 Cloud Account
CM-05 Access Restrictions for Change mitigates T1137.002 Office Test
CM-05 Access Restrictions for Change mitigates T1176 Browser Extensions
CM-05 Access Restrictions for Change mitigates T1190 Exploit Public-Facing Application
CM-05 Access Restrictions for Change mitigates T1195 Supply Chain Compromise
CM-05 Access Restrictions for Change mitigates T1195.001 Compromise Software Dependencies and Development Tools
CM-05 Access Restrictions for Change mitigates T1213 Data from Information Repositories
CM-05 Access Restrictions for Change mitigates T1213.001 Confluence
CM-05 Access Restrictions for Change mitigates T1213.002 Sharepoint
CM-05 Access Restrictions for Change mitigates T1213.005 Messaging Applications
CM-05 Access Restrictions for Change mitigates T1218 System Binary Proxy Execution
CM-05 Access Restrictions for Change mitigates T1218.015 Electron Applications
CM-05 Access Restrictions for Change mitigates T1484 Domain or Tenant Policy Modification
CM-05 Access Restrictions for Change mitigates T1489 Service Stop
CM-05 Access Restrictions for Change mitigates T1528 Steal Application Access Token
CM-05 Access Restrictions for Change mitigates T1530 Data from Cloud Storage
CM-05 Access Restrictions for Change mitigates T1537 Transfer Data to Cloud Account
CM-05 Access Restrictions for Change mitigates T1542 Pre-OS Boot
CM-05 Access Restrictions for Change mitigates T1542.001 System Firmware
CM-05 Access Restrictions for Change mitigates T1543 Create or Modify System Process
CM-05 Access Restrictions for Change mitigates T1543.002 Systemd Service
CM-05 Access Restrictions for Change mitigates T1543.003 Windows Service
CM-05 Access Restrictions for Change mitigates T1546.003 Windows Management Instrumentation Event Subscription
CM-05 Access Restrictions for Change mitigates T1546.016 Installer Packages
CM-05 Access Restrictions for Change mitigates T1547.003 Time Providers
CM-05 Access Restrictions for Change mitigates T1547.004 Winlogon Helper DLL
CM-05 Access Restrictions for Change mitigates T1547.009 Shortcut Modification
CM-05 Access Restrictions for Change mitigates T1548 Abuse Elevation Control Mechanism
CM-05 Access Restrictions for Change mitigates T1548.005 Temporary Elevated Cloud Access
CM-05 Access Restrictions for Change mitigates T1548.006 TCC Manipulation
CM-05 Access Restrictions for Change mitigates T1550 Use Alternate Authentication Material
CM-05 Access Restrictions for Change mitigates T1552 Unsecured Credentials
CM-05 Access Restrictions for Change mitigates T1553 Subvert Trust Controls
CM-05 Access Restrictions for Change mitigates T1554 Compromise Host Software Binary
CM-05 Access Restrictions for Change mitigates T1556 Modify Authentication Process
CM-05 Access Restrictions for Change mitigates T1556.001 Domain Controller Authentication
CM-05 Access Restrictions for Change mitigates T1556.009 Conditional Access Policies
CM-05 Access Restrictions for Change mitigates T1558 Steal or Forge Kerberos Tickets
CM-05 Access Restrictions for Change mitigates T1562 Impair Defenses
CM-05 Access Restrictions for Change mitigates T1562.004 Disable or Modify System Firewall
CM-05 Access Restrictions for Change mitigates T1562.006 Indicator Blocking
CM-05 Access Restrictions for Change mitigates T1562.007 Disable or Modify Cloud Firewall
CM-05 Access Restrictions for Change mitigates T1563 Remote Service Session Hijacking
CM-05 Access Restrictions for Change mitigates T1574.014 AppDomainManager
CM-05 Access Restrictions for Change mitigates T1611 Escape to Host
CM-05 Access Restrictions for Change mitigates T1621 Multi-Factor Authentication Request Generation
CM-07 Least Functionality mitigates T1003 OS Credential Dumping
CP-09 System Backup mitigates T1003 OS Credential Dumping
IA-02 Identification and Authentication (Organizational Users) mitigates T1003 OS Credential Dumping
IA-04 Identifier Management mitigates T1003 OS Credential Dumping
IA-05 Authenticator Management mitigates T1003 OS Credential Dumping
IA-05 Authenticator Management mitigates T1003.001 LSASS Memory
IA-05 Authenticator Management mitigates T1003.005 Cached Domain Credentials
IA-05 Authenticator Management mitigates T1003.007 Proc Filesystem
IA-05 Authenticator Management mitigates T1021 Remote Services
IA-05 Authenticator Management mitigates T1040 Network Sniffing
IA-05 Authenticator Management mitigates T1072 Software Deployment Tools
IA-05 Authenticator Management mitigates T1078 Valid Accounts
IA-05 Authenticator Management mitigates T1078.004 Cloud Accounts
IA-05 Authenticator Management mitigates T1098.001 Additional Cloud Credentials
IA-05 Authenticator Management mitigates T1098.002 Additional Email Delegate Permissions
IA-05 Authenticator Management mitigates T1098.003 Additional Cloud Roles
IA-05 Authenticator Management mitigates T1110 Brute Force
IA-05 Authenticator Management mitigates T1114 Email Collection
IA-05 Authenticator Management mitigates T1114.002 Remote Email Collection
IA-05 Authenticator Management mitigates T1136 Create Account
IA-05 Authenticator Management mitigates T1136.002 Domain Account
IA-05 Authenticator Management mitigates T1136.003 Cloud Account
IA-05 Authenticator Management mitigates T1528 Steal Application Access Token
IA-05 Authenticator Management mitigates T1530 Data from Cloud Storage
IA-05 Authenticator Management mitigates T1539 Steal Web Session Cookie
IA-05 Authenticator Management mitigates T1552 Unsecured Credentials
IA-05 Authenticator Management mitigates T1552.001 Credentials In Files
IA-05 Authenticator Management mitigates T1552.004 Private Keys
IA-05 Authenticator Management mitigates T1555 Credentials from Password Stores
IA-05 Authenticator Management mitigates T1555.002 Securityd Memory
IA-05 Authenticator Management mitigates T1555.005 Password Managers
IA-05 Authenticator Management mitigates T1556 Modify Authentication Process
IA-05 Authenticator Management mitigates T1556.001 Domain Controller Authentication
IA-05 Authenticator Management mitigates T1556.009 Conditional Access Policies
IA-05 Authenticator Management mitigates T1558 Steal or Forge Kerberos Tickets
IA-05 Authenticator Management mitigates T1558.005 Ccache Files
IA-05 Authenticator Management mitigates T1621 Multi-Factor Authentication Request Generation
IA-05 Authenticator Management mitigates T1649 Steal or Forge Authentication Certificates
SC-28 Protection of Information at Rest mitigates T1003 OS Credential Dumping
SC-39 Process Isolation mitigates T1003 OS Credential Dumping
SI-12 Information Management and Retention mitigates T1003 OS Credential Dumping
SI-02 Flaw Remediation mitigates T1003 OS Credential Dumping
SI-07 Software, Firmware, and Information Integrity mitigates T1003 OS Credential Dumping
SC-03 Security Function Isolation mitigates T1003.001 LSASS Memory
SI-16 Memory Protection mitigates T1003.001 LSASS Memory
AC-17 Remote Access mitigates T1020.001 Traffic Duplication
AC-17 Remote Access mitigates T1021 Remote Services
AC-17 Remote Access mitigates T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access mitigates T1040 Network Sniffing
AC-17 Remote Access mitigates T1047 Windows Management Instrumentation
AC-17 Remote Access mitigates T1059 Command and Scripting Interpreter
AC-17 Remote Access mitigates T1059.006 Python
AC-17 Remote Access mitigates T1070.001 Clear Windows Event Logs
AC-17 Remote Access mitigates T1114 Email Collection
AC-17 Remote Access mitigates T1114.002 Remote Email Collection
AC-17 Remote Access mitigates T1114.003 Email Forwarding Rule
AC-17 Remote Access mitigates T1119 Automated Collection
AC-17 Remote Access mitigates T1127.002 ClickOnce
AC-17 Remote Access mitigates T1137.002 Office Test
AC-17 Remote Access mitigates T1213 Data from Information Repositories
AC-17 Remote Access mitigates T1213.001 Confluence
AC-17 Remote Access mitigates T1213.002 Sharepoint
AC-17 Remote Access mitigates T1213.005 Messaging Applications
AC-17 Remote Access mitigates T1219 Remote Access Software
AC-17 Remote Access mitigates T1530 Data from Cloud Storage
AC-17 Remote Access mitigates T1537 Transfer Data to Cloud Account
AC-17 Remote Access mitigates T1543 Create or Modify System Process
AC-17 Remote Access mitigates T1547.003 Time Providers
AC-17 Remote Access mitigates T1547.004 Winlogon Helper DLL
AC-17 Remote Access mitigates T1547.009 Shortcut Modification
AC-17 Remote Access mitigates T1550.001 Application Access Token
AC-17 Remote Access mitigates T1552 Unsecured Credentials
AC-17 Remote Access mitigates T1552.004 Private Keys
AC-17 Remote Access mitigates T1557 Adversary-in-the-Middle
AC-17 Remote Access mitigates T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access mitigates T1563 Remote Service Session Hijacking
AC-17 Remote Access mitigates T1565 Data Manipulation
AC-17 Remote Access mitigates T1610 Deploy Container
AC-17 Remote Access mitigates T1651 Cloud Administration Command
CA-03 Information Exchange mitigates T1020.001 Traffic Duplication
SC-04 Information in Shared System Resources mitigates T1020.001 Traffic Duplication
SC-08 Transmission Confidentiality and Integrity mitigates T1020.001 Traffic Duplication
IA-09 Service Identification and Authentication mitigates T1036 Masquerading
IA-09 Service Identification and Authentication mitigates T1036 Masquerading
IA-09 Service Identification and Authentication mitigates T1059 Command and Scripting Interpreter
IA-09 Service Identification and Authentication mitigates T1213.003 Code Repositories
IA-09 Service Identification and Authentication mitigates T1546 Event Triggered Execution
IA-09 Service Identification and Authentication mitigates T1553 Subvert Trust Controls
IA-09 Service Identification and Authentication mitigates T1554 Compromise Host Software Binary
IA-09 Service Identification and Authentication mitigates T1562.006 Indicator Blocking
IA-09 Service Identification and Authentication mitigates T1566 Phishing
IA-09 Service Identification and Authentication mitigates T1566.001 Spearphishing Attachment
IA-09 Service Identification and Authentication mitigates T1566.002 Spearphishing Link
IA-09 Service Identification and Authentication mitigates T1598.003 Spearphishing Link
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1053 Scheduled Task/Job
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1059 Command and Scripting Interpreter
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1190 Exploit Public-Facing Application
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213 Data from Information Repositories
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213.001 Confluence
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213.002 Sharepoint
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213.004 Customer Relationship Management Software
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213.005 Messaging Applications
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1528 Steal Application Access Token
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1530 Data from Cloud Storage
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1537 Transfer Data to Cloud Account
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1542 Pre-OS Boot
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1542.001 System Firmware
CP-07 Alternate Processing Site mitigates T1070.001 Clear Windows Event Logs
CP-07 Alternate Processing Site mitigates T1119 Automated Collection
CP-07 Alternate Processing Site mitigates T1485 Data Destruction
CP-07 Alternate Processing Site mitigates T1490 Inhibit System Recovery
CP-07 Alternate Processing Site mitigates T1565 Data Manipulation
SC-10 Network Disconnect mitigates T1071 Application Layer Protocol
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1071 Application Layer Protocol
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1071 Application Layer Protocol
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1071 Application Layer Protocol
SC-23 Session Authenticity mitigates T1071 Application Layer Protocol
SC-37 Out-of-band Channels mitigates T1071 Application Layer Protocol
SC-10 Network Disconnect mitigates T1071.002 File Transfer Protocols
SC-10 Network Disconnect mitigates T1071.003 Mail Protocols
SA-10 Developer Configuration Management mitigates T1072 Software Deployment Tools
SA-10 Developer Configuration Management mitigates T1078 Valid Accounts
SA-10 Developer Configuration Management mitigates T1078.001 Default Accounts
SA-10 Developer Configuration Management mitigates T1078.003 Local Accounts
SA-10 Developer Configuration Management mitigates T1078.004 Cloud Accounts
SA-10 Developer Configuration Management mitigates T1195.001 Compromise Software Dependencies and Development Tools
SA-10 Developer Configuration Management mitigates T1213.003 Code Repositories
SA-10 Developer Configuration Management mitigates T1542 Pre-OS Boot
SA-10 Developer Configuration Management mitigates T1542.001 System Firmware
SA-10 Developer Configuration Management mitigates T1553 Subvert Trust Controls
SC-12 Cryptographic Key Establishment and Management mitigates T1072 Software Deployment Tools
SC-17 Public Key Infrastructure Certificates mitigates T1072 Software Deployment Tools
IA-12 Identity Proofing mitigates T1078 Valid Accounts
IA-12 Identity Proofing mitigates T1078.003 Local Accounts
IA-12 Identity Proofing mitigates T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation mitigates T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools mitigates T1078 Valid Accounts
SA-17 Developer Security and Privacy Architecture and Design mitigates T1078 Valid Accounts
SA-03 System Development Life Cycle mitigates T1078 Valid Accounts
SA-04 Acquisition Process mitigates T1078 Valid Accounts
IA-13 Identity Providers and Authorization Servers mitigates T1078 Valid Accounts
IA-13 Identity Providers and Authorization Servers mitigates T1078.002 Domain Accounts
IA-13 Identity Providers and Authorization Servers mitigates T1078.004 Cloud Accounts
IA-13 Identity Providers and Authorization Servers mitigates T1111 Multi-Factor Authentication Interception
IA-13 Identity Providers and Authorization Servers mitigates T1134 Access Token Manipulation
IA-13 Identity Providers and Authorization Servers mitigates T1134.001 Token Impersonation/Theft
IA-13 Identity Providers and Authorization Servers mitigates T1134.003 Make and Impersonate Token
IA-13 Identity Providers and Authorization Servers mitigates T1134.005 SID-History Injection
IA-13 Identity Providers and Authorization Servers mitigates T1528 Steal Application Access Token
IA-13 Identity Providers and Authorization Servers mitigates T1556 Modify Authentication Process
IA-13 Identity Providers and Authorization Servers mitigates T1556.006 Multi-Factor Authentication
IA-13 Identity Providers and Authorization Servers mitigates T1556.007 Hybrid Identity
IA-13 Identity Providers and Authorization Servers mitigates T1556.009 Conditional Access Policies
IA-13 Identity Providers and Authorization Servers mitigates T1606 Forge Web Credentials
IA-13 Identity Providers and Authorization Servers mitigates T1606.002 SAML Tokens
IA-13 Identity Providers and Authorization Servers mitigates T1621 Multi-Factor Authentication Request Generation
IA-13 Identity Providers and Authorization Servers mitigates T1649 Steal or Forge Authentication Certificates
SA-16 Developer-provided Training mitigates T1078.001 Default Accounts
IA-11 Re-authentication mitigates T1110 Brute Force
IA-11 Re-authentication mitigates T1556.006 Multi-Factor Authentication
IA-11 Re-authentication mitigates T1556.007 Hybrid Identity
CA-02 Control Assessments mitigates T1190 Exploit Public-Facing Application
CM-08 System Component Inventory mitigates T1195 Supply Chain Compromise
SA-15 Development Process, Standards, and Tools mitigates T1195.001 Compromise Software Dependencies and Development Tools
IA-07 Cryptographic Module Authentication mitigates T1542 Pre-OS Boot
IA-07 Cryptographic Module Authentication mitigates T1542.001 System Firmware
IA-07 Cryptographic Module Authentication mitigates T1553 Subvert Trust Controls
MP-07 Media Use mitigates T1092 Communication Through Removable Media
CA-02 Control Assessments mitigates T1195 Supply Chain Compromise
CA-02 Control Assessments mitigates T1195.001 Compromise Software Dependencies and Development Tools
SC-29 Heterogeneity mitigates T1190 Exploit Public-Facing Application
SC-29 Heterogeneity mitigates T1203 Exploitation for Client Execution
RA-10 Threat Hunting mitigates T1190 Exploit Public-Facing Application
RA-10 Threat Hunting mitigates T1195 Supply Chain Compromise
RA-10 Threat Hunting mitigates T1195.001 Compromise Software Dependencies and Development Tools
SC-30 Concealment and Misdirection mitigates T1190 Exploit Public-Facing Application
SC-30 Concealment and Misdirection mitigates T1203 Exploitation for Client Execution
AC-21 Information Sharing mitigates T1213 Data from Information Repositories
AC-21 Information Sharing mitigates T1213.001 Confluence
AC-21 Information Sharing mitigates T1213.002 Sharepoint
AC-21 Information Sharing mitigates T1213.004 Customer Relationship Management Software
AC-21 Information Sharing mitigates T1213.005 Messaging Applications
CP-10 System Recovery and Reconstitution mitigates T1485 Data Destruction
CP-10 System Recovery and Reconstitution mitigates T1485.001 Lifecycle-Triggered Deletion
CP-10 System Recovery and Reconstitution mitigates T1490 Inhibit System Recovery
CP-10 System Recovery and Reconstitution mitigates T1565 Data Manipulation
CP-02 Contingency Plan mitigates T1485 Data Destruction
SC-37 Out-of-band Channels mitigates T1071.002 File Transfer Protocols
SC-37 Out-of-band Channels mitigates T1071.003 Mail Protocols
SC-37 Out-of-band Channels mitigates T1114 Email Collection
SC-37 Out-of-band Channels mitigates T1114.001 Local Email Collection
SC-37 Out-of-band Channels mitigates T1114.002 Remote Email Collection
SC-37 Out-of-band Channels mitigates T1114.003 Email Forwarding Rule
SC-37 Out-of-band Channels mitigates T1213 Data from Information Repositories
SC-37 Out-of-band Channels mitigates T1213.005 Messaging Applications
SC-37 Out-of-band Channels mitigates T1489 Service Stop
IA-03 Device Identification and Authentication mitigates T1530 Data from Cloud Storage
SA-22 Unsupported System Components mitigates T1195 Supply Chain Compromise
SA-22 Unsupported System Components mitigates T1195.001 Compromise Software Dependencies and Development Tools
SA-22 Unsupported System Components mitigates T1543 Create or Modify System Process
SA-22 Unsupported System Components mitigates T1543.002 Systemd Service
SI-14 Non-persistence mitigates T1546.003 Windows Management Instrumentation Event Subscription
SI-14 Non-persistence mitigates T1547.004 Winlogon Helper DLL
SC-13 Cryptographic Protection mitigates T1557.004 Evil Twin
SC-40 Wireless Link Protection mitigates T1557.004 Evil Twin
SC-18 Mobile Code mitigates T1059 Command and Scripting Interpreter
SC-18 Mobile Code mitigates T1127.002 ClickOnce
SC-18 Mobile Code mitigates T1137.002 Office Test
SC-18 Mobile Code mitigates T1190 Exploit Public-Facing Application
SC-18 Mobile Code mitigates T1203 Exploitation for Client Execution
SC-18 Mobile Code mitigates T1218.015 Electron Applications
SC-18 Mobile Code mitigates T1548 Abuse Elevation Control Mechanism
CP-02 Contingency Plan mitigates T1490 Inhibit System Recovery
CM-10 Software Usage Restrictions mitigates T1550.001 Application Access Token
CM-10 Software Usage Restrictions mitigates T1553 Subvert Trust Controls
CM-10 Software Usage Restrictions mitigates T1562.006 Indicator Blocking
CP-06 Alternate Storage Site mitigates T1070.001 Clear Windows Event Logs
CP-06 Alternate Storage Site mitigates T1119 Automated Collection
CP-06 Alternate Storage Site mitigates T1565 Data Manipulation
SC-36 Distributed Processing and Storage mitigates T1070.001 Clear Windows Event Logs
SC-36 Distributed Processing and Storage mitigates T1119 Automated Collection
SC-36 Distributed Processing and Storage mitigates T1565 Data Manipulation
SI-23 Information Fragmentation mitigates T1070.001 Clear Windows Event Logs
SI-23 Information Fragmentation mitigates T1072 Software Deployment Tools
SI-23 Information Fragmentation mitigates T1119 Automated Collection
SI-23 Information Fragmentation mitigates T1565 Data Manipulation
CP-09 System Backup mitigates T1070.001 Clear Windows Event Logs
CP-09 System Backup mitigates T1119 Automated Collection
CP-09 System Backup mitigates T1485 Data Destruction
CP-09 System Backup mitigates T1485.001 Lifecycle-Triggered Deletion
CP-09 System Backup mitigates T1490 Inhibit System Recovery
CP-09 System Backup mitigates T1565 Data Manipulation
AC-23 Data Mining Protection mitigates T1213 Data from Information Repositories
AC-23 Data Mining Protection mitigates T1213.001 Confluence
AC-23 Data Mining Protection mitigates T1213.002 Sharepoint
AC-23 Data Mining Protection mitigates T1213.004 Customer Relationship Management Software
AC-23 Data Mining Protection mitigates T1213.005 Messaging Applications
CA-03 Information Exchange mitigates T1078 Valid Accounts
SA-09 External System Services mitigates T1072 Software Deployment Tools
SC-31 Covert Channel Analysis mitigates T1071 Application Layer Protocol
SC-31 Covert Channel Analysis mitigates T1071.002 File Transfer Protocols
SC-31 Covert Channel Analysis mitigates T1071.003 Mail Protocols
SC-31 Covert Channel Analysis mitigates T1071.005 Publish/Subscribe Protocols
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1071.002 File Transfer Protocols
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1071.003 Mail Protocols
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1071.002 File Transfer Protocols
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1071.003 Mail Protocols
CM-11 User-installed Software mitigates T1059 Command and Scripting Interpreter
CM-11 User-installed Software mitigates T1059.006 Python
CM-11 User-installed Software mitigates T1072 Software Deployment Tools
CM-11 User-installed Software mitigates T1176 Browser Extensions
CM-11 User-installed Software mitigates T1195 Supply Chain Compromise
CM-11 User-installed Software mitigates T1195.001 Compromise Software Dependencies and Development Tools
CM-11 User-installed Software mitigates T1218 System Binary Proxy Execution
CM-11 User-installed Software mitigates T1543 Create or Modify System Process
CM-11 User-installed Software mitigates T1543.002 Systemd Service
CM-11 User-installed Software mitigates T1543.003 Windows Service
CM-11 User-installed Software mitigates T1550.001 Application Access Token
SC-12 Cryptographic Key Establishment and Management mitigates T1521.003 SSL Pinning
SC-12 Cryptographic Key Establishment and Management mitigates T1552 Unsecured Credentials
SC-12 Cryptographic Key Establishment and Management mitigates T1552.001 Credentials In Files
SC-12 Cryptographic Key Establishment and Management mitigates T1552.004 Private Keys
SC-12 Cryptographic Key Establishment and Management mitigates T1573 Encrypted Channel
SC-16 Transmission of Security and Privacy Attributes mitigates T1573 Encrypted Channel
SA-15 Development Process, Standards, and Tools mitigates T1078.001 Default Accounts
SA-15 Development Process, Standards, and Tools mitigates T1078.003 Local Accounts
SA-15 Development Process, Standards, and Tools mitigates T1078.004 Cloud Accounts
SA-15 Development Process, Standards, and Tools mitigates T1213.003 Code Repositories
SA-15 Development Process, Standards, and Tools mitigates T1528 Steal Application Access Token
SA-15 Development Process, Standards, and Tools mitigates T1552 Unsecured Credentials
SA-15 Development Process, Standards, and Tools mitigates T1552.001 Credentials In Files
SA-15 Development Process, Standards, and Tools mitigates T1552.004 Private Keys
SA-16 Developer-provided Training mitigates T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design mitigates T1078.001 Default Accounts
SA-17 Developer Security and Privacy Architecture and Design mitigates T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design mitigates T1078.004 Cloud Accounts
SA-03 System Development Life Cycle mitigates T1078.001 Default Accounts
SA-03 System Development Life Cycle mitigates T1078.003 Local Accounts
SA-03 System Development Life Cycle mitigates T1078.004 Cloud Accounts
SA-03 System Development Life Cycle mitigates T1213.003 Code Repositories
SA-04 Acquisition Process mitigates T1078.001 Default Accounts
SA-04 Acquisition Process mitigates T1078.003 Local Accounts
SA-04 Acquisition Process mitigates T1078.004 Cloud Accounts
IA-06 Authentication Feedback mitigates T1530 Data from Cloud Storage
IA-06 Authentication Feedback mitigates T1563 Remote Service Session Hijacking
SC-32 Information System Partitioning mitigates T1590.002 DNS
SC-07 Boundary Protection mitigates T1590.002 DNS
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1071.002 File Transfer Protocols
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1071.003 Mail Protocols
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1566 Phishing
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1566.001 Spearphishing Attachment
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1566.002 Spearphishing Link
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1598.003 Spearphishing Link
SC-44 Detonation Chambers mitigates T1137.002 Office Test
SC-44 Detonation Chambers mitigates T1203 Exploitation for Client Execution
SC-44 Detonation Chambers mitigates T1204 User Execution
SC-44 Detonation Chambers mitigates T1204.002 Malicious File
SC-44 Detonation Chambers mitigates T1566 Phishing
SC-44 Detonation Chambers mitigates T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers mitigates T1566.002 Spearphishing Link
SC-44 Detonation Chambers mitigates T1566.003 Spearphishing via Service
SC-44 Detonation Chambers mitigates T1598.003 Spearphishing Link
SI-08 Spam Protection mitigates T1137.002 Office Test
SI-08 Spam Protection mitigates T1204 User Execution
SI-08 Spam Protection mitigates T1204.002 Malicious File
SI-08 Spam Protection mitigates T1566 Phishing
SI-08 Spam Protection mitigates T1566.001 Spearphishing Attachment
SI-08 Spam Protection mitigates T1566.002 Spearphishing Link
SI-08 Spam Protection mitigates T1566.003 Spearphishing via Service
SI-08 Spam Protection mitigates T1598.003 Spearphishing Link
RA-09 Criticality Analysis mitigates T1542 Pre-OS Boot
RA-09 Criticality Analysis mitigates T1542.001 System Firmware
RA-09 Criticality Analysis mitigates T1553 Subvert Trust Controls
SR-11 Component Authenticity mitigates T1195 Supply Chain Compromise
SR-11 Component Authenticity mitigates T1195.001 Compromise Software Dependencies and Development Tools
SR-11 Component Authenticity mitigates T1195.002 Compromise Software Supply Chain
SR-11 Component Authenticity mitigates T1195.003 Compromise Hardware Supply Chain
SR-11 Component Authenticity mitigates T1554 Compromise Host Software Binary
SR-04 Provenance mitigates T1195 Supply Chain Compromise
SR-04 Provenance mitigates T1195.001 Compromise Software Dependencies and Development Tools
SR-04 Provenance mitigates T1195.002 Compromise Software Supply Chain
SR-04 Provenance mitigates T1195.003 Compromise Hardware Supply Chain
SR-04 Provenance mitigates T1554 Compromise Host Software Binary
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1195 Supply Chain Compromise
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1195.001 Compromise Software Dependencies and Development Tools
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1195.002 Compromise Software Supply Chain
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1195.003 Compromise Hardware Supply Chain
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1554 Compromise Host Software Binary
AC-19 Access Control for Mobile Devices mitigates T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices mitigates T1040 Network Sniffing
AC-19 Access Control for Mobile Devices mitigates T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices mitigates T1114 Email Collection
AC-19 Access Control for Mobile Devices mitigates T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices mitigates T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices mitigates T1119 Automated Collection
AC-19 Access Control for Mobile Devices mitigates T1530 Data from Cloud Storage
AC-19 Access Control for Mobile Devices mitigates T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices mitigates T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices mitigates T1552.004 Private Keys
AC-19 Access Control for Mobile Devices mitigates T1557 Adversary-in-the-Middle
AC-19 Access Control for Mobile Devices mitigates T1557.004 Evil Twin
AC-19 Access Control for Mobile Devices mitigates T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices mitigates T1565 Data Manipulation
IA-04 Identifier Management mitigates T1003.005 Cached Domain Credentials
IA-04 Identifier Management mitigates T1053 Scheduled Task/Job
IA-04 Identifier Management mitigates T1053.002 At
IA-04 Identifier Management mitigates T1053.005 Scheduled Task
IA-04 Identifier Management mitigates T1098.007 Additional Local or Domain Groups
IA-04 Identifier Management mitigates T1110 Brute Force
IA-04 Identifier Management mitigates T1213 Data from Information Repositories
IA-04 Identifier Management mitigates T1213.001 Confluence
IA-04 Identifier Management mitigates T1213.002 Sharepoint
IA-04 Identifier Management mitigates T1213.004 Customer Relationship Management Software
IA-04 Identifier Management mitigates T1213.005 Messaging Applications
IA-04 Identifier Management mitigates T1528 Steal Application Access Token
IA-04 Identifier Management mitigates T1530 Data from Cloud Storage
IA-04 Identifier Management mitigates T1537 Transfer Data to Cloud Account
IA-04 Identifier Management mitigates T1543 Create or Modify System Process
IA-04 Identifier Management mitigates T1550.001 Application Access Token
IA-04 Identifier Management mitigates T1552 Unsecured Credentials
IA-04 Identifier Management mitigates T1562 Impair Defenses
IA-04 Identifier Management mitigates T1563 Remote Service Session Hijacking
SC-28 Protection of Information at Rest mitigates T1003.001 LSASS Memory
SC-28 Protection of Information at Rest mitigates T1003.005 Cached Domain Credentials
SC-28 Protection of Information at Rest mitigates T1003.007 Proc Filesystem
SC-28 Protection of Information at Rest mitigates T1078 Valid Accounts
SC-28 Protection of Information at Rest mitigates T1078.001 Default Accounts
SC-28 Protection of Information at Rest mitigates T1078.003 Local Accounts
SC-28 Protection of Information at Rest mitigates T1078.004 Cloud Accounts
SC-28 Protection of Information at Rest mitigates T1213 Data from Information Repositories
SC-28 Protection of Information at Rest mitigates T1213.001 Confluence
SC-28 Protection of Information at Rest mitigates T1213.002 Sharepoint
SC-28 Protection of Information at Rest mitigates T1213.004 Customer Relationship Management Software
SC-28 Protection of Information at Rest mitigates T1213.005 Messaging Applications
SC-28 Protection of Information at Rest mitigates T1530 Data from Cloud Storage
SC-28 Protection of Information at Rest mitigates T1550.001 Application Access Token
SC-28 Protection of Information at Rest mitigates T1552 Unsecured Credentials
SC-28 Protection of Information at Rest mitigates T1552.001 Credentials In Files
SC-28 Protection of Information at Rest mitigates T1552.004 Private Keys
SC-28 Protection of Information at Rest mitigates T1565 Data Manipulation
SC-04 Information in Shared System Resources mitigates T1040 Network Sniffing
SC-04 Information in Shared System Resources mitigates T1070.001 Clear Windows Event Logs
SC-04 Information in Shared System Resources mitigates T1119 Automated Collection
SC-04 Information in Shared System Resources mitigates T1530 Data from Cloud Storage
SC-04 Information in Shared System Resources mitigates T1552 Unsecured Credentials
SC-04 Information in Shared System Resources mitigates T1552.001 Credentials In Files
SC-04 Information in Shared System Resources mitigates T1552.004 Private Keys
SC-04 Information in Shared System Resources mitigates T1557 Adversary-in-the-Middle
SC-04 Information in Shared System Resources mitigates T1558 Steal or Forge Kerberos Tickets
SC-04 Information in Shared System Resources mitigates T1558.005 Ccache Files
SC-04 Information in Shared System Resources mitigates T1565 Data Manipulation
SI-12 Information Management and Retention mitigates T1020.001 Traffic Duplication
SI-12 Information Management and Retention mitigates T1040 Network Sniffing
SI-12 Information Management and Retention mitigates T1070.001 Clear Windows Event Logs
SI-12 Information Management and Retention mitigates T1114 Email Collection
SI-12 Information Management and Retention mitigates T1114.002 Remote Email Collection
SI-12 Information Management and Retention mitigates T1114.003 Email Forwarding Rule
SI-12 Information Management and Retention mitigates T1119 Automated Collection
SI-12 Information Management and Retention mitigates T1213.004 Customer Relationship Management Software
SI-12 Information Management and Retention mitigates T1530 Data from Cloud Storage
SI-12 Information Management and Retention mitigates T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention mitigates T1550.001 Application Access Token
SI-12 Information Management and Retention mitigates T1552 Unsecured Credentials
SI-12 Information Management and Retention mitigates T1552.004 Private Keys
SI-12 Information Management and Retention mitigates T1557 Adversary-in-the-Middle
SI-12 Information Management and Retention mitigates T1557.004 Evil Twin
SI-12 Information Management and Retention mitigates T1558 Steal or Forge Kerberos Tickets
SI-12 Information Management and Retention mitigates T1558.005 Ccache Files
SI-12 Information Management and Retention mitigates T1565 Data Manipulation
SC-02 Separation of System and User Functionality mitigates T1190 Exploit Public-Facing Application
SC-02 Separation of System and User Functionality mitigates T1203 Exploitation for Client Execution
SC-02 Separation of System and User Functionality mitigates T1611 Escape to Host
SC-03 Security Function Isolation mitigates T1047 Windows Management Instrumentation
SC-03 Security Function Isolation mitigates T1190 Exploit Public-Facing Application
SC-03 Security Function Isolation mitigates T1203 Exploitation for Client Execution
SC-03 Security Function Isolation mitigates T1611 Escape to Host
SC-34 Non-modifiable Executable Programs mitigates T1218.015 Electron Applications
SC-34 Non-modifiable Executable Programs mitigates T1542 Pre-OS Boot
SC-34 Non-modifiable Executable Programs mitigates T1542.001 System Firmware
SC-34 Non-modifiable Executable Programs mitigates T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs mitigates T1553 Subvert Trust Controls
SC-34 Non-modifiable Executable Programs mitigates T1611 Escape to Host
SC-39 Process Isolation mitigates T1003.001 LSASS Memory
SC-39 Process Isolation mitigates T1003.005 Cached Domain Credentials
SC-39 Process Isolation mitigates T1003.007 Proc Filesystem
SC-39 Process Isolation mitigates T1190 Exploit Public-Facing Application
SC-39 Process Isolation mitigates T1203 Exploitation for Client Execution
SC-39 Process Isolation mitigates T1556 Modify Authentication Process
SC-39 Process Isolation mitigates T1556.001 Domain Controller Authentication
SC-39 Process Isolation mitigates T1611 Escape to Host
SI-16 Memory Protection mitigates T1047 Windows Management Instrumentation
SI-16 Memory Protection mitigates T1059 Command and Scripting Interpreter
SI-16 Memory Protection mitigates T1059.006 Python
SI-16 Memory Protection mitigates T1059.011 Lua
SI-16 Memory Protection mitigates T1218 System Binary Proxy Execution
SI-16 Memory Protection mitigates T1218.015 Electron Applications
SI-16 Memory Protection mitigates T1543 Create or Modify System Process
SI-16 Memory Protection mitigates T1543.002 Systemd Service
SI-16 Memory Protection mitigates T1547.004 Winlogon Helper DLL
SI-16 Memory Protection mitigates T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection mitigates T1565 Data Manipulation
SI-16 Memory Protection mitigates T1611 Escape to Host
SI-02 Flaw Remediation mitigates T1003.001 LSASS Memory
SI-02 Flaw Remediation mitigates T1027 Obfuscated Files or Information
SI-02 Flaw Remediation mitigates T1047 Windows Management Instrumentation
SI-02 Flaw Remediation mitigates T1059 Command and Scripting Interpreter
SI-02 Flaw Remediation mitigates T1059.006 Python
SI-02 Flaw Remediation mitigates T1072 Software Deployment Tools
SI-02 Flaw Remediation mitigates T1190 Exploit Public-Facing Application
SI-02 Flaw Remediation mitigates T1195 Supply Chain Compromise
SI-02 Flaw Remediation mitigates T1195.001 Compromise Software Dependencies and Development Tools
SI-02 Flaw Remediation mitigates T1203 Exploitation for Client Execution
SI-02 Flaw Remediation mitigates T1204 User Execution
SI-02 Flaw Remediation mitigates T1213.003 Code Repositories
SI-02 Flaw Remediation mitigates T1213.005 Messaging Applications
SI-02 Flaw Remediation mitigates T1542 Pre-OS Boot
SI-02 Flaw Remediation mitigates T1542.001 System Firmware
SI-02 Flaw Remediation mitigates T1546 Event Triggered Execution
SI-02 Flaw Remediation mitigates T1546.016 Installer Packages
SI-02 Flaw Remediation mitigates T1548 Abuse Elevation Control Mechanism
SI-02 Flaw Remediation mitigates T1548.006 TCC Manipulation
SI-02 Flaw Remediation mitigates T1552 Unsecured Credentials
SI-02 Flaw Remediation mitigates T1553 Subvert Trust Controls
SI-02 Flaw Remediation mitigates T1555 Credentials from Password Stores
SI-02 Flaw Remediation mitigates T1555.005 Password Managers
SI-02 Flaw Remediation mitigates T1566 Phishing
SI-02 Flaw Remediation mitigates T1566.001 Spearphishing Attachment
SI-02 Flaw Remediation mitigates T1566.003 Spearphishing via Service
SI-02 Flaw Remediation mitigates T1611 Escape to Host
RA-05 Vulnerability Monitoring and Scanning mitigates T1047 Windows Management Instrumentation
RA-05 Vulnerability Monitoring and Scanning mitigates T1053 Scheduled Task/Job
RA-05 Vulnerability Monitoring and Scanning mitigates T1053.002 At
RA-05 Vulnerability Monitoring and Scanning mitigates T1053.005 Scheduled Task
RA-05 Vulnerability Monitoring and Scanning mitigates T1059 Command and Scripting Interpreter
RA-05 Vulnerability Monitoring and Scanning mitigates T1078 Valid Accounts
RA-05 Vulnerability Monitoring and Scanning mitigates T1092 Communication Through Removable Media
RA-05 Vulnerability Monitoring and Scanning mitigates T1127.002 ClickOnce
RA-05 Vulnerability Monitoring and Scanning mitigates T1176 Browser Extensions
RA-05 Vulnerability Monitoring and Scanning mitigates T1190 Exploit Public-Facing Application
RA-05 Vulnerability Monitoring and Scanning mitigates T1195 Supply Chain Compromise
RA-05 Vulnerability Monitoring and Scanning mitigates T1195.001 Compromise Software Dependencies and Development Tools
RA-05 Vulnerability Monitoring and Scanning mitigates T1213 Data from Information Repositories
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.001 Confluence
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.002 Sharepoint
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.003 Code Repositories
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.005 Messaging Applications
RA-05 Vulnerability Monitoring and Scanning mitigates T1218 System Binary Proxy Execution
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.015 Electron Applications
RA-05 Vulnerability Monitoring and Scanning mitigates T1484 Domain or Tenant Policy Modification
RA-05 Vulnerability Monitoring and Scanning mitigates T1505.003 Web Shell
RA-05 Vulnerability Monitoring and Scanning mitigates T1528 Steal Application Access Token
RA-05 Vulnerability Monitoring and Scanning mitigates T1530 Data from Cloud Storage
RA-05 Vulnerability Monitoring and Scanning mitigates T1543 Create or Modify System Process
RA-05 Vulnerability Monitoring and Scanning mitigates T1548 Abuse Elevation Control Mechanism
RA-05 Vulnerability Monitoring and Scanning mitigates T1548.006 TCC Manipulation
RA-05 Vulnerability Monitoring and Scanning mitigates T1552 Unsecured Credentials
RA-05 Vulnerability Monitoring and Scanning mitigates T1552.001 Credentials In Files
RA-05 Vulnerability Monitoring and Scanning mitigates T1552.004 Private Keys
RA-05 Vulnerability Monitoring and Scanning mitigates T1557 Adversary-in-the-Middle
RA-05 Vulnerability Monitoring and Scanning mitigates T1560 Archive Collected Data
RA-05 Vulnerability Monitoring and Scanning mitigates T1562 Impair Defenses
RA-05 Vulnerability Monitoring and Scanning mitigates T1563 Remote Service Session Hijacking
RA-05 Vulnerability Monitoring and Scanning mitigates T1566 Phishing
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.001 DLL Search Order Hijacking
SC-43 Usage Restrictions mitigates T1078 Valid Accounts
SC-43 Usage Restrictions mitigates T1078.004 Cloud Accounts
SC-43 Usage Restrictions mitigates T1114.003 Email Forwarding Rule
IA-03 Device Identification and Authentication mitigates T1537 Transfer Data to Cloud Account
IA-03 Device Identification and Authentication mitigates T1552 Unsecured Credentials
IA-03 Device Identification and Authentication mitigates T1621 Multi-Factor Authentication Request Generation
CM-08 System Component Inventory mitigates T1020.001 Traffic Duplication
CM-08 System Component Inventory mitigates T1053 Scheduled Task/Job
CM-08 System Component Inventory mitigates T1053.002 At
CM-08 System Component Inventory mitigates T1053.005 Scheduled Task
CM-08 System Component Inventory mitigates T1059 Command and Scripting Interpreter
CM-08 System Component Inventory mitigates T1059.010 AutoHotKey & AutoIT
CM-08 System Component Inventory mitigates T1072 Software Deployment Tools
CM-08 System Component Inventory mitigates T1092 Communication Through Removable Media
CM-08 System Component Inventory mitigates T1119 Automated Collection
CM-08 System Component Inventory mitigates T1127.002 ClickOnce
CM-08 System Component Inventory mitigates T1190 Exploit Public-Facing Application
CM-08 System Component Inventory mitigates T1203 Exploitation for Client Execution
CM-08 System Component Inventory mitigates T1213 Data from Information Repositories
CM-08 System Component Inventory mitigates T1213.001 Confluence
CM-08 System Component Inventory mitigates T1213.002 Sharepoint
CM-08 System Component Inventory mitigates T1213.005 Messaging Applications
CM-08 System Component Inventory mitigates T1218 System Binary Proxy Execution
CM-08 System Component Inventory mitigates T1218.015 Electron Applications
CM-08 System Component Inventory mitigates T1530 Data from Cloud Storage
CM-08 System Component Inventory mitigates T1542 Pre-OS Boot
CM-08 System Component Inventory mitigates T1542.001 System Firmware
CM-08 System Component Inventory mitigates T1548 Abuse Elevation Control Mechanism
CM-08 System Component Inventory mitigates T1548.006 TCC Manipulation
CM-08 System Component Inventory mitigates T1553 Subvert Trust Controls
CM-08 System Component Inventory mitigates T1556.009 Conditional Access Policies
CM-08 System Component Inventory mitigates T1557 Adversary-in-the-Middle
CM-08 System Component Inventory mitigates T1563 Remote Service Session Hijacking
CM-08 System Component Inventory mitigates T1565 Data Manipulation
SC-23 Session Authenticity mitigates T1071.002 File Transfer Protocols
SC-23 Session Authenticity mitigates T1071.003 Mail Protocols
SC-23 Session Authenticity mitigates T1557 Adversary-in-the-Middle
SC-23 Session Authenticity mitigates T1557.004 Evil Twin
SC-23 Session Authenticity mitigates T1562.006 Indicator Blocking
SC-23 Session Authenticity mitigates T1573 Encrypted Channel
SC-46 Cross Domain Policy Enforcement mitigates T1072 Software Deployment Tools
SC-46 Cross Domain Policy Enforcement mitigates T1098.001 Additional Cloud Credentials
SC-46 Cross Domain Policy Enforcement mitigates T1136 Create Account
SC-46 Cross Domain Policy Enforcement mitigates T1136.002 Domain Account
SC-46 Cross Domain Policy Enforcement mitigates T1190 Exploit Public-Facing Application
SC-46 Cross Domain Policy Enforcement mitigates T1489 Service Stop
SC-46 Cross Domain Policy Enforcement mitigates T1557 Adversary-in-the-Middle
SC-46 Cross Domain Policy Enforcement mitigates T1557.004 Evil Twin
SC-46 Cross Domain Policy Enforcement mitigates T1563 Remote Service Session Hijacking
SC-46 Cross Domain Policy Enforcement mitigates T1565 Data Manipulation
SC-08 Transmission Confidentiality and Integrity mitigates T1040 Network Sniffing
SC-08 Transmission Confidentiality and Integrity mitigates T1550.001 Application Access Token
SC-08 Transmission Confidentiality and Integrity mitigates T1557 Adversary-in-the-Middle
SC-08 Transmission Confidentiality and Integrity mitigates T1557.004 Evil Twin
SC-08 Transmission Confidentiality and Integrity mitigates T1562 Impair Defenses
SC-08 Transmission Confidentiality and Integrity mitigates T1562 Impair Defenses
SC-08 Transmission Confidentiality and Integrity mitigates T1562.006 Indicator Blocking
SI-10 Information Input Validation mitigates T1036 Masquerading
SI-10 Information Input Validation mitigates T1059 Command and Scripting Interpreter
SI-10 Information Input Validation mitigates T1059.006 Python
SI-10 Information Input Validation mitigates T1090.003 Multi-hop Proxy
SI-10 Information Input Validation mitigates T1127.002 ClickOnce
SI-10 Information Input Validation mitigates T1176 Browser Extensions
SI-10 Information Input Validation mitigates T1190 Exploit Public-Facing Application
SI-10 Information Input Validation mitigates T1204 User Execution
SI-10 Information Input Validation mitigates T1204.002 Malicious File
SI-10 Information Input Validation mitigates T1218 System Binary Proxy Execution
SI-10 Information Input Validation mitigates T1218.011 Rundll32
SI-10 Information Input Validation mitigates T1218.015 Electron Applications
SI-10 Information Input Validation mitigates T1219 Remote Access Software
SI-10 Information Input Validation mitigates T1530 Data from Cloud Storage
SI-10 Information Input Validation mitigates T1537 Transfer Data to Cloud Account
SI-10 Information Input Validation mitigates T1547.004 Winlogon Helper DLL
SI-10 Information Input Validation mitigates T1548.006 TCC Manipulation
SI-10 Information Input Validation mitigates T1552 Unsecured Credentials
SI-10 Information Input Validation mitigates T1553 Subvert Trust Controls
SI-10 Information Input Validation mitigates T1557 Adversary-in-the-Middle
SI-10 Information Input Validation mitigates T1564.003 Hidden Window
SI-10 Information Input Validation mitigates T1572 Protocol Tunneling
SI-10 Information Input Validation mitigates T1574.001 DLL Search Order Hijacking
SI-10 Information Input Validation mitigates T1574.014 AppDomainManager
SI-15 Information Output Filtering mitigates T1090.003 Multi-hop Proxy
SI-15 Information Output Filtering mitigates T1218.015 Electron Applications
SI-15 Information Output Filtering mitigates T1219 Remote Access Software
SI-15 Information Output Filtering mitigates T1530 Data from Cloud Storage
SI-15 Information Output Filtering mitigates T1537 Transfer Data to Cloud Account
SI-15 Information Output Filtering mitigates T1552 Unsecured Credentials
SI-15 Information Output Filtering mitigates T1557 Adversary-in-the-Middle
SI-15 Information Output Filtering mitigates T1572 Protocol Tunneling
SI-03 Malicious Code Protection mitigates T1001.001 Junk Data
SI-03 Malicious Code Protection mitigates T1001.003 Protocol or Service Impersonation
SI-03 Malicious Code Protection mitigates T1003 OS Credential Dumping
SI-03 Malicious Code Protection mitigates T1003.001 LSASS Memory
SI-03 Malicious Code Protection mitigates T1003.005 Cached Domain Credentials
SI-03 Malicious Code Protection mitigates T1003.007 Proc Filesystem
SI-03 Malicious Code Protection mitigates T1027 Obfuscated Files or Information
SI-03 Malicious Code Protection mitigates T1027.013 Encrypted/Encoded File
SI-03 Malicious Code Protection mitigates T1027.014 Polymorphic Code
SI-03 Malicious Code Protection mitigates T1036 Masquerading
SI-03 Malicious Code Protection mitigates T1037 Boot or Logon Initialization Scripts
SI-03 Malicious Code Protection mitigates T1047 Windows Management Instrumentation
SI-03 Malicious Code Protection mitigates T1055.015 ListPlanting
SI-03 Malicious Code Protection mitigates T1056.002 GUI Input Capture
SI-03 Malicious Code Protection mitigates T1059 Command and Scripting Interpreter
SI-03 Malicious Code Protection mitigates T1059.006 Python
SI-03 Malicious Code Protection mitigates T1059.010 AutoHotKey & AutoIT
SI-03 Malicious Code Protection mitigates T1059.011 Lua
SI-03 Malicious Code Protection mitigates T1070.001 Clear Windows Event Logs
SI-03 Malicious Code Protection mitigates T1070.003 Clear Command History
SI-03 Malicious Code Protection mitigates T1070.010 Relocate Malware
SI-03 Malicious Code Protection mitigates T1071 Application Layer Protocol
SI-03 Malicious Code Protection mitigates T1071.002 File Transfer Protocols
SI-03 Malicious Code Protection mitigates T1071.003 Mail Protocols
SI-03 Malicious Code Protection mitigates T1072 Software Deployment Tools
SI-03 Malicious Code Protection mitigates T1092 Communication Through Removable Media
SI-03 Malicious Code Protection mitigates T1102 Web Service
SI-03 Malicious Code Protection mitigates T1105 Ingress Tool Transfer
SI-03 Malicious Code Protection mitigates T1176 Browser Extensions
SI-03 Malicious Code Protection mitigates T1190 Exploit Public-Facing Application
SI-03 Malicious Code Protection mitigates T1195 Supply Chain Compromise
SI-03 Malicious Code Protection mitigates T1203 Exploitation for Client Execution
SI-03 Malicious Code Protection mitigates T1204 User Execution
SI-03 Malicious Code Protection mitigates T1204.002 Malicious File
SI-03 Malicious Code Protection mitigates T1218 System Binary Proxy Execution
SI-03 Malicious Code Protection mitigates T1218.015 Electron Applications
SI-03 Malicious Code Protection mitigates T1219 Remote Access Software
SI-03 Malicious Code Protection mitigates T1485 Data Destruction
SI-03 Malicious Code Protection mitigates T1490 Inhibit System Recovery
SI-03 Malicious Code Protection mitigates T1539 Steal Web Session Cookie
SI-03 Malicious Code Protection mitigates T1543 Create or Modify System Process
SI-03 Malicious Code Protection mitigates T1543.002 Systemd Service
SI-03 Malicious Code Protection mitigates T1546.003 Windows Management Instrumentation Event Subscription
SI-03 Malicious Code Protection mitigates T1546.016 Installer Packages
SI-03 Malicious Code Protection mitigates T1547.009 Shortcut Modification
SI-03 Malicious Code Protection mitigates T1548 Abuse Elevation Control Mechanism
SI-03 Malicious Code Protection mitigates T1548.006 TCC Manipulation
SI-03 Malicious Code Protection mitigates T1554 Compromise Host Software Binary
SI-03 Malicious Code Protection mitigates T1557 Adversary-in-the-Middle
SI-03 Malicious Code Protection mitigates T1558 Steal or Forge Kerberos Tickets
SI-03 Malicious Code Protection mitigates T1560 Archive Collected Data
SI-03 Malicious Code Protection mitigates T1562 Impair Defenses
SI-03 Malicious Code Protection mitigates T1562.004 Disable or Modify System Firewall
SI-03 Malicious Code Protection mitigates T1562.006 Indicator Blocking
SI-03 Malicious Code Protection mitigates T1564.004 NTFS File Attributes
SI-03 Malicious Code Protection mitigates T1564.012 File/Path Exclusions
SI-03 Malicious Code Protection mitigates T1566 Phishing
SI-03 Malicious Code Protection mitigates T1566.001 Spearphishing Attachment
SI-03 Malicious Code Protection mitigates T1566.002 Spearphishing Link
SI-03 Malicious Code Protection mitigates T1566.003 Spearphishing via Service
SI-03 Malicious Code Protection mitigates T1572 Protocol Tunneling
SI-03 Malicious Code Protection mitigates T1573 Encrypted Channel
SI-03 Malicious Code Protection mitigates T1574.001 DLL Search Order Hijacking
SI-03 Malicious Code Protection mitigates T1574.014 AppDomainManager
SI-03 Malicious Code Protection mitigates T1598.003 Spearphishing Link
SI-03 Malicious Code Protection mitigates T1611 Escape to Host
SI-07 Software, Firmware, and Information Integrity mitigates T1020.001 Traffic Duplication
SI-07 Software, Firmware, and Information Integrity mitigates T1027 Obfuscated Files or Information
SI-07 Software, Firmware, and Information Integrity mitigates T1036 Masquerading
SI-07 Software, Firmware, and Information Integrity mitigates T1037 Boot or Logon Initialization Scripts
SI-07 Software, Firmware, and Information Integrity mitigates T1040 Network Sniffing
SI-07 Software, Firmware, and Information Integrity mitigates T1047 Windows Management Instrumentation
SI-07 Software, Firmware, and Information Integrity mitigates T1056.002 GUI Input Capture
SI-07 Software, Firmware, and Information Integrity mitigates T1059 Command and Scripting Interpreter
SI-07 Software, Firmware, and Information Integrity mitigates T1059.006 Python
SI-07 Software, Firmware, and Information Integrity mitigates T1059.010 AutoHotKey & AutoIT
SI-07 Software, Firmware, and Information Integrity mitigates T1059.011 Lua
SI-07 Software, Firmware, and Information Integrity mitigates T1070.001 Clear Windows Event Logs
SI-07 Software, Firmware, and Information Integrity mitigates T1070.003 Clear Command History
SI-07 Software, Firmware, and Information Integrity mitigates T1070.010 Relocate Malware
SI-07 Software, Firmware, and Information Integrity mitigates T1072 Software Deployment Tools
SI-07 Software, Firmware, and Information Integrity mitigates T1098.001 Additional Cloud Credentials
SI-07 Software, Firmware, and Information Integrity mitigates T1098.002 Additional Email Delegate Permissions
SI-07 Software, Firmware, and Information Integrity mitigates T1098.003 Additional Cloud Roles
SI-07 Software, Firmware, and Information Integrity mitigates T1114 Email Collection
SI-07 Software, Firmware, and Information Integrity mitigates T1114.002 Remote Email Collection
SI-07 Software, Firmware, and Information Integrity mitigates T1114.003 Email Forwarding Rule
SI-07 Software, Firmware, and Information Integrity mitigates T1119 Automated Collection
SI-07 Software, Firmware, and Information Integrity mitigates T1127.002 ClickOnce
SI-07 Software, Firmware, and Information Integrity mitigates T1136 Create Account
SI-07 Software, Firmware, and Information Integrity mitigates T1136.002 Domain Account
SI-07 Software, Firmware, and Information Integrity mitigates T1136.003 Cloud Account
SI-07 Software, Firmware, and Information Integrity mitigates T1176 Browser Extensions
SI-07 Software, Firmware, and Information Integrity mitigates T1190 Exploit Public-Facing Application
SI-07 Software, Firmware, and Information Integrity mitigates T1195 Supply Chain Compromise
SI-07 Software, Firmware, and Information Integrity mitigates T1195.001 Compromise Software Dependencies and Development Tools
SI-07 Software, Firmware, and Information Integrity mitigates T1203 Exploitation for Client Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1204 User Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1204.002 Malicious File
SI-07 Software, Firmware, and Information Integrity mitigates T1213 Data from Information Repositories
SI-07 Software, Firmware, and Information Integrity mitigates T1213.001 Confluence
SI-07 Software, Firmware, and Information Integrity mitigates T1213.002 Sharepoint
SI-07 Software, Firmware, and Information Integrity mitigates T1213.004 Customer Relationship Management Software
SI-07 Software, Firmware, and Information Integrity mitigates T1213.005 Messaging Applications
SI-07 Software, Firmware, and Information Integrity mitigates T1216.002 SyncAppvPublishingServer
SI-07 Software, Firmware, and Information Integrity mitigates T1218 System Binary Proxy Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1218.011 Rundll32
SI-07 Software, Firmware, and Information Integrity mitigates T1218.015 Electron Applications
SI-07 Software, Firmware, and Information Integrity mitigates T1219 Remote Access Software
SI-07 Software, Firmware, and Information Integrity mitigates T1485 Data Destruction
SI-07 Software, Firmware, and Information Integrity mitigates T1485.001 Lifecycle-Triggered Deletion
SI-07 Software, Firmware, and Information Integrity mitigates T1490 Inhibit System Recovery
SI-07 Software, Firmware, and Information Integrity mitigates T1530 Data from Cloud Storage
SI-07 Software, Firmware, and Information Integrity mitigates T1542 Pre-OS Boot
SI-07 Software, Firmware, and Information Integrity mitigates T1542.001 System Firmware
SI-07 Software, Firmware, and Information Integrity mitigates T1543 Create or Modify System Process
SI-07 Software, Firmware, and Information Integrity mitigates T1543.002 Systemd Service
SI-07 Software, Firmware, and Information Integrity mitigates T1546 Event Triggered Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1547.003 Time Providers
SI-07 Software, Firmware, and Information Integrity mitigates T1547.004 Winlogon Helper DLL
SI-07 Software, Firmware, and Information Integrity mitigates T1548 Abuse Elevation Control Mechanism
SI-07 Software, Firmware, and Information Integrity mitigates T1548.006 TCC Manipulation
SI-07 Software, Firmware, and Information Integrity mitigates T1550.001 Application Access Token
SI-07 Software, Firmware, and Information Integrity mitigates T1552 Unsecured Credentials
SI-07 Software, Firmware, and Information Integrity mitigates T1552.004 Private Keys
SI-07 Software, Firmware, and Information Integrity mitigates T1553 Subvert Trust Controls
SI-07 Software, Firmware, and Information Integrity mitigates T1554 Compromise Host Software Binary
SI-07 Software, Firmware, and Information Integrity mitigates T1556 Modify Authentication Process
SI-07 Software, Firmware, and Information Integrity mitigates T1556.001 Domain Controller Authentication
SI-07 Software, Firmware, and Information Integrity mitigates T1556.009 Conditional Access Policies
SI-07 Software, Firmware, and Information Integrity mitigates T1557 Adversary-in-the-Middle
SI-07 Software, Firmware, and Information Integrity mitigates T1557.004 Evil Twin
SI-07 Software, Firmware, and Information Integrity mitigates T1558 Steal or Forge Kerberos Tickets
SI-07 Software, Firmware, and Information Integrity mitigates T1558.005 Ccache Files
SI-07 Software, Firmware, and Information Integrity mitigates T1562 Impair Defenses
SI-07 Software, Firmware, and Information Integrity mitigates T1562.004 Disable or Modify System Firewall
SI-07 Software, Firmware, and Information Integrity mitigates T1562.006 Indicator Blocking
SI-07 Software, Firmware, and Information Integrity mitigates T1564.003 Hidden Window
SI-07 Software, Firmware, and Information Integrity mitigates T1564.004 NTFS File Attributes
SI-07 Software, Firmware, and Information Integrity mitigates T1565 Data Manipulation
SI-07 Software, Firmware, and Information Integrity mitigates T1574.001 DLL Search Order Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1574.014 AppDomainManager
SI-07 Software, Firmware, and Information Integrity mitigates T1611 Escape to Host
AC-16 Security and Privacy Attributes mitigates T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes mitigates T1020.001 Traffic Duplication
AC-18 Wireless Access mitigates T1020.001 Traffic Duplication
AC-20 Use of External Systems mitigates T1020.001 Traffic Duplication
AC-20 Use of External Systems mitigates T1021 Remote Services
AC-16 Security and Privacy Attributes mitigates T1040 Network Sniffing
AC-18 Wireless Access mitigates T1040 Network Sniffing
AC-16 Security and Privacy Attributes mitigates T1070.001 Clear Windows Event Logs
AC-18 Wireless Access mitigates T1070.001 Clear Windows Event Logs
AC-20 Use of External Systems mitigates T1072 Software Deployment Tools
AC-20 Use of External Systems mitigates T1078.004 Cloud Accounts
AC-20 Use of External Systems mitigates T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems mitigates T1098.002 Additional Email Delegate Permissions
AC-20 Use of External Systems mitigates T1098.003 Additional Cloud Roles
AC-20 Use of External Systems mitigates T1098.005 Device Registration
AC-20 Use of External Systems mitigates T1110 Brute Force
AC-16 Security and Privacy Attributes mitigates T1114 Email Collection
AC-20 Use of External Systems mitigates T1114 Email Collection
AC-16 Security and Privacy Attributes mitigates T1114.002 Remote Email Collection
AC-20 Use of External Systems mitigates T1114.002 Remote Email Collection
AC-16 Security and Privacy Attributes mitigates T1114.003 Email Forwarding Rule
AC-20 Use of External Systems mitigates T1114.003 Email Forwarding Rule
AC-16 Security and Privacy Attributes mitigates T1119 Automated Collection
AC-18 Wireless Access mitigates T1119 Automated Collection
AC-20 Use of External Systems mitigates T1119 Automated Collection
AC-20 Use of External Systems mitigates T1136 Create Account
AC-20 Use of External Systems mitigates T1136.002 Domain Account
AC-20 Use of External Systems mitigates T1136.003 Cloud Account
AC-14 Permitted Actions Without Identification or Authentication mitigates T1137.002 Office Test
AC-16 Security and Privacy Attributes mitigates T1213 Data from Information Repositories
AC-16 Security and Privacy Attributes mitigates T1213.001 Confluence
AC-16 Security and Privacy Attributes mitigates T1213.002 Sharepoint
AC-16 Security and Privacy Attributes mitigates T1213.004 Customer Relationship Management Software
AC-16 Security and Privacy Attributes mitigates T1213.005 Messaging Applications
AC-16 Security and Privacy Attributes mitigates T1530 Data from Cloud Storage
AC-18 Wireless Access mitigates T1530 Data from Cloud Storage
AC-20 Use of External Systems mitigates T1530 Data from Cloud Storage
AC-16 Security and Privacy Attributes mitigates T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems mitigates T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems mitigates T1539 Steal Web Session Cookie
AC-16 Security and Privacy Attributes mitigates T1548 Abuse Elevation Control Mechanism
AC-16 Security and Privacy Attributes mitigates T1548.006 TCC Manipulation
AC-16 Security and Privacy Attributes mitigates T1550.001 Application Access Token
AC-20 Use of External Systems mitigates T1550.001 Application Access Token
AC-16 Security and Privacy Attributes mitigates T1552 Unsecured Credentials
AC-18 Wireless Access mitigates T1552 Unsecured Credentials
AC-20 Use of External Systems mitigates T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes mitigates T1552.004 Private Keys
AC-18 Wireless Access mitigates T1552.004 Private Keys
AC-20 Use of External Systems mitigates T1552.004 Private Keys
AC-20 Use of External Systems mitigates T1555 Credentials from Password Stores
AC-20 Use of External Systems mitigates T1556 Modify Authentication Process
AC-20 Use of External Systems mitigates T1556.001 Domain Controller Authentication
AC-16 Security and Privacy Attributes mitigates T1556.009 Conditional Access Policies
AC-16 Security and Privacy Attributes mitigates T1557 Adversary-in-the-Middle
AC-18 Wireless Access mitigates T1557 Adversary-in-the-Middle
AC-20 Use of External Systems mitigates T1557 Adversary-in-the-Middle
AC-18 Wireless Access mitigates T1557.004 Evil Twin
AC-16 Security and Privacy Attributes mitigates T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access mitigates T1558 Steal or Forge Kerberos Tickets
AC-16 Security and Privacy Attributes mitigates T1564.004 NTFS File Attributes
AC-16 Security and Privacy Attributes mitigates T1565 Data Manipulation
AC-18 Wireless Access mitigates T1565 Data Manipulation
AC-20 Use of External Systems mitigates T1565 Data Manipulation
AC-20 Use of External Systems mitigates T1578.005 Modify Cloud Compute Configurations
CM-02 Baseline Configuration mitigates T1053.002 At
CM-02 Baseline Configuration mitigates T1053.005 Scheduled Task
CM-02 Baseline Configuration mitigates T1059 Command and Scripting Interpreter
CM-02 Baseline Configuration mitigates T1176 Browser Extensions
CM-02 Baseline Configuration mitigates T1213 Data from Information Repositories
CM-02 Baseline Configuration mitigates T1213.001 Confluence
CM-02 Baseline Configuration mitigates T1213.002 Sharepoint
CM-02 Baseline Configuration mitigates T1484 Domain or Tenant Policy Modification
CM-02 Baseline Configuration mitigates T1528 Steal Application Access Token
CM-02 Baseline Configuration mitigates T1530 Data from Cloud Storage
CM-02 Baseline Configuration mitigates T1542 Pre-OS Boot
CM-02 Baseline Configuration mitigates T1543 Create or Modify System Process
CM-02 Baseline Configuration mitigates T1548 Abuse Elevation Control Mechanism
CM-02 Baseline Configuration mitigates T1550.001 Application Access Token
CM-02 Baseline Configuration mitigates T1552 Unsecured Credentials
CM-02 Baseline Configuration mitigates T1552.001 Credentials In Files
CM-02 Baseline Configuration mitigates T1552.004 Private Keys
CM-02 Baseline Configuration mitigates T1553 Subvert Trust Controls
CM-02 Baseline Configuration mitigates T1554 Compromise Host Software Binary
CM-02 Baseline Configuration mitigates T1560 Archive Collected Data
CM-02 Baseline Configuration mitigates T1562 Impair Defenses
CM-02 Baseline Configuration mitigates T1563 Remote Service Session Hijacking
CM-02 Baseline Configuration mitigates T1574.001 DLL Search Order Hijacking
CM-02 Baseline Configuration mitigates T1001 Data Obfuscation
CM-02 Baseline Configuration mitigates T1001.001 Junk Data
CM-02 Baseline Configuration mitigates T1001.003 Protocol or Service Impersonation
CM-02 Baseline Configuration mitigates T1003 OS Credential Dumping
CM-02 Baseline Configuration mitigates T1003.001 LSASS Memory
CM-02 Baseline Configuration mitigates T1003.005 Cached Domain Credentials
CM-02 Baseline Configuration mitigates T1003.007 Proc Filesystem
CM-02 Baseline Configuration mitigates T1020.001 Traffic Duplication
CM-02 Baseline Configuration mitigates T1021 Remote Services
CM-02 Baseline Configuration mitigates T1027 Obfuscated Files or Information
CM-02 Baseline Configuration mitigates T1036 Masquerading
CM-02 Baseline Configuration mitigates T1037 Boot or Logon Initialization Scripts
CM-02 Baseline Configuration mitigates T1047 Windows Management Instrumentation
CM-02 Baseline Configuration mitigates T1053 Scheduled Task/Job
CM-02 Baseline Configuration mitigates T1053.002 At
CM-02 Baseline Configuration mitigates T1053.005 Scheduled Task
CM-02 Baseline Configuration mitigates T1059 Command and Scripting Interpreter
CM-02 Baseline Configuration mitigates T1059.006 Python
CM-02 Baseline Configuration mitigates T1059.010 AutoHotKey & AutoIT
CM-02 Baseline Configuration mitigates T1059.011 Lua
CM-02 Baseline Configuration mitigates T1070.001 Clear Windows Event Logs
CM-02 Baseline Configuration mitigates T1070.003 Clear Command History
CM-02 Baseline Configuration mitigates T1071 Application Layer Protocol
CM-02 Baseline Configuration mitigates T1071.002 File Transfer Protocols
CM-02 Baseline Configuration mitigates T1071.003 Mail Protocols
CM-02 Baseline Configuration mitigates T1072 Software Deployment Tools
CM-02 Baseline Configuration mitigates T1092 Communication Through Removable Media
CM-02 Baseline Configuration mitigates T1102 Web Service
CM-02 Baseline Configuration mitigates T1105 Ingress Tool Transfer
CM-02 Baseline Configuration mitigates T1110 Brute Force
CM-02 Baseline Configuration mitigates T1114 Email Collection
CM-02 Baseline Configuration mitigates T1114.002 Remote Email Collection
CM-02 Baseline Configuration mitigates T1119 Automated Collection
CM-02 Baseline Configuration mitigates T1127.002 ClickOnce
CM-02 Baseline Configuration mitigates T1137.002 Office Test
CM-02 Baseline Configuration mitigates T1176 Browser Extensions
CM-02 Baseline Configuration mitigates T1195 Supply Chain Compromise
CM-02 Baseline Configuration mitigates T1204 User Execution
CM-02 Baseline Configuration mitigates T1204.002 Malicious File
CM-02 Baseline Configuration mitigates T1213 Data from Information Repositories
CM-02 Baseline Configuration mitigates T1213.001 Confluence
CM-02 Baseline Configuration mitigates T1213.002 Sharepoint
CM-02 Baseline Configuration mitigates T1213.005 Messaging Applications
CM-02 Baseline Configuration mitigates T1216.002 SyncAppvPublishingServer
CM-02 Baseline Configuration mitigates T1218 System Binary Proxy Execution
CM-02 Baseline Configuration mitigates T1218.015 Electron Applications
CM-02 Baseline Configuration mitigates T1219 Remote Access Software
CM-02 Baseline Configuration mitigates T1484 Domain or Tenant Policy Modification
CM-02 Baseline Configuration mitigates T1485 Data Destruction
CM-02 Baseline Configuration mitigates T1490 Inhibit System Recovery
CM-02 Baseline Configuration mitigates T1505.003 Web Shell
CM-02 Baseline Configuration mitigates T1528 Steal Application Access Token
CM-02 Baseline Configuration mitigates T1530 Data from Cloud Storage
CM-02 Baseline Configuration mitigates T1539 Steal Web Session Cookie
CM-02 Baseline Configuration mitigates T1543 Create or Modify System Process
CM-02 Baseline Configuration mitigates T1543.002 Systemd Service
CM-02 Baseline Configuration mitigates T1543.003 Windows Service
CM-02 Baseline Configuration mitigates T1546 Event Triggered Execution
CM-02 Baseline Configuration mitigates T1546.003 Windows Management Instrumentation Event Subscription
CM-02 Baseline Configuration mitigates T1547.003 Time Providers
CM-02 Baseline Configuration mitigates T1548 Abuse Elevation Control Mechanism
CM-02 Baseline Configuration mitigates T1548.006 TCC Manipulation
CM-02 Baseline Configuration mitigates T1550.001 Application Access Token
CM-02 Baseline Configuration mitigates T1552 Unsecured Credentials
CM-02 Baseline Configuration mitigates T1552.001 Credentials In Files
CM-02 Baseline Configuration mitigates T1552.004 Private Keys
CM-02 Baseline Configuration mitigates T1553 Subvert Trust Controls
CM-02 Baseline Configuration mitigates T1554 Compromise Host Software Binary
CM-02 Baseline Configuration mitigates T1555.005 Password Managers
CM-02 Baseline Configuration mitigates T1556 Modify Authentication Process
CM-02 Baseline Configuration mitigates T1557 Adversary-in-the-Middle
CM-02 Baseline Configuration mitigates T1557.004 Evil Twin
CM-02 Baseline Configuration mitigates T1558 Steal or Forge Kerberos Tickets
CM-02 Baseline Configuration mitigates T1562 Impair Defenses
CM-02 Baseline Configuration mitigates T1562.004 Disable or Modify System Firewall
CM-02 Baseline Configuration mitigates T1562.006 Indicator Blocking
CM-02 Baseline Configuration mitigates T1563 Remote Service Session Hijacking
CM-02 Baseline Configuration mitigates T1565 Data Manipulation
CM-02 Baseline Configuration mitigates T1566 Phishing
CM-02 Baseline Configuration mitigates T1566.001 Spearphishing Attachment
CM-02 Baseline Configuration mitigates T1566.002 Spearphishing Link
CM-02 Baseline Configuration mitigates T1572 Protocol Tunneling
CM-02 Baseline Configuration mitigates T1573 Encrypted Channel
CM-02 Baseline Configuration mitigates T1574.001 DLL Search Order Hijacking
CM-02 Baseline Configuration mitigates T1598.003 Spearphishing Link
SA-11 Developer Testing and Evaluation mitigates T1078.001 Default Accounts
SA-11 Developer Testing and Evaluation mitigates T1078.003 Local Accounts
SA-11 Developer Testing and Evaluation mitigates T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation mitigates T1195.001 Compromise Software Dependencies and Development Tools
SA-11 Developer Testing and Evaluation mitigates T1213.003 Code Repositories
SA-11 Developer Testing and Evaluation mitigates T1528 Steal Application Access Token
SA-11 Developer Testing and Evaluation mitigates T1542 Pre-OS Boot
SA-11 Developer Testing and Evaluation mitigates T1542.001 System Firmware
SA-11 Developer Testing and Evaluation mitigates T1552 Unsecured Credentials
SA-11 Developer Testing and Evaluation mitigates T1552.001 Credentials In Files
SA-11 Developer Testing and Evaluation mitigates T1552.004 Private Keys
SA-11 Developer Testing and Evaluation mitigates T1553 Subvert Trust Controls
SA-08 Security and Privacy Engineering Principles mitigates T1078 Valid Accounts
SA-08 Security and Privacy Engineering Principles mitigates T1078.001 Default Accounts
SA-08 Security and Privacy Engineering Principles mitigates T1078.003 Local Accounts
SA-08 Security and Privacy Engineering Principles mitigates T1078.004 Cloud Accounts
SA-08 Security and Privacy Engineering Principles mitigates T1190 Exploit Public-Facing Application
SA-08 Security and Privacy Engineering Principles mitigates T1213.003 Code Repositories
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.001 LSASS Memory
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.005 Cached Domain Credentials
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.007 Proc Filesystem
IA-02 Identification and Authentication (Organizational Users) mitigates T1021 Remote Services
IA-02 Identification and Authentication (Organizational Users) mitigates T1036.010 Masquerade Account Name
IA-02 Identification and Authentication (Organizational Users) mitigates T1040 Network Sniffing
IA-02 Identification and Authentication (Organizational Users) mitigates T1047 Windows Management Instrumentation
IA-02 Identification and Authentication (Organizational Users) mitigates T1053 Scheduled Task/Job
IA-02 Identification and Authentication (Organizational Users) mitigates T1053.002 At
IA-02 Identification and Authentication (Organizational Users) mitigates T1053.005 Scheduled Task
IA-02 Identification and Authentication (Organizational Users) mitigates T1059 Command and Scripting Interpreter
IA-02 Identification and Authentication (Organizational Users) mitigates T1072 Software Deployment Tools
IA-02 Identification and Authentication (Organizational Users) mitigates T1078 Valid Accounts
IA-02 Identification and Authentication (Organizational Users) mitigates T1078.003 Local Accounts
IA-02 Identification and Authentication (Organizational Users) mitigates T1078.004 Cloud Accounts
IA-02 Identification and Authentication (Organizational Users) mitigates T1098 Account Manipulation
IA-02 Identification and Authentication (Organizational Users) mitigates T1098.001 Additional Cloud Credentials
IA-02 Identification and Authentication (Organizational Users) mitigates T1098.002 Additional Email Delegate Permissions
IA-02 Identification and Authentication (Organizational Users) mitigates T1098.003 Additional Cloud Roles
IA-02 Identification and Authentication (Organizational Users) mitigates T1098.007 Additional Local or Domain Groups
IA-02 Identification and Authentication (Organizational Users) mitigates T1110 Brute Force
IA-02 Identification and Authentication (Organizational Users) mitigates T1114 Email Collection
IA-02 Identification and Authentication (Organizational Users) mitigates T1114.002 Remote Email Collection
IA-02 Identification and Authentication (Organizational Users) mitigates T1134.001 Token Impersonation/Theft
IA-02 Identification and Authentication (Organizational Users) mitigates T1134.003 Make and Impersonate Token
IA-02 Identification and Authentication (Organizational Users) mitigates T1136 Create Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1136.002 Domain Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1136.003 Cloud Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1190 Exploit Public-Facing Application
IA-02 Identification and Authentication (Organizational Users) mitigates T1213 Data from Information Repositories
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.001 Confluence
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.002 Sharepoint
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.003 Code Repositories
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.004 Customer Relationship Management Software
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.005 Messaging Applications
IA-02 Identification and Authentication (Organizational Users) mitigates T1218 System Binary Proxy Execution
IA-02 Identification and Authentication (Organizational Users) mitigates T1484 Domain or Tenant Policy Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1489 Service Stop
IA-02 Identification and Authentication (Organizational Users) mitigates T1528 Steal Application Access Token
IA-02 Identification and Authentication (Organizational Users) mitigates T1530 Data from Cloud Storage
IA-02 Identification and Authentication (Organizational Users) mitigates T1537 Transfer Data to Cloud Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1539 Steal Web Session Cookie
IA-02 Identification and Authentication (Organizational Users) mitigates T1542 Pre-OS Boot
IA-02 Identification and Authentication (Organizational Users) mitigates T1542.001 System Firmware
IA-02 Identification and Authentication (Organizational Users) mitigates T1543 Create or Modify System Process
IA-02 Identification and Authentication (Organizational Users) mitigates T1543.002 Systemd Service
IA-02 Identification and Authentication (Organizational Users) mitigates T1543.003 Windows Service
IA-02 Identification and Authentication (Organizational Users) mitigates T1543.005 Container Service
IA-02 Identification and Authentication (Organizational Users) mitigates T1546.003 Windows Management Instrumentation Event Subscription
IA-02 Identification and Authentication (Organizational Users) mitigates T1547.004 Winlogon Helper DLL
IA-02 Identification and Authentication (Organizational Users) mitigates T1547.009 Shortcut Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1548 Abuse Elevation Control Mechanism
IA-02 Identification and Authentication (Organizational Users) mitigates T1550 Use Alternate Authentication Material
IA-02 Identification and Authentication (Organizational Users) mitigates T1550.001 Application Access Token
IA-02 Identification and Authentication (Organizational Users) mitigates T1552 Unsecured Credentials
IA-02 Identification and Authentication (Organizational Users) mitigates T1552.001 Credentials In Files
IA-02 Identification and Authentication (Organizational Users) mitigates T1552.004 Private Keys
IA-02 Identification and Authentication (Organizational Users) mitigates T1555.005 Password Managers
IA-02 Identification and Authentication (Organizational Users) mitigates T1556 Modify Authentication Process
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.001 Domain Controller Authentication
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.006 Multi-Factor Authentication
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.007 Hybrid Identity
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.009 Conditional Access Policies
IA-02 Identification and Authentication (Organizational Users) mitigates T1558 Steal or Forge Kerberos Tickets
IA-02 Identification and Authentication (Organizational Users) mitigates T1558.005 Ccache Files
IA-02 Identification and Authentication (Organizational Users) mitigates T1562 Impair Defenses
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.004 Disable or Modify System Firewall
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.006 Indicator Blocking
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.007 Disable or Modify Cloud Firewall
IA-02 Identification and Authentication (Organizational Users) mitigates T1563 Remote Service Session Hijacking
IA-02 Identification and Authentication (Organizational Users) mitigates T1610 Deploy Container
IA-02 Identification and Authentication (Organizational Users) mitigates T1611 Escape to Host
IA-02 Identification and Authentication (Organizational Users) mitigates T1621 Multi-Factor Authentication Request Generation
IA-02 Identification and Authentication (Organizational Users) mitigates T1648 Serverless Execution
IA-02 Identification and Authentication (Organizational Users) mitigates T1649 Steal or Forge Authentication Certificates
IA-02 Identification and Authentication (Organizational Users) mitigates T1651 Cloud Administration Command
CM-07 Least Functionality mitigates T1003.001 LSASS Memory
CM-07 Least Functionality mitigates T1003.005 Cached Domain Credentials
CM-07 Least Functionality mitigates T1020.001 Traffic Duplication
CM-07 Least Functionality mitigates T1021 Remote Services
CM-07 Least Functionality mitigates T1027 Obfuscated Files or Information
CM-07 Least Functionality mitigates T1036 Masquerading
CM-07 Least Functionality mitigates T1037 Boot or Logon Initialization Scripts
CM-07 Least Functionality mitigates T1040 Network Sniffing
CM-07 Least Functionality mitigates T1047 Windows Management Instrumentation
CM-07 Least Functionality mitigates T1053 Scheduled Task/Job
CM-07 Least Functionality mitigates T1053.002 At
CM-07 Least Functionality mitigates T1053.005 Scheduled Task
CM-07 Least Functionality mitigates T1059 Command and Scripting Interpreter
CM-07 Least Functionality mitigates T1059.010 AutoHotKey & AutoIT
CM-07 Least Functionality mitigates T1071 Application Layer Protocol
CM-07 Least Functionality mitigates T1071.002 File Transfer Protocols
CM-07 Least Functionality mitigates T1071.003 Mail Protocols
CM-07 Least Functionality mitigates T1072 Software Deployment Tools
CM-07 Least Functionality mitigates T1078 Valid Accounts
CM-07 Least Functionality mitigates T1078.004 Cloud Accounts
CM-07 Least Functionality mitigates T1087 Account Discovery
CM-07 Least Functionality mitigates T1087.001 Local Account
CM-07 Least Functionality mitigates T1087.002 Domain Account
CM-07 Least Functionality mitigates T1090.003 Multi-hop Proxy
CM-07 Least Functionality mitigates T1092 Communication Through Removable Media
CM-07 Least Functionality mitigates T1098 Account Manipulation
CM-07 Least Functionality mitigates T1098.001 Additional Cloud Credentials
CM-07 Least Functionality mitigates T1098.007 Additional Local or Domain Groups
CM-07 Least Functionality mitigates T1102 Web Service
CM-07 Least Functionality mitigates T1105 Ingress Tool Transfer
CM-07 Least Functionality mitigates T1127.002 ClickOnce
CM-07 Least Functionality mitigates T1136 Create Account
CM-07 Least Functionality mitigates T1136.002 Domain Account
CM-07 Least Functionality mitigates T1136.003 Cloud Account
CM-07 Least Functionality mitigates T1176 Browser Extensions
CM-07 Least Functionality mitigates T1190 Exploit Public-Facing Application
CM-07 Least Functionality mitigates T1195 Supply Chain Compromise
CM-07 Least Functionality mitigates T1195.001 Compromise Software Dependencies and Development Tools
CM-07 Least Functionality mitigates T1204 User Execution
CM-07 Least Functionality mitigates T1204.002 Malicious File
CM-07 Least Functionality mitigates T1213 Data from Information Repositories
CM-07 Least Functionality mitigates T1213.001 Confluence
CM-07 Least Functionality mitigates T1213.002 Sharepoint
CM-07 Least Functionality mitigates T1213.004 Customer Relationship Management Software
CM-07 Least Functionality mitigates T1213.005 Messaging Applications
CM-07 Least Functionality mitigates T1216.002 SyncAppvPublishingServer
CM-07 Least Functionality mitigates T1218 System Binary Proxy Execution
CM-07 Least Functionality mitigates T1218.015 Electron Applications
CM-07 Least Functionality mitigates T1219 Remote Access Software
CM-07 Least Functionality mitigates T1484 Domain or Tenant Policy Modification
CM-07 Least Functionality mitigates T1489 Service Stop
CM-07 Least Functionality mitigates T1490 Inhibit System Recovery
CM-07 Least Functionality mitigates T1530 Data from Cloud Storage
CM-07 Least Functionality mitigates T1537 Transfer Data to Cloud Account
CM-07 Least Functionality mitigates T1543 Create or Modify System Process
CM-07 Least Functionality mitigates T1547.004 Winlogon Helper DLL
CM-07 Least Functionality mitigates T1547.009 Shortcut Modification
CM-07 Least Functionality mitigates T1548 Abuse Elevation Control Mechanism
CM-07 Least Functionality mitigates T1548.006 TCC Manipulation
CM-07 Least Functionality mitigates T1552 Unsecured Credentials
CM-07 Least Functionality mitigates T1553 Subvert Trust Controls
CM-07 Least Functionality mitigates T1556 Modify Authentication Process
CM-07 Least Functionality mitigates T1556.009 Conditional Access Policies
CM-07 Least Functionality mitigates T1557 Adversary-in-the-Middle
CM-07 Least Functionality mitigates T1562 Impair Defenses
CM-07 Least Functionality mitigates T1562.004 Disable or Modify System Firewall
CM-07 Least Functionality mitigates T1562.006 Indicator Blocking
CM-07 Least Functionality mitigates T1563 Remote Service Session Hijacking
CM-07 Least Functionality mitigates T1564.003 Hidden Window
CM-07 Least Functionality mitigates T1565 Data Manipulation
CM-07 Least Functionality mitigates T1572 Protocol Tunneling
CM-07 Least Functionality mitigates T1573 Encrypted Channel
CM-07 Least Functionality mitigates T1574.001 DLL Search Order Hijacking
CM-07 Least Functionality mitigates T1574.014 AppDomainManager
CM-07 Least Functionality mitigates T1590.002 DNS
CM-07 Least Functionality mitigates T1610 Deploy Container
CM-07 Least Functionality mitigates T1611 Escape to Host
CM-07 Least Functionality mitigates T1648 Serverless Execution
SI-04 System Monitoring mitigates T1001.001 Junk Data
SI-04 System Monitoring mitigates T1001.003 Protocol or Service Impersonation
SI-04 System Monitoring mitigates T1003 OS Credential Dumping
SI-04 System Monitoring mitigates T1003.001 LSASS Memory
SI-04 System Monitoring mitigates T1003.005 Cached Domain Credentials
SI-04 System Monitoring mitigates T1003.007 Proc Filesystem
SI-04 System Monitoring mitigates T1020.001 Traffic Duplication
SI-04 System Monitoring mitigates T1021 Remote Services
SI-04 System Monitoring mitigates T1027 Obfuscated Files or Information
SI-04 System Monitoring mitigates T1027.011 Fileless Storage
SI-04 System Monitoring mitigates T1036 Masquerading
SI-04 System Monitoring mitigates T1036.010 Masquerade Account Name
SI-04 System Monitoring mitigates T1037 Boot or Logon Initialization Scripts
SI-04 System Monitoring mitigates T1040 Network Sniffing
SI-04 System Monitoring mitigates T1047 Windows Management Instrumentation
SI-04 System Monitoring mitigates T1053 Scheduled Task/Job
SI-04 System Monitoring mitigates T1053.002 At
SI-04 System Monitoring mitigates T1053.005 Scheduled Task
SI-04 System Monitoring mitigates T1056.002 GUI Input Capture
SI-04 System Monitoring mitigates T1059 Command and Scripting Interpreter
SI-04 System Monitoring mitigates T1059.006 Python
SI-04 System Monitoring mitigates T1059.010 AutoHotKey & AutoIT
SI-04 System Monitoring mitigates T1059.011 Lua
SI-04 System Monitoring mitigates T1070.001 Clear Windows Event Logs
SI-04 System Monitoring mitigates T1070.003 Clear Command History
SI-04 System Monitoring mitigates T1070.010 Relocate Malware
SI-04 System Monitoring mitigates T1071 Application Layer Protocol
SI-04 System Monitoring mitigates T1071.002 File Transfer Protocols
SI-04 System Monitoring mitigates T1071.003 Mail Protocols
SI-04 System Monitoring mitigates T1071.005 Publish/Subscribe Protocols
SI-04 System Monitoring mitigates T1072 Software Deployment Tools
SI-04 System Monitoring mitigates T1078 Valid Accounts
SI-04 System Monitoring mitigates T1078.001 Default Accounts
SI-04 System Monitoring mitigates T1078.003 Local Accounts
SI-04 System Monitoring mitigates T1078.004 Cloud Accounts
SI-04 System Monitoring mitigates T1087 Account Discovery
SI-04 System Monitoring mitigates T1087.001 Local Account
SI-04 System Monitoring mitigates T1087.002 Domain Account
SI-04 System Monitoring mitigates T1092 Communication Through Removable Media
SI-04 System Monitoring mitigates T1098 Account Manipulation
SI-04 System Monitoring mitigates T1098.001 Additional Cloud Credentials
SI-04 System Monitoring mitigates T1098.002 Additional Email Delegate Permissions
SI-04 System Monitoring mitigates T1098.003 Additional Cloud Roles
SI-04 System Monitoring mitigates T1098.007 Additional Local or Domain Groups
SI-04 System Monitoring mitigates T1102 Web Service
SI-04 System Monitoring mitigates T1105 Ingress Tool Transfer
SI-04 System Monitoring mitigates T1110 Brute Force
SI-04 System Monitoring mitigates T1114 Email Collection
SI-04 System Monitoring mitigates T1114.002 Remote Email Collection
SI-04 System Monitoring mitigates T1114.003 Email Forwarding Rule
SI-04 System Monitoring mitigates T1119 Automated Collection
SI-04 System Monitoring mitigates T1127.002 ClickOnce
SI-04 System Monitoring mitigates T1136 Create Account
SI-04 System Monitoring mitigates T1136.002 Domain Account
SI-04 System Monitoring mitigates T1136.003 Cloud Account
SI-04 System Monitoring mitigates T1176 Browser Extensions
SI-04 System Monitoring mitigates T1190 Exploit Public-Facing Application
SI-04 System Monitoring mitigates T1195 Supply Chain Compromise
SI-04 System Monitoring mitigates T1195.001 Compromise Software Dependencies and Development Tools
SI-04 System Monitoring mitigates T1203 Exploitation for Client Execution
SI-04 System Monitoring mitigates T1204 User Execution
SI-04 System Monitoring mitigates T1204.002 Malicious File
SI-04 System Monitoring mitigates T1213 Data from Information Repositories
SI-04 System Monitoring mitigates T1213.001 Confluence
SI-04 System Monitoring mitigates T1213.002 Sharepoint
SI-04 System Monitoring mitigates T1213.004 Customer Relationship Management Software
SI-04 System Monitoring mitigates T1213.005 Messaging Applications
SI-04 System Monitoring mitigates T1218 System Binary Proxy Execution
SI-04 System Monitoring mitigates T1218.011 Rundll32
SI-04 System Monitoring mitigates T1218.015 Electron Applications
SI-04 System Monitoring mitigates T1219 Remote Access Software
SI-04 System Monitoring mitigates T1484 Domain or Tenant Policy Modification
SI-04 System Monitoring mitigates T1485 Data Destruction
SI-04 System Monitoring mitigates T1489 Service Stop
SI-04 System Monitoring mitigates T1490 Inhibit System Recovery
SI-04 System Monitoring mitigates T1505.003 Web Shell
SI-04 System Monitoring mitigates T1528 Steal Application Access Token
SI-04 System Monitoring mitigates T1530 Data from Cloud Storage
SI-04 System Monitoring mitigates T1537 Transfer Data to Cloud Account
SI-04 System Monitoring mitigates T1539 Steal Web Session Cookie
SI-04 System Monitoring mitigates T1543 Create or Modify System Process
SI-04 System Monitoring mitigates T1543.002 Systemd Service
SI-04 System Monitoring mitigates T1546.003 Windows Management Instrumentation Event Subscription
SI-04 System Monitoring mitigates T1546.016 Installer Packages
SI-04 System Monitoring mitigates T1547.003 Time Providers
SI-04 System Monitoring mitigates T1547.004 Winlogon Helper DLL
SI-04 System Monitoring mitigates T1547.009 Shortcut Modification
SI-04 System Monitoring mitigates T1548 Abuse Elevation Control Mechanism
SI-04 System Monitoring mitigates T1548.006 TCC Manipulation
SI-04 System Monitoring mitigates T1550.001 Application Access Token
SI-04 System Monitoring mitigates T1552 Unsecured Credentials
SI-04 System Monitoring mitigates T1552.001 Credentials In Files
SI-04 System Monitoring mitigates T1552.004 Private Keys
SI-04 System Monitoring mitigates T1553 Subvert Trust Controls
SI-04 System Monitoring mitigates T1555 Credentials from Password Stores
SI-04 System Monitoring mitigates T1555.002 Securityd Memory
SI-04 System Monitoring mitigates T1555.005 Password Managers
SI-04 System Monitoring mitigates T1556 Modify Authentication Process
SI-04 System Monitoring mitigates T1556.001 Domain Controller Authentication
SI-04 System Monitoring mitigates T1556.009 Conditional Access Policies
SI-04 System Monitoring mitigates T1557 Adversary-in-the-Middle
SI-04 System Monitoring mitigates T1557.004 Evil Twin
SI-04 System Monitoring mitigates T1558 Steal or Forge Kerberos Tickets
SI-04 System Monitoring mitigates T1558.005 Ccache Files
SI-04 System Monitoring mitigates T1560 Archive Collected Data
SI-04 System Monitoring mitigates T1562 Impair Defenses
SI-04 System Monitoring mitigates T1562.004 Disable or Modify System Firewall
SI-04 System Monitoring mitigates T1562.006 Indicator Blocking
SI-04 System Monitoring mitigates T1563 Remote Service Session Hijacking
SI-04 System Monitoring mitigates T1564.004 NTFS File Attributes
SI-04 System Monitoring mitigates T1565 Data Manipulation
SI-04 System Monitoring mitigates T1566 Phishing
SI-04 System Monitoring mitigates T1566.001 Spearphishing Attachment
SI-04 System Monitoring mitigates T1566.002 Spearphishing Link
SI-04 System Monitoring mitigates T1566.003 Spearphishing via Service
SI-04 System Monitoring mitigates T1572 Protocol Tunneling
SI-04 System Monitoring mitigates T1573 Encrypted Channel
SI-04 System Monitoring mitigates T1574.001 DLL Search Order Hijacking
SI-04 System Monitoring mitigates T1574.014 AppDomainManager
SI-04 System Monitoring mitigates T1598.003 Spearphishing Link
SI-04 System Monitoring mitigates T1610 Deploy Container
SI-04 System Monitoring mitigates T1611 Escape to Host
SI-04 System Monitoring mitigates T1648 Serverless Execution
SI-04 System Monitoring mitigates T1651 Cloud Administration Command
AC-04 Information Flow Enforcement mitigates T1001.001 Junk Data
AC-04 Information Flow Enforcement mitigates T1001.003 Protocol or Service Impersonation
AC-02 Account Management mitigates T1003 OS Credential Dumping
AC-03 Access Enforcement mitigates T1003 OS Credential Dumping
AC-04 Information Flow Enforcement mitigates T1003 OS Credential Dumping
AC-05 Separation of Duties mitigates T1003 OS Credential Dumping
AC-06 Least Privilege mitigates T1003 OS Credential Dumping
AC-02 Account Management mitigates T1003.001 LSASS Memory
AC-03 Access Enforcement mitigates T1003.001 LSASS Memory
AC-04 Information Flow Enforcement mitigates T1003.001 LSASS Memory
AC-05 Separation of Duties mitigates T1003.001 LSASS Memory
AC-06 Least Privilege mitigates T1003.001 LSASS Memory
AC-02 Account Management mitigates T1003.005 Cached Domain Credentials
AC-03 Access Enforcement mitigates T1003.005 Cached Domain Credentials
AC-04 Information Flow Enforcement mitigates T1003.005 Cached Domain Credentials
AC-05 Separation of Duties mitigates T1003.005 Cached Domain Credentials
AC-06 Least Privilege mitigates T1003.005 Cached Domain Credentials
AC-02 Account Management mitigates T1003.007 Proc Filesystem
AC-03 Access Enforcement mitigates T1003.007 Proc Filesystem
AC-05 Separation of Duties mitigates T1003.007 Proc Filesystem
AC-06 Least Privilege mitigates T1003.007 Proc Filesystem
AC-06 Least Privilege mitigates T1020.001 Traffic Duplication
AC-03 Access Enforcement mitigates T1020.001 Traffic Duplication
AC-02 Account Management mitigates T1020.001 Traffic Duplication
AC-04 Information Flow Enforcement mitigates T1020.001 Traffic Duplication
AC-02 Account Management mitigates T1021 Remote Services
AC-03 Access Enforcement mitigates T1021 Remote Services
AC-05 Separation of Duties mitigates T1021 Remote Services
AC-06 Least Privilege mitigates T1021 Remote Services
AC-07 Unsuccessful Logon Attempts mitigates T1021 Remote Services
AC-03 Access Enforcement mitigates T1027 Obfuscated Files or Information
AC-02 Account Management mitigates T1036 Masquerading
AC-03 Access Enforcement mitigates T1036 Masquerading
AC-06 Least Privilege mitigates T1036 Masquerading
AC-02 Account Management mitigates T1036.010 Masquerade Account Name
AC-03 Access Enforcement mitigates T1036.010 Masquerade Account Name
AC-03 Access Enforcement mitigates T1037 Boot or Logon Initialization Scripts
AC-02 Account Management mitigates T1047 Windows Management Instrumentation
AC-03 Access Enforcement mitigates T1047 Windows Management Instrumentation
AC-05 Separation of Duties mitigates T1047 Windows Management Instrumentation
AC-06 Least Privilege mitigates T1047 Windows Management Instrumentation
AC-02 Account Management mitigates T1053 Scheduled Task/Job
AC-03 Access Enforcement mitigates T1053 Scheduled Task/Job
AC-05 Separation of Duties mitigates T1053 Scheduled Task/Job
AC-06 Least Privilege mitigates T1053 Scheduled Task/Job
AC-02 Account Management mitigates T1053.002 At
AC-05 Separation of Duties mitigates T1053.002 At
AC-06 Least Privilege mitigates T1053.002 At
AC-03 Access Enforcement mitigates T1053.002 At
AC-02 Account Management mitigates T1053.005 Scheduled Task
AC-03 Access Enforcement mitigates T1053.005 Scheduled Task
AC-05 Separation of Duties mitigates T1053.005 Scheduled Task
AC-06 Least Privilege mitigates T1053.005 Scheduled Task
AC-02 Account Management mitigates T1059 Command and Scripting Interpreter
AC-03 Access Enforcement mitigates T1059 Command and Scripting Interpreter
AC-05 Separation of Duties mitigates T1059 Command and Scripting Interpreter
AC-06 Least Privilege mitigates T1059 Command and Scripting Interpreter
AC-02 Account Management mitigates T1059.006 Python
AC-03 Access Enforcement mitigates T1059.006 Python
AC-06 Least Privilege mitigates T1059.006 Python
AC-02 Account Management mitigates T1059.010 AutoHotKey & AutoIT
AC-03 Access Enforcement mitigates T1059.010 AutoHotKey & AutoIT
AC-06 Least Privilege mitigates T1059.010 AutoHotKey & AutoIT
AC-02 Account Management mitigates T1059.011 Lua
AC-03 Access Enforcement mitigates T1059.011 Lua
AC-06 Least Privilege mitigates T1059.011 Lua
AC-02 Account Management mitigates T1070.001 Clear Windows Event Logs
AC-03 Access Enforcement mitigates T1070.001 Clear Windows Event Logs
AC-05 Separation of Duties mitigates T1070.001 Clear Windows Event Logs
AC-06 Least Privilege mitigates T1070.001 Clear Windows Event Logs
AC-02 Account Management mitigates T1070.003 Clear Command History
AC-03 Access Enforcement mitigates T1070.003 Clear Command History
AC-05 Separation of Duties mitigates T1070.003 Clear Command History
AC-06 Least Privilege mitigates T1070.003 Clear Command History
AC-04 Information Flow Enforcement mitigates T1071 Application Layer Protocol
AC-04 Information Flow Enforcement mitigates T1071.002 File Transfer Protocols
AC-04 Information Flow Enforcement mitigates T1071.003 Mail Protocols
AC-04 Information Flow Enforcement mitigates T1071.005 Publish/Subscribe Protocols
AC-12 Session Termination mitigates T1072 Software Deployment Tools
AC-02 Account Management mitigates T1072 Software Deployment Tools
AC-03 Access Enforcement mitigates T1072 Software Deployment Tools
AC-04 Information Flow Enforcement mitigates T1072 Software Deployment Tools
AC-05 Separation of Duties mitigates T1072 Software Deployment Tools
AC-06 Least Privilege mitigates T1072 Software Deployment Tools
AC-02 Account Management mitigates T1078 Valid Accounts
AC-03 Access Enforcement mitigates T1078 Valid Accounts
AC-05 Separation of Duties mitigates T1078 Valid Accounts
AC-06 Least Privilege mitigates T1078 Valid Accounts
AC-02 Account Management mitigates T1078.001 Default Accounts
AC-05 Separation of Duties mitigates T1078.001 Default Accounts
AC-06 Least Privilege mitigates T1078.001 Default Accounts
AC-02 Account Management mitigates T1078.003 Local Accounts
AC-03 Access Enforcement mitigates T1078.003 Local Accounts
AC-05 Separation of Duties mitigates T1078.003 Local Accounts
AC-06 Least Privilege mitigates T1078.003 Local Accounts
AC-02 Account Management mitigates T1078.004 Cloud Accounts
AC-03 Access Enforcement mitigates T1078.004 Cloud Accounts
AC-05 Separation of Duties mitigates T1078.004 Cloud Accounts
AC-06 Least Privilege mitigates T1078.004 Cloud Accounts
AC-07 Unsuccessful Logon Attempts mitigates T1078.004 Cloud Accounts
AC-02 Account Management mitigates T1087 Account Discovery
AC-03 Access Enforcement mitigates T1090.003 Multi-hop Proxy
AC-04 Information Flow Enforcement mitigates T1090.003 Multi-hop Proxy
AC-02 Account Management mitigates T1098 Account Manipulation
AC-03 Access Enforcement mitigates T1098 Account Manipulation
AC-04 Information Flow Enforcement mitigates T1098 Account Manipulation
AC-05 Separation of Duties mitigates T1098 Account Manipulation
AC-06 Least Privilege mitigates T1098 Account Manipulation
AC-02 Account Management mitigates T1098.001 Additional Cloud Credentials
AC-03 Access Enforcement mitigates T1098.001 Additional Cloud Credentials
AC-04 Information Flow Enforcement mitigates T1098.001 Additional Cloud Credentials
AC-05 Separation of Duties mitigates T1098.001 Additional Cloud Credentials
AC-06 Least Privilege mitigates T1098.001 Additional Cloud Credentials
AC-02 Account Management mitigates T1098.002 Additional Email Delegate Permissions
AC-03 Access Enforcement mitigates T1098.002 Additional Email Delegate Permissions
AC-05 Separation of Duties mitigates T1098.002 Additional Email Delegate Permissions
AC-06 Least Privilege mitigates T1098.002 Additional Email Delegate Permissions
AC-02 Account Management mitigates T1098.003 Additional Cloud Roles
AC-05 Separation of Duties mitigates T1098.003 Additional Cloud Roles
AC-03 Access Enforcement mitigates T1098.003 Additional Cloud Roles
AC-06 Least Privilege mitigates T1098.003 Additional Cloud Roles
AC-02 Account Management mitigates T1098.005 Device Registration
AC-03 Access Enforcement mitigates T1098.005 Device Registration
AC-05 Separation of Duties mitigates T1098.005 Device Registration
AC-06 Least Privilege mitigates T1098.005 Device Registration
AC-02 Account Management mitigates T1098.007 Additional Local or Domain Groups
AC-03 Access Enforcement mitigates T1098.007 Additional Local or Domain Groups
AC-04 Information Flow Enforcement mitigates T1098.007 Additional Local or Domain Groups
AC-05 Separation of Duties mitigates T1098.007 Additional Local or Domain Groups
AC-06 Least Privilege mitigates T1098.007 Additional Local or Domain Groups
AC-04 Information Flow Enforcement mitigates T1102 Web Service
AC-04 Information Flow Enforcement mitigates T1105 Ingress Tool Transfer
AC-02 Account Management mitigates T1110 Brute Force
AC-03 Access Enforcement mitigates T1110 Brute Force
AC-05 Separation of Duties mitigates T1110 Brute Force
AC-07 Unsuccessful Logon Attempts mitigates T1110 Brute Force
AC-03 Access Enforcement mitigates T1114 Email Collection
AC-04 Information Flow Enforcement mitigates T1114 Email Collection
AC-03 Access Enforcement mitigates T1114.002 Remote Email Collection
AC-04 Information Flow Enforcement mitigates T1114.002 Remote Email Collection
AC-04 Information Flow Enforcement mitigates T1114.003 Email Forwarding Rule
AC-02 Account Management mitigates T1134.001 Token Impersonation/Theft
AC-03 Access Enforcement mitigates T1134.001 Token Impersonation/Theft
AC-05 Separation of Duties mitigates T1134.001 Token Impersonation/Theft
AC-06 Least Privilege mitigates T1134.001 Token Impersonation/Theft
AC-02 Account Management mitigates T1134.003 Make and Impersonate Token
AC-03 Access Enforcement mitigates T1134.003 Make and Impersonate Token
AC-05 Separation of Duties mitigates T1134.003 Make and Impersonate Token
AC-06 Least Privilege mitigates T1134.003 Make and Impersonate Token
AC-02 Account Management mitigates T1136 Create Account
AC-03 Access Enforcement mitigates T1136 Create Account
AC-04 Information Flow Enforcement mitigates T1136 Create Account
AC-05 Separation of Duties mitigates T1136 Create Account
AC-06 Least Privilege mitigates T1136 Create Account
AC-02 Account Management mitigates T1136.002 Domain Account
AC-03 Access Enforcement mitigates T1136.002 Domain Account
AC-04 Information Flow Enforcement mitigates T1136.002 Domain Account
AC-05 Separation of Duties mitigates T1136.002 Domain Account
AC-06 Least Privilege mitigates T1136.002 Domain Account
AC-02 Account Management mitigates T1136.003 Cloud Account
AC-03 Access Enforcement mitigates T1136.003 Cloud Account
AC-04 Information Flow Enforcement mitigates T1136.003 Cloud Account
AC-05 Separation of Duties mitigates T1136.003 Cloud Account
AC-06 Least Privilege mitigates T1136.003 Cloud Account
AC-10 Concurrent Session Control mitigates T1137.002 Office Test
AC-06 Least Privilege mitigates T1137.002 Office Test
AC-06 Least Privilege mitigates T1176 Browser Extensions
AC-02 Account Management mitigates T1190 Exploit Public-Facing Application
AC-03 Access Enforcement mitigates T1190 Exploit Public-Facing Application
AC-04 Information Flow Enforcement mitigates T1190 Exploit Public-Facing Application
AC-05 Separation of Duties mitigates T1190 Exploit Public-Facing Application
AC-06 Least Privilege mitigates T1190 Exploit Public-Facing Application
AC-02 Account Management mitigates T1195 Supply Chain Compromise
AC-03 Access Enforcement mitigates T1195 Supply Chain Compromise
AC-06 Least Privilege mitigates T1195 Supply Chain Compromise
AC-04 Information Flow Enforcement mitigates T1203 Exploitation for Client Execution
AC-06 Least Privilege mitigates T1203 Exploitation for Client Execution
AC-04 Information Flow Enforcement mitigates T1204 User Execution
AC-04 Information Flow Enforcement mitigates T1204.002 Malicious File
AC-02 Account Management mitigates T1213 Data from Information Repositories
AC-03 Access Enforcement mitigates T1213 Data from Information Repositories
AC-04 Information Flow Enforcement mitigates T1213 Data from Information Repositories
AC-05 Separation of Duties mitigates T1213 Data from Information Repositories
AC-06 Least Privilege mitigates T1213 Data from Information Repositories
AC-02 Account Management mitigates T1213.001 Confluence
AC-03 Access Enforcement mitigates T1213.001 Confluence
AC-04 Information Flow Enforcement mitigates T1213.001 Confluence
AC-05 Separation of Duties mitigates T1213.001 Confluence
AC-06 Least Privilege mitigates T1213.001 Confluence
AC-02 Account Management mitigates T1213.002 Sharepoint
AC-03 Access Enforcement mitigates T1213.002 Sharepoint
AC-04 Information Flow Enforcement mitigates T1213.002 Sharepoint
AC-05 Separation of Duties mitigates T1213.002 Sharepoint
AC-06 Least Privilege mitigates T1213.002 Sharepoint
AC-02 Account Management mitigates T1213.003 Code Repositories
AC-03 Access Enforcement mitigates T1213.003 Code Repositories
AC-05 Separation of Duties mitigates T1213.003 Code Repositories
AC-06 Least Privilege mitigates T1213.003 Code Repositories
AC-02 Account Management mitigates T1213.004 Customer Relationship Management Software
AC-03 Access Enforcement mitigates T1213.004 Customer Relationship Management Software
AC-04 Information Flow Enforcement mitigates T1213.004 Customer Relationship Management Software
AC-05 Separation of Duties mitigates T1213.004 Customer Relationship Management Software
AC-06 Least Privilege mitigates T1213.004 Customer Relationship Management Software
AC-02 Account Management mitigates T1213.005 Messaging Applications
AC-03 Access Enforcement mitigates T1213.005 Messaging Applications
AC-04 Information Flow Enforcement mitigates T1213.005 Messaging Applications
AC-06 Least Privilege mitigates T1213.005 Messaging Applications
AC-02 Account Management mitigates T1218 System Binary Proxy Execution
AC-06 Least Privilege mitigates T1218 System Binary Proxy Execution
AC-03 Access Enforcement mitigates T1218 System Binary Proxy Execution
AC-05 Separation of Duties mitigates T1218 System Binary Proxy Execution
AC-04 Information Flow Enforcement mitigates T1218 System Binary Proxy Execution
AC-02 Account Management mitigates T1218.015 Electron Applications
AC-06 Least Privilege mitigates T1218.015 Electron Applications
AC-03 Access Enforcement mitigates T1219 Remote Access Software
AC-04 Information Flow Enforcement mitigates T1219 Remote Access Software
AC-02 Account Management mitigates T1484 Domain or Tenant Policy Modification
AC-03 Access Enforcement mitigates T1484 Domain or Tenant Policy Modification
AC-04 Information Flow Enforcement mitigates T1484 Domain or Tenant Policy Modification
AC-05 Separation of Duties mitigates T1484 Domain or Tenant Policy Modification
AC-06 Least Privilege mitigates T1484 Domain or Tenant Policy Modification
AC-03 Access Enforcement mitigates T1485 Data Destruction
AC-06 Least Privilege mitigates T1485 Data Destruction
AC-02 Account Management mitigates T1485.001 Lifecycle-Triggered Deletion
AC-03 Access Enforcement mitigates T1485.001 Lifecycle-Triggered Deletion
AC-06 Least Privilege mitigates T1485.001 Lifecycle-Triggered Deletion
AC-02 Account Management mitigates T1489 Service Stop
AC-03 Access Enforcement mitigates T1489 Service Stop
AC-04 Information Flow Enforcement mitigates T1489 Service Stop
AC-05 Separation of Duties mitigates T1489 Service Stop
AC-06 Least Privilege mitigates T1489 Service Stop
AC-02 Account Management mitigates T1490 Inhibit System Recovery
AC-03 Access Enforcement mitigates T1490 Inhibit System Recovery
AC-06 Least Privilege mitigates T1490 Inhibit System Recovery
AC-02 Account Management mitigates T1505.003 Web Shell
AC-03 Access Enforcement mitigates T1505.003 Web Shell
AC-05 Separation of Duties mitigates T1505.003 Web Shell
AC-06 Least Privilege mitigates T1505.003 Web Shell
AC-10 Concurrent Session Control mitigates T1528 Steal Application Access Token
AC-02 Account Management mitigates T1528 Steal Application Access Token
AC-03 Access Enforcement mitigates T1528 Steal Application Access Token
AC-04 Information Flow Enforcement mitigates T1528 Steal Application Access Token
AC-05 Separation of Duties mitigates T1528 Steal Application Access Token
AC-06 Least Privilege mitigates T1528 Steal Application Access Token
AC-02 Account Management mitigates T1530 Data from Cloud Storage
AC-03 Access Enforcement mitigates T1530 Data from Cloud Storage
AC-04 Information Flow Enforcement mitigates T1530 Data from Cloud Storage
AC-05 Separation of Duties mitigates T1530 Data from Cloud Storage
AC-06 Least Privilege mitigates T1530 Data from Cloud Storage
AC-07 Unsuccessful Logon Attempts mitigates T1530 Data from Cloud Storage
AC-02 Account Management mitigates T1537 Transfer Data to Cloud Account
AC-03 Access Enforcement mitigates T1537 Transfer Data to Cloud Account
AC-04 Information Flow Enforcement mitigates T1537 Transfer Data to Cloud Account
AC-05 Separation of Duties mitigates T1537 Transfer Data to Cloud Account
AC-06 Least Privilege mitigates T1537 Transfer Data to Cloud Account
AC-03 Access Enforcement mitigates T1539 Steal Web Session Cookie
AC-06 Least Privilege mitigates T1539 Steal Web Session Cookie
AC-02 Account Management mitigates T1542 Pre-OS Boot
AC-03 Access Enforcement mitigates T1542 Pre-OS Boot
AC-05 Separation of Duties mitigates T1542 Pre-OS Boot
AC-06 Least Privilege mitigates T1542 Pre-OS Boot
AC-02 Account Management mitigates T1542.001 System Firmware
AC-03 Access Enforcement mitigates T1542.001 System Firmware
AC-05 Separation of Duties mitigates T1542.001 System Firmware
AC-06 Least Privilege mitigates T1542.001 System Firmware
AC-02 Account Management mitigates T1543 Create or Modify System Process
AC-03 Access Enforcement mitigates T1543 Create or Modify System Process
AC-05 Separation of Duties mitigates T1543 Create or Modify System Process
AC-06 Least Privilege mitigates T1543 Create or Modify System Process
AC-02 Account Management mitigates T1543.002 Systemd Service
AC-03 Access Enforcement mitigates T1543.002 Systemd Service
AC-05 Separation of Duties mitigates T1543.002 Systemd Service
AC-06 Least Privilege mitigates T1543.002 Systemd Service
AC-02 Account Management mitigates T1543.003 Windows Service
AC-03 Access Enforcement mitigates T1543.003 Windows Service
AC-05 Separation of Duties mitigates T1543.003 Windows Service
AC-06 Least Privilege mitigates T1543.003 Windows Service
AC-02 Account Management mitigates T1543.005 Container Service
AC-03 Access Enforcement mitigates T1543.005 Container Service
AC-05 Separation of Duties mitigates T1543.005 Container Service
AC-06 Least Privilege mitigates T1543.005 Container Service
AC-02 Account Management mitigates T1546 Event Triggered Execution
AC-03 Access Enforcement mitigates T1546 Event Triggered Execution
AC-06 Least Privilege mitigates T1546 Event Triggered Execution
AC-02 Account Management mitigates T1546.003 Windows Management Instrumentation Event Subscription
AC-03 Access Enforcement mitigates T1546.003 Windows Management Instrumentation Event Subscription
AC-05 Separation of Duties mitigates T1546.003 Windows Management Instrumentation Event Subscription
AC-06 Least Privilege mitigates T1546.003 Windows Management Instrumentation Event Subscription
AC-06 Least Privilege mitigates T1546.016 Installer Packages
AC-03 Access Enforcement mitigates T1547.003 Time Providers
AC-04 Information Flow Enforcement mitigates T1547.003 Time Providers
AC-06 Least Privilege mitigates T1547.003 Time Providers
AC-02 Account Management mitigates T1547.004 Winlogon Helper DLL
AC-03 Access Enforcement mitigates T1547.004 Winlogon Helper DLL
AC-05 Separation of Duties mitigates T1547.004 Winlogon Helper DLL
AC-06 Least Privilege mitigates T1547.004 Winlogon Helper DLL
AC-02 Account Management mitigates T1547.009 Shortcut Modification
AC-03 Access Enforcement mitigates T1547.009 Shortcut Modification
AC-05 Separation of Duties mitigates T1547.009 Shortcut Modification
AC-06 Least Privilege mitigates T1547.009 Shortcut Modification
AC-02 Account Management mitigates T1548 Abuse Elevation Control Mechanism
AC-03 Access Enforcement mitigates T1548 Abuse Elevation Control Mechanism
AC-05 Separation of Duties mitigates T1548 Abuse Elevation Control Mechanism
AC-06 Least Privilege mitigates T1548 Abuse Elevation Control Mechanism
AC-03 Access Enforcement mitigates T1548.005 Temporary Elevated Cloud Access
AC-02 Account Management mitigates T1548.005 Temporary Elevated Cloud Access
AC-06 Least Privilege mitigates T1548.005 Temporary Elevated Cloud Access
AC-02 Account Management mitigates T1548.006 TCC Manipulation
AC-03 Access Enforcement mitigates T1548.006 TCC Manipulation
AC-05 Separation of Duties mitigates T1548.006 TCC Manipulation
AC-06 Least Privilege mitigates T1548.006 TCC Manipulation
AC-02 Account Management mitigates T1550 Use Alternate Authentication Material
AC-03 Access Enforcement mitigates T1550 Use Alternate Authentication Material
AC-05 Separation of Duties mitigates T1550 Use Alternate Authentication Material
AC-06 Least Privilege mitigates T1550 Use Alternate Authentication Material
AC-02 Account Management mitigates T1552 Unsecured Credentials
AC-03 Access Enforcement mitigates T1552 Unsecured Credentials
AC-04 Information Flow Enforcement mitigates T1552 Unsecured Credentials
AC-05 Separation of Duties mitigates T1552 Unsecured Credentials
AC-06 Least Privilege mitigates T1552 Unsecured Credentials
AC-02 Account Management mitigates T1552.001 Credentials In Files
AC-04 Information Flow Enforcement mitigates T1552.001 Credentials In Files
AC-05 Separation of Duties mitigates T1552.001 Credentials In Files
AC-06 Least Privilege mitigates T1552.001 Credentials In Files
AC-02 Account Management mitigates T1552.004 Private Keys
AC-06 Least Privilege mitigates T1553 Subvert Trust Controls
AC-03 Access Enforcement mitigates T1553 Subvert Trust Controls
AC-02 Account Management mitigates T1553 Subvert Trust Controls
AC-06 Least Privilege mitigates T1555 Credentials from Password Stores
AC-03 Access Enforcement mitigates T1555 Credentials from Password Stores
AC-03 Access Enforcement mitigates T1555.002 Securityd Memory
AC-06 Least Privilege mitigates T1555.002 Securityd Memory
AC-03 Access Enforcement mitigates T1555.005 Password Managers
AC-02 Account Management mitigates T1555.005 Password Managers
AC-02 Account Management mitigates T1556 Modify Authentication Process
AC-03 Access Enforcement mitigates T1556 Modify Authentication Process
AC-05 Separation of Duties mitigates T1556 Modify Authentication Process
AC-06 Least Privilege mitigates T1556 Modify Authentication Process
AC-07 Unsuccessful Logon Attempts mitigates T1556 Modify Authentication Process
AC-02 Account Management mitigates T1556.001 Domain Controller Authentication
AC-03 Access Enforcement mitigates T1556.001 Domain Controller Authentication
AC-05 Separation of Duties mitigates T1556.001 Domain Controller Authentication
AC-06 Least Privilege mitigates T1556.001 Domain Controller Authentication
AC-07 Unsuccessful Logon Attempts mitigates T1556.001 Domain Controller Authentication
AC-02 Account Management mitigates T1556.006 Multi-Factor Authentication
AC-03 Access Enforcement mitigates T1556.006 Multi-Factor Authentication
AC-06 Least Privilege mitigates T1556.006 Multi-Factor Authentication
AC-02 Account Management mitigates T1556.007 Hybrid Identity
AC-03 Access Enforcement mitigates T1556.007 Hybrid Identity
AC-06 Least Privilege mitigates T1556.007 Hybrid Identity
AC-03 Access Enforcement mitigates T1556.009 Conditional Access Policies
AC-05 Separation of Duties mitigates T1556.009 Conditional Access Policies
AC-06 Least Privilege mitigates T1556.009 Conditional Access Policies
AC-03 Access Enforcement mitigates T1557 Adversary-in-the-Middle
AC-04 Information Flow Enforcement mitigates T1557 Adversary-in-the-Middle
AC-03 Access Enforcement mitigates T1557.004 Evil Twin
AC-04 Information Flow Enforcement mitigates T1557.004 Evil Twin
AC-02 Account Management mitigates T1558 Steal or Forge Kerberos Tickets
AC-03 Access Enforcement mitigates T1558 Steal or Forge Kerberos Tickets
AC-05 Separation of Duties mitigates T1558 Steal or Forge Kerberos Tickets
AC-06 Least Privilege mitigates T1558 Steal or Forge Kerberos Tickets
AC-02 Account Management mitigates T1558.005 Ccache Files
AC-03 Access Enforcement mitigates T1558.005 Ccache Files
AC-06 Least Privilege mitigates T1558.005 Ccache Files
AC-02 Account Management mitigates T1562 Impair Defenses
AC-03 Access Enforcement mitigates T1562 Impair Defenses
AC-05 Separation of Duties mitigates T1562 Impair Defenses
AC-06 Least Privilege mitigates T1562 Impair Defenses
AC-02 Account Management mitigates T1562.004 Disable or Modify System Firewall
AC-03 Access Enforcement mitigates T1562.004 Disable or Modify System Firewall
AC-05 Separation of Duties mitigates T1562.004 Disable or Modify System Firewall
AC-06 Least Privilege mitigates T1562.004 Disable or Modify System Firewall
AC-02 Account Management mitigates T1562.006 Indicator Blocking
AC-03 Access Enforcement mitigates T1562.006 Indicator Blocking
AC-05 Separation of Duties mitigates T1562.006 Indicator Blocking
AC-06 Least Privilege mitigates T1562.006 Indicator Blocking
AC-02 Account Management mitigates T1562.007 Disable or Modify Cloud Firewall
AC-03 Access Enforcement mitigates T1562.007 Disable or Modify Cloud Firewall
AC-05 Separation of Duties mitigates T1562.007 Disable or Modify Cloud Firewall
AC-06 Least Privilege mitigates T1562.007 Disable or Modify Cloud Firewall
AC-12 Session Termination mitigates T1563 Remote Service Session Hijacking
AC-02 Account Management mitigates T1563 Remote Service Session Hijacking
AC-03 Access Enforcement mitigates T1563 Remote Service Session Hijacking
AC-04 Information Flow Enforcement mitigates T1563 Remote Service Session Hijacking
AC-05 Separation of Duties mitigates T1563 Remote Service Session Hijacking
AC-06 Least Privilege mitigates T1563 Remote Service Session Hijacking
AC-03 Access Enforcement mitigates T1564.004 NTFS File Attributes
AC-03 Access Enforcement mitigates T1565 Data Manipulation
AC-04 Information Flow Enforcement mitigates T1565 Data Manipulation
AC-04 Information Flow Enforcement mitigates T1566 Phishing
AC-04 Information Flow Enforcement mitigates T1566.001 Spearphishing Attachment
AC-04 Information Flow Enforcement mitigates T1566.002 Spearphishing Link
AC-04 Information Flow Enforcement mitigates T1566.003 Spearphishing via Service
AC-02 Account Management mitigates T1566.003 Spearphishing via Service
AC-06 Least Privilege mitigates T1566.003 Spearphishing via Service
AC-03 Access Enforcement mitigates T1572 Protocol Tunneling
AC-04 Information Flow Enforcement mitigates T1572 Protocol Tunneling
AC-04 Information Flow Enforcement mitigates T1573 Encrypted Channel
AC-03 Access Enforcement mitigates T1574.014 AppDomainManager
AC-06 Least Privilege mitigates T1574.014 AppDomainManager
AC-06 Least Privilege mitigates T1578.005 Modify Cloud Compute Configurations
AC-03 Access Enforcement mitigates T1578.005 Modify Cloud Compute Configurations
AC-02 Account Management mitigates T1578.005 Modify Cloud Compute Configurations
AC-04 Information Flow Enforcement mitigates T1590.002 DNS
AC-04 Information Flow Enforcement mitigates T1598.003 Spearphishing Link
AC-02 Account Management mitigates T1606.002 SAML Tokens
AC-03 Access Enforcement mitigates T1606.002 SAML Tokens
AC-06 Least Privilege mitigates T1606.002 SAML Tokens
AC-02 Account Management mitigates T1610 Deploy Container
AC-03 Access Enforcement mitigates T1610 Deploy Container
AC-06 Least Privilege mitigates T1610 Deploy Container
AC-02 Account Management mitigates T1611 Escape to Host
AC-03 Access Enforcement mitigates T1611 Escape to Host
AC-04 Information Flow Enforcement mitigates T1611 Escape to Host
AC-05 Separation of Duties mitigates T1611 Escape to Host
AC-06 Least Privilege mitigates T1611 Escape to Host
AC-02 Account Management mitigates T1621 Multi-Factor Authentication Request Generation
AC-06 Least Privilege mitigates T1621 Multi-Factor Authentication Request Generation
AC-02 Account Management mitigates T1648 Serverless Execution
AC-03 Access Enforcement mitigates T1648 Serverless Execution
AC-06 Least Privilege mitigates T1648 Serverless Execution
AC-06 Least Privilege mitigates T1651 Cloud Administration Command
AC-03 Access Enforcement mitigates T1651 Cloud Administration Command
AC-02 Account Management mitigates T1651 Cloud Administration Command
AC-02 Account Management mitigates T1654 Log Enumeration
AC-04 Information Flow Enforcement mitigates T1654 Log Enumeration
AC-03 Access Enforcement mitigates T1654 Log Enumeration
AC-06 Least Privilege mitigates T1654 Log Enumeration
AC-06 Least Privilege mitigates T1657 Financial Theft
AC-05 Separation of Duties mitigates T1657 Financial Theft
SC-07 Boundary Protection mitigates T1001.001 Junk Data
SC-07 Boundary Protection mitigates T1001.003 Protocol or Service Impersonation
SC-07 Boundary Protection mitigates T1020.001 Traffic Duplication
SC-07 Boundary Protection mitigates T1071 Application Layer Protocol
SC-07 Boundary Protection mitigates T1071.002 File Transfer Protocols
SC-07 Boundary Protection mitigates T1071.003 Mail Protocols
SC-07 Boundary Protection mitigates T1071.005 Publish/Subscribe Protocols
SC-07 Boundary Protection mitigates T1072 Software Deployment Tools
SC-07 Boundary Protection mitigates T1078 Valid Accounts
SC-07 Boundary Protection mitigates T1090.003 Multi-hop Proxy
SC-07 Boundary Protection mitigates T1098 Account Manipulation
SC-07 Boundary Protection mitigates T1098.001 Additional Cloud Credentials
SC-07 Boundary Protection mitigates T1102 Web Service
SC-07 Boundary Protection mitigates T1105 Ingress Tool Transfer
SC-07 Boundary Protection mitigates T1114 Email Collection
SC-07 Boundary Protection mitigates T1114.003 Email Forwarding Rule
SC-07 Boundary Protection mitigates T1136 Create Account
SC-07 Boundary Protection mitigates T1136.002 Domain Account
SC-07 Boundary Protection mitigates T1136.003 Cloud Account
SC-07 Boundary Protection mitigates T1176 Browser Extensions
SC-07 Boundary Protection mitigates T1190 Exploit Public-Facing Application
SC-07 Boundary Protection mitigates T1203 Exploitation for Client Execution
SC-07 Boundary Protection mitigates T1204 User Execution
SC-07 Boundary Protection mitigates T1204.002 Malicious File
SC-07 Boundary Protection mitigates T1218 System Binary Proxy Execution
SC-07 Boundary Protection mitigates T1218.015 Electron Applications
SC-07 Boundary Protection mitigates T1219 Remote Access Software
SC-07 Boundary Protection mitigates T1489 Service Stop
SC-07 Boundary Protection mitigates T1530 Data from Cloud Storage
SC-07 Boundary Protection mitigates T1537 Transfer Data to Cloud Account
SC-07 Boundary Protection mitigates T1542 Pre-OS Boot
SC-07 Boundary Protection mitigates T1552 Unsecured Credentials
SC-07 Boundary Protection mitigates T1552.001 Credentials In Files
SC-07 Boundary Protection mitigates T1552.004 Private Keys
SC-07 Boundary Protection mitigates T1557 Adversary-in-the-Middle
SC-07 Boundary Protection mitigates T1557.004 Evil Twin
SC-07 Boundary Protection mitigates T1560 Archive Collected Data
SC-07 Boundary Protection mitigates T1563 Remote Service Session Hijacking
SC-07 Boundary Protection mitigates T1565 Data Manipulation
SC-07 Boundary Protection mitigates T1566 Phishing
SC-07 Boundary Protection mitigates T1566.001 Spearphishing Attachment
SC-07 Boundary Protection mitigates T1566.002 Spearphishing Link
SC-07 Boundary Protection mitigates T1566.003 Spearphishing via Service
SC-07 Boundary Protection mitigates T1572 Protocol Tunneling
SC-07 Boundary Protection mitigates T1573 Encrypted Channel
SC-07 Boundary Protection mitigates T1598.003 Spearphishing Link
SC-07 Boundary Protection mitigates T1610 Deploy Container
SC-07 Boundary Protection mitigates T1611 Escape to Host
SC-07 Boundary Protection mitigates T1648 Serverless Execution
CM-03 Configuration Change Control mitigates T1059.006 Python
CM-03 Configuration Change Control mitigates T1176 Browser Extensions
CM-03 Configuration Change Control mitigates T1195 Supply Chain Compromise
CM-03 Configuration Change Control mitigates T1213 Data from Information Repositories
CM-03 Configuration Change Control mitigates T1213.001 Confluence
CM-03 Configuration Change Control mitigates T1213.002 Sharepoint
CM-03 Configuration Change Control mitigates T1213.005 Messaging Applications
CM-03 Configuration Change Control mitigates T1542 Pre-OS Boot
CM-03 Configuration Change Control mitigates T1542.001 System Firmware
CM-03 Configuration Change Control mitigates T1543 Create or Modify System Process
CM-03 Configuration Change Control mitigates T1543.002 Systemd Service
CM-03 Configuration Change Control mitigates T1546 Event Triggered Execution
CM-03 Configuration Change Control mitigates T1548 Abuse Elevation Control Mechanism
CM-03 Configuration Change Control mitigates T1553 Subvert Trust Controls
CM-03 Configuration Change Control mitigates T1555 Credentials from Password Stores
CM-03 Configuration Change Control mitigates T1578.005 Modify Cloud Compute Configurations
CA-07 Continuous Monitoring mitigates T1001.002 Steganography
CA-07 Continuous Monitoring mitigates T1003.002 Security Account Manager
CA-07 Continuous Monitoring mitigates T1003.003 NTDS
CA-07 Continuous Monitoring mitigates T1003.004 LSA Secrets
CA-07 Continuous Monitoring mitigates T1003.006 DCSync
CA-07 Continuous Monitoring mitigates T1003.008 /etc/passwd and /etc/shadow
CA-07 Continuous Monitoring mitigates T1008 Fallback Channels
CA-07 Continuous Monitoring mitigates T1021.002 SMB/Windows Admin Shares
CA-07 Continuous Monitoring mitigates T1021.005 VNC
CA-07 Continuous Monitoring mitigates T1029 Scheduled Transfer
CA-07 Continuous Monitoring mitigates T1030 Data Transfer Size Limits
CA-07 Continuous Monitoring mitigates T1036.003 Rename System Utilities
CA-07 Continuous Monitoring mitigates T1036.005 Match Legitimate Name or Location
CA-07 Continuous Monitoring mitigates T1036.007 Double File Extension
CA-07 Continuous Monitoring mitigates T1037.002 Login Hook
CA-07 Continuous Monitoring mitigates T1037.003 Network Logon Script
CA-07 Continuous Monitoring mitigates T1037.004 RC Scripts
CA-07 Continuous Monitoring mitigates T1037.005 Startup Items
CA-07 Continuous Monitoring mitigates T1041 Exfiltration Over C2 Channel
CA-07 Continuous Monitoring mitigates T1046 Network Service Discovery
CA-07 Continuous Monitoring mitigates T1048 Exfiltration Over Alternative Protocol
CA-07 Continuous Monitoring mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-07 Continuous Monitoring mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-07 Continuous Monitoring mitigates T1052 Exfiltration Over Physical Medium
CA-07 Continuous Monitoring mitigates T1052.001 Exfiltration over USB
CA-07 Continuous Monitoring mitigates T1053.006 Systemd Timers
CA-07 Continuous Monitoring mitigates T1055.009 Proc Memory
CA-07 Continuous Monitoring mitigates T1059.005 Visual Basic
CA-07 Continuous Monitoring mitigates T1059.007 JavaScript
CA-07 Continuous Monitoring mitigates T1068 Exploitation for Privilege Escalation
CA-07 Continuous Monitoring mitigates T1070 Indicator Removal
CA-07 Continuous Monitoring mitigates T1070.002 Clear Linux or Mac System Logs
CA-07 Continuous Monitoring mitigates T1070.007 Clear Network Connection History and Configurations
CA-07 Continuous Monitoring mitigates T1070.008 Clear Mailbox Data
CA-07 Continuous Monitoring mitigates T1070.009 Clear Persistence
CA-07 Continuous Monitoring mitigates T1071.001 Web Protocols
CA-07 Continuous Monitoring mitigates T1071.004 DNS
CA-07 Continuous Monitoring mitigates T1080 Taint Shared Content
CA-07 Continuous Monitoring mitigates T1090 Proxy
CA-07 Continuous Monitoring mitigates T1090.001 Internal Proxy
CA-07 Continuous Monitoring mitigates T1090.002 External Proxy
CA-07 Continuous Monitoring mitigates T1095 Non-Application Layer Protocol
CA-07 Continuous Monitoring mitigates T1102.001 Dead Drop Resolver
CA-07 Continuous Monitoring mitigates T1102.002 Bidirectional Communication
CA-07 Continuous Monitoring mitigates T1102.003 One-Way Communication
CA-07 Continuous Monitoring mitigates T1104 Multi-Stage Channels
CA-07 Continuous Monitoring mitigates T1110.001 Password Guessing
CA-07 Continuous Monitoring mitigates T1110.002 Password Cracking
CA-07 Continuous Monitoring mitigates T1110.003 Password Spraying
CA-07 Continuous Monitoring mitigates T1110.004 Credential Stuffing
CA-07 Continuous Monitoring mitigates T1111 Multi-Factor Authentication Interception
CA-07 Continuous Monitoring mitigates T1132 Data Encoding
CA-07 Continuous Monitoring mitigates T1132.001 Standard Encoding
CA-07 Continuous Monitoring mitigates T1132.002 Non-Standard Encoding
CA-07 Continuous Monitoring mitigates T1185 Browser Session Hijacking
CA-07 Continuous Monitoring mitigates T1187 Forced Authentication
CA-07 Continuous Monitoring mitigates T1189 Drive-by Compromise
CA-07 Continuous Monitoring mitigates T1195.002 Compromise Software Supply Chain
CA-07 Continuous Monitoring mitigates T1197 BITS Jobs
CA-07 Continuous Monitoring mitigates T1201 Password Policy Discovery
CA-07 Continuous Monitoring mitigates T1204.001 Malicious Link
CA-07 Continuous Monitoring mitigates T1204.003 Malicious Image
CA-07 Continuous Monitoring mitigates T1205 Traffic Signaling
CA-07 Continuous Monitoring mitigates T1205.001 Port Knocking
CA-07 Continuous Monitoring mitigates T1210 Exploitation of Remote Services
CA-07 Continuous Monitoring mitigates T1211 Exploitation for Defense Evasion
CA-07 Continuous Monitoring mitigates T1212 Exploitation for Credential Access
CA-07 Continuous Monitoring mitigates T1218.002 Control Panel
CA-07 Continuous Monitoring mitigates T1218.010 Regsvr32
CA-07 Continuous Monitoring mitigates T1218.012 Verclsid
CA-07 Continuous Monitoring mitigates T1221 Template Injection
CA-07 Continuous Monitoring mitigates T1222 File and Directory Permissions Modification
CA-07 Continuous Monitoring mitigates T1222.001 Windows File and Directory Permissions Modification
CA-07 Continuous Monitoring mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
CA-07 Continuous Monitoring mitigates T1498 Network Denial of Service
CA-07 Continuous Monitoring mitigates T1498.001 Direct Network Flood
CA-07 Continuous Monitoring mitigates T1498.002 Reflection Amplification
CA-07 Continuous Monitoring mitigates T1499 Endpoint Denial of Service
CA-07 Continuous Monitoring mitigates T1499.001 OS Exhaustion Flood
CA-07 Continuous Monitoring mitigates T1499.002 Service Exhaustion Flood
CA-07 Continuous Monitoring mitigates T1499.003 Application Exhaustion Flood
CA-07 Continuous Monitoring mitigates T1499.004 Application or System Exploitation
CA-07 Continuous Monitoring mitigates T1542.004 ROMMONkit
CA-07 Continuous Monitoring mitigates T1542.005 TFTP Boot
CA-07 Continuous Monitoring mitigates T1546.004 Unix Shell Configuration Modification
CA-07 Continuous Monitoring mitigates T1546.013 PowerShell Profile
CA-07 Continuous Monitoring mitigates T1547.013 XDG Autostart Entries
CA-07 Continuous Monitoring mitigates T1548.003 Sudo and Sudo Caching
CA-07 Continuous Monitoring mitigates T1550.003 Pass the Ticket
CA-07 Continuous Monitoring mitigates T1552.002 Credentials in Registry
CA-07 Continuous Monitoring mitigates T1552.005 Cloud Instance Metadata API
CA-07 Continuous Monitoring mitigates T1553.003 SIP and Trust Provider Hijacking
CA-07 Continuous Monitoring mitigates T1555.001 Keychain
CA-07 Continuous Monitoring mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CA-07 Continuous Monitoring mitigates T1557.002 ARP Cache Poisoning
CA-07 Continuous Monitoring mitigates T1557.003 DHCP Spoofing
CA-07 Continuous Monitoring mitigates T1558.002 Silver Ticket
CA-07 Continuous Monitoring mitigates T1558.003 Kerberoasting
CA-07 Continuous Monitoring mitigates T1558.004 AS-REP Roasting
CA-07 Continuous Monitoring mitigates T1562.001 Disable or Modify Tools
CA-07 Continuous Monitoring mitigates T1562.002 Disable Windows Event Logging
CA-07 Continuous Monitoring mitigates T1563.001 SSH Hijacking
CA-07 Continuous Monitoring mitigates T1564.010 Process Argument Spoofing
CA-07 Continuous Monitoring mitigates T1565.001 Stored Data Manipulation
CA-07 Continuous Monitoring mitigates T1565.003 Runtime Data Manipulation
CA-07 Continuous Monitoring mitigates T1567 Exfiltration Over Web Service
CA-07 Continuous Monitoring mitigates T1568 Dynamic Resolution
CA-07 Continuous Monitoring mitigates T1568.002 Domain Generation Algorithms
CA-07 Continuous Monitoring mitigates T1569 System Services
CA-07 Continuous Monitoring mitigates T1569.002 Service Execution
CA-07 Continuous Monitoring mitigates T1570 Lateral Tool Transfer
CA-07 Continuous Monitoring mitigates T1571 Non-Standard Port
CA-07 Continuous Monitoring mitigates T1573.001 Symmetric Cryptography
CA-07 Continuous Monitoring mitigates T1573.002 Asymmetric Cryptography
CA-07 Continuous Monitoring mitigates T1574 Hijack Execution Flow
CA-07 Continuous Monitoring mitigates T1574.004 Dylib Hijacking
CA-07 Continuous Monitoring mitigates T1574.007 Path Interception by PATH Environment Variable
CA-07 Continuous Monitoring mitigates T1574.008 Path Interception by Search Order Hijacking
CA-07 Continuous Monitoring mitigates T1574.009 Path Interception by Unquoted Path
CA-07 Continuous Monitoring mitigates T1574.013 KernelCallbackTable
CA-07 Continuous Monitoring mitigates T1598 Phishing for Information
CA-07 Continuous Monitoring mitigates T1598.001 Spearphishing Service
CA-07 Continuous Monitoring mitigates T1598.002 Spearphishing Attachment
CA-07 Continuous Monitoring mitigates T1599 Network Boundary Bridging
CA-07 Continuous Monitoring mitigates T1599.001 Network Address Translation Traversal
CA-07 Continuous Monitoring mitigates T1602 Data from Configuration Repository
CA-07 Continuous Monitoring mitigates T1602.001 SNMP (MIB Dump)
CA-07 Continuous Monitoring mitigates T1602.002 Network Device Configuration Dump
CA-07 Continuous Monitoring mitigates T1622 Debugger Evasion
CA-07 Continuous Monitoring mitigates T1647 Plist File Modification
CM-06 Configuration Settings mitigates T1001.002 Steganography
CM-06 Configuration Settings mitigates T1003.002 Security Account Manager
CM-06 Configuration Settings mitigates T1003.003 NTDS
CM-06 Configuration Settings mitigates T1003.004 LSA Secrets
CM-06 Configuration Settings mitigates T1003.006 DCSync
CM-06 Configuration Settings mitigates T1003.008 /etc/passwd and /etc/shadow
CM-06 Configuration Settings mitigates T1008 Fallback Channels
CM-06 Configuration Settings mitigates T1011 Exfiltration Over Other Network Medium
CM-06 Configuration Settings mitigates T1011.001 Exfiltration Over Bluetooth
CM-06 Configuration Settings mitigates T1021.001 Remote Desktop Protocol
CM-06 Configuration Settings mitigates T1021.002 SMB/Windows Admin Shares
CM-06 Configuration Settings mitigates T1021.003 Distributed Component Object Model
CM-06 Configuration Settings mitigates T1021.004 SSH
CM-06 Configuration Settings mitigates T1021.005 VNC
CM-06 Configuration Settings mitigates T1021.006 Windows Remote Management
CM-06 Configuration Settings mitigates T1021.008 Direct Cloud VM Connections
CM-06 Configuration Settings mitigates T1027.010 Command Obfuscation
CM-06 Configuration Settings mitigates T1029 Scheduled Transfer
CM-06 Configuration Settings mitigates T1030 Data Transfer Size Limits
CM-06 Configuration Settings mitigates T1036.001 Invalid Code Signature
CM-06 Configuration Settings mitigates T1036.003 Rename System Utilities
CM-06 Configuration Settings mitigates T1036.005 Match Legitimate Name or Location
CM-06 Configuration Settings mitigates T1036.007 Double File Extension
CM-06 Configuration Settings mitigates T1037.002 Login Hook
CM-06 Configuration Settings mitigates T1037.003 Network Logon Script
CM-06 Configuration Settings mitigates T1037.004 RC Scripts
CM-06 Configuration Settings mitigates T1037.005 Startup Items
CM-06 Configuration Settings mitigates T1046 Network Service Discovery
CM-06 Configuration Settings mitigates T1048 Exfiltration Over Alternative Protocol
CM-06 Configuration Settings mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-06 Configuration Settings mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-06 Configuration Settings mitigates T1052 Exfiltration Over Physical Medium
CM-06 Configuration Settings mitigates T1052.001 Exfiltration over USB
CM-06 Configuration Settings mitigates T1053.006 Systemd Timers
CM-06 Configuration Settings mitigates T1055 Process Injection
CM-06 Configuration Settings mitigates T1055.008 Ptrace System Calls
CM-06 Configuration Settings mitigates T1056.003 Web Portal Capture
CM-06 Configuration Settings mitigates T1059.001 PowerShell
CM-06 Configuration Settings mitigates T1059.002 AppleScript
CM-06 Configuration Settings mitigates T1059.003 Windows Command Shell
CM-06 Configuration Settings mitigates T1059.004 Unix Shell
CM-06 Configuration Settings mitigates T1059.005 Visual Basic
CM-06 Configuration Settings mitigates T1059.007 JavaScript
CM-06 Configuration Settings mitigates T1059.008 Network Device CLI
CM-06 Configuration Settings mitigates T1068 Exploitation for Privilege Escalation
CM-06 Configuration Settings mitigates T1070 Indicator Removal
CM-06 Configuration Settings mitigates T1070.002 Clear Linux or Mac System Logs
CM-06 Configuration Settings mitigates T1070.007 Clear Network Connection History and Configurations
CM-06 Configuration Settings mitigates T1070.008 Clear Mailbox Data
CM-06 Configuration Settings mitigates T1070.009 Clear Persistence
CM-06 Configuration Settings mitigates T1071.001 Web Protocols
CM-06 Configuration Settings mitigates T1071.004 DNS
CM-06 Configuration Settings mitigates T1078.002 Domain Accounts
CM-06 Configuration Settings mitigates T1090 Proxy
CM-06 Configuration Settings mitigates T1090.001 Internal Proxy
CM-06 Configuration Settings mitigates T1090.002 External Proxy
CM-06 Configuration Settings mitigates T1091 Replication Through Removable Media
CM-06 Configuration Settings mitigates T1095 Non-Application Layer Protocol
CM-06 Configuration Settings mitigates T1098.004 SSH Authorized Keys
CM-06 Configuration Settings mitigates T1102.001 Dead Drop Resolver
CM-06 Configuration Settings mitigates T1102.002 Bidirectional Communication
CM-06 Configuration Settings mitigates T1102.003 One-Way Communication
CM-06 Configuration Settings mitigates T1104 Multi-Stage Channels
CM-06 Configuration Settings mitigates T1106 Native API
CM-06 Configuration Settings mitigates T1110.001 Password Guessing
CM-06 Configuration Settings mitigates T1110.002 Password Cracking
CM-06 Configuration Settings mitigates T1110.003 Password Spraying
CM-06 Configuration Settings mitigates T1110.004 Credential Stuffing
CM-06 Configuration Settings mitigates T1111 Multi-Factor Authentication Interception
CM-06 Configuration Settings mitigates T1127 Trusted Developer Utilities Proxy Execution
CM-06 Configuration Settings mitigates T1127.001 MSBuild
CM-06 Configuration Settings mitigates T1132 Data Encoding
CM-06 Configuration Settings mitigates T1132.001 Standard Encoding
CM-06 Configuration Settings mitigates T1132.002 Non-Standard Encoding
CM-06 Configuration Settings mitigates T1133 External Remote Services
CM-06 Configuration Settings mitigates T1134 Access Token Manipulation
CM-06 Configuration Settings mitigates T1134.002 Create Process with Token
CM-06 Configuration Settings mitigates T1134.005 SID-History Injection
CM-06 Configuration Settings mitigates T1135 Network Share Discovery
CM-06 Configuration Settings mitigates T1136.001 Local Account
CM-06 Configuration Settings mitigates T1137 Office Application Startup
CM-06 Configuration Settings mitigates T1137.001 Office Template Macros
CM-06 Configuration Settings mitigates T1137.003 Outlook Forms
CM-06 Configuration Settings mitigates T1137.004 Outlook Home Page
CM-06 Configuration Settings mitigates T1137.005 Outlook Rules
CM-06 Configuration Settings mitigates T1137.006 Add-ins
CM-06 Configuration Settings mitigates T1187 Forced Authentication
CM-06 Configuration Settings mitigates T1189 Drive-by Compromise
CM-06 Configuration Settings mitigates T1197 BITS Jobs
CM-06 Configuration Settings mitigates T1199 Trusted Relationship
CM-06 Configuration Settings mitigates T1201 Password Policy Discovery
CM-06 Configuration Settings mitigates T1204.001 Malicious Link
CM-06 Configuration Settings mitigates T1204.003 Malicious Image
CM-06 Configuration Settings mitigates T1205 Traffic Signaling
CM-06 Configuration Settings mitigates T1205.001 Port Knocking
CM-06 Configuration Settings mitigates T1210 Exploitation of Remote Services
CM-06 Configuration Settings mitigates T1211 Exploitation for Defense Evasion
CM-06 Configuration Settings mitigates T1212 Exploitation for Credential Access
CM-06 Configuration Settings mitigates T1216 System Script Proxy Execution
CM-06 Configuration Settings mitigates T1216.001 PubPrn
CM-06 Configuration Settings mitigates T1218.001 Compiled HTML File
CM-06 Configuration Settings mitigates T1218.002 Control Panel
CM-06 Configuration Settings mitigates T1218.003 CMSTP
CM-06 Configuration Settings mitigates T1218.004 InstallUtil
CM-06 Configuration Settings mitigates T1218.005 Mshta
CM-06 Configuration Settings mitigates T1218.007 Msiexec
CM-06 Configuration Settings mitigates T1218.008 Odbcconf
CM-06 Configuration Settings mitigates T1218.009 Regsvcs/Regasm
CM-06 Configuration Settings mitigates T1218.012 Verclsid
CM-06 Configuration Settings mitigates T1218.013 Mavinject
CM-06 Configuration Settings mitigates T1218.014 MMC
CM-06 Configuration Settings mitigates T1220 XSL Script Processing
CM-06 Configuration Settings mitigates T1221 Template Injection
CM-06 Configuration Settings mitigates T1222 File and Directory Permissions Modification
CM-06 Configuration Settings mitigates T1222.001 Windows File and Directory Permissions Modification
CM-06 Configuration Settings mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
CM-06 Configuration Settings mitigates T1482 Domain Trust Discovery
CM-06 Configuration Settings mitigates T1495 Firmware Corruption
CM-06 Configuration Settings mitigates T1498 Network Denial of Service
CM-06 Configuration Settings mitigates T1498.001 Direct Network Flood
CM-06 Configuration Settings mitigates T1498.002 Reflection Amplification
CM-06 Configuration Settings mitigates T1499 Endpoint Denial of Service
CM-06 Configuration Settings mitigates T1499.001 OS Exhaustion Flood
CM-06 Configuration Settings mitigates T1499.002 Service Exhaustion Flood
CM-06 Configuration Settings mitigates T1499.003 Application Exhaustion Flood
CM-06 Configuration Settings mitigates T1499.004 Application or System Exploitation
CM-06 Configuration Settings mitigates T1505 Server Software Component
CM-06 Configuration Settings mitigates T1505.001 SQL Stored Procedures
CM-06 Configuration Settings mitigates T1505.002 Transport Agent
CM-06 Configuration Settings mitigates T1505.004 IIS Components
CM-06 Configuration Settings mitigates T1505.005 Terminal Services DLL
CM-06 Configuration Settings mitigates T1525 Implant Internal Image
CM-06 Configuration Settings mitigates T1542.003 Bootkit
CM-06 Configuration Settings mitigates T1542.004 ROMMONkit
CM-06 Configuration Settings mitigates T1542.005 TFTP Boot
CM-06 Configuration Settings mitigates T1546.002 Screensaver
CM-06 Configuration Settings mitigates T1546.004 Unix Shell Configuration Modification
CM-06 Configuration Settings mitigates T1546.006 LC_LOAD_DYLIB Addition
CM-06 Configuration Settings mitigates T1546.008 Accessibility Features
CM-06 Configuration Settings mitigates T1546.013 PowerShell Profile
CM-06 Configuration Settings mitigates T1546.014 Emond
CM-06 Configuration Settings mitigates T1547.002 Authentication Package
CM-06 Configuration Settings mitigates T1547.005 Security Support Provider
CM-06 Configuration Settings mitigates T1547.006 Kernel Modules and Extensions
CM-06 Configuration Settings mitigates T1547.007 Re-opened Applications
CM-06 Configuration Settings mitigates T1547.008 LSASS Driver
CM-06 Configuration Settings mitigates T1547.013 XDG Autostart Entries
CM-06 Configuration Settings mitigates T1548.001 Setuid and Setgid
CM-06 Configuration Settings mitigates T1548.002 Bypass User Account Control
CM-06 Configuration Settings mitigates T1548.003 Sudo and Sudo Caching
CM-06 Configuration Settings mitigates T1548.004 Elevated Execution with Prompt
CM-06 Configuration Settings mitigates T1550.002 Pass the Hash
CM-06 Configuration Settings mitigates T1550.003 Pass the Ticket
CM-06 Configuration Settings mitigates T1552.002 Credentials in Registry
CM-06 Configuration Settings mitigates T1552.003 Bash History
CM-06 Configuration Settings mitigates T1552.005 Cloud Instance Metadata API
CM-06 Configuration Settings mitigates T1552.006 Group Policy Preferences
CM-06 Configuration Settings mitigates T1552.007 Container API
CM-06 Configuration Settings mitigates T1553.001 Gatekeeper Bypass
CM-06 Configuration Settings mitigates T1553.003 SIP and Trust Provider Hijacking
CM-06 Configuration Settings mitigates T1553.004 Install Root Certificate
CM-06 Configuration Settings mitigates T1553.005 Mark-of-the-Web Bypass
CM-06 Configuration Settings mitigates T1555.004 Windows Credential Manager
CM-06 Configuration Settings mitigates T1556.002 Password Filter DLL
CM-06 Configuration Settings mitigates T1556.003 Pluggable Authentication Modules
CM-06 Configuration Settings mitigates T1556.004 Network Device Authentication
CM-06 Configuration Settings mitigates T1556.008 Network Provider DLL
CM-06 Configuration Settings mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-06 Configuration Settings mitigates T1557.002 ARP Cache Poisoning
CM-06 Configuration Settings mitigates T1557.003 DHCP Spoofing
CM-06 Configuration Settings mitigates T1558.001 Golden Ticket
CM-06 Configuration Settings mitigates T1558.002 Silver Ticket
CM-06 Configuration Settings mitigates T1558.003 Kerberoasting
CM-06 Configuration Settings mitigates T1558.004 AS-REP Roasting
CM-06 Configuration Settings mitigates T1559 Inter-Process Communication
CM-06 Configuration Settings mitigates T1559.001 Component Object Model
CM-06 Configuration Settings mitigates T1559.002 Dynamic Data Exchange
CM-06 Configuration Settings mitigates T1559.003 XPC Services
CM-06 Configuration Settings mitigates T1562.001 Disable or Modify Tools
CM-06 Configuration Settings mitigates T1562.002 Disable Windows Event Logging
CM-06 Configuration Settings mitigates T1562.003 Impair Command History Logging
CM-06 Configuration Settings mitigates T1562.009 Safe Mode Boot
CM-06 Configuration Settings mitigates T1562.010 Downgrade Attack
CM-06 Configuration Settings mitigates T1562.011 Spoof Security Alerting
CM-06 Configuration Settings mitigates T1562.012 Disable or Modify Linux Audit System
CM-06 Configuration Settings mitigates T1563.001 SSH Hijacking
CM-06 Configuration Settings mitigates T1563.002 RDP Hijacking
CM-06 Configuration Settings mitigates T1564.002 Hidden Users
CM-06 Configuration Settings mitigates T1564.006 Run Virtual Instance
CM-06 Configuration Settings mitigates T1564.007 VBA Stomping
CM-06 Configuration Settings mitigates T1564.009 Resource Forking
CM-06 Configuration Settings mitigates T1565.001 Stored Data Manipulation
CM-06 Configuration Settings mitigates T1565.002 Transmitted Data Manipulation
CM-06 Configuration Settings mitigates T1565.003 Runtime Data Manipulation
CM-06 Configuration Settings mitigates T1569 System Services
CM-06 Configuration Settings mitigates T1569.002 Service Execution
CM-06 Configuration Settings mitigates T1570 Lateral Tool Transfer
CM-06 Configuration Settings mitigates T1571 Non-Standard Port
CM-06 Configuration Settings mitigates T1573.001 Symmetric Cryptography
CM-06 Configuration Settings mitigates T1573.002 Asymmetric Cryptography
CM-06 Configuration Settings mitigates T1574 Hijack Execution Flow
CM-06 Configuration Settings mitigates T1574.004 Dylib Hijacking
CM-06 Configuration Settings mitigates T1574.005 Executable Installer File Permissions Weakness
CM-06 Configuration Settings mitigates T1574.006 Dynamic Linker Hijacking
CM-06 Configuration Settings mitigates T1574.007 Path Interception by PATH Environment Variable
CM-06 Configuration Settings mitigates T1574.008 Path Interception by Search Order Hijacking
CM-06 Configuration Settings mitigates T1574.009 Path Interception by Unquoted Path
CM-06 Configuration Settings mitigates T1574.010 Services File Permissions Weakness
CM-06 Configuration Settings mitigates T1598 Phishing for Information
CM-06 Configuration Settings mitigates T1598.002 Spearphishing Attachment
CM-06 Configuration Settings mitigates T1599 Network Boundary Bridging
CM-06 Configuration Settings mitigates T1599.001 Network Address Translation Traversal
CM-06 Configuration Settings mitigates T1601 Modify System Image
CM-06 Configuration Settings mitigates T1601.001 Patch System Image
CM-06 Configuration Settings mitigates T1601.002 Downgrade System Image
CM-06 Configuration Settings mitigates T1602 Data from Configuration Repository
CM-06 Configuration Settings mitigates T1602.001 SNMP (MIB Dump)
CM-06 Configuration Settings mitigates T1602.002 Network Device Configuration Dump
CM-06 Configuration Settings mitigates T1609 Container Administration Command
CM-06 Configuration Settings mitigates T1612 Build Image on Host
CM-06 Configuration Settings mitigates T1613 Container and Resource Discovery
CM-06 Configuration Settings mitigates T1622 Debugger Evasion
CM-06 Configuration Settings mitigates T1647 Plist File Modification
CM-05 Access Restrictions for Change mitigates T1003.002 Security Account Manager
CM-05 Access Restrictions for Change mitigates T1003.003 NTDS
CM-05 Access Restrictions for Change mitigates T1003.004 LSA Secrets
CM-05 Access Restrictions for Change mitigates T1003.006 DCSync
CM-05 Access Restrictions for Change mitigates T1003.008 /etc/passwd and /etc/shadow
CM-05 Access Restrictions for Change mitigates T1021.001 Remote Desktop Protocol
CM-05 Access Restrictions for Change mitigates T1021.002 SMB/Windows Admin Shares
CM-05 Access Restrictions for Change mitigates T1021.003 Distributed Component Object Model
CM-05 Access Restrictions for Change mitigates T1021.004 SSH
CM-05 Access Restrictions for Change mitigates T1021.005 VNC
CM-05 Access Restrictions for Change mitigates T1021.006 Windows Remote Management
CM-05 Access Restrictions for Change mitigates T1021.008 Direct Cloud VM Connections
CM-05 Access Restrictions for Change mitigates T1053.003 Cron
CM-05 Access Restrictions for Change mitigates T1053.006 Systemd Timers
CM-05 Access Restrictions for Change mitigates T1053.007 Container Orchestration Job
CM-05 Access Restrictions for Change mitigates T1055 Process Injection
CM-05 Access Restrictions for Change mitigates T1055.008 Ptrace System Calls
CM-05 Access Restrictions for Change mitigates T1056.003 Web Portal Capture
CM-05 Access Restrictions for Change mitigates T1059.001 PowerShell
CM-05 Access Restrictions for Change mitigates T1059.008 Network Device CLI
CM-05 Access Restrictions for Change mitigates T1078.002 Domain Accounts
CM-05 Access Restrictions for Change mitigates T1098.004 SSH Authorized Keys
CM-05 Access Restrictions for Change mitigates T1134 Access Token Manipulation
CM-05 Access Restrictions for Change mitigates T1134.002 Create Process with Token
CM-05 Access Restrictions for Change mitigates T1136.001 Local Account
CM-05 Access Restrictions for Change mitigates T1185 Browser Session Hijacking
CM-05 Access Restrictions for Change mitigates T1195.003 Compromise Hardware Supply Chain
CM-05 Access Restrictions for Change mitigates T1197 BITS Jobs
CM-05 Access Restrictions for Change mitigates T1210 Exploitation of Remote Services
CM-05 Access Restrictions for Change mitigates T1218.007 Msiexec
CM-05 Access Restrictions for Change mitigates T1222 File and Directory Permissions Modification
CM-05 Access Restrictions for Change mitigates T1222.001 Windows File and Directory Permissions Modification
CM-05 Access Restrictions for Change mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
CM-05 Access Restrictions for Change mitigates T1495 Firmware Corruption
CM-05 Access Restrictions for Change mitigates T1505 Server Software Component
CM-05 Access Restrictions for Change mitigates T1505.002 Transport Agent
CM-05 Access Restrictions for Change mitigates T1525 Implant Internal Image
CM-05 Access Restrictions for Change mitigates T1542.003 Bootkit
CM-05 Access Restrictions for Change mitigates T1542.004 ROMMONkit
CM-05 Access Restrictions for Change mitigates T1542.005 TFTP Boot
CM-05 Access Restrictions for Change mitigates T1543.001 Launch Agent
CM-05 Access Restrictions for Change mitigates T1543.004 Launch Daemon
CM-05 Access Restrictions for Change mitigates T1547.006 Kernel Modules and Extensions
CM-05 Access Restrictions for Change mitigates T1547.007 Re-opened Applications
CM-05 Access Restrictions for Change mitigates T1547.012 Print Processors
CM-05 Access Restrictions for Change mitigates T1547.013 XDG Autostart Entries
CM-05 Access Restrictions for Change mitigates T1548.002 Bypass User Account Control
CM-05 Access Restrictions for Change mitigates T1548.003 Sudo and Sudo Caching
CM-05 Access Restrictions for Change mitigates T1550.002 Pass the Hash
CM-05 Access Restrictions for Change mitigates T1550.003 Pass the Ticket
CM-05 Access Restrictions for Change mitigates T1552.002 Credentials in Registry
CM-05 Access Restrictions for Change mitigates T1552.007 Container API
CM-05 Access Restrictions for Change mitigates T1553.006 Code Signing Policy Modification
CM-05 Access Restrictions for Change mitigates T1556.003 Pluggable Authentication Modules
CM-05 Access Restrictions for Change mitigates T1556.004 Network Device Authentication
CM-05 Access Restrictions for Change mitigates T1556.008 Network Provider DLL
CM-05 Access Restrictions for Change mitigates T1558.001 Golden Ticket
CM-05 Access Restrictions for Change mitigates T1558.002 Silver Ticket
CM-05 Access Restrictions for Change mitigates T1558.003 Kerberoasting
CM-05 Access Restrictions for Change mitigates T1559 Inter-Process Communication
CM-05 Access Restrictions for Change mitigates T1559.001 Component Object Model
CM-05 Access Restrictions for Change mitigates T1559.003 XPC Services
CM-05 Access Restrictions for Change mitigates T1562.001 Disable or Modify Tools
CM-05 Access Restrictions for Change mitigates T1562.002 Disable Windows Event Logging
CM-05 Access Restrictions for Change mitigates T1562.008 Disable or Modify Cloud Logs
CM-05 Access Restrictions for Change mitigates T1562.009 Safe Mode Boot
CM-05 Access Restrictions for Change mitigates T1562.011 Spoof Security Alerting
CM-05 Access Restrictions for Change mitigates T1562.012 Disable or Modify Linux Audit System
CM-05 Access Restrictions for Change mitigates T1563.001 SSH Hijacking
CM-05 Access Restrictions for Change mitigates T1563.002 RDP Hijacking
CM-05 Access Restrictions for Change mitigates T1564.008 Email Hiding Rules
CM-05 Access Restrictions for Change mitigates T1569 System Services
CM-05 Access Restrictions for Change mitigates T1569.001 Launchctl
CM-05 Access Restrictions for Change mitigates T1569.002 Service Execution
CM-05 Access Restrictions for Change mitigates T1574 Hijack Execution Flow
CM-05 Access Restrictions for Change mitigates T1574.005 Executable Installer File Permissions Weakness
CM-05 Access Restrictions for Change mitigates T1574.010 Services File Permissions Weakness
CM-05 Access Restrictions for Change mitigates T1574.011 Services Registry Permissions Weakness
CM-05 Access Restrictions for Change mitigates T1574.012 COR_PROFILER
CM-05 Access Restrictions for Change mitigates T1578 Modify Cloud Compute Infrastructure
CM-05 Access Restrictions for Change mitigates T1578.001 Create Snapshot
CM-05 Access Restrictions for Change mitigates T1578.002 Create Cloud Instance
CM-05 Access Restrictions for Change mitigates T1578.003 Delete Cloud Instance
CM-05 Access Restrictions for Change mitigates T1599 Network Boundary Bridging
CM-05 Access Restrictions for Change mitigates T1599.001 Network Address Translation Traversal
CM-05 Access Restrictions for Change mitigates T1601 Modify System Image
CM-05 Access Restrictions for Change mitigates T1601.001 Patch System Image
CM-05 Access Restrictions for Change mitigates T1601.002 Downgrade System Image
CM-05 Access Restrictions for Change mitigates T1619 Cloud Storage Object Discovery
CM-05 Access Restrictions for Change mitigates T1647 Plist File Modification
IA-05 Authenticator Management mitigates T1003.002 Security Account Manager
IA-05 Authenticator Management mitigates T1003.003 NTDS
IA-05 Authenticator Management mitigates T1003.004 LSA Secrets
IA-05 Authenticator Management mitigates T1003.006 DCSync
IA-05 Authenticator Management mitigates T1003.008 /etc/passwd and /etc/shadow
IA-05 Authenticator Management mitigates T1021.001 Remote Desktop Protocol
IA-05 Authenticator Management mitigates T1021.004 SSH
IA-05 Authenticator Management mitigates T1021.007 Cloud Services
IA-05 Authenticator Management mitigates T1021.008 Direct Cloud VM Connections
IA-05 Authenticator Management mitigates T1078.002 Domain Accounts
IA-05 Authenticator Management mitigates T1098.004 SSH Authorized Keys
IA-05 Authenticator Management mitigates T1098.006 Additional Container Cluster Roles
IA-05 Authenticator Management mitigates T1110.001 Password Guessing
IA-05 Authenticator Management mitigates T1110.002 Password Cracking
IA-05 Authenticator Management mitigates T1110.003 Password Spraying
IA-05 Authenticator Management mitigates T1110.004 Credential Stuffing
IA-05 Authenticator Management mitigates T1111 Multi-Factor Authentication Interception
IA-05 Authenticator Management mitigates T1133 External Remote Services
IA-05 Authenticator Management mitigates T1136.001 Local Account
IA-05 Authenticator Management mitigates T1212 Exploitation for Credential Access
IA-05 Authenticator Management mitigates T1550.003 Pass the Ticket
IA-05 Authenticator Management mitigates T1552.002 Credentials in Registry
IA-05 Authenticator Management mitigates T1552.006 Group Policy Preferences
IA-05 Authenticator Management mitigates T1555.001 Keychain
IA-05 Authenticator Management mitigates T1555.004 Windows Credential Manager
IA-05 Authenticator Management mitigates T1556.003 Pluggable Authentication Modules
IA-05 Authenticator Management mitigates T1556.004 Network Device Authentication
IA-05 Authenticator Management mitigates T1556.005 Reversible Encryption
IA-05 Authenticator Management mitigates T1558.001 Golden Ticket
IA-05 Authenticator Management mitigates T1558.002 Silver Ticket
IA-05 Authenticator Management mitigates T1558.003 Kerberoasting
IA-05 Authenticator Management mitigates T1558.004 AS-REP Roasting
IA-05 Authenticator Management mitigates T1563.001 SSH Hijacking
IA-05 Authenticator Management mitigates T1599 Network Boundary Bridging
IA-05 Authenticator Management mitigates T1599.001 Network Address Translation Traversal
IA-05 Authenticator Management mitigates T1601 Modify System Image
IA-05 Authenticator Management mitigates T1601.001 Patch System Image
IA-05 Authenticator Management mitigates T1601.002 Downgrade System Image
CM-12 Information Location mitigates T1005 Data from Local System
SA-08 Security and Privacy Engineering Principles mitigates T1005 Data from Local System
SC-13 Cryptographic Protection mitigates T1005 Data from Local System
SC-38 Operations Security mitigates T1005 Data from Local System
SC-43 Usage Restrictions mitigates T1011 Exfiltration Over Other Network Medium
CM-08 System Component Inventory mitigates T1011.001 Exfiltration Over Bluetooth
RA-05 Vulnerability Monitoring and Scanning mitigates T1011.001 Exfiltration Over Bluetooth
AC-17 Remote Access mitigates T1021.001 Remote Desktop Protocol
AC-17 Remote Access mitigates T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access mitigates T1021.003 Distributed Component Object Model
AC-17 Remote Access mitigates T1021.004 SSH
AC-17 Remote Access mitigates T1021.005 VNC
AC-17 Remote Access mitigates T1021.006 Windows Remote Management
AC-17 Remote Access mitigates T1021.008 Direct Cloud VM Connections
AC-17 Remote Access mitigates T1037.001 Logon Script (Windows)
AC-17 Remote Access mitigates T1059.001 PowerShell
AC-17 Remote Access mitigates T1059.002 AppleScript
AC-17 Remote Access mitigates T1059.003 Windows Command Shell
AC-17 Remote Access mitigates T1059.004 Unix Shell
AC-17 Remote Access mitigates T1059.005 Visual Basic
AC-17 Remote Access mitigates T1059.007 JavaScript
AC-17 Remote Access mitigates T1059.008 Network Device CLI
AC-17 Remote Access mitigates T1070 Indicator Removal
AC-17 Remote Access mitigates T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access mitigates T1070.008 Clear Mailbox Data
AC-17 Remote Access mitigates T1114.001 Local Email Collection
AC-17 Remote Access mitigates T1133 External Remote Services
AC-17 Remote Access mitigates T1137 Office Application Startup
AC-17 Remote Access mitigates T1505.004 IIS Components
AC-17 Remote Access mitigates T1505.005 Terminal Services DLL
AC-17 Remote Access mitigates T1547.012 Print Processors
AC-17 Remote Access mitigates T1547.013 XDG Autostart Entries
AC-17 Remote Access mitigates T1552.002 Credentials in Registry
AC-17 Remote Access mitigates T1552.005 Cloud Instance Metadata API
AC-17 Remote Access mitigates T1552.007 Container API
AC-17 Remote Access mitigates T1557.002 ARP Cache Poisoning
AC-17 Remote Access mitigates T1558.002 Silver Ticket
AC-17 Remote Access mitigates T1558.003 Kerberoasting
AC-17 Remote Access mitigates T1558.004 AS-REP Roasting
AC-17 Remote Access mitigates T1563.001 SSH Hijacking
AC-17 Remote Access mitigates T1563.002 RDP Hijacking
AC-17 Remote Access mitigates T1565.001 Stored Data Manipulation
AC-17 Remote Access mitigates T1565.002 Transmitted Data Manipulation
AC-17 Remote Access mitigates T1567.003 Exfiltration to Text Storage Sites
AC-17 Remote Access mitigates T1567.004 Exfiltration Over Webhook
AC-17 Remote Access mitigates T1602 Data from Configuration Repository
AC-17 Remote Access mitigates T1602.001 SNMP (MIB Dump)
AC-17 Remote Access mitigates T1602.002 Network Device Configuration Dump
AC-17 Remote Access mitigates T1609 Container Administration Command
AC-17 Remote Access mitigates T1612 Build Image on Host
AC-17 Remote Access mitigates T1613 Container and Resource Discovery
AC-17 Remote Access mitigates T1619 Cloud Storage Object Discovery
AC-17 Remote Access mitigates T1647 Plist File Modification
AC-17 Remote Access mitigates T1659 Content Injection
IA-06 Authentication Feedback mitigates T1021.001 Remote Desktop Protocol
SC-46 Cross Domain Policy Enforcement mitigates T1021.001 Remote Desktop Protocol
SI-10 Information Input Validation mitigates T1021.002 SMB/Windows Admin Shares
SI-15 Information Output Filtering mitigates T1021.002 SMB/Windows Admin Shares
SC-18 Mobile Code mitigates T1021.003 Distributed Component Object Model
CM-11 User-installed Software mitigates T1021.005 VNC
CM-03 Configuration Change Control mitigates T1021.005 VNC
CM-12 Information Location mitigates T1025 Data from Removable Media
MP-07 Media Use mitigates T1025 Data from Removable Media
SC-38 Operations Security mitigates T1025 Data from Removable Media
SC-41 Port and I/O Device Access mitigates T1025 Data from Removable Media
IA-09 Service Identification and Authentication mitigates T1036.001 Invalid Code Signature
IA-09 Service Identification and Authentication mitigates T1036.005 Match Legitimate Name or Location
IA-09 Service Identification and Authentication mitigates T1059.001 PowerShell
IA-09 Service Identification and Authentication mitigates T1059.002 AppleScript
IA-09 Service Identification and Authentication mitigates T1525 Implant Internal Image
IA-09 Service Identification and Authentication mitigates T1546.006 LC_LOAD_DYLIB Addition
IA-09 Service Identification and Authentication mitigates T1546.013 PowerShell Profile
IA-09 Service Identification and Authentication mitigates T1553.004 Install Root Certificate
IA-09 Service Identification and Authentication mitigates T1562.009 Safe Mode Boot
IA-09 Service Identification and Authentication mitigates T1598 Phishing for Information
IA-09 Service Identification and Authentication mitigates T1598.002 Spearphishing Attachment
SA-09 External System Services mitigates T1041 Exfiltration Over C2 Channel
SC-31 Covert Channel Analysis mitigates T1041 Exfiltration Over C2 Channel
SR-04 Provenance mitigates T1041 Exfiltration Over C2 Channel
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1053.007 Container Orchestration Job
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1059.001 PowerShell
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1059.008 Network Device CLI
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1087.004 Cloud Account
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1210 Exploitation of Remote Services
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1538 Cloud Service Dashboard
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1542.003 Bootkit
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1542.005 TFTP Boot
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1547.006 Kernel Modules and Extensions
SR-11 Component Authenticity mitigates T1059.002 AppleScript
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1059.002 AppleScript
RA-10 Threat Hunting mitigates T1068 Exploitation for Privilege Escalation
SC-02 Separation of System and User Functionality mitigates T1068 Exploitation for Privilege Escalation
SC-30 Concealment and Misdirection mitigates T1068 Exploitation for Privilege Escalation
SI-05 Security Alerts, Advisories, and Directives mitigates T1068 Exploitation for Privilege Escalation
CP-06 Alternate Storage Site mitigates T1070 Indicator Removal
CP-07 Alternate Processing Site mitigates T1070 Indicator Removal
CP-07 Alternate Processing Site mitigates T1070.002 Clear Linux or Mac System Logs
CP-07 Alternate Processing Site mitigates T1070.008 Clear Mailbox Data
CP-07 Alternate Processing Site mitigates T1486 Data Encrypted for Impact
CP-07 Alternate Processing Site mitigates T1491 Defacement
CP-07 Alternate Processing Site mitigates T1491.001 Internal Defacement
CP-07 Alternate Processing Site mitigates T1491.002 External Defacement
CP-07 Alternate Processing Site mitigates T1561 Disk Wipe
CP-07 Alternate Processing Site mitigates T1561.001 Disk Content Wipe
CP-07 Alternate Processing Site mitigates T1561.002 Disk Structure Wipe
CP-07 Alternate Processing Site mitigates T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage mitigates T1070 Indicator Removal
SI-23 Information Fragmentation mitigates T1070 Indicator Removal
SC-10 Network Disconnect mitigates T1071.001 Web Protocols
SC-10 Network Disconnect mitigates T1071.004 DNS
SA-10 Developer Configuration Management mitigates T1195.003 Compromise Hardware Supply Chain
SA-10 Developer Configuration Management mitigates T1495 Firmware Corruption
SA-10 Developer Configuration Management mitigates T1505 Server Software Component
SA-10 Developer Configuration Management mitigates T1505.001 SQL Stored Procedures
SA-10 Developer Configuration Management mitigates T1505.002 Transport Agent
SA-10 Developer Configuration Management mitigates T1505.004 IIS Components
SA-10 Developer Configuration Management mitigates T1542.003 Bootkit
SA-10 Developer Configuration Management mitigates T1542.004 ROMMONkit
SA-10 Developer Configuration Management mitigates T1542.005 TFTP Boot
SA-10 Developer Configuration Management mitigates T1553.006 Code Signing Policy Modification
SA-10 Developer Configuration Management mitigates T1559.003 XPC Services
SA-10 Developer Configuration Management mitigates T1564.009 Resource Forking
SA-10 Developer Configuration Management mitigates T1574.002 DLL Side-Loading
SA-10 Developer Configuration Management mitigates T1601 Modify System Image
SA-10 Developer Configuration Management mitigates T1601.001 Patch System Image
SA-10 Developer Configuration Management mitigates T1601.002 Downgrade System Image
SA-10 Developer Configuration Management mitigates T1647 Plist File Modification
IA-12 Identity Proofing mitigates T1078.002 Domain Accounts
IA-11 Re-authentication mitigates T1110.001 Password Guessing
IA-11 Re-authentication mitigates T1110.002 Password Cracking
IA-11 Re-authentication mitigates T1110.003 Password Spraying
IA-11 Re-authentication mitigates T1110.004 Credential Stuffing
SC-44 Detonation Chambers mitigates T1137 Office Application Startup
SI-08 Spam Protection mitigates T1137 Office Application Startup
SA-22 Unsupported System Components mitigates T1189 Drive-by Compromise
SC-29 Heterogeneity mitigates T1189 Drive-by Compromise
IA-07 Cryptographic Module Authentication mitigates T1195.003 Compromise Hardware Supply Chain
IA-07 Cryptographic Module Authentication mitigates T1495 Firmware Corruption
IA-07 Cryptographic Module Authentication mitigates T1542.003 Bootkit
IA-07 Cryptographic Module Authentication mitigates T1542.004 ROMMONkit
IA-07 Cryptographic Module Authentication mitigates T1542.005 TFTP Boot
IA-07 Cryptographic Module Authentication mitigates T1553.006 Code Signing Policy Modification
IA-07 Cryptographic Module Authentication mitigates T1601 Modify System Image
IA-07 Cryptographic Module Authentication mitigates T1601.001 Patch System Image
IA-07 Cryptographic Module Authentication mitigates T1601.002 Downgrade System Image
RA-09 Criticality Analysis mitigates T1195.003 Compromise Hardware Supply Chain
SC-34 Non-modifiable Executable Programs mitigates T1195.003 Compromise Hardware Supply Chain
MP-07 Media Use mitigates T1052 Exfiltration Over Physical Medium
MP-07 Media Use mitigates T1052.001 Exfiltration over USB
MP-07 Media Use mitigates T1091 Replication Through Removable Media
MP-07 Media Use mitigates T1200 Hardware Additions
SC-41 Port and I/O Device Access mitigates T1052 Exfiltration Over Physical Medium
SC-41 Port and I/O Device Access mitigates T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access mitigates T1091 Replication Through Removable Media
SC-41 Port and I/O Device Access mitigates T1200 Hardware Additions
CA-02 Control Assessments mitigates T1195.002 Compromise Software Supply Chain
CA-02 Control Assessments mitigates T1210 Exploitation of Remote Services
SC-26 Decoys mitigates T1210 Exploitation of Remote Services
SC-35 External Malicious Code Identification mitigates T1210 Exploitation of Remote Services
SC-29 Heterogeneity mitigates T1210 Exploitation of Remote Services
SC-29 Heterogeneity mitigates T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting mitigates T1195.002 Compromise Software Supply Chain
RA-10 Threat Hunting mitigates T1210 Exploitation of Remote Services
RA-10 Threat Hunting mitigates T1211 Exploitation for Defense Evasion
RA-10 Threat Hunting mitigates T1212 Exploitation for Credential Access
SC-26 Decoys mitigates T1211 Exploitation for Defense Evasion
SC-26 Decoys mitigates T1212 Exploitation for Credential Access
SC-30 Concealment and Misdirection mitigates T1189 Drive-by Compromise
SC-30 Concealment and Misdirection mitigates T1210 Exploitation of Remote Services
SC-30 Concealment and Misdirection mitigates T1211 Exploitation for Defense Evasion
SC-30 Concealment and Misdirection mitigates T1212 Exploitation for Credential Access
SC-35 External Malicious Code Identification mitigates T1211 Exploitation for Defense Evasion
SC-35 External Malicious Code Identification mitigates T1212 Exploitation for Credential Access
SI-05 Security Alerts, Advisories, and Directives mitigates T1210 Exploitation of Remote Services
SI-05 Security Alerts, Advisories, and Directives mitigates T1211 Exploitation for Defense Evasion
SI-05 Security Alerts, Advisories, and Directives mitigates T1212 Exploitation for Credential Access
CP-10 System Recovery and Reconstitution mitigates T1486 Data Encrypted for Impact
CP-10 System Recovery and Reconstitution mitigates T1491 Defacement
CP-10 System Recovery and Reconstitution mitigates T1491.001 Internal Defacement
CP-10 System Recovery and Reconstitution mitigates T1491.002 External Defacement
CP-10 System Recovery and Reconstitution mitigates T1561 Disk Wipe
CP-10 System Recovery and Reconstitution mitigates T1561.001 Disk Content Wipe
CP-10 System Recovery and Reconstitution mitigates T1561.002 Disk Structure Wipe
CP-10 System Recovery and Reconstitution mitigates T1565.001 Stored Data Manipulation
SC-37 Out-of-band Channels mitigates T1071.001 Web Protocols
SC-37 Out-of-band Channels mitigates T1071.004 DNS
SC-16 Transmission of Security and Privacy Attributes mitigates T1505 Server Software Component
SI-14 Non-persistence mitigates T1505 Server Software Component
SA-22 Unsupported System Components mitigates T1195.002 Compromise Software Supply Chain
CM-10 Software Usage Restrictions mitigates T1546.008 Accessibility Features
SI-14 Non-persistence mitigates T1505.001 SQL Stored Procedures
SI-14 Non-persistence mitigates T1505.002 Transport Agent
SI-14 Non-persistence mitigates T1505.004 IIS Components
SI-14 Non-persistence mitigates T1547.006 Kernel Modules and Extensions
SC-13 Cryptographic Protection mitigates T1025 Data from Removable Media
SC-13 Cryptographic Protection mitigates T1041 Exfiltration Over C2 Channel
SC-13 Cryptographic Protection mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-18 Mobile Code mitigates T1055 Process Injection
SC-18 Mobile Code mitigates T1055.001 Dynamic-link Library Injection
SC-18 Mobile Code mitigates T1055.002 Portable Executable Injection
SC-18 Mobile Code mitigates T1055.003 Thread Execution Hijacking
SC-18 Mobile Code mitigates T1055.004 Asynchronous Procedure Call
SC-18 Mobile Code mitigates T1055.005 Thread Local Storage
SC-18 Mobile Code mitigates T1055.008 Ptrace System Calls
SC-18 Mobile Code mitigates T1055.009 Proc Memory
SC-18 Mobile Code mitigates T1055.011 Extra Window Memory Injection
SC-18 Mobile Code mitigates T1055.012 Process Hollowing
SC-18 Mobile Code mitigates T1055.013 Process Doppelgänging
SC-18 Mobile Code mitigates T1055.014 VDSO Hijacking
SC-18 Mobile Code mitigates T1059.005 Visual Basic
SC-18 Mobile Code mitigates T1059.007 JavaScript
SC-18 Mobile Code mitigates T1068 Exploitation for Privilege Escalation
SC-18 Mobile Code mitigates T1137 Office Application Startup
SC-18 Mobile Code mitigates T1137.001 Office Template Macros
SC-18 Mobile Code mitigates T1137.003 Outlook Forms
SC-18 Mobile Code mitigates T1137.004 Outlook Home Page
SC-18 Mobile Code mitigates T1137.005 Outlook Rules
SC-18 Mobile Code mitigates T1137.006 Add-ins
SC-18 Mobile Code mitigates T1189 Drive-by Compromise
SC-18 Mobile Code mitigates T1210 Exploitation of Remote Services
SC-18 Mobile Code mitigates T1211 Exploitation for Defense Evasion
SC-18 Mobile Code mitigates T1212 Exploitation for Credential Access
SC-18 Mobile Code mitigates T1218.001 Compiled HTML File
SC-18 Mobile Code mitigates T1548.004 Elevated Execution with Prompt
SC-18 Mobile Code mitigates T1559 Inter-Process Communication
SC-18 Mobile Code mitigates T1559.001 Component Object Model
SC-18 Mobile Code mitigates T1559.002 Dynamic Data Exchange
CP-02 Contingency Plan mitigates T1486 Data Encrypted for Impact
CP-02 Contingency Plan mitigates T1491 Defacement
CP-02 Contingency Plan mitigates T1491.001 Internal Defacement
CP-02 Contingency Plan mitigates T1491.002 External Defacement
CP-02 Contingency Plan mitigates T1561 Disk Wipe
CP-02 Contingency Plan mitigates T1561.001 Disk Content Wipe
CP-02 Contingency Plan mitigates T1561.002 Disk Structure Wipe
CM-10 Software Usage Restrictions mitigates T1546.013 PowerShell Profile
CM-10 Software Usage Restrictions mitigates T1553.004 Install Root Certificate
CM-10 Software Usage Restrictions mitigates T1559 Inter-Process Communication
CM-10 Software Usage Restrictions mitigates T1559.002 Dynamic Data Exchange
CM-10 Software Usage Restrictions mitigates T1562.009 Safe Mode Boot
SC-06 Resource Availability mitigates T1564.009 Resource Forking
CP-06 Alternate Storage Site mitigates T1070.002 Clear Linux or Mac System Logs
CP-06 Alternate Storage Site mitigates T1070.008 Clear Mailbox Data
CP-06 Alternate Storage Site mitigates T1486 Data Encrypted for Impact
CP-06 Alternate Storage Site mitigates T1565.001 Stored Data Manipulation
SC-36 Distributed Processing and Storage mitigates T1070.002 Clear Linux or Mac System Logs
SC-36 Distributed Processing and Storage mitigates T1070.008 Clear Mailbox Data
SC-36 Distributed Processing and Storage mitigates T1565.001 Stored Data Manipulation
SI-23 Information Fragmentation mitigates T1070.002 Clear Linux or Mac System Logs
SI-23 Information Fragmentation mitigates T1565.001 Stored Data Manipulation
CP-09 System Backup mitigates T1003.003 NTDS
CP-09 System Backup mitigates T1005 Data from Local System
CP-09 System Backup mitigates T1025 Data from Removable Media
CP-09 System Backup mitigates T1070 Indicator Removal
CP-09 System Backup mitigates T1070.002 Clear Linux or Mac System Logs
CP-09 System Backup mitigates T1070.008 Clear Mailbox Data
CP-09 System Backup mitigates T1486 Data Encrypted for Impact
CP-09 System Backup mitigates T1491 Defacement
CP-09 System Backup mitigates T1491.001 Internal Defacement
CP-09 System Backup mitigates T1491.002 External Defacement
CP-09 System Backup mitigates T1561 Disk Wipe
CP-09 System Backup mitigates T1561.001 Disk Content Wipe
CP-09 System Backup mitigates T1561.002 Disk Structure Wipe
CP-09 System Backup mitigates T1565.001 Stored Data Manipulation
CP-09 System Backup mitigates T1565.003 Runtime Data Manipulation
AC-23 Data Mining Protection mitigates T1005 Data from Local System
AC-23 Data Mining Protection mitigates T1025 Data from Removable Media
AC-23 Data Mining Protection mitigates T1041 Exfiltration Over C2 Channel
AC-23 Data Mining Protection mitigates T1048 Exfiltration Over Alternative Protocol
AC-23 Data Mining Protection mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-23 Data Mining Protection mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-23 Data Mining Protection mitigates T1052 Exfiltration Over Physical Medium
AC-23 Data Mining Protection mitigates T1052.001 Exfiltration over USB
AC-23 Data Mining Protection mitigates T1552.007 Container API
AC-23 Data Mining Protection mitigates T1567 Exfiltration Over Web Service
CA-03 Information Exchange mitigates T1041 Exfiltration Over C2 Channel
CA-03 Information Exchange mitigates T1048 Exfiltration Over Alternative Protocol
CA-03 Information Exchange mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CA-03 Information Exchange mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CA-03 Information Exchange mitigates T1567 Exfiltration Over Web Service
SA-09 External System Services mitigates T1048 Exfiltration Over Alternative Protocol
SA-09 External System Services mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SA-09 External System Services mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SA-09 External System Services mitigates T1567 Exfiltration Over Web Service
SC-31 Covert Channel Analysis mitigates T1048 Exfiltration Over Alternative Protocol
SC-31 Covert Channel Analysis mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-31 Covert Channel Analysis mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-31 Covert Channel Analysis mitigates T1071.001 Web Protocols
SC-31 Covert Channel Analysis mitigates T1071.004 DNS
SC-31 Covert Channel Analysis mitigates T1567 Exfiltration Over Web Service
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1071.001 Web Protocols
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1071.004 DNS
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1568 Dynamic Resolution
SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) mitigates T1568.002 Domain Generation Algorithms
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1071.001 Web Protocols
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1071.004 DNS
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1568 Dynamic Resolution
SC-22 Architecture and Provisioning for Name/Address Resolution Service mitigates T1568.002 Domain Generation Algorithms
CM-11 User-installed Software mitigates T1195.002 Compromise Software Supply Chain
CM-11 User-installed Software mitigates T1218.001 Compiled HTML File
CM-11 User-installed Software mitigates T1218.002 Control Panel
CM-11 User-installed Software mitigates T1218.003 CMSTP
CM-11 User-installed Software mitigates T1218.004 InstallUtil
CM-11 User-installed Software mitigates T1218.005 Mshta
CM-11 User-installed Software mitigates T1218.008 Odbcconf
CM-11 User-installed Software mitigates T1218.009 Regsvcs/Regasm
CM-11 User-installed Software mitigates T1218.012 Verclsid
CM-11 User-installed Software mitigates T1218.013 Mavinject
CM-11 User-installed Software mitigates T1218.014 MMC
CM-11 User-installed Software mitigates T1505 Server Software Component
CM-11 User-installed Software mitigates T1505.001 SQL Stored Procedures
CM-11 User-installed Software mitigates T1505.002 Transport Agent
CM-11 User-installed Software mitigates T1505.004 IIS Components
CM-11 User-installed Software mitigates T1543.001 Launch Agent
CM-11 User-installed Software mitigates T1543.004 Launch Daemon
CM-11 User-installed Software mitigates T1547.013 XDG Autostart Entries
CM-11 User-installed Software mitigates T1564.009 Resource Forking
CM-11 User-installed Software mitigates T1569 System Services
CM-11 User-installed Software mitigates T1569.001 Launchctl
SC-12 Cryptographic Key Establishment and Management mitigates T1098.004 SSH Authorized Keys
SC-12 Cryptographic Key Establishment and Management mitigates T1552.002 Credentials in Registry
SC-12 Cryptographic Key Establishment and Management mitigates T1563.001 SSH Hijacking
SC-12 Cryptographic Key Establishment and Management mitigates T1573.001 Symmetric Cryptography
SC-12 Cryptographic Key Establishment and Management mitigates T1573.002 Asymmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes mitigates T1505.002 Transport Agent
SC-16 Transmission of Security and Privacy Attributes mitigates T1573.001 Symmetric Cryptography
SC-16 Transmission of Security and Privacy Attributes mitigates T1573.002 Asymmetric Cryptography
SA-15 Development Process, Standards, and Tools mitigates T1552.002 Credentials in Registry
SA-15 Development Process, Standards, and Tools mitigates T1552.006 Group Policy Preferences
SA-15 Development Process, Standards, and Tools mitigates T1558.004 AS-REP Roasting
SA-15 Development Process, Standards, and Tools mitigates T1574.002 DLL Side-Loading
SA-16 Developer-provided Training mitigates T1574.002 DLL Side-Loading
SA-17 Developer Security and Privacy Architecture and Design mitigates T1134.005 SID-History Injection
SA-17 Developer Security and Privacy Architecture and Design mitigates T1482 Domain Trust Discovery
SA-17 Developer Security and Privacy Architecture and Design mitigates T1574.002 DLL Side-Loading
SA-03 System Development Life Cycle mitigates T1574.002 DLL Side-Loading
SA-04 Acquisition Process mitigates T1134.005 SID-History Injection
SA-04 Acquisition Process mitigates T1574.002 DLL Side-Loading
IA-06 Authentication Feedback mitigates T1021.005 VNC
IA-06 Authentication Feedback mitigates T1578 Modify Cloud Compute Infrastructure
IA-06 Authentication Feedback mitigates T1578.001 Create Snapshot
IA-06 Authentication Feedback mitigates T1578.002 Create Cloud Instance
IA-06 Authentication Feedback mitigates T1578.003 Delete Cloud Instance
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1071.001 Web Protocols
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1071.004 DNS
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1553.004 Install Root Certificate
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1568 Dynamic Resolution
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1568.002 Domain Generation Algorithms
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1598 Phishing for Information
SC-20 Secure Name/Address Resolution Service (Authoritative Source) mitigates T1598.002 Spearphishing Attachment
SC-44 Detonation Chambers mitigates T1137.001 Office Template Macros
SC-44 Detonation Chambers mitigates T1137.003 Outlook Forms
SC-44 Detonation Chambers mitigates T1137.004 Outlook Home Page
SC-44 Detonation Chambers mitigates T1137.005 Outlook Rules
SC-44 Detonation Chambers mitigates T1137.006 Add-ins
SC-44 Detonation Chambers mitigates T1204.001 Malicious Link
SC-44 Detonation Chambers mitigates T1204.003 Malicious Image
SC-44 Detonation Chambers mitigates T1221 Template Injection
SC-44 Detonation Chambers mitigates T1564.009 Resource Forking
SC-44 Detonation Chambers mitigates T1598 Phishing for Information
SC-44 Detonation Chambers mitigates T1598.001 Spearphishing Service
SC-44 Detonation Chambers mitigates T1598.002 Spearphishing Attachment
SI-08 Spam Protection mitigates T1137.001 Office Template Macros
SI-08 Spam Protection mitigates T1137.003 Outlook Forms
SI-08 Spam Protection mitigates T1137.004 Outlook Home Page
SI-08 Spam Protection mitigates T1137.005 Outlook Rules
SI-08 Spam Protection mitigates T1137.006 Add-ins
SI-08 Spam Protection mitigates T1204.001 Malicious Link
SI-08 Spam Protection mitigates T1204.003 Malicious Image
SI-08 Spam Protection mitigates T1221 Template Injection
SI-08 Spam Protection mitigates T1598 Phishing for Information
SI-08 Spam Protection mitigates T1598.001 Spearphishing Service
SI-08 Spam Protection mitigates T1598.002 Spearphishing Attachment
RA-09 Criticality Analysis mitigates T1495 Firmware Corruption
RA-09 Criticality Analysis mitigates T1542.003 Bootkit
RA-09 Criticality Analysis mitigates T1542.004 ROMMONkit
RA-09 Criticality Analysis mitigates T1542.005 TFTP Boot
RA-09 Criticality Analysis mitigates T1553.006 Code Signing Policy Modification
RA-09 Criticality Analysis mitigates T1601 Modify System Image
RA-09 Criticality Analysis mitigates T1601.001 Patch System Image
RA-09 Criticality Analysis mitigates T1601.002 Downgrade System Image
SR-11 Component Authenticity mitigates T1204.003 Malicious Image
SR-11 Component Authenticity mitigates T1505 Server Software Component
SR-11 Component Authenticity mitigates T1505.001 SQL Stored Procedures
SR-11 Component Authenticity mitigates T1505.002 Transport Agent
SR-11 Component Authenticity mitigates T1505.004 IIS Components
SR-11 Component Authenticity mitigates T1546.006 LC_LOAD_DYLIB Addition
SR-11 Component Authenticity mitigates T1601 Modify System Image
SR-11 Component Authenticity mitigates T1601.001 Patch System Image
SR-11 Component Authenticity mitigates T1601.002 Downgrade System Image
SR-04 Provenance mitigates T1048 Exfiltration Over Alternative Protocol
SR-04 Provenance mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SR-04 Provenance mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SR-04 Provenance mitigates T1052 Exfiltration Over Physical Medium
SR-04 Provenance mitigates T1052.001 Exfiltration over USB
SR-04 Provenance mitigates T1059.002 AppleScript
SR-04 Provenance mitigates T1204.003 Malicious Image
SR-04 Provenance mitigates T1505 Server Software Component
SR-04 Provenance mitigates T1505.001 SQL Stored Procedures
SR-04 Provenance mitigates T1505.002 Transport Agent
SR-04 Provenance mitigates T1505.004 IIS Components
SR-04 Provenance mitigates T1546.006 LC_LOAD_DYLIB Addition
SR-04 Provenance mitigates T1567 Exfiltration Over Web Service
SR-04 Provenance mitigates T1601 Modify System Image
SR-04 Provenance mitigates T1601.001 Patch System Image
SR-04 Provenance mitigates T1601.002 Downgrade System Image
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1204.003 Malicious Image
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1505 Server Software Component
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1505.001 SQL Stored Procedures
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1505.002 Transport Agent
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1505.004 IIS Components
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1546.006 LC_LOAD_DYLIB Addition
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1601 Modify System Image
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1601.001 Patch System Image
SR-05 Acquisition Strategies, Tools, and Methods mitigates T1601.002 Downgrade System Image
AC-19 Access Control for Mobile Devices mitigates T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices mitigates T1070.008 Clear Mailbox Data
AC-19 Access Control for Mobile Devices mitigates T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices mitigates T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices mitigates T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices mitigates T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices mitigates T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices mitigates T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices mitigates T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices mitigates T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices mitigates T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices mitigates T1602.002 Network Device Configuration Dump
IA-04 Identifier Management mitigates T1003.006 DCSync
IA-04 Identifier Management mitigates T1021.001 Remote Desktop Protocol
IA-04 Identifier Management mitigates T1021.005 VNC
IA-04 Identifier Management mitigates T1110.001 Password Guessing
IA-04 Identifier Management mitigates T1110.002 Password Cracking
IA-04 Identifier Management mitigates T1110.003 Password Spraying
IA-04 Identifier Management mitigates T1110.004 Credential Stuffing
IA-04 Identifier Management mitigates T1547.006 Kernel Modules and Extensions
IA-04 Identifier Management mitigates T1552.005 Cloud Instance Metadata API
IA-04 Identifier Management mitigates T1578 Modify Cloud Compute Infrastructure
IA-04 Identifier Management mitigates T1578.001 Create Snapshot
IA-04 Identifier Management mitigates T1578.002 Create Cloud Instance
IA-04 Identifier Management mitigates T1578.003 Delete Cloud Instance
IA-04 Identifier Management mitigates T1602 Data from Configuration Repository
IA-04 Identifier Management mitigates T1602.001 SNMP (MIB Dump)
IA-04 Identifier Management mitigates T1602.002 Network Device Configuration Dump
SC-28 Protection of Information at Rest mitigates T1003.002 Security Account Manager
SC-28 Protection of Information at Rest mitigates T1003.003 NTDS
SC-28 Protection of Information at Rest mitigates T1003.004 LSA Secrets
SC-28 Protection of Information at Rest mitigates T1003.006 DCSync
SC-28 Protection of Information at Rest mitigates T1003.008 /etc/passwd and /etc/shadow
SC-28 Protection of Information at Rest mitigates T1005 Data from Local System
SC-28 Protection of Information at Rest mitigates T1025 Data from Removable Media
SC-28 Protection of Information at Rest mitigates T1041 Exfiltration Over C2 Channel
SC-28 Protection of Information at Rest mitigates T1048 Exfiltration Over Alternative Protocol
SC-28 Protection of Information at Rest mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-28 Protection of Information at Rest mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-28 Protection of Information at Rest mitigates T1052 Exfiltration Over Physical Medium
SC-28 Protection of Information at Rest mitigates T1052.001 Exfiltration over USB
SC-28 Protection of Information at Rest mitigates T1552.002 Credentials in Registry
SC-28 Protection of Information at Rest mitigates T1552.003 Bash History
SC-28 Protection of Information at Rest mitigates T1565.001 Stored Data Manipulation
SC-28 Protection of Information at Rest mitigates T1565.003 Runtime Data Manipulation
SC-28 Protection of Information at Rest mitigates T1567 Exfiltration Over Web Service
SC-28 Protection of Information at Rest mitigates T1599 Network Boundary Bridging
SC-28 Protection of Information at Rest mitigates T1599.001 Network Address Translation Traversal
SC-28 Protection of Information at Rest mitigates T1602 Data from Configuration Repository
SC-28 Protection of Information at Rest mitigates T1602.001 SNMP (MIB Dump)
SC-28 Protection of Information at Rest mitigates T1602.002 Network Device Configuration Dump
SC-04 Information in Shared System Resources mitigates T1070 Indicator Removal
SC-04 Information in Shared System Resources mitigates T1070.002 Clear Linux or Mac System Logs
SC-04 Information in Shared System Resources mitigates T1070.008 Clear Mailbox Data
SC-04 Information in Shared System Resources mitigates T1080 Taint Shared Content
SC-04 Information in Shared System Resources mitigates T1552.002 Credentials in Registry
SC-04 Information in Shared System Resources mitigates T1557.002 ARP Cache Poisoning
SC-04 Information in Shared System Resources mitigates T1558.002 Silver Ticket
SC-04 Information in Shared System Resources mitigates T1558.003 Kerberoasting
SC-04 Information in Shared System Resources mitigates T1558.004 AS-REP Roasting
SC-04 Information in Shared System Resources mitigates T1564.009 Resource Forking
SC-04 Information in Shared System Resources mitigates T1565.001 Stored Data Manipulation
SC-04 Information in Shared System Resources mitigates T1565.002 Transmitted Data Manipulation
SC-04 Information in Shared System Resources mitigates T1565.003 Runtime Data Manipulation
SC-04 Information in Shared System Resources mitigates T1595.003 Wordlist Scanning
SC-04 Information in Shared System Resources mitigates T1602 Data from Configuration Repository
SC-04 Information in Shared System Resources mitigates T1602.001 SNMP (MIB Dump)
SC-04 Information in Shared System Resources mitigates T1602.002 Network Device Configuration Dump
SI-12 Information Management and Retention mitigates T1003.003 NTDS
SI-12 Information Management and Retention mitigates T1070 Indicator Removal
SI-12 Information Management and Retention mitigates T1070.002 Clear Linux or Mac System Logs
SI-12 Information Management and Retention mitigates T1070.008 Clear Mailbox Data
SI-12 Information Management and Retention mitigates T1070.008 Clear Mailbox Data
SI-12 Information Management and Retention mitigates T1114.001 Local Email Collection
SI-12 Information Management and Retention mitigates T1548.004 Elevated Execution with Prompt
SI-12 Information Management and Retention mitigates T1557.002 ARP Cache Poisoning
SI-12 Information Management and Retention mitigates T1558.002 Silver Ticket
SI-12 Information Management and Retention mitigates T1558.003 Kerberoasting
SI-12 Information Management and Retention mitigates T1558.004 AS-REP Roasting
SI-12 Information Management and Retention mitigates T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention mitigates T1565.002 Transmitted Data Manipulation
SI-12 Information Management and Retention mitigates T1602 Data from Configuration Repository
SI-12 Information Management and Retention mitigates T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention mitigates T1602.002 Network Device Configuration Dump
SC-17 Public Key Infrastructure Certificates mitigates T1606 Forge Web Credentials
SC-02 Separation of System and User Functionality mitigates T1189 Drive-by Compromise
SC-02 Separation of System and User Functionality mitigates T1210 Exploitation of Remote Services
SC-02 Separation of System and User Functionality mitigates T1211 Exploitation for Defense Evasion
SC-02 Separation of System and User Functionality mitigates T1212 Exploitation for Credential Access
SC-03 Security Function Isolation mitigates T1021.003 Distributed Component Object Model
SC-03 Security Function Isolation mitigates T1068 Exploitation for Privilege Escalation
SC-03 Security Function Isolation mitigates T1134.005 SID-History Injection
SC-03 Security Function Isolation mitigates T1189 Drive-by Compromise
SC-03 Security Function Isolation mitigates T1210 Exploitation of Remote Services
SC-03 Security Function Isolation mitigates T1211 Exploitation for Defense Evasion
SC-03 Security Function Isolation mitigates T1212 Exploitation for Credential Access
SC-03 Security Function Isolation mitigates T1559 Inter-Process Communication
SC-03 Security Function Isolation mitigates T1559.001 Component Object Model
SC-03 Security Function Isolation mitigates T1559.002 Dynamic Data Exchange
SC-03 Security Function Isolation mitigates T1602 Data from Configuration Repository
SC-03 Security Function Isolation mitigates T1602.001 SNMP (MIB Dump)
SC-03 Security Function Isolation mitigates T1602.002 Network Device Configuration Dump
SC-34 Non-modifiable Executable Programs mitigates T1542.003 Bootkit
SC-34 Non-modifiable Executable Programs mitigates T1542.004 ROMMONkit
SC-34 Non-modifiable Executable Programs mitigates T1542.005 TFTP Boot
SC-34 Non-modifiable Executable Programs mitigates T1548.004 Elevated Execution with Prompt
SC-34 Non-modifiable Executable Programs mitigates T1553.006 Code Signing Policy Modification
SC-34 Non-modifiable Executable Programs mitigates T1601 Modify System Image
SC-34 Non-modifiable Executable Programs mitigates T1601.001 Patch System Image
SC-34 Non-modifiable Executable Programs mitigates T1601.002 Downgrade System Image
SC-39 Process Isolation mitigates T1003.002 Security Account Manager
SC-39 Process Isolation mitigates T1003.003 NTDS
SC-39 Process Isolation mitigates T1003.004 LSA Secrets
SC-39 Process Isolation mitigates T1003.006 DCSync
SC-39 Process Isolation mitigates T1003.008 /etc/passwd and /etc/shadow
SC-39 Process Isolation mitigates T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation mitigates T1189 Drive-by Compromise
SC-39 Process Isolation mitigates T1210 Exploitation of Remote Services
SC-39 Process Isolation mitigates T1211 Exploitation for Defense Evasion
SC-39 Process Isolation mitigates T1212 Exploitation for Credential Access
SC-39 Process Isolation mitigates T1547.002 Authentication Package
SC-39 Process Isolation mitigates T1547.005 Security Support Provider
SC-39 Process Isolation mitigates T1547.008 LSASS Driver
SI-16 Memory Protection mitigates T1055.009 Proc Memory
SI-16 Memory Protection mitigates T1059.001 PowerShell
SI-16 Memory Protection mitigates T1059.002 AppleScript
SI-16 Memory Protection mitigates T1059.003 Windows Command Shell
SI-16 Memory Protection mitigates T1059.004 Unix Shell
SI-16 Memory Protection mitigates T1059.005 Visual Basic
SI-16 Memory Protection mitigates T1059.007 JavaScript
SI-16 Memory Protection mitigates T1059.008 Network Device CLI
SI-16 Memory Protection mitigates T1218.001 Compiled HTML File
SI-16 Memory Protection mitigates T1218.002 Control Panel
SI-16 Memory Protection mitigates T1218.003 CMSTP
SI-16 Memory Protection mitigates T1218.004 InstallUtil
SI-16 Memory Protection mitigates T1218.005 Mshta
SI-16 Memory Protection mitigates T1218.008 Odbcconf
SI-16 Memory Protection mitigates T1218.009 Regsvcs/Regasm
SI-16 Memory Protection mitigates T1218.012 Verclsid
SI-16 Memory Protection mitigates T1218.013 Mavinject
SI-16 Memory Protection mitigates T1218.014 MMC
SI-16 Memory Protection mitigates T1505.004 IIS Components
SI-16 Memory Protection mitigates T1547.006 Kernel Modules and Extensions
SI-16 Memory Protection mitigates T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection mitigates T1565.001 Stored Data Manipulation
SI-16 Memory Protection mitigates T1565.003 Runtime Data Manipulation
SI-02 Flaw Remediation mitigates T1027.002 Software Packing
SI-02 Flaw Remediation mitigates T1027.007 Dynamic API Resolution
SI-02 Flaw Remediation mitigates T1027.008 Stripped Payloads
SI-02 Flaw Remediation mitigates T1027.009 Embedded Payloads
SI-02 Flaw Remediation mitigates T1055 Process Injection
SI-02 Flaw Remediation mitigates T1055.001 Dynamic-link Library Injection
SI-02 Flaw Remediation mitigates T1055.002 Portable Executable Injection
SI-02 Flaw Remediation mitigates T1055.003 Thread Execution Hijacking
SI-02 Flaw Remediation mitigates T1055.004 Asynchronous Procedure Call
SI-02 Flaw Remediation mitigates T1055.005 Thread Local Storage
SI-02 Flaw Remediation mitigates T1055.008 Ptrace System Calls
SI-02 Flaw Remediation mitigates T1055.009 Proc Memory
SI-02 Flaw Remediation mitigates T1055.011 Extra Window Memory Injection
SI-02 Flaw Remediation mitigates T1055.012 Process Hollowing
SI-02 Flaw Remediation mitigates T1055.013 Process Doppelgänging
SI-02 Flaw Remediation mitigates T1055.014 VDSO Hijacking
SI-02 Flaw Remediation mitigates T1059.001 PowerShell
SI-02 Flaw Remediation mitigates T1059.005 Visual Basic
SI-02 Flaw Remediation mitigates T1068 Exploitation for Privilege Escalation
SI-02 Flaw Remediation mitigates T1106 Native API
SI-02 Flaw Remediation mitigates T1137 Office Application Startup
SI-02 Flaw Remediation mitigates T1137.003 Outlook Forms
SI-02 Flaw Remediation mitigates T1137.004 Outlook Home Page
SI-02 Flaw Remediation mitigates T1137.005 Outlook Rules
SI-02 Flaw Remediation mitigates T1189 Drive-by Compromise
SI-02 Flaw Remediation mitigates T1195.002 Compromise Software Supply Chain
SI-02 Flaw Remediation mitigates T1195.003 Compromise Hardware Supply Chain
SI-02 Flaw Remediation mitigates T1204.001 Malicious Link
SI-02 Flaw Remediation mitigates T1204.003 Malicious Image
SI-02 Flaw Remediation mitigates T1210 Exploitation of Remote Services
SI-02 Flaw Remediation mitigates T1211 Exploitation for Defense Evasion
SI-02 Flaw Remediation mitigates T1212 Exploitation for Credential Access
SI-02 Flaw Remediation mitigates T1221 Template Injection
SI-02 Flaw Remediation mitigates T1495 Firmware Corruption
SI-02 Flaw Remediation mitigates T1525 Implant Internal Image
SI-02 Flaw Remediation mitigates T1542.003 Bootkit
SI-02 Flaw Remediation mitigates T1542.004 ROMMONkit
SI-02 Flaw Remediation mitigates T1542.005 TFTP Boot
SI-02 Flaw Remediation mitigates T1546.006 LC_LOAD_DYLIB Addition
SI-02 Flaw Remediation mitigates T1546.010 AppInit DLLs
SI-02 Flaw Remediation mitigates T1546.011 Application Shimming
SI-02 Flaw Remediation mitigates T1547.006 Kernel Modules and Extensions
SI-02 Flaw Remediation mitigates T1548.002 Bypass User Account Control
SI-02 Flaw Remediation mitigates T1550.002 Pass the Hash
SI-02 Flaw Remediation mitigates T1552.006 Group Policy Preferences
SI-02 Flaw Remediation mitigates T1553.006 Code Signing Policy Modification
SI-02 Flaw Remediation mitigates T1559 Inter-Process Communication
SI-02 Flaw Remediation mitigates T1559.002 Dynamic Data Exchange
SI-02 Flaw Remediation mitigates T1574 Hijack Execution Flow
SI-02 Flaw Remediation mitigates T1574.002 DLL Side-Loading
SI-02 Flaw Remediation mitigates T1574.013 KernelCallbackTable
SI-02 Flaw Remediation mitigates T1601 Modify System Image
SI-02 Flaw Remediation mitigates T1601.001 Patch System Image
SI-02 Flaw Remediation mitigates T1601.002 Downgrade System Image
SI-02 Flaw Remediation mitigates T1606 Forge Web Credentials
SI-02 Flaw Remediation mitigates T1606.001 Web Cookies
RA-05 Vulnerability Monitoring and Scanning mitigates T1021.001 Remote Desktop Protocol
RA-05 Vulnerability Monitoring and Scanning mitigates T1021.003 Distributed Component Object Model
RA-05 Vulnerability Monitoring and Scanning mitigates T1021.004 SSH
RA-05 Vulnerability Monitoring and Scanning mitigates T1021.005 VNC
RA-05 Vulnerability Monitoring and Scanning mitigates T1021.006 Windows Remote Management
RA-05 Vulnerability Monitoring and Scanning mitigates T1046 Network Service Discovery
RA-05 Vulnerability Monitoring and Scanning mitigates T1052 Exfiltration Over Physical Medium
RA-05 Vulnerability Monitoring and Scanning mitigates T1052.001 Exfiltration over USB
RA-05 Vulnerability Monitoring and Scanning mitigates T1053.003 Cron
RA-05 Vulnerability Monitoring and Scanning mitigates T1059.001 PowerShell
RA-05 Vulnerability Monitoring and Scanning mitigates T1059.005 Visual Basic
RA-05 Vulnerability Monitoring and Scanning mitigates T1059.007 JavaScript
RA-05 Vulnerability Monitoring and Scanning mitigates T1068 Exploitation for Privilege Escalation
RA-05 Vulnerability Monitoring and Scanning mitigates T1091 Replication Through Removable Media
RA-05 Vulnerability Monitoring and Scanning mitigates T1098.004 SSH Authorized Keys
RA-05 Vulnerability Monitoring and Scanning mitigates T1127 Trusted Developer Utilities Proxy Execution
RA-05 Vulnerability Monitoring and Scanning mitigates T1127.001 MSBuild
RA-05 Vulnerability Monitoring and Scanning mitigates T1133 External Remote Services
RA-05 Vulnerability Monitoring and Scanning mitigates T1137 Office Application Startup
RA-05 Vulnerability Monitoring and Scanning mitigates T1137.001 Office Template Macros
RA-05 Vulnerability Monitoring and Scanning mitigates T1195.002 Compromise Software Supply Chain
RA-05 Vulnerability Monitoring and Scanning mitigates T1204.003 Malicious Image
RA-05 Vulnerability Monitoring and Scanning mitigates T1210 Exploitation of Remote Services
RA-05 Vulnerability Monitoring and Scanning mitigates T1211 Exploitation for Defense Evasion
RA-05 Vulnerability Monitoring and Scanning mitigates T1212 Exploitation for Credential Access
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.003 CMSTP
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.004 InstallUtil
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.005 Mshta
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.008 Odbcconf
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.009 Regsvcs/Regasm
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.012 Verclsid
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.013 Mavinject
RA-05 Vulnerability Monitoring and Scanning mitigates T1218.014 MMC
RA-05 Vulnerability Monitoring and Scanning mitigates T1221 Template Injection
RA-05 Vulnerability Monitoring and Scanning mitigates T1482 Domain Trust Discovery
RA-05 Vulnerability Monitoring and Scanning mitigates T1505 Server Software Component
RA-05 Vulnerability Monitoring and Scanning mitigates T1505.001 SQL Stored Procedures
RA-05 Vulnerability Monitoring and Scanning mitigates T1505.002 Transport Agent
RA-05 Vulnerability Monitoring and Scanning mitigates T1505.004 IIS Components
RA-05 Vulnerability Monitoring and Scanning mitigates T1505.005 Terminal Services DLL
RA-05 Vulnerability Monitoring and Scanning mitigates T1525 Implant Internal Image
RA-05 Vulnerability Monitoring and Scanning mitigates T1542.004 ROMMONkit
RA-05 Vulnerability Monitoring and Scanning mitigates T1542.005 TFTP Boot
RA-05 Vulnerability Monitoring and Scanning mitigates T1546.002 Screensaver
RA-05 Vulnerability Monitoring and Scanning mitigates T1546.014 Emond
RA-05 Vulnerability Monitoring and Scanning mitigates T1547.006 Kernel Modules and Extensions
RA-05 Vulnerability Monitoring and Scanning mitigates T1547.007 Re-opened Applications
RA-05 Vulnerability Monitoring and Scanning mitigates T1547.008 LSASS Driver
RA-05 Vulnerability Monitoring and Scanning mitigates T1548.002 Bypass User Account Control
RA-05 Vulnerability Monitoring and Scanning mitigates T1548.003 Sudo and Sudo Caching
RA-05 Vulnerability Monitoring and Scanning mitigates T1552.002 Credentials in Registry
RA-05 Vulnerability Monitoring and Scanning mitigates T1552.006 Group Policy Preferences
RA-05 Vulnerability Monitoring and Scanning mitigates T1558.004 AS-REP Roasting
RA-05 Vulnerability Monitoring and Scanning mitigates T1559 Inter-Process Communication
RA-05 Vulnerability Monitoring and Scanning mitigates T1559.002 Dynamic Data Exchange
RA-05 Vulnerability Monitoring and Scanning mitigates T1560.001 Archive via Utility
RA-05 Vulnerability Monitoring and Scanning mitigates T1562.010 Downgrade Attack
RA-05 Vulnerability Monitoring and Scanning mitigates T1563.001 SSH Hijacking
RA-05 Vulnerability Monitoring and Scanning mitigates T1563.002 RDP Hijacking
RA-05 Vulnerability Monitoring and Scanning mitigates T1574 Hijack Execution Flow
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.004 Dylib Hijacking
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.005 Executable Installer File Permissions Weakness
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.007 Path Interception by PATH Environment Variable
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.008 Path Interception by Search Order Hijacking
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.009 Path Interception by Unquoted Path
RA-05 Vulnerability Monitoring and Scanning mitigates T1574.010 Services File Permissions Weakness
RA-05 Vulnerability Monitoring and Scanning mitigates T1578 Modify Cloud Compute Infrastructure
RA-05 Vulnerability Monitoring and Scanning mitigates T1578.001 Create Snapshot
RA-05 Vulnerability Monitoring and Scanning mitigates T1578.002 Create Cloud Instance
RA-05 Vulnerability Monitoring and Scanning mitigates T1578.003 Delete Cloud Instance
RA-05 Vulnerability Monitoring and Scanning mitigates T1612 Build Image on Host
SC-43 Usage Restrictions mitigates T1613 Container and Resource Discovery
IA-03 Device Identification and Authentication mitigates T1552.005 Cloud Instance Metadata API
IA-03 Device Identification and Authentication mitigates T1602 Data from Configuration Repository
IA-03 Device Identification and Authentication mitigates T1602.001 SNMP (MIB Dump)
IA-03 Device Identification and Authentication mitigates T1602.002 Network Device Configuration Dump
CM-08 System Component Inventory mitigates T1021.001 Remote Desktop Protocol
CM-08 System Component Inventory mitigates T1021.003 Distributed Component Object Model
CM-08 System Component Inventory mitigates T1021.004 SSH
CM-08 System Component Inventory mitigates T1021.005 VNC
CM-08 System Component Inventory mitigates T1021.006 Windows Remote Management
CM-08 System Component Inventory mitigates T1046 Network Service Discovery
CM-08 System Component Inventory mitigates T1052 Exfiltration Over Physical Medium
CM-08 System Component Inventory mitigates T1052.001 Exfiltration over USB
CM-08 System Component Inventory mitigates T1059.001 PowerShell
CM-08 System Component Inventory mitigates T1059.005 Visual Basic
CM-08 System Component Inventory mitigates T1059.007 JavaScript
CM-08 System Component Inventory mitigates T1068 Exploitation for Privilege Escalation
CM-08 System Component Inventory mitigates T1091 Replication Through Removable Media
CM-08 System Component Inventory mitigates T1098.004 SSH Authorized Keys
CM-08 System Component Inventory mitigates T1127 Trusted Developer Utilities Proxy Execution
CM-08 System Component Inventory mitigates T1127.001 MSBuild
CM-08 System Component Inventory mitigates T1133 External Remote Services
CM-08 System Component Inventory mitigates T1137 Office Application Startup
CM-08 System Component Inventory mitigates T1137.001 Office Template Macros
CM-08 System Component Inventory mitigates T1189 Drive-by Compromise
CM-08 System Component Inventory mitigates T1195.003 Compromise Hardware Supply Chain
CM-08 System Component Inventory mitigates T1210 Exploitation of Remote Services
CM-08 System Component Inventory mitigates T1211 Exploitation for Defense Evasion
CM-08 System Component Inventory mitigates T1212 Exploitation for Credential Access
CM-08 System Component Inventory mitigates T1218.003 CMSTP
CM-08 System Component Inventory mitigates T1218.004 InstallUtil
CM-08 System Component Inventory mitigates T1218.005 Mshta
CM-08 System Component Inventory mitigates T1218.008 Odbcconf
CM-08 System Component Inventory mitigates T1218.009 Regsvcs/Regasm
CM-08 System Component Inventory mitigates T1218.012 Verclsid
CM-08 System Component Inventory mitigates T1218.013 Mavinject
CM-08 System Component Inventory mitigates T1218.014 MMC
CM-08 System Component Inventory mitigates T1221 Template Injection
CM-08 System Component Inventory mitigates T1495 Firmware Corruption
CM-08 System Component Inventory mitigates T1505 Server Software Component
CM-08 System Component Inventory mitigates T1505.001 SQL Stored Procedures
CM-08 System Component Inventory mitigates T1505.002 Transport Agent
CM-08 System Component Inventory mitigates T1505.004 IIS Components
CM-08 System Component Inventory mitigates T1542.003 Bootkit
CM-08 System Component Inventory mitigates T1542.004 ROMMONkit
CM-08 System Component Inventory mitigates T1542.005 TFTP Boot
CM-08 System Component Inventory mitigates T1546.002 Screensaver
CM-08 System Component Inventory mitigates T1546.006 LC_LOAD_DYLIB Addition
CM-08 System Component Inventory mitigates T1546.014 Emond
CM-08 System Component Inventory mitigates T1547.007 Re-opened Applications
CM-08 System Component Inventory mitigates T1548.004 Elevated Execution with Prompt
CM-08 System Component Inventory mitigates T1553.006 Code Signing Policy Modification
CM-08 System Component Inventory mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-08 System Component Inventory mitigates T1557.002 ARP Cache Poisoning
CM-08 System Component Inventory mitigates T1557.003 DHCP Spoofing
CM-08 System Component Inventory mitigates T1559 Inter-Process Communication
CM-08 System Component Inventory mitigates T1559.002 Dynamic Data Exchange
CM-08 System Component Inventory mitigates T1563.001 SSH Hijacking
CM-08 System Component Inventory mitigates T1563.002 RDP Hijacking
CM-08 System Component Inventory mitigates T1564.006 Run Virtual Instance
CM-08 System Component Inventory mitigates T1564.007 VBA Stomping
CM-08 System Component Inventory mitigates T1565.001 Stored Data Manipulation
CM-08 System Component Inventory mitigates T1565.002 Transmitted Data Manipulation
CM-08 System Component Inventory mitigates T1574 Hijack Execution Flow
CM-08 System Component Inventory mitigates T1574.004 Dylib Hijacking
CM-08 System Component Inventory mitigates T1574.007 Path Interception by PATH Environment Variable
CM-08 System Component Inventory mitigates T1574.008 Path Interception by Search Order Hijacking
CM-08 System Component Inventory mitigates T1574.009 Path Interception by Unquoted Path
CM-08 System Component Inventory mitigates T1593.003 Code Repositories
CM-08 System Component Inventory mitigates T1601 Modify System Image
CM-08 System Component Inventory mitigates T1601.001 Patch System Image
CM-08 System Component Inventory mitigates T1601.002 Downgrade System Image
CM-08 System Component Inventory mitigates T1602 Data from Configuration Repository
CM-08 System Component Inventory mitigates T1602.001 SNMP (MIB Dump)
CM-08 System Component Inventory mitigates T1602.002 Network Device Configuration Dump
CM-08 System Component Inventory mitigates T1622 Debugger Evasion
SC-23 Session Authenticity mitigates T1071.001 Web Protocols
SC-23 Session Authenticity mitigates T1071.004 DNS
SC-23 Session Authenticity mitigates T1185 Browser Session Hijacking
SC-23 Session Authenticity mitigates T1535 Unused/Unsupported Cloud Regions
SC-23 Session Authenticity mitigates T1550.004 Web Session Cookie
SC-23 Session Authenticity mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-23 Session Authenticity mitigates T1557.002 ARP Cache Poisoning
SC-23 Session Authenticity mitigates T1557.003 DHCP Spoofing
SC-23 Session Authenticity mitigates T1562.009 Safe Mode Boot
SC-23 Session Authenticity mitigates T1563.001 SSH Hijacking
SC-23 Session Authenticity mitigates T1573.001 Symmetric Cryptography
SC-23 Session Authenticity mitigates T1573.002 Asymmetric Cryptography
SC-23 Session Authenticity mitigates T1622 Debugger Evasion
SC-46 Cross Domain Policy Enforcement mitigates T1021.003 Distributed Component Object Model
SC-46 Cross Domain Policy Enforcement mitigates T1021.006 Windows Remote Management
SC-46 Cross Domain Policy Enforcement mitigates T1046 Network Service Discovery
SC-46 Cross Domain Policy Enforcement mitigates T1048 Exfiltration Over Alternative Protocol
SC-46 Cross Domain Policy Enforcement mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-46 Cross Domain Policy Enforcement mitigates T1133 External Remote Services
SC-46 Cross Domain Policy Enforcement mitigates T1199 Trusted Relationship
SC-46 Cross Domain Policy Enforcement mitigates T1210 Exploitation of Remote Services
SC-46 Cross Domain Policy Enforcement mitigates T1482 Domain Trust Discovery
SC-46 Cross Domain Policy Enforcement mitigates T1552.007 Container API
SC-46 Cross Domain Policy Enforcement mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-46 Cross Domain Policy Enforcement mitigates T1557.003 DHCP Spoofing
SC-46 Cross Domain Policy Enforcement mitigates T1563.002 RDP Hijacking
SC-46 Cross Domain Policy Enforcement mitigates T1565.003 Runtime Data Manipulation
SC-46 Cross Domain Policy Enforcement mitigates T1622 Debugger Evasion
SC-08 Transmission Confidentiality and Integrity mitigates T1090 Proxy
SC-08 Transmission Confidentiality and Integrity mitigates T1090.004 Domain Fronting
SC-08 Transmission Confidentiality and Integrity mitigates T1550.004 Web Session Cookie
SC-08 Transmission Confidentiality and Integrity mitigates T1552.007 Container API
SC-08 Transmission Confidentiality and Integrity mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-08 Transmission Confidentiality and Integrity mitigates T1557.002 ARP Cache Poisoning
SC-08 Transmission Confidentiality and Integrity mitigates T1557.003 DHCP Spoofing
SC-08 Transmission Confidentiality and Integrity mitigates T1562.009 Safe Mode Boot
SC-08 Transmission Confidentiality and Integrity mitigates T1562.010 Downgrade Attack
SC-08 Transmission Confidentiality and Integrity mitigates T1602 Data from Configuration Repository
SC-08 Transmission Confidentiality and Integrity mitigates T1602.001 SNMP (MIB Dump)
SC-08 Transmission Confidentiality and Integrity mitigates T1602.002 Network Device Configuration Dump
SC-08 Transmission Confidentiality and Integrity mitigates T1622 Debugger Evasion
SI-10 Information Input Validation mitigates T1021.005 VNC
SI-10 Information Input Validation mitigates T1027.010 Command Obfuscation
SI-10 Information Input Validation mitigates T1036.005 Match Legitimate Name or Location
SI-10 Information Input Validation mitigates T1036.008 Masquerade File Type
SI-10 Information Input Validation mitigates T1048 Exfiltration Over Alternative Protocol
SI-10 Information Input Validation mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-10 Information Input Validation mitigates T1059.001 PowerShell
SI-10 Information Input Validation mitigates T1059.002 AppleScript
SI-10 Information Input Validation mitigates T1059.003 Windows Command Shell
SI-10 Information Input Validation mitigates T1059.004 Unix Shell
SI-10 Information Input Validation mitigates T1059.005 Visual Basic
SI-10 Information Input Validation mitigates T1059.007 JavaScript
SI-10 Information Input Validation mitigates T1059.008 Network Device CLI
SI-10 Information Input Validation mitigates T1071.004 DNS
SI-10 Information Input Validation mitigates T1080 Taint Shared Content
SI-10 Information Input Validation mitigates T1090 Proxy
SI-10 Information Input Validation mitigates T1095 Non-Application Layer Protocol
SI-10 Information Input Validation mitigates T1127 Trusted Developer Utilities Proxy Execution
SI-10 Information Input Validation mitigates T1129 Shared Modules
SI-10 Information Input Validation mitigates T1187 Forced Authentication
SI-10 Information Input Validation mitigates T1197 BITS Jobs
SI-10 Information Input Validation mitigates T1216 System Script Proxy Execution
SI-10 Information Input Validation mitigates T1216.001 PubPrn
SI-10 Information Input Validation mitigates T1218.001 Compiled HTML File
SI-10 Information Input Validation mitigates T1218.002 Control Panel
SI-10 Information Input Validation mitigates T1218.003 CMSTP
SI-10 Information Input Validation mitigates T1218.004 InstallUtil
SI-10 Information Input Validation mitigates T1218.005 Mshta
SI-10 Information Input Validation mitigates T1218.008 Odbcconf
SI-10 Information Input Validation mitigates T1218.009 Regsvcs/Regasm
SI-10 Information Input Validation mitigates T1218.010 Regsvr32
SI-10 Information Input Validation mitigates T1218.012 Verclsid
SI-10 Information Input Validation mitigates T1218.013 Mavinject
SI-10 Information Input Validation mitigates T1218.014 MMC
SI-10 Information Input Validation mitigates T1220 XSL Script Processing
SI-10 Information Input Validation mitigates T1221 Template Injection
SI-10 Information Input Validation mitigates T1498 Network Denial of Service
SI-10 Information Input Validation mitigates T1498.001 Direct Network Flood
SI-10 Information Input Validation mitigates T1498.002 Reflection Amplification
SI-10 Information Input Validation mitigates T1499 Endpoint Denial of Service
SI-10 Information Input Validation mitigates T1499.001 OS Exhaustion Flood
SI-10 Information Input Validation mitigates T1499.002 Service Exhaustion Flood
SI-10 Information Input Validation mitigates T1499.003 Application Exhaustion Flood
SI-10 Information Input Validation mitigates T1499.004 Application or System Exploitation
SI-10 Information Input Validation mitigates T1546.002 Screensaver
SI-10 Information Input Validation mitigates T1546.006 LC_LOAD_DYLIB Addition
SI-10 Information Input Validation mitigates T1546.008 Accessibility Features
SI-10 Information Input Validation mitigates T1546.009 AppCert DLLs
SI-10 Information Input Validation mitigates T1546.010 AppInit DLLs
SI-10 Information Input Validation mitigates T1547.006 Kernel Modules and Extensions
SI-10 Information Input Validation mitigates T1552.005 Cloud Instance Metadata API
SI-10 Information Input Validation mitigates T1553.001 Gatekeeper Bypass
SI-10 Information Input Validation mitigates T1553.003 SIP and Trust Provider Hijacking
SI-10 Information Input Validation mitigates T1553.005 Mark-of-the-Web Bypass
SI-10 Information Input Validation mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-10 Information Input Validation mitigates T1557.002 ARP Cache Poisoning
SI-10 Information Input Validation mitigates T1557.003 DHCP Spoofing
SI-10 Information Input Validation mitigates T1564.006 Run Virtual Instance
SI-10 Information Input Validation mitigates T1564.009 Resource Forking
SI-10 Information Input Validation mitigates T1570 Lateral Tool Transfer
SI-10 Information Input Validation mitigates T1574 Hijack Execution Flow
SI-10 Information Input Validation mitigates T1574.006 Dynamic Linker Hijacking
SI-10 Information Input Validation mitigates T1574.007 Path Interception by PATH Environment Variable
SI-10 Information Input Validation mitigates T1574.008 Path Interception by Search Order Hijacking
SI-10 Information Input Validation mitigates T1574.009 Path Interception by Unquoted Path
SI-10 Information Input Validation mitigates T1574.012 COR_PROFILER
SI-10 Information Input Validation mitigates T1574.013 KernelCallbackTable
SI-10 Information Input Validation mitigates T1599 Network Boundary Bridging
SI-10 Information Input Validation mitigates T1599.001 Network Address Translation Traversal
SI-10 Information Input Validation mitigates T1602 Data from Configuration Repository
SI-10 Information Input Validation mitigates T1602.001 SNMP (MIB Dump)
SI-10 Information Input Validation mitigates T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation mitigates T1609 Container Administration Command
SI-10 Information Input Validation mitigates T1622 Debugger Evasion
SI-15 Information Output Filtering mitigates T1021.005 VNC
SI-15 Information Output Filtering mitigates T1048 Exfiltration Over Alternative Protocol
SI-15 Information Output Filtering mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-15 Information Output Filtering mitigates T1071.004 DNS
SI-15 Information Output Filtering mitigates T1090 Proxy
SI-15 Information Output Filtering mitigates T1095 Non-Application Layer Protocol
SI-15 Information Output Filtering mitigates T1187 Forced Authentication
SI-15 Information Output Filtering mitigates T1197 BITS Jobs
SI-15 Information Output Filtering mitigates T1205 Traffic Signaling
SI-15 Information Output Filtering mitigates T1205.001 Port Knocking
SI-15 Information Output Filtering mitigates T1218.012 Verclsid
SI-15 Information Output Filtering mitigates T1498 Network Denial of Service
SI-15 Information Output Filtering mitigates T1498.001 Direct Network Flood
SI-15 Information Output Filtering mitigates T1498.002 Reflection Amplification
SI-15 Information Output Filtering mitigates T1499 Endpoint Denial of Service
SI-15 Information Output Filtering mitigates T1499.001 OS Exhaustion Flood
SI-15 Information Output Filtering mitigates T1499.002 Service Exhaustion Flood
SI-15 Information Output Filtering mitigates T1499.003 Application Exhaustion Flood
SI-15 Information Output Filtering mitigates T1499.004 Application or System Exploitation
SI-15 Information Output Filtering mitigates T1552.005 Cloud Instance Metadata API
SI-15 Information Output Filtering mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-15 Information Output Filtering mitigates T1557.002 ARP Cache Poisoning
SI-15 Information Output Filtering mitigates T1557.003 DHCP Spoofing
SI-15 Information Output Filtering mitigates T1564.009 Resource Forking
SI-15 Information Output Filtering mitigates T1570 Lateral Tool Transfer
SI-15 Information Output Filtering mitigates T1599 Network Boundary Bridging
SI-15 Information Output Filtering mitigates T1599.001 Network Address Translation Traversal
SI-15 Information Output Filtering mitigates T1602 Data from Configuration Repository
SI-15 Information Output Filtering mitigates T1602.001 SNMP (MIB Dump)
SI-15 Information Output Filtering mitigates T1602.002 Network Device Configuration Dump
SI-15 Information Output Filtering mitigates T1622 Debugger Evasion
SI-03 Malicious Code Protection mitigates T1001.002 Steganography
SI-03 Malicious Code Protection mitigates T1003.002 Security Account Manager
SI-03 Malicious Code Protection mitigates T1003.003 NTDS
SI-03 Malicious Code Protection mitigates T1003.004 LSA Secrets
SI-03 Malicious Code Protection mitigates T1003.006 DCSync
SI-03 Malicious Code Protection mitigates T1003.008 /etc/passwd and /etc/shadow
SI-03 Malicious Code Protection mitigates T1005 Data from Local System
SI-03 Malicious Code Protection mitigates T1008 Fallback Channels
SI-03 Malicious Code Protection mitigates T1011.001 Exfiltration Over Bluetooth
SI-03 Malicious Code Protection mitigates T1021.003 Distributed Component Object Model
SI-03 Malicious Code Protection mitigates T1021.005 VNC
SI-03 Malicious Code Protection mitigates T1025 Data from Removable Media
SI-03 Malicious Code Protection mitigates T1027.002 Software Packing
SI-03 Malicious Code Protection mitigates T1027.007 Dynamic API Resolution
SI-03 Malicious Code Protection mitigates T1027.008 Stripped Payloads
SI-03 Malicious Code Protection mitigates T1027.009 Embedded Payloads
SI-03 Malicious Code Protection mitigates T1027.010 Command Obfuscation
SI-03 Malicious Code Protection mitigates T1027.012 LNK Icon Smuggling
SI-03 Malicious Code Protection mitigates T1029 Scheduled Transfer
SI-03 Malicious Code Protection mitigates T1030 Data Transfer Size Limits
SI-03 Malicious Code Protection mitigates T1036.003 Rename System Utilities
SI-03 Malicious Code Protection mitigates T1036.005 Match Legitimate Name or Location
SI-03 Malicious Code Protection mitigates T1036.008 Masquerade File Type
SI-03 Malicious Code Protection mitigates T1037.002 Login Hook
SI-03 Malicious Code Protection mitigates T1037.003 Network Logon Script
SI-03 Malicious Code Protection mitigates T1037.004 RC Scripts
SI-03 Malicious Code Protection mitigates T1037.005 Startup Items
SI-03 Malicious Code Protection mitigates T1041 Exfiltration Over C2 Channel
SI-03 Malicious Code Protection mitigates T1046 Network Service Discovery
SI-03 Malicious Code Protection mitigates T1048 Exfiltration Over Alternative Protocol
SI-03 Malicious Code Protection mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-03 Malicious Code Protection mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-03 Malicious Code Protection mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-03 Malicious Code Protection mitigates T1052 Exfiltration Over Physical Medium
SI-03 Malicious Code Protection mitigates T1052.001 Exfiltration over USB
SI-03 Malicious Code Protection mitigates T1055 Process Injection
SI-03 Malicious Code Protection mitigates T1055.001 Dynamic-link Library Injection
SI-03 Malicious Code Protection mitigates T1055.002 Portable Executable Injection
SI-03 Malicious Code Protection mitigates T1055.003 Thread Execution Hijacking
SI-03 Malicious Code Protection mitigates T1055.004 Asynchronous Procedure Call
SI-03 Malicious Code Protection mitigates T1055.005 Thread Local Storage
SI-03 Malicious Code Protection mitigates T1055.008 Ptrace System Calls
SI-03 Malicious Code Protection mitigates T1055.009 Proc Memory
SI-03 Malicious Code Protection mitigates T1055.011 Extra Window Memory Injection
SI-03 Malicious Code Protection mitigates T1055.012 Process Hollowing
SI-03 Malicious Code Protection mitigates T1055.013 Process Doppelgänging
SI-03 Malicious Code Protection mitigates T1055.014 VDSO Hijacking
SI-03 Malicious Code Protection mitigates T1059.001 PowerShell
SI-03 Malicious Code Protection mitigates T1059.002 AppleScript
SI-03 Malicious Code Protection mitigates T1059.003 Windows Command Shell
SI-03 Malicious Code Protection mitigates T1059.004 Unix Shell
SI-03 Malicious Code Protection mitigates T1059.005 Visual Basic
SI-03 Malicious Code Protection mitigates T1059.007 JavaScript
SI-03 Malicious Code Protection mitigates T1059.008 Network Device CLI
SI-03 Malicious Code Protection mitigates T1068 Exploitation for Privilege Escalation
SI-03 Malicious Code Protection mitigates T1070 Indicator Removal
SI-03 Malicious Code Protection mitigates T1070.002 Clear Linux or Mac System Logs
SI-03 Malicious Code Protection mitigates T1070.007 Clear Network Connection History and Configurations
SI-03 Malicious Code Protection mitigates T1070.008 Clear Mailbox Data
SI-03 Malicious Code Protection mitigates T1070.009 Clear Persistence
SI-03 Malicious Code Protection mitigates T1071.001 Web Protocols
SI-03 Malicious Code Protection mitigates T1071.004 DNS
SI-03 Malicious Code Protection mitigates T1080 Taint Shared Content
SI-03 Malicious Code Protection mitigates T1090 Proxy
SI-03 Malicious Code Protection mitigates T1090.001 Internal Proxy
SI-03 Malicious Code Protection mitigates T1090.002 External Proxy
SI-03 Malicious Code Protection mitigates T1091 Replication Through Removable Media
SI-03 Malicious Code Protection mitigates T1095 Non-Application Layer Protocol
SI-03 Malicious Code Protection mitigates T1098.004 SSH Authorized Keys
SI-03 Malicious Code Protection mitigates T1102.001 Dead Drop Resolver
SI-03 Malicious Code Protection mitigates T1102.002 Bidirectional Communication
SI-03 Malicious Code Protection mitigates T1102.003 One-Way Communication
SI-03 Malicious Code Protection mitigates T1104 Multi-Stage Channels
SI-03 Malicious Code Protection mitigates T1106 Native API
SI-03 Malicious Code Protection mitigates T1111 Multi-Factor Authentication Interception
SI-03 Malicious Code Protection mitigates T1129 Shared Modules
SI-03 Malicious Code Protection mitigates T1132 Data Encoding
SI-03 Malicious Code Protection mitigates T1132.001 Standard Encoding
SI-03 Malicious Code Protection mitigates T1132.002 Non-Standard Encoding
SI-03 Malicious Code Protection mitigates T1137 Office Application Startup
SI-03 Malicious Code Protection mitigates T1137.001 Office Template Macros
SI-03 Malicious Code Protection mitigates T1185 Browser Session Hijacking
SI-03 Malicious Code Protection mitigates T1189 Drive-by Compromise
SI-03 Malicious Code Protection mitigates T1201 Password Policy Discovery
SI-03 Malicious Code Protection mitigates T1204.001 Malicious Link
SI-03 Malicious Code Protection mitigates T1204.003 Malicious Image
SI-03 Malicious Code Protection mitigates T1210 Exploitation of Remote Services
SI-03 Malicious Code Protection mitigates T1211 Exploitation for Defense Evasion
SI-03 Malicious Code Protection mitigates T1212 Exploitation for Credential Access
SI-03 Malicious Code Protection mitigates T1218.001 Compiled HTML File
SI-03 Malicious Code Protection mitigates T1218.002 Control Panel
SI-03 Malicious Code Protection mitigates T1218.003 CMSTP
SI-03 Malicious Code Protection mitigates T1218.004 InstallUtil
SI-03 Malicious Code Protection mitigates T1218.005 Mshta
SI-03 Malicious Code Protection mitigates T1218.008 Odbcconf
SI-03 Malicious Code Protection mitigates T1218.009 Regsvcs/Regasm
SI-03 Malicious Code Protection mitigates T1218.012 Verclsid
SI-03 Malicious Code Protection mitigates T1218.013 Mavinject
SI-03 Malicious Code Protection mitigates T1218.014 MMC
SI-03 Malicious Code Protection mitigates T1221 Template Injection
SI-03 Malicious Code Protection mitigates T1486 Data Encrypted for Impact
SI-03 Malicious Code Protection mitigates T1491 Defacement
SI-03 Malicious Code Protection mitigates T1491.001 Internal Defacement
SI-03 Malicious Code Protection mitigates T1491.002 External Defacement
SI-03 Malicious Code Protection mitigates T1505.004 IIS Components
SI-03 Malicious Code Protection mitigates T1525 Implant Internal Image
SI-03 Malicious Code Protection mitigates T1546.002 Screensaver
SI-03 Malicious Code Protection mitigates T1546.004 Unix Shell Configuration Modification
SI-03 Malicious Code Protection mitigates T1546.006 LC_LOAD_DYLIB Addition
SI-03 Malicious Code Protection mitigates T1546.013 PowerShell Profile
SI-03 Malicious Code Protection mitigates T1546.014 Emond
SI-03 Malicious Code Protection mitigates T1547.002 Authentication Package
SI-03 Malicious Code Protection mitigates T1547.005 Security Support Provider
SI-03 Malicious Code Protection mitigates T1547.006 Kernel Modules and Extensions
SI-03 Malicious Code Protection mitigates T1547.007 Re-opened Applications
SI-03 Malicious Code Protection mitigates T1547.008 LSASS Driver
SI-03 Malicious Code Protection mitigates T1547.013 XDG Autostart Entries
SI-03 Malicious Code Protection mitigates T1548.004 Elevated Execution with Prompt
SI-03 Malicious Code Protection mitigates T1553.003 SIP and Trust Provider Hijacking
SI-03 Malicious Code Protection mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-03 Malicious Code Protection mitigates T1557.002 ARP Cache Poisoning
SI-03 Malicious Code Protection mitigates T1557.003 DHCP Spoofing
SI-03 Malicious Code Protection mitigates T1558.002 Silver Ticket
SI-03 Malicious Code Protection mitigates T1558.003 Kerberoasting
SI-03 Malicious Code Protection mitigates T1558.004 AS-REP Roasting
SI-03 Malicious Code Protection mitigates T1559 Inter-Process Communication
SI-03 Malicious Code Protection mitigates T1559.001 Component Object Model
SI-03 Malicious Code Protection mitigates T1559.002 Dynamic Data Exchange
SI-03 Malicious Code Protection mitigates T1560.001 Archive via Utility
SI-03 Malicious Code Protection mitigates T1561 Disk Wipe
SI-03 Malicious Code Protection mitigates T1561.001 Disk Content Wipe
SI-03 Malicious Code Protection mitigates T1561.002 Disk Structure Wipe
SI-03 Malicious Code Protection mitigates T1562.001 Disable or Modify Tools
SI-03 Malicious Code Protection mitigates T1562.002 Disable Windows Event Logging
SI-03 Malicious Code Protection mitigates T1562.011 Spoof Security Alerting
SI-03 Malicious Code Protection mitigates T1564.008 Email Hiding Rules
SI-03 Malicious Code Protection mitigates T1564.009 Resource Forking
SI-03 Malicious Code Protection mitigates T1567 Exfiltration Over Web Service
SI-03 Malicious Code Protection mitigates T1568 Dynamic Resolution
SI-03 Malicious Code Protection mitigates T1568.002 Domain Generation Algorithms
SI-03 Malicious Code Protection mitigates T1569 System Services
SI-03 Malicious Code Protection mitigates T1569.002 Service Execution
SI-03 Malicious Code Protection mitigates T1570 Lateral Tool Transfer
SI-03 Malicious Code Protection mitigates T1571 Non-Standard Port
SI-03 Malicious Code Protection mitigates T1573.001 Symmetric Cryptography
SI-03 Malicious Code Protection mitigates T1573.002 Asymmetric Cryptography
SI-03 Malicious Code Protection mitigates T1574 Hijack Execution Flow
SI-03 Malicious Code Protection mitigates T1574.004 Dylib Hijacking
SI-03 Malicious Code Protection mitigates T1574.007 Path Interception by PATH Environment Variable
SI-03 Malicious Code Protection mitigates T1574.008 Path Interception by Search Order Hijacking
SI-03 Malicious Code Protection mitigates T1574.009 Path Interception by Unquoted Path
SI-03 Malicious Code Protection mitigates T1574.013 KernelCallbackTable
SI-03 Malicious Code Protection mitigates T1598 Phishing for Information
SI-03 Malicious Code Protection mitigates T1598.001 Spearphishing Service
SI-03 Malicious Code Protection mitigates T1598.002 Spearphishing Attachment
SI-03 Malicious Code Protection mitigates T1602 Data from Configuration Repository
SI-03 Malicious Code Protection mitigates T1602.001 SNMP (MIB Dump)
SI-03 Malicious Code Protection mitigates T1602.002 Network Device Configuration Dump
SI-03 Malicious Code Protection mitigates T1622 Debugger Evasion
SI-07 Software, Firmware, and Information Integrity mitigates T1003.003 NTDS
SI-07 Software, Firmware, and Information Integrity mitigates T1027.002 Software Packing
SI-07 Software, Firmware, and Information Integrity mitigates T1027.007 Dynamic API Resolution
SI-07 Software, Firmware, and Information Integrity mitigates T1027.008 Stripped Payloads
SI-07 Software, Firmware, and Information Integrity mitigates T1027.009 Embedded Payloads
SI-07 Software, Firmware, and Information Integrity mitigates T1036.001 Invalid Code Signature
SI-07 Software, Firmware, and Information Integrity mitigates T1036.005 Match Legitimate Name or Location
SI-07 Software, Firmware, and Information Integrity mitigates T1037.002 Login Hook
SI-07 Software, Firmware, and Information Integrity mitigates T1037.003 Network Logon Script
SI-07 Software, Firmware, and Information Integrity mitigates T1037.004 RC Scripts
SI-07 Software, Firmware, and Information Integrity mitigates T1037.005 Startup Items
SI-07 Software, Firmware, and Information Integrity mitigates T1053.006 Systemd Timers
SI-07 Software, Firmware, and Information Integrity mitigates T1059.001 PowerShell
SI-07 Software, Firmware, and Information Integrity mitigates T1059.002 AppleScript
SI-07 Software, Firmware, and Information Integrity mitigates T1059.003 Windows Command Shell
SI-07 Software, Firmware, and Information Integrity mitigates T1059.004 Unix Shell
SI-07 Software, Firmware, and Information Integrity mitigates T1059.005 Visual Basic
SI-07 Software, Firmware, and Information Integrity mitigates T1059.007 JavaScript
SI-07 Software, Firmware, and Information Integrity mitigates T1059.008 Network Device CLI
SI-07 Software, Firmware, and Information Integrity mitigates T1068 Exploitation for Privilege Escalation
SI-07 Software, Firmware, and Information Integrity mitigates T1070 Indicator Removal
SI-07 Software, Firmware, and Information Integrity mitigates T1070.002 Clear Linux or Mac System Logs
SI-07 Software, Firmware, and Information Integrity mitigates T1070.007 Clear Network Connection History and Configurations
SI-07 Software, Firmware, and Information Integrity mitigates T1070.008 Clear Mailbox Data
SI-07 Software, Firmware, and Information Integrity mitigates T1070.009 Clear Persistence
SI-07 Software, Firmware, and Information Integrity mitigates T1080 Taint Shared Content
SI-07 Software, Firmware, and Information Integrity mitigates T1112 Modify Registry
SI-07 Software, Firmware, and Information Integrity mitigates T1114.001 Local Email Collection
SI-07 Software, Firmware, and Information Integrity mitigates T1127 Trusted Developer Utilities Proxy Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1129 Shared Modules
SI-07 Software, Firmware, and Information Integrity mitigates T1133 External Remote Services
SI-07 Software, Firmware, and Information Integrity mitigates T1136.001 Local Account
SI-07 Software, Firmware, and Information Integrity mitigates T1185 Browser Session Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1189 Drive-by Compromise
SI-07 Software, Firmware, and Information Integrity mitigates T1195.003 Compromise Hardware Supply Chain
SI-07 Software, Firmware, and Information Integrity mitigates T1204.003 Malicious Image
SI-07 Software, Firmware, and Information Integrity mitigates T1210 Exploitation of Remote Services
SI-07 Software, Firmware, and Information Integrity mitigates T1211 Exploitation for Defense Evasion
SI-07 Software, Firmware, and Information Integrity mitigates T1212 Exploitation for Credential Access
SI-07 Software, Firmware, and Information Integrity mitigates T1216 System Script Proxy Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1216.001 PubPrn
SI-07 Software, Firmware, and Information Integrity mitigates T1218.001 Compiled HTML File
SI-07 Software, Firmware, and Information Integrity mitigates T1218.002 Control Panel
SI-07 Software, Firmware, and Information Integrity mitigates T1218.003 CMSTP
SI-07 Software, Firmware, and Information Integrity mitigates T1218.004 InstallUtil
SI-07 Software, Firmware, and Information Integrity mitigates T1218.005 Mshta
SI-07 Software, Firmware, and Information Integrity mitigates T1218.008 Odbcconf
SI-07 Software, Firmware, and Information Integrity mitigates T1218.009 Regsvcs/Regasm
SI-07 Software, Firmware, and Information Integrity mitigates T1218.010 Regsvr32
SI-07 Software, Firmware, and Information Integrity mitigates T1218.012 Verclsid
SI-07 Software, Firmware, and Information Integrity mitigates T1218.013 Mavinject
SI-07 Software, Firmware, and Information Integrity mitigates T1218.014 MMC
SI-07 Software, Firmware, and Information Integrity mitigates T1220 XSL Script Processing
SI-07 Software, Firmware, and Information Integrity mitigates T1221 Template Injection
SI-07 Software, Firmware, and Information Integrity mitigates T1222 File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity mitigates T1222.001 Windows File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
SI-07 Software, Firmware, and Information Integrity mitigates T1486 Data Encrypted for Impact
SI-07 Software, Firmware, and Information Integrity mitigates T1491 Defacement
SI-07 Software, Firmware, and Information Integrity mitigates T1491.001 Internal Defacement
SI-07 Software, Firmware, and Information Integrity mitigates T1491.002 External Defacement
SI-07 Software, Firmware, and Information Integrity mitigates T1495 Firmware Corruption
SI-07 Software, Firmware, and Information Integrity mitigates T1505 Server Software Component
SI-07 Software, Firmware, and Information Integrity mitigates T1505.001 SQL Stored Procedures
SI-07 Software, Firmware, and Information Integrity mitigates T1505.002 Transport Agent
SI-07 Software, Firmware, and Information Integrity mitigates T1505.004 IIS Components
SI-07 Software, Firmware, and Information Integrity mitigates T1525 Implant Internal Image
SI-07 Software, Firmware, and Information Integrity mitigates T1542.003 Bootkit
SI-07 Software, Firmware, and Information Integrity mitigates T1542.004 ROMMONkit
SI-07 Software, Firmware, and Information Integrity mitigates T1542.005 TFTP Boot
SI-07 Software, Firmware, and Information Integrity mitigates T1546.002 Screensaver
SI-07 Software, Firmware, and Information Integrity mitigates T1546.004 Unix Shell Configuration Modification
SI-07 Software, Firmware, and Information Integrity mitigates T1546.006 LC_LOAD_DYLIB Addition
SI-07 Software, Firmware, and Information Integrity mitigates T1546.008 Accessibility Features
SI-07 Software, Firmware, and Information Integrity mitigates T1546.009 AppCert DLLs
SI-07 Software, Firmware, and Information Integrity mitigates T1546.010 AppInit DLLs
SI-07 Software, Firmware, and Information Integrity mitigates T1546.013 PowerShell Profile
SI-07 Software, Firmware, and Information Integrity mitigates T1547.002 Authentication Package
SI-07 Software, Firmware, and Information Integrity mitigates T1547.005 Security Support Provider
SI-07 Software, Firmware, and Information Integrity mitigates T1547.006 Kernel Modules and Extensions
SI-07 Software, Firmware, and Information Integrity mitigates T1547.008 LSASS Driver
SI-07 Software, Firmware, and Information Integrity mitigates T1547.013 XDG Autostart Entries
SI-07 Software, Firmware, and Information Integrity mitigates T1548.004 Elevated Execution with Prompt
SI-07 Software, Firmware, and Information Integrity mitigates T1550.004 Web Session Cookie
SI-07 Software, Firmware, and Information Integrity mitigates T1553.001 Gatekeeper Bypass
SI-07 Software, Firmware, and Information Integrity mitigates T1553.003 SIP and Trust Provider Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1553.005 Mark-of-the-Web Bypass
SI-07 Software, Firmware, and Information Integrity mitigates T1553.006 Code Signing Policy Modification
SI-07 Software, Firmware, and Information Integrity mitigates T1556.003 Pluggable Authentication Modules
SI-07 Software, Firmware, and Information Integrity mitigates T1556.004 Network Device Authentication
SI-07 Software, Firmware, and Information Integrity mitigates T1556.008 Network Provider DLL
SI-07 Software, Firmware, and Information Integrity mitigates T1557.002 ARP Cache Poisoning
SI-07 Software, Firmware, and Information Integrity mitigates T1558.002 Silver Ticket
SI-07 Software, Firmware, and Information Integrity mitigates T1558.003 Kerberoasting
SI-07 Software, Firmware, and Information Integrity mitigates T1558.004 AS-REP Roasting
SI-07 Software, Firmware, and Information Integrity mitigates T1561 Disk Wipe
SI-07 Software, Firmware, and Information Integrity mitigates T1561.001 Disk Content Wipe
SI-07 Software, Firmware, and Information Integrity mitigates T1561.002 Disk Structure Wipe
SI-07 Software, Firmware, and Information Integrity mitigates T1562.001 Disable or Modify Tools
SI-07 Software, Firmware, and Information Integrity mitigates T1562.002 Disable Windows Event Logging
SI-07 Software, Firmware, and Information Integrity mitigates T1562.009 Safe Mode Boot
SI-07 Software, Firmware, and Information Integrity mitigates T1562.010 Downgrade Attack
SI-07 Software, Firmware, and Information Integrity mitigates T1562.011 Spoof Security Alerting
SI-07 Software, Firmware, and Information Integrity mitigates T1562.012 Disable or Modify Linux Audit System
SI-07 Software, Firmware, and Information Integrity mitigates T1564.006 Run Virtual Instance
SI-07 Software, Firmware, and Information Integrity mitigates T1564.008 Email Hiding Rules
SI-07 Software, Firmware, and Information Integrity mitigates T1564.009 Resource Forking
SI-07 Software, Firmware, and Information Integrity mitigates T1564.010 Process Argument Spoofing
SI-07 Software, Firmware, and Information Integrity mitigates T1565.001 Stored Data Manipulation
SI-07 Software, Firmware, and Information Integrity mitigates T1565.002 Transmitted Data Manipulation
SI-07 Software, Firmware, and Information Integrity mitigates T1565.003 Runtime Data Manipulation
SI-07 Software, Firmware, and Information Integrity mitigates T1569 System Services
SI-07 Software, Firmware, and Information Integrity mitigates T1569.002 Service Execution
SI-07 Software, Firmware, and Information Integrity mitigates T1574 Hijack Execution Flow
SI-07 Software, Firmware, and Information Integrity mitigates T1574.004 Dylib Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1574.006 Dynamic Linker Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1574.007 Path Interception by PATH Environment Variable
SI-07 Software, Firmware, and Information Integrity mitigates T1574.008 Path Interception by Search Order Hijacking
SI-07 Software, Firmware, and Information Integrity mitigates T1574.009 Path Interception by Unquoted Path
SI-07 Software, Firmware, and Information Integrity mitigates T1574.012 COR_PROFILER
SI-07 Software, Firmware, and Information Integrity mitigates T1574.013 KernelCallbackTable
SI-07 Software, Firmware, and Information Integrity mitigates T1599 Network Boundary Bridging
SI-07 Software, Firmware, and Information Integrity mitigates T1599.001 Network Address Translation Traversal
SI-07 Software, Firmware, and Information Integrity mitigates T1601 Modify System Image
SI-07 Software, Firmware, and Information Integrity mitigates T1601.001 Patch System Image
SI-07 Software, Firmware, and Information Integrity mitigates T1601.002 Downgrade System Image
SI-07 Software, Firmware, and Information Integrity mitigates T1602 Data from Configuration Repository
SI-07 Software, Firmware, and Information Integrity mitigates T1602.001 SNMP (MIB Dump)
SI-07 Software, Firmware, and Information Integrity mitigates T1602.002 Network Device Configuration Dump
SI-07 Software, Firmware, and Information Integrity mitigates T1609 Container Administration Command
SI-07 Software, Firmware, and Information Integrity mitigates T1647 Plist File Modification
AC-16 Security and Privacy Attributes mitigates T1003.003 NTDS
AC-16 Security and Privacy Attributes mitigates T1005 Data from Local System
AC-18 Wireless Access mitigates T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access mitigates T1011.001 Exfiltration Over Bluetooth
AC-20 Use of External Systems mitigates T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems mitigates T1021.004 SSH
AC-20 Use of External Systems mitigates T1021.007 Cloud Services
AC-20 Use of External Systems mitigates T1021.008 Direct Cloud VM Connections
AC-16 Security and Privacy Attributes mitigates T1025 Data from Removable Media
AC-16 Security and Privacy Attributes mitigates T1041 Exfiltration Over C2 Channel
AC-20 Use of External Systems mitigates T1041 Exfiltration Over C2 Channel
AC-16 Security and Privacy Attributes mitigates T1048 Exfiltration Over Alternative Protocol
AC-20 Use of External Systems mitigates T1048 Exfiltration Over Alternative Protocol
AC-16 Security and Privacy Attributes mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-20 Use of External Systems mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-16 Security and Privacy Attributes mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-20 Use of External Systems mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-16 Security and Privacy Attributes mitigates T1052 Exfiltration Over Physical Medium
AC-20 Use of External Systems mitigates T1052 Exfiltration Over Physical Medium
AC-16 Security and Privacy Attributes mitigates T1052.001 Exfiltration over USB
AC-20 Use of External Systems mitigates T1052.001 Exfiltration over USB
AC-16 Security and Privacy Attributes mitigates T1070 Indicator Removal
AC-18 Wireless Access mitigates T1070 Indicator Removal
AC-16 Security and Privacy Attributes mitigates T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access mitigates T1070.002 Clear Linux or Mac System Logs
AC-20 Use of External Systems mitigates T1070.008 Clear Mailbox Data
AC-16 Security and Privacy Attributes mitigates T1070.008 Clear Mailbox Data
AC-18 Wireless Access mitigates T1070.008 Clear Mailbox Data
AC-20 Use of External Systems mitigates T1078.002 Domain Accounts
AC-20 Use of External Systems mitigates T1098.004 SSH Authorized Keys
AC-20 Use of External Systems mitigates T1110.001 Password Guessing
AC-20 Use of External Systems mitigates T1110.002 Password Cracking
AC-20 Use of External Systems mitigates T1110.003 Password Spraying
AC-20 Use of External Systems mitigates T1110.004 Credential Stuffing
AC-20 Use of External Systems mitigates T1111 Multi-Factor Authentication Interception
AC-16 Security and Privacy Attributes mitigates T1114.001 Local Email Collection
AC-20 Use of External Systems mitigates T1114.001 Local Email Collection
AC-20 Use of External Systems mitigates T1133 External Remote Services
AC-20 Use of External Systems mitigates T1134.005 SID-History Injection
AC-20 Use of External Systems mitigates T1136.001 Local Account
AC-20 Use of External Systems mitigates T1200 Hardware Additions
AC-16 Security and Privacy Attributes mitigates T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes mitigates T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
AC-16 Security and Privacy Attributes mitigates T1505 Server Software Component
AC-16 Security and Privacy Attributes mitigates T1505.002 Transport Agent
AC-20 Use of External Systems mitigates T1505.005 Terminal Services DLL
AC-16 Security and Privacy Attributes mitigates T1547.007 Re-opened Applications
AC-16 Security and Privacy Attributes mitigates T1548.003 Sudo and Sudo Caching
AC-16 Security and Privacy Attributes mitigates T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems mitigates T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems mitigates T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems mitigates T1556.004 Network Device Authentication
AC-16 Security and Privacy Attributes mitigates T1557.002 ARP Cache Poisoning
AC-18 Wireless Access mitigates T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems mitigates T1557.002 ARP Cache Poisoning
AC-16 Security and Privacy Attributes mitigates T1558.002 Silver Ticket
AC-18 Wireless Access mitigates T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes mitigates T1558.003 Kerberoasting
AC-18 Wireless Access mitigates T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes mitigates T1558.004 AS-REP Roasting
AC-18 Wireless Access mitigates T1558.004 AS-REP Roasting
AC-16 Security and Privacy Attributes mitigates T1565.001 Stored Data Manipulation
AC-18 Wireless Access mitigates T1565.001 Stored Data Manipulation
AC-20 Use of External Systems mitigates T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes mitigates T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access mitigates T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems mitigates T1565.002 Transmitted Data Manipulation
AC-16 Security and Privacy Attributes mitigates T1567 Exfiltration Over Web Service
AC-20 Use of External Systems mitigates T1567 Exfiltration Over Web Service
AC-20 Use of External Systems mitigates T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems mitigates T1567.002 Exfiltration to Cloud Storage
AC-16 Security and Privacy Attributes mitigates T1602 Data from Configuration Repository
AC-18 Wireless Access mitigates T1602 Data from Configuration Repository
AC-20 Use of External Systems mitigates T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes mitigates T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access mitigates T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems mitigates T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes mitigates T1602.002 Network Device Configuration Dump
AC-18 Wireless Access mitigates T1602.002 Network Device Configuration Dump
AC-20 Use of External Systems mitigates T1602.002 Network Device Configuration Dump
AC-16 Security and Privacy Attributes mitigates T1647 Plist File Modification
CM-02 Baseline Configuration mitigates T1021.005 VNC
CM-02 Baseline Configuration mitigates T1053.003 Cron
CM-02 Baseline Configuration mitigates T1068 Exploitation for Privilege Escalation
CM-02 Baseline Configuration mitigates T1195.003 Compromise Hardware Supply Chain
CM-02 Baseline Configuration mitigates T1204.003 Malicious Image
CM-02 Baseline Configuration mitigates T1210 Exploitation of Remote Services
CM-02 Baseline Configuration mitigates T1211 Exploitation for Defense Evasion
CM-02 Baseline Configuration mitigates T1212 Exploitation for Credential Access
CM-02 Baseline Configuration mitigates T1482 Domain Trust Discovery
CM-02 Baseline Configuration mitigates T1495 Firmware Corruption
CM-02 Baseline Configuration mitigates T1505 Server Software Component
CM-02 Baseline Configuration mitigates T1505.001 SQL Stored Procedures
CM-02 Baseline Configuration mitigates T1505.002 Transport Agent
CM-02 Baseline Configuration mitigates T1505.004 IIS Components
CM-02 Baseline Configuration mitigates T1525 Implant Internal Image
CM-02 Baseline Configuration mitigates T1542.003 Bootkit
CM-02 Baseline Configuration mitigates T1542.004 ROMMONkit
CM-02 Baseline Configuration mitigates T1542.005 TFTP Boot
CM-02 Baseline Configuration mitigates T1548.002 Bypass User Account Control
CM-02 Baseline Configuration mitigates T1552.002 Credentials in Registry
CM-02 Baseline Configuration mitigates T1552.006 Group Policy Preferences
CM-02 Baseline Configuration mitigates T1553.006 Code Signing Policy Modification
CM-02 Baseline Configuration mitigates T1558.004 AS-REP Roasting
CM-02 Baseline Configuration mitigates T1560.001 Archive via Utility
CM-02 Baseline Configuration mitigates T1574 Hijack Execution Flow
CM-02 Baseline Configuration mitigates T1574.005 Executable Installer File Permissions Weakness
CM-02 Baseline Configuration mitigates T1574.007 Path Interception by PATH Environment Variable
CM-02 Baseline Configuration mitigates T1574.008 Path Interception by Search Order Hijacking
CM-02 Baseline Configuration mitigates T1574.009 Path Interception by Unquoted Path
CM-02 Baseline Configuration mitigates T1574.010 Services File Permissions Weakness
CM-02 Baseline Configuration mitigates T1574.013 KernelCallbackTable
CM-02 Baseline Configuration mitigates T1578 Modify Cloud Compute Infrastructure
CM-02 Baseline Configuration mitigates T1578.001 Create Snapshot
CM-02 Baseline Configuration mitigates T1578.002 Create Cloud Instance
CM-02 Baseline Configuration mitigates T1578.003 Delete Cloud Instance
CM-02 Baseline Configuration mitigates T1601 Modify System Image
CM-02 Baseline Configuration mitigates T1601.001 Patch System Image
CM-02 Baseline Configuration mitigates T1601.002 Downgrade System Image
CM-02 Baseline Configuration mitigates T1612 Build Image on Host
CM-02 Baseline Configuration mitigates T1021.001 Remote Desktop Protocol
CM-02 Baseline Configuration mitigates T1001.002 Steganography
CM-02 Baseline Configuration mitigates T1003.002 Security Account Manager
CM-02 Baseline Configuration mitigates T1003.003 NTDS
CM-02 Baseline Configuration mitigates T1003.004 LSA Secrets
CM-02 Baseline Configuration mitigates T1003.006 DCSync
CM-02 Baseline Configuration mitigates T1003.008 /etc/passwd and /etc/shadow
CM-02 Baseline Configuration mitigates T1008 Fallback Channels
CM-02 Baseline Configuration mitigates T1011.001 Exfiltration Over Bluetooth
CM-02 Baseline Configuration mitigates T1021.001 Remote Desktop Protocol
CM-02 Baseline Configuration mitigates T1021.002 SMB/Windows Admin Shares
CM-02 Baseline Configuration mitigates T1021.003 Distributed Component Object Model
CM-02 Baseline Configuration mitigates T1021.004 SSH
CM-02 Baseline Configuration mitigates T1021.005 VNC
CM-02 Baseline Configuration mitigates T1021.006 Windows Remote Management
CM-02 Baseline Configuration mitigates T1029 Scheduled Transfer
CM-02 Baseline Configuration mitigates T1030 Data Transfer Size Limits
CM-02 Baseline Configuration mitigates T1036.001 Invalid Code Signature
CM-02 Baseline Configuration mitigates T1036.003 Rename System Utilities
CM-02 Baseline Configuration mitigates T1036.005 Match Legitimate Name or Location
CM-02 Baseline Configuration mitigates T1036.007 Double File Extension
CM-02 Baseline Configuration mitigates T1037.002 Login Hook
CM-02 Baseline Configuration mitigates T1037.003 Network Logon Script
CM-02 Baseline Configuration mitigates T1037.004 RC Scripts
CM-02 Baseline Configuration mitigates T1037.005 Startup Items
CM-02 Baseline Configuration mitigates T1046 Network Service Discovery
CM-02 Baseline Configuration mitigates T1048 Exfiltration Over Alternative Protocol
CM-02 Baseline Configuration mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-02 Baseline Configuration mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-02 Baseline Configuration mitigates T1052 Exfiltration Over Physical Medium
CM-02 Baseline Configuration mitigates T1052.001 Exfiltration over USB
CM-02 Baseline Configuration mitigates T1059.001 PowerShell
CM-02 Baseline Configuration mitigates T1059.002 AppleScript
CM-02 Baseline Configuration mitigates T1059.003 Windows Command Shell
CM-02 Baseline Configuration mitigates T1059.004 Unix Shell
CM-02 Baseline Configuration mitigates T1059.005 Visual Basic
CM-02 Baseline Configuration mitigates T1059.007 JavaScript
CM-02 Baseline Configuration mitigates T1059.008 Network Device CLI
CM-02 Baseline Configuration mitigates T1068 Exploitation for Privilege Escalation
CM-02 Baseline Configuration mitigates T1070 Indicator Removal
CM-02 Baseline Configuration mitigates T1070.002 Clear Linux or Mac System Logs
CM-02 Baseline Configuration mitigates T1070.007 Clear Network Connection History and Configurations
CM-02 Baseline Configuration mitigates T1070.008 Clear Mailbox Data
CM-02 Baseline Configuration mitigates T1070.009 Clear Persistence
CM-02 Baseline Configuration mitigates T1071.001 Web Protocols
CM-02 Baseline Configuration mitigates T1071.004 DNS
CM-02 Baseline Configuration mitigates T1080 Taint Shared Content
CM-02 Baseline Configuration mitigates T1090 Proxy
CM-02 Baseline Configuration mitigates T1090.001 Internal Proxy
CM-02 Baseline Configuration mitigates T1090.002 External Proxy
CM-02 Baseline Configuration mitigates T1091 Replication Through Removable Media
CM-02 Baseline Configuration mitigates T1095 Non-Application Layer Protocol
CM-02 Baseline Configuration mitigates T1098.004 SSH Authorized Keys
CM-02 Baseline Configuration mitigates T1102.001 Dead Drop Resolver
CM-02 Baseline Configuration mitigates T1102.002 Bidirectional Communication
CM-02 Baseline Configuration mitigates T1102.003 One-Way Communication
CM-02 Baseline Configuration mitigates T1104 Multi-Stage Channels
CM-02 Baseline Configuration mitigates T1106 Native API
CM-02 Baseline Configuration mitigates T1110.001 Password Guessing
CM-02 Baseline Configuration mitigates T1110.002 Password Cracking
CM-02 Baseline Configuration mitigates T1110.003 Password Spraying
CM-02 Baseline Configuration mitigates T1110.004 Credential Stuffing
CM-02 Baseline Configuration mitigates T1111 Multi-Factor Authentication Interception
CM-02 Baseline Configuration mitigates T1127 Trusted Developer Utilities Proxy Execution
CM-02 Baseline Configuration mitigates T1127.001 MSBuild
CM-02 Baseline Configuration mitigates T1129 Shared Modules
CM-02 Baseline Configuration mitigates T1132 Data Encoding
CM-02 Baseline Configuration mitigates T1132.001 Standard Encoding
CM-02 Baseline Configuration mitigates T1132.002 Non-Standard Encoding
CM-02 Baseline Configuration mitigates T1133 External Remote Services
CM-02 Baseline Configuration mitigates T1134.005 SID-History Injection
CM-02 Baseline Configuration mitigates T1137 Office Application Startup
CM-02 Baseline Configuration mitigates T1137.001 Office Template Macros
CM-02 Baseline Configuration mitigates T1137.003 Outlook Forms
CM-02 Baseline Configuration mitigates T1137.004 Outlook Home Page
CM-02 Baseline Configuration mitigates T1137.005 Outlook Rules
CM-02 Baseline Configuration mitigates T1137.006 Add-ins
CM-02 Baseline Configuration mitigates T1185 Browser Session Hijacking
CM-02 Baseline Configuration mitigates T1187 Forced Authentication
CM-02 Baseline Configuration mitigates T1189 Drive-by Compromise
CM-02 Baseline Configuration mitigates T1201 Password Policy Discovery
CM-02 Baseline Configuration mitigates T1204.001 Malicious Link
CM-02 Baseline Configuration mitigates T1204.003 Malicious Image
CM-02 Baseline Configuration mitigates T1205 Traffic Signaling
CM-02 Baseline Configuration mitigates T1210 Exploitation of Remote Services
CM-02 Baseline Configuration mitigates T1211 Exploitation for Defense Evasion
CM-02 Baseline Configuration mitigates T1212 Exploitation for Credential Access
CM-02 Baseline Configuration mitigates T1216 System Script Proxy Execution
CM-02 Baseline Configuration mitigates T1216.001 PubPrn
CM-02 Baseline Configuration mitigates T1218.001 Compiled HTML File
CM-02 Baseline Configuration mitigates T1218.002 Control Panel
CM-02 Baseline Configuration mitigates T1218.003 CMSTP
CM-02 Baseline Configuration mitigates T1218.004 InstallUtil
CM-02 Baseline Configuration mitigates T1218.005 Mshta
CM-02 Baseline Configuration mitigates T1218.007 Msiexec
CM-02 Baseline Configuration mitigates T1218.008 Odbcconf
CM-02 Baseline Configuration mitigates T1218.009 Regsvcs/Regasm
CM-02 Baseline Configuration mitigates T1218.012 Verclsid
CM-02 Baseline Configuration mitigates T1218.013 Mavinject
CM-02 Baseline Configuration mitigates T1218.014 MMC
CM-02 Baseline Configuration mitigates T1220 XSL Script Processing
CM-02 Baseline Configuration mitigates T1221 Template Injection
CM-02 Baseline Configuration mitigates T1486 Data Encrypted for Impact
CM-02 Baseline Configuration mitigates T1491 Defacement
CM-02 Baseline Configuration mitigates T1491.001 Internal Defacement
CM-02 Baseline Configuration mitigates T1491.002 External Defacement
CM-02 Baseline Configuration mitigates T1505 Server Software Component
CM-02 Baseline Configuration mitigates T1505.001 SQL Stored Procedures
CM-02 Baseline Configuration mitigates T1505.002 Transport Agent
CM-02 Baseline Configuration mitigates T1505.004 IIS Components
CM-02 Baseline Configuration mitigates T1505.005 Terminal Services DLL
CM-02 Baseline Configuration mitigates T1525 Implant Internal Image
CM-02 Baseline Configuration mitigates T1542.004 ROMMONkit
CM-02 Baseline Configuration mitigates T1542.005 TFTP Boot
CM-02 Baseline Configuration mitigates T1543.001 Launch Agent
CM-02 Baseline Configuration mitigates T1543.004 Launch Daemon
CM-02 Baseline Configuration mitigates T1546.002 Screensaver
CM-02 Baseline Configuration mitigates T1546.004 Unix Shell Configuration Modification
CM-02 Baseline Configuration mitigates T1546.006 LC_LOAD_DYLIB Addition
CM-02 Baseline Configuration mitigates T1546.010 AppInit DLLs
CM-02 Baseline Configuration mitigates T1546.013 PowerShell Profile
CM-02 Baseline Configuration mitigates T1546.014 Emond
CM-02 Baseline Configuration mitigates T1547.007 Re-opened Applications
CM-02 Baseline Configuration mitigates T1547.008 LSASS Driver
CM-02 Baseline Configuration mitigates T1547.013 XDG Autostart Entries
CM-02 Baseline Configuration mitigates T1548.002 Bypass User Account Control
CM-02 Baseline Configuration mitigates T1548.003 Sudo and Sudo Caching
CM-02 Baseline Configuration mitigates T1548.004 Elevated Execution with Prompt
CM-02 Baseline Configuration mitigates T1550.003 Pass the Ticket
CM-02 Baseline Configuration mitigates T1552.006 Group Policy Preferences
CM-02 Baseline Configuration mitigates T1553.001 Gatekeeper Bypass
CM-02 Baseline Configuration mitigates T1553.003 SIP and Trust Provider Hijacking
CM-02 Baseline Configuration mitigates T1553.005 Mark-of-the-Web Bypass
CM-02 Baseline Configuration mitigates T1555.004 Windows Credential Manager
CM-02 Baseline Configuration mitigates T1556.004 Network Device Authentication
CM-02 Baseline Configuration mitigates T1556.008 Network Provider DLL
CM-02 Baseline Configuration mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-02 Baseline Configuration mitigates T1557.002 ARP Cache Poisoning
CM-02 Baseline Configuration mitigates T1557.003 DHCP Spoofing
CM-02 Baseline Configuration mitigates T1558.001 Golden Ticket
CM-02 Baseline Configuration mitigates T1558.002 Silver Ticket
CM-02 Baseline Configuration mitigates T1558.003 Kerberoasting
CM-02 Baseline Configuration mitigates T1558.004 AS-REP Roasting
CM-02 Baseline Configuration mitigates T1559 Inter-Process Communication
CM-02 Baseline Configuration mitigates T1559.001 Component Object Model
CM-02 Baseline Configuration mitigates T1559.002 Dynamic Data Exchange
CM-02 Baseline Configuration mitigates T1561 Disk Wipe
CM-02 Baseline Configuration mitigates T1561.001 Disk Content Wipe
CM-02 Baseline Configuration mitigates T1561.002 Disk Structure Wipe
CM-02 Baseline Configuration mitigates T1562.001 Disable or Modify Tools
CM-02 Baseline Configuration mitigates T1562.002 Disable Windows Event Logging
CM-02 Baseline Configuration mitigates T1562.003 Impair Command History Logging
CM-02 Baseline Configuration mitigates T1562.010 Downgrade Attack
CM-02 Baseline Configuration mitigates T1563.001 SSH Hijacking
CM-02 Baseline Configuration mitigates T1563.002 RDP Hijacking
CM-02 Baseline Configuration mitigates T1564.006 Run Virtual Instance
CM-02 Baseline Configuration mitigates T1564.007 VBA Stomping
CM-02 Baseline Configuration mitigates T1564.009 Resource Forking
CM-02 Baseline Configuration mitigates T1565.001 Stored Data Manipulation
CM-02 Baseline Configuration mitigates T1565.002 Transmitted Data Manipulation
CM-02 Baseline Configuration mitigates T1569 System Services
CM-02 Baseline Configuration mitigates T1569.002 Service Execution
CM-02 Baseline Configuration mitigates T1570 Lateral Tool Transfer
CM-02 Baseline Configuration mitigates T1571 Non-Standard Port
CM-02 Baseline Configuration mitigates T1573.001 Symmetric Cryptography
CM-02 Baseline Configuration mitigates T1573.002 Asymmetric Cryptography
CM-02 Baseline Configuration mitigates T1574 Hijack Execution Flow
CM-02 Baseline Configuration mitigates T1574.004 Dylib Hijacking
CM-02 Baseline Configuration mitigates T1574.005 Executable Installer File Permissions Weakness
CM-02 Baseline Configuration mitigates T1574.007 Path Interception by PATH Environment Variable
CM-02 Baseline Configuration mitigates T1574.008 Path Interception by Search Order Hijacking
CM-02 Baseline Configuration mitigates T1574.009 Path Interception by Unquoted Path
CM-02 Baseline Configuration mitigates T1574.010 Services File Permissions Weakness
CM-02 Baseline Configuration mitigates T1598 Phishing for Information
CM-02 Baseline Configuration mitigates T1598.002 Spearphishing Attachment
CM-02 Baseline Configuration mitigates T1599 Network Boundary Bridging
CM-02 Baseline Configuration mitigates T1599.001 Network Address Translation Traversal
CM-02 Baseline Configuration mitigates T1601 Modify System Image
CM-02 Baseline Configuration mitigates T1601.001 Patch System Image
CM-02 Baseline Configuration mitigates T1601.002 Downgrade System Image
CM-02 Baseline Configuration mitigates T1602 Data from Configuration Repository
CM-02 Baseline Configuration mitigates T1602.001 SNMP (MIB Dump)
CM-02 Baseline Configuration mitigates T1602.002 Network Device Configuration Dump
CM-02 Baseline Configuration mitigates T1622 Debugger Evasion
CM-02 Baseline Configuration mitigates T1647 Plist File Modification
CM-02 Baseline Configuration mitigates T1653 Power Settings
SA-11 Developer Testing and Evaluation mitigates T1134.005 SID-History Injection
SA-11 Developer Testing and Evaluation mitigates T1195.003 Compromise Hardware Supply Chain
SA-11 Developer Testing and Evaluation mitigates T1495 Firmware Corruption
SA-11 Developer Testing and Evaluation mitigates T1505 Server Software Component
SA-11 Developer Testing and Evaluation mitigates T1505.001 SQL Stored Procedures
SA-11 Developer Testing and Evaluation mitigates T1505.002 Transport Agent
SA-11 Developer Testing and Evaluation mitigates T1505.004 IIS Components
SA-11 Developer Testing and Evaluation mitigates T1542.003 Bootkit
SA-11 Developer Testing and Evaluation mitigates T1542.004 ROMMONkit
SA-11 Developer Testing and Evaluation mitigates T1542.005 TFTP Boot
SA-11 Developer Testing and Evaluation mitigates T1552.002 Credentials in Registry
SA-11 Developer Testing and Evaluation mitigates T1552.006 Group Policy Preferences
SA-11 Developer Testing and Evaluation mitigates T1553.006 Code Signing Policy Modification
SA-11 Developer Testing and Evaluation mitigates T1558.004 AS-REP Roasting
SA-11 Developer Testing and Evaluation mitigates T1559.003 XPC Services
SA-11 Developer Testing and Evaluation mitigates T1574.002 DLL Side-Loading
SA-11 Developer Testing and Evaluation mitigates T1601 Modify System Image
SA-11 Developer Testing and Evaluation mitigates T1601.001 Patch System Image
SA-11 Developer Testing and Evaluation mitigates T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation mitigates T1612 Build Image on Host
SA-11 Developer Testing and Evaluation mitigates T1647 Plist File Modification
SA-08 Security and Privacy Engineering Principles mitigates T1025 Data from Removable Media
SA-08 Security and Privacy Engineering Principles mitigates T1041 Exfiltration Over C2 Channel
SA-08 Security and Privacy Engineering Principles mitigates T1048 Exfiltration Over Alternative Protocol
SA-08 Security and Privacy Engineering Principles mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SA-08 Security and Privacy Engineering Principles mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SA-08 Security and Privacy Engineering Principles mitigates T1052 Exfiltration Over Physical Medium
SA-08 Security and Privacy Engineering Principles mitigates T1052.001 Exfiltration over USB
SA-08 Security and Privacy Engineering Principles mitigates T1134.005 SID-History Injection
SA-08 Security and Privacy Engineering Principles mitigates T1482 Domain Trust Discovery
SA-08 Security and Privacy Engineering Principles mitigates T1559.003 XPC Services
SA-08 Security and Privacy Engineering Principles mitigates T1567 Exfiltration Over Web Service
SA-08 Security and Privacy Engineering Principles mitigates T1574.002 DLL Side-Loading
SA-08 Security and Privacy Engineering Principles mitigates T1647 Plist File Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.002 Security Account Manager
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.003 NTDS
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.004 LSA Secrets
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.006 DCSync
IA-02 Identification and Authentication (Organizational Users) mitigates T1003.008 /etc/passwd and /etc/shadow
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.001 Remote Desktop Protocol
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.002 SMB/Windows Admin Shares
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.003 Distributed Component Object Model
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.004 SSH
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.005 VNC
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.006 Windows Remote Management
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.007 Cloud Services
IA-02 Identification and Authentication (Organizational Users) mitigates T1021.008 Direct Cloud VM Connections
IA-02 Identification and Authentication (Organizational Users) mitigates T1036.007 Double File Extension
IA-02 Identification and Authentication (Organizational Users) mitigates T1053.003 Cron
IA-02 Identification and Authentication (Organizational Users) mitigates T1053.006 Systemd Timers
IA-02 Identification and Authentication (Organizational Users) mitigates T1053.007 Container Orchestration Job
IA-02 Identification and Authentication (Organizational Users) mitigates T1055 Process Injection
IA-02 Identification and Authentication (Organizational Users) mitigates T1055.008 Ptrace System Calls
IA-02 Identification and Authentication (Organizational Users) mitigates T1056.003 Web Portal Capture
IA-02 Identification and Authentication (Organizational Users) mitigates T1059.001 PowerShell
IA-02 Identification and Authentication (Organizational Users) mitigates T1059.008 Network Device CLI
IA-02 Identification and Authentication (Organizational Users) mitigates T1059.009 Cloud API
IA-02 Identification and Authentication (Organizational Users) mitigates T1078.002 Domain Accounts
IA-02 Identification and Authentication (Organizational Users) mitigates T1087.004 Cloud Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1098.004 SSH Authorized Keys
IA-02 Identification and Authentication (Organizational Users) mitigates T1110.001 Password Guessing
IA-02 Identification and Authentication (Organizational Users) mitigates T1110.002 Password Cracking
IA-02 Identification and Authentication (Organizational Users) mitigates T1110.003 Password Spraying
IA-02 Identification and Authentication (Organizational Users) mitigates T1110.004 Credential Stuffing
IA-02 Identification and Authentication (Organizational Users) mitigates T1111 Multi-Factor Authentication Interception
IA-02 Identification and Authentication (Organizational Users) mitigates T1133 External Remote Services
IA-02 Identification and Authentication (Organizational Users) mitigates T1134 Access Token Manipulation
IA-02 Identification and Authentication (Organizational Users) mitigates T1134.002 Create Process with Token
IA-02 Identification and Authentication (Organizational Users) mitigates T1136.001 Local Account
IA-02 Identification and Authentication (Organizational Users) mitigates T1185 Browser Session Hijacking
IA-02 Identification and Authentication (Organizational Users) mitigates T1197 BITS Jobs
IA-02 Identification and Authentication (Organizational Users) mitigates T1210 Exploitation of Remote Services
IA-02 Identification and Authentication (Organizational Users) mitigates T1212 Exploitation for Credential Access
IA-02 Identification and Authentication (Organizational Users) mitigates T1218.007 Msiexec
IA-02 Identification and Authentication (Organizational Users) mitigates T1222 File and Directory Permissions Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1222.001 Windows File and Directory Permissions Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
IA-02 Identification and Authentication (Organizational Users) mitigates T1495 Firmware Corruption
IA-02 Identification and Authentication (Organizational Users) mitigates T1505 Server Software Component
IA-02 Identification and Authentication (Organizational Users) mitigates T1505.002 Transport Agent
IA-02 Identification and Authentication (Organizational Users) mitigates T1505.004 IIS Components
IA-02 Identification and Authentication (Organizational Users) mitigates T1525 Implant Internal Image
IA-02 Identification and Authentication (Organizational Users) mitigates T1538 Cloud Service Dashboard
IA-02 Identification and Authentication (Organizational Users) mitigates T1542.003 Bootkit
IA-02 Identification and Authentication (Organizational Users) mitigates T1542.005 TFTP Boot
IA-02 Identification and Authentication (Organizational Users) mitigates T1543.001 Launch Agent
IA-02 Identification and Authentication (Organizational Users) mitigates T1543.004 Launch Daemon
IA-02 Identification and Authentication (Organizational Users) mitigates T1547.006 Kernel Modules and Extensions
IA-02 Identification and Authentication (Organizational Users) mitigates T1547.012 Print Processors
IA-02 Identification and Authentication (Organizational Users) mitigates T1547.013 XDG Autostart Entries
IA-02 Identification and Authentication (Organizational Users) mitigates T1548.002 Bypass User Account Control
IA-02 Identification and Authentication (Organizational Users) mitigates T1548.003 Sudo and Sudo Caching
IA-02 Identification and Authentication (Organizational Users) mitigates T1550.002 Pass the Hash
IA-02 Identification and Authentication (Organizational Users) mitigates T1550.003 Pass the Ticket
IA-02 Identification and Authentication (Organizational Users) mitigates T1552.002 Credentials in Registry
IA-02 Identification and Authentication (Organizational Users) mitigates T1552.006 Group Policy Preferences
IA-02 Identification and Authentication (Organizational Users) mitigates T1552.007 Container API
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.003 Pluggable Authentication Modules
IA-02 Identification and Authentication (Organizational Users) mitigates T1556.004 Network Device Authentication
IA-02 Identification and Authentication (Organizational Users) mitigates T1558.001 Golden Ticket
IA-02 Identification and Authentication (Organizational Users) mitigates T1558.002 Silver Ticket
IA-02 Identification and Authentication (Organizational Users) mitigates T1558.003 Kerberoasting
IA-02 Identification and Authentication (Organizational Users) mitigates T1558.004 AS-REP Roasting
IA-02 Identification and Authentication (Organizational Users) mitigates T1559 Inter-Process Communication
IA-02 Identification and Authentication (Organizational Users) mitigates T1559.001 Component Object Model
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.001 Disable or Modify Tools
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.002 Disable Windows Event Logging
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.008 Disable or Modify Cloud Logs
IA-02 Identification and Authentication (Organizational Users) mitigates T1562.009 Safe Mode Boot
IA-02 Identification and Authentication (Organizational Users) mitigates T1563.001 SSH Hijacking
IA-02 Identification and Authentication (Organizational Users) mitigates T1563.002 RDP Hijacking
IA-02 Identification and Authentication (Organizational Users) mitigates T1569 System Services
IA-02 Identification and Authentication (Organizational Users) mitigates T1569.001 Launchctl
IA-02 Identification and Authentication (Organizational Users) mitigates T1569.002 Service Execution
IA-02 Identification and Authentication (Organizational Users) mitigates T1574 Hijack Execution Flow
IA-02 Identification and Authentication (Organizational Users) mitigates T1574.005 Executable Installer File Permissions Weakness
IA-02 Identification and Authentication (Organizational Users) mitigates T1574.010 Services File Permissions Weakness
IA-02 Identification and Authentication (Organizational Users) mitigates T1574.012 COR_PROFILER
IA-02 Identification and Authentication (Organizational Users) mitigates T1578 Modify Cloud Compute Infrastructure
IA-02 Identification and Authentication (Organizational Users) mitigates T1578.001 Create Snapshot
IA-02 Identification and Authentication (Organizational Users) mitigates T1578.002 Create Cloud Instance
IA-02 Identification and Authentication (Organizational Users) mitigates T1578.003 Delete Cloud Instance
IA-02 Identification and Authentication (Organizational Users) mitigates T1580 Cloud Infrastructure Discovery
IA-02 Identification and Authentication (Organizational Users) mitigates T1599 Network Boundary Bridging
IA-02 Identification and Authentication (Organizational Users) mitigates T1599.001 Network Address Translation Traversal
IA-02 Identification and Authentication (Organizational Users) mitigates T1601 Modify System Image
IA-02 Identification and Authentication (Organizational Users) mitigates T1601.001 Patch System Image
IA-02 Identification and Authentication (Organizational Users) mitigates T1601.002 Downgrade System Image
IA-02 Identification and Authentication (Organizational Users) mitigates T1613 Container and Resource Discovery
IA-02 Identification and Authentication (Organizational Users) mitigates T1619 Cloud Storage Object Discovery
CM-07 Least Functionality mitigates T1003.002 Security Account Manager
CM-07 Least Functionality mitigates T1008 Fallback Channels
CM-07 Least Functionality mitigates T1011 Exfiltration Over Other Network Medium
CM-07 Least Functionality mitigates T1011.001 Exfiltration Over Bluetooth
CM-07 Least Functionality mitigates T1021.001 Remote Desktop Protocol
CM-07 Least Functionality mitigates T1021.002 SMB/Windows Admin Shares
CM-07 Least Functionality mitigates T1021.003 Distributed Component Object Model
CM-07 Least Functionality mitigates T1021.005 VNC
CM-07 Least Functionality mitigates T1021.006 Windows Remote Management
CM-07 Least Functionality mitigates T1021.008 Direct Cloud VM Connections
CM-07 Least Functionality mitigates T1036.005 Match Legitimate Name or Location
CM-07 Least Functionality mitigates T1036.007 Double File Extension
CM-07 Least Functionality mitigates T1036.008 Masquerade File Type
CM-07 Least Functionality mitigates T1037.001 Logon Script (Windows)
CM-07 Least Functionality mitigates T1046 Network Service Discovery
CM-07 Least Functionality mitigates T1048 Exfiltration Over Alternative Protocol
CM-07 Least Functionality mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-07 Least Functionality mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
CM-07 Least Functionality mitigates T1052 Exfiltration Over Physical Medium
CM-07 Least Functionality mitigates T1052.001 Exfiltration over USB
CM-07 Least Functionality mitigates T1059.005 Visual Basic
CM-07 Least Functionality mitigates T1059.007 JavaScript
CM-07 Least Functionality mitigates T1059.009 Cloud API
CM-07 Least Functionality mitigates T1068 Exploitation for Privilege Escalation
CM-07 Least Functionality mitigates T1071.001 Web Protocols
CM-07 Least Functionality mitigates T1071.004 DNS
CM-07 Least Functionality mitigates T1080 Taint Shared Content
CM-07 Least Functionality mitigates T1090 Proxy
CM-07 Least Functionality mitigates T1090.001 Internal Proxy
CM-07 Least Functionality mitigates T1090.002 External Proxy
CM-07 Least Functionality mitigates T1095 Non-Application Layer Protocol
CM-07 Least Functionality mitigates T1098.004 SSH Authorized Keys
CM-07 Least Functionality mitigates T1102.001 Dead Drop Resolver
CM-07 Least Functionality mitigates T1102.002 Bidirectional Communication
CM-07 Least Functionality mitigates T1102.003 One-Way Communication
CM-07 Least Functionality mitigates T1104 Multi-Stage Channels
CM-07 Least Functionality mitigates T1106 Native API
CM-07 Least Functionality mitigates T1112 Modify Registry
CM-07 Least Functionality mitigates T1127 Trusted Developer Utilities Proxy Execution
CM-07 Least Functionality mitigates T1129 Shared Modules
CM-07 Least Functionality mitigates T1133 External Remote Services
CM-07 Least Functionality mitigates T1135 Network Share Discovery
CM-07 Least Functionality mitigates T1187 Forced Authentication
CM-07 Least Functionality mitigates T1195.002 Compromise Software Supply Chain
CM-07 Least Functionality mitigates T1197 BITS Jobs
CM-07 Least Functionality mitigates T1199 Trusted Relationship
CM-07 Least Functionality mitigates T1204.001 Malicious Link
CM-07 Least Functionality mitigates T1204.003 Malicious Image
CM-07 Least Functionality mitigates T1205 Traffic Signaling
CM-07 Least Functionality mitigates T1205.001 Port Knocking
CM-07 Least Functionality mitigates T1210 Exploitation of Remote Services
CM-07 Least Functionality mitigates T1216 System Script Proxy Execution
CM-07 Least Functionality mitigates T1216.001 PubPrn
CM-07 Least Functionality mitigates T1218.001 Compiled HTML File
CM-07 Least Functionality mitigates T1218.002 Control Panel
CM-07 Least Functionality mitigates T1218.003 CMSTP
CM-07 Least Functionality mitigates T1218.004 InstallUtil
CM-07 Least Functionality mitigates T1218.005 Mshta
CM-07 Least Functionality mitigates T1218.007 Msiexec
CM-07 Least Functionality mitigates T1218.008 Odbcconf
CM-07 Least Functionality mitigates T1218.009 Regsvcs/Regasm
CM-07 Least Functionality mitigates T1218.012 Verclsid
CM-07 Least Functionality mitigates T1218.013 Mavinject
CM-07 Least Functionality mitigates T1218.014 MMC
CM-07 Least Functionality mitigates T1220 XSL Script Processing
CM-07 Least Functionality mitigates T1221 Template Injection
CM-07 Least Functionality mitigates T1482 Domain Trust Discovery
CM-07 Least Functionality mitigates T1498 Network Denial of Service
CM-07 Least Functionality mitigates T1498.001 Direct Network Flood
CM-07 Least Functionality mitigates T1498.002 Reflection Amplification
CM-07 Least Functionality mitigates T1499 Endpoint Denial of Service
CM-07 Least Functionality mitigates T1499.001 OS Exhaustion Flood
CM-07 Least Functionality mitigates T1499.002 Service Exhaustion Flood
CM-07 Least Functionality mitigates T1499.003 Application Exhaustion Flood
CM-07 Least Functionality mitigates T1499.004 Application or System Exploitation
CM-07 Least Functionality mitigates T1505.004 IIS Components
CM-07 Least Functionality mitigates T1525 Implant Internal Image
CM-07 Least Functionality mitigates T1542.004 ROMMONkit
CM-07 Least Functionality mitigates T1542.005 TFTP Boot
CM-07 Least Functionality mitigates T1546.002 Screensaver
CM-07 Least Functionality mitigates T1546.006 LC_LOAD_DYLIB Addition
CM-07 Least Functionality mitigates T1546.008 Accessibility Features
CM-07 Least Functionality mitigates T1546.009 AppCert DLLs
CM-07 Least Functionality mitigates T1546.010 AppInit DLLs
CM-07 Least Functionality mitigates T1547.006 Kernel Modules and Extensions
CM-07 Least Functionality mitigates T1547.007 Re-opened Applications
CM-07 Least Functionality mitigates T1548.001 Setuid and Setgid
CM-07 Least Functionality mitigates T1548.003 Sudo and Sudo Caching
CM-07 Least Functionality mitigates T1548.004 Elevated Execution with Prompt
CM-07 Least Functionality mitigates T1552.003 Bash History
CM-07 Least Functionality mitigates T1552.005 Cloud Instance Metadata API
CM-07 Least Functionality mitigates T1552.007 Container API
CM-07 Least Functionality mitigates T1553.001 Gatekeeper Bypass
CM-07 Least Functionality mitigates T1553.003 SIP and Trust Provider Hijacking
CM-07 Least Functionality mitigates T1553.004 Install Root Certificate
CM-07 Least Functionality mitigates T1553.005 Mark-of-the-Web Bypass
CM-07 Least Functionality mitigates T1553.006 Code Signing Policy Modification
CM-07 Least Functionality mitigates T1555.004 Windows Credential Manager
CM-07 Least Functionality mitigates T1555.006 Cloud Secrets Management Stores
CM-07 Least Functionality mitigates T1556.002 Password Filter DLL
CM-07 Least Functionality mitigates T1556.008 Network Provider DLL
CM-07 Least Functionality mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-07 Least Functionality mitigates T1557.002 ARP Cache Poisoning
CM-07 Least Functionality mitigates T1557.003 DHCP Spoofing
CM-07 Least Functionality mitigates T1559 Inter-Process Communication
CM-07 Least Functionality mitigates T1559.002 Dynamic Data Exchange
CM-07 Least Functionality mitigates T1559.003 XPC Services
CM-07 Least Functionality mitigates T1562.001 Disable or Modify Tools
CM-07 Least Functionality mitigates T1562.002 Disable Windows Event Logging
CM-07 Least Functionality mitigates T1562.003 Impair Command History Logging
CM-07 Least Functionality mitigates T1562.009 Safe Mode Boot
CM-07 Least Functionality mitigates T1562.010 Downgrade Attack
CM-07 Least Functionality mitigates T1563.001 SSH Hijacking
CM-07 Least Functionality mitigates T1563.002 RDP Hijacking
CM-07 Least Functionality mitigates T1564.002 Hidden Users
CM-07 Least Functionality mitigates T1564.006 Run Virtual Instance
CM-07 Least Functionality mitigates T1564.008 Email Hiding Rules
CM-07 Least Functionality mitigates T1564.009 Resource Forking
CM-07 Least Functionality mitigates T1565.003 Runtime Data Manipulation
CM-07 Least Functionality mitigates T1569 System Services
CM-07 Least Functionality mitigates T1569.002 Service Execution
CM-07 Least Functionality mitigates T1570 Lateral Tool Transfer
CM-07 Least Functionality mitigates T1571 Non-Standard Port
CM-07 Least Functionality mitigates T1573.001 Symmetric Cryptography
CM-07 Least Functionality mitigates T1573.002 Asymmetric Cryptography
CM-07 Least Functionality mitigates T1574 Hijack Execution Flow
CM-07 Least Functionality mitigates T1574.006 Dynamic Linker Hijacking
CM-07 Least Functionality mitigates T1574.007 Path Interception by PATH Environment Variable
CM-07 Least Functionality mitigates T1574.008 Path Interception by Search Order Hijacking
CM-07 Least Functionality mitigates T1574.009 Path Interception by Unquoted Path
CM-07 Least Functionality mitigates T1574.012 COR_PROFILER
CM-07 Least Functionality mitigates T1599 Network Boundary Bridging
CM-07 Least Functionality mitigates T1599.001 Network Address Translation Traversal
CM-07 Least Functionality mitigates T1601 Modify System Image
CM-07 Least Functionality mitigates T1601.001 Patch System Image
CM-07 Least Functionality mitigates T1601.002 Downgrade System Image
CM-07 Least Functionality mitigates T1602 Data from Configuration Repository
CM-07 Least Functionality mitigates T1602.001 SNMP (MIB Dump)
CM-07 Least Functionality mitigates T1602.002 Network Device Configuration Dump
CM-07 Least Functionality mitigates T1609 Container Administration Command
CM-07 Least Functionality mitigates T1612 Build Image on Host
CM-07 Least Functionality mitigates T1613 Container and Resource Discovery
CM-07 Least Functionality mitigates T1622 Debugger Evasion
CM-07 Least Functionality mitigates T1647 Plist File Modification
CM-07 Least Functionality mitigates T1653 Power Settings
SI-04 System Monitoring mitigates T1001.002 Steganography
SI-04 System Monitoring mitigates T1003.002 Security Account Manager
SI-04 System Monitoring mitigates T1003.003 NTDS
SI-04 System Monitoring mitigates T1003.004 LSA Secrets
SI-04 System Monitoring mitigates T1003.006 DCSync
SI-04 System Monitoring mitigates T1003.008 /etc/passwd and /etc/shadow
SI-04 System Monitoring mitigates T1005 Data from Local System
SI-04 System Monitoring mitigates T1008 Fallback Channels
SI-04 System Monitoring mitigates T1011 Exfiltration Over Other Network Medium
SI-04 System Monitoring mitigates T1011.001 Exfiltration Over Bluetooth
SI-04 System Monitoring mitigates T1021.001 Remote Desktop Protocol
SI-04 System Monitoring mitigates T1021.002 SMB/Windows Admin Shares
SI-04 System Monitoring mitigates T1021.003 Distributed Component Object Model
SI-04 System Monitoring mitigates T1021.004 SSH
SI-04 System Monitoring mitigates T1021.005 VNC
SI-04 System Monitoring mitigates T1021.006 Windows Remote Management
SI-04 System Monitoring mitigates T1021.008 Direct Cloud VM Connections
SI-04 System Monitoring mitigates T1025 Data from Removable Media
SI-04 System Monitoring mitigates T1027.002 Software Packing
SI-04 System Monitoring mitigates T1027.007 Dynamic API Resolution
SI-04 System Monitoring mitigates T1027.008 Stripped Payloads
SI-04 System Monitoring mitigates T1027.009 Embedded Payloads
SI-04 System Monitoring mitigates T1027.010 Command Obfuscation
SI-04 System Monitoring mitigates T1027.012 LNK Icon Smuggling
SI-04 System Monitoring mitigates T1029 Scheduled Transfer
SI-04 System Monitoring mitigates T1030 Data Transfer Size Limits
SI-04 System Monitoring mitigates T1036.001 Invalid Code Signature
SI-04 System Monitoring mitigates T1036.003 Rename System Utilities
SI-04 System Monitoring mitigates T1036.005 Match Legitimate Name or Location
SI-04 System Monitoring mitigates T1036.007 Double File Extension
SI-04 System Monitoring mitigates T1036.008 Masquerade File Type
SI-04 System Monitoring mitigates T1037.002 Login Hook
SI-04 System Monitoring mitigates T1037.003 Network Logon Script
SI-04 System Monitoring mitigates T1037.004 RC Scripts
SI-04 System Monitoring mitigates T1037.005 Startup Items
SI-04 System Monitoring mitigates T1041 Exfiltration Over C2 Channel
SI-04 System Monitoring mitigates T1046 Network Service Discovery
SI-04 System Monitoring mitigates T1048 Exfiltration Over Alternative Protocol
SI-04 System Monitoring mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-04 System Monitoring mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-04 System Monitoring mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SI-04 System Monitoring mitigates T1052 Exfiltration Over Physical Medium
SI-04 System Monitoring mitigates T1052.001 Exfiltration over USB
SI-04 System Monitoring mitigates T1053.003 Cron
SI-04 System Monitoring mitigates T1053.006 Systemd Timers
SI-04 System Monitoring mitigates T1055 Process Injection
SI-04 System Monitoring mitigates T1055.001 Dynamic-link Library Injection
SI-04 System Monitoring mitigates T1055.002 Portable Executable Injection
SI-04 System Monitoring mitigates T1055.003 Thread Execution Hijacking
SI-04 System Monitoring mitigates T1055.004 Asynchronous Procedure Call
SI-04 System Monitoring mitigates T1055.005 Thread Local Storage
SI-04 System Monitoring mitigates T1055.008 Ptrace System Calls
SI-04 System Monitoring mitigates T1055.009 Proc Memory
SI-04 System Monitoring mitigates T1055.011 Extra Window Memory Injection
SI-04 System Monitoring mitigates T1055.012 Process Hollowing
SI-04 System Monitoring mitigates T1055.013 Process Doppelgänging
SI-04 System Monitoring mitigates T1055.014 VDSO Hijacking
SI-04 System Monitoring mitigates T1059.001 PowerShell
SI-04 System Monitoring mitigates T1059.002 AppleScript
SI-04 System Monitoring mitigates T1059.003 Windows Command Shell
SI-04 System Monitoring mitigates T1059.004 Unix Shell
SI-04 System Monitoring mitigates T1059.005 Visual Basic
SI-04 System Monitoring mitigates T1059.007 JavaScript
SI-04 System Monitoring mitigates T1059.008 Network Device CLI
SI-04 System Monitoring mitigates T1059.009 Cloud API
SI-04 System Monitoring mitigates T1068 Exploitation for Privilege Escalation
SI-04 System Monitoring mitigates T1070 Indicator Removal
SI-04 System Monitoring mitigates T1070.002 Clear Linux or Mac System Logs
SI-04 System Monitoring mitigates T1070.007 Clear Network Connection History and Configurations
SI-04 System Monitoring mitigates T1070.008 Clear Mailbox Data
SI-04 System Monitoring mitigates T1070.009 Clear Persistence
SI-04 System Monitoring mitigates T1071.001 Web Protocols
SI-04 System Monitoring mitigates T1071.004 DNS
SI-04 System Monitoring mitigates T1078.002 Domain Accounts
SI-04 System Monitoring mitigates T1080 Taint Shared Content
SI-04 System Monitoring mitigates T1090 Proxy
SI-04 System Monitoring mitigates T1090.001 Internal Proxy
SI-04 System Monitoring mitigates T1090.002 External Proxy
SI-04 System Monitoring mitigates T1091 Replication Through Removable Media
SI-04 System Monitoring mitigates T1095 Non-Application Layer Protocol
SI-04 System Monitoring mitigates T1098.004 SSH Authorized Keys
SI-04 System Monitoring mitigates T1102.001 Dead Drop Resolver
SI-04 System Monitoring mitigates T1102.002 Bidirectional Communication
SI-04 System Monitoring mitigates T1102.003 One-Way Communication
SI-04 System Monitoring mitigates T1104 Multi-Stage Channels
SI-04 System Monitoring mitigates T1106 Native API
SI-04 System Monitoring mitigates T1110.001 Password Guessing
SI-04 System Monitoring mitigates T1110.002 Password Cracking
SI-04 System Monitoring mitigates T1110.003 Password Spraying
SI-04 System Monitoring mitigates T1110.004 Credential Stuffing
SI-04 System Monitoring mitigates T1111 Multi-Factor Authentication Interception
SI-04 System Monitoring mitigates T1114.001 Local Email Collection
SI-04 System Monitoring mitigates T1127 Trusted Developer Utilities Proxy Execution
SI-04 System Monitoring mitigates T1127.001 MSBuild
SI-04 System Monitoring mitigates T1129 Shared Modules
SI-04 System Monitoring mitigates T1132 Data Encoding
SI-04 System Monitoring mitigates T1132.001 Standard Encoding
SI-04 System Monitoring mitigates T1132.002 Non-Standard Encoding
SI-04 System Monitoring mitigates T1133 External Remote Services
SI-04 System Monitoring mitigates T1135 Network Share Discovery
SI-04 System Monitoring mitigates T1136.001 Local Account
SI-04 System Monitoring mitigates T1137 Office Application Startup
SI-04 System Monitoring mitigates T1137.001 Office Template Macros
SI-04 System Monitoring mitigates T1185 Browser Session Hijacking
SI-04 System Monitoring mitigates T1187 Forced Authentication
SI-04 System Monitoring mitigates T1189 Drive-by Compromise
SI-04 System Monitoring mitigates T1197 BITS Jobs
SI-04 System Monitoring mitigates T1201 Password Policy Discovery
SI-04 System Monitoring mitigates T1204.001 Malicious Link
SI-04 System Monitoring mitigates T1204.003 Malicious Image
SI-04 System Monitoring mitigates T1205 Traffic Signaling
SI-04 System Monitoring mitigates T1205.001 Port Knocking
SI-04 System Monitoring mitigates T1205.002 Socket Filters
SI-04 System Monitoring mitigates T1210 Exploitation of Remote Services
SI-04 System Monitoring mitigates T1211 Exploitation for Defense Evasion
SI-04 System Monitoring mitigates T1212 Exploitation for Credential Access
SI-04 System Monitoring mitigates T1216 System Script Proxy Execution
SI-04 System Monitoring mitigates T1216.001 PubPrn
SI-04 System Monitoring mitigates T1218.001 Compiled HTML File
SI-04 System Monitoring mitigates T1218.002 Control Panel
SI-04 System Monitoring mitigates T1218.003 CMSTP
SI-04 System Monitoring mitigates T1218.004 InstallUtil
SI-04 System Monitoring mitigates T1218.005 Mshta
SI-04 System Monitoring mitigates T1218.008 Odbcconf
SI-04 System Monitoring mitigates T1218.009 Regsvcs/Regasm
SI-04 System Monitoring mitigates T1218.010 Regsvr32
SI-04 System Monitoring mitigates T1218.012 Verclsid
SI-04 System Monitoring mitigates T1218.013 Mavinject
SI-04 System Monitoring mitigates T1218.014 MMC
SI-04 System Monitoring mitigates T1220 XSL Script Processing
SI-04 System Monitoring mitigates T1221 Template Injection
SI-04 System Monitoring mitigates T1222 File and Directory Permissions Modification
SI-04 System Monitoring mitigates T1222.001 Windows File and Directory Permissions Modification
SI-04 System Monitoring mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
SI-04 System Monitoring mitigates T1486 Data Encrypted for Impact
SI-04 System Monitoring mitigates T1491 Defacement
SI-04 System Monitoring mitigates T1491.001 Internal Defacement
SI-04 System Monitoring mitigates T1491.002 External Defacement
SI-04 System Monitoring mitigates T1499 Endpoint Denial of Service
SI-04 System Monitoring mitigates T1499.001 OS Exhaustion Flood
SI-04 System Monitoring mitigates T1499.002 Service Exhaustion Flood
SI-04 System Monitoring mitigates T1499.003 Application Exhaustion Flood
SI-04 System Monitoring mitigates T1499.004 Application or System Exploitation
SI-04 System Monitoring mitigates T1505 Server Software Component
SI-04 System Monitoring mitigates T1505.002 Transport Agent
SI-04 System Monitoring mitigates T1505.004 IIS Components
SI-04 System Monitoring mitigates T1505.005 Terminal Services DLL
SI-04 System Monitoring mitigates T1525 Implant Internal Image
SI-04 System Monitoring mitigates T1542.004 ROMMONkit
SI-04 System Monitoring mitigates T1542.005 TFTP Boot
SI-04 System Monitoring mitigates T1546.002 Screensaver
SI-04 System Monitoring mitigates T1546.004 Unix Shell Configuration Modification
SI-04 System Monitoring mitigates T1546.006 LC_LOAD_DYLIB Addition
SI-04 System Monitoring mitigates T1546.008 Accessibility Features
SI-04 System Monitoring mitigates T1546.013 PowerShell Profile
SI-04 System Monitoring mitigates T1546.014 Emond
SI-04 System Monitoring mitigates T1547.002 Authentication Package
SI-04 System Monitoring mitigates T1547.005 Security Support Provider
SI-04 System Monitoring mitigates T1547.006 Kernel Modules and Extensions
SI-04 System Monitoring mitigates T1547.007 Re-opened Applications
SI-04 System Monitoring mitigates T1547.008 LSASS Driver
SI-04 System Monitoring mitigates T1547.012 Print Processors
SI-04 System Monitoring mitigates T1547.013 XDG Autostart Entries
SI-04 System Monitoring mitigates T1548.001 Setuid and Setgid
SI-04 System Monitoring mitigates T1548.002 Bypass User Account Control
SI-04 System Monitoring mitigates T1548.003 Sudo and Sudo Caching
SI-04 System Monitoring mitigates T1548.004 Elevated Execution with Prompt
SI-04 System Monitoring mitigates T1550.003 Pass the Ticket
SI-04 System Monitoring mitigates T1552.002 Credentials in Registry
SI-04 System Monitoring mitigates T1552.003 Bash History
SI-04 System Monitoring mitigates T1552.005 Cloud Instance Metadata API
SI-04 System Monitoring mitigates T1552.006 Group Policy Preferences
SI-04 System Monitoring mitigates T1552.008 Chat Messages
SI-04 System Monitoring mitigates T1553.001 Gatekeeper Bypass
SI-04 System Monitoring mitigates T1553.003 SIP and Trust Provider Hijacking
SI-04 System Monitoring mitigates T1553.004 Install Root Certificate
SI-04 System Monitoring mitigates T1553.005 Mark-of-the-Web Bypass
SI-04 System Monitoring mitigates T1555.001 Keychain
SI-04 System Monitoring mitigates T1555.004 Windows Credential Manager
SI-04 System Monitoring mitigates T1556.002 Password Filter DLL
SI-04 System Monitoring mitigates T1556.003 Pluggable Authentication Modules
SI-04 System Monitoring mitigates T1556.004 Network Device Authentication
SI-04 System Monitoring mitigates T1556.008 Network Provider DLL
SI-04 System Monitoring mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-04 System Monitoring mitigates T1557.002 ARP Cache Poisoning
SI-04 System Monitoring mitigates T1557.003 DHCP Spoofing
SI-04 System Monitoring mitigates T1558.002 Silver Ticket
SI-04 System Monitoring mitigates T1558.003 Kerberoasting
SI-04 System Monitoring mitigates T1558.004 AS-REP Roasting
SI-04 System Monitoring mitigates T1559 Inter-Process Communication
SI-04 System Monitoring mitigates T1559.002 Dynamic Data Exchange
SI-04 System Monitoring mitigates T1559.003 XPC Services
SI-04 System Monitoring mitigates T1560.001 Archive via Utility
SI-04 System Monitoring mitigates T1561 Disk Wipe
SI-04 System Monitoring mitigates T1561.001 Disk Content Wipe
SI-04 System Monitoring mitigates T1561.002 Disk Structure Wipe
SI-04 System Monitoring mitigates T1562.001 Disable or Modify Tools
SI-04 System Monitoring mitigates T1562.002 Disable Windows Event Logging
SI-04 System Monitoring mitigates T1562.003 Impair Command History Logging
SI-04 System Monitoring mitigates T1562.010 Downgrade Attack
SI-04 System Monitoring mitigates T1562.011 Spoof Security Alerting
SI-04 System Monitoring mitigates T1562.012 Disable or Modify Linux Audit System
SI-04 System Monitoring mitigates T1563.001 SSH Hijacking
SI-04 System Monitoring mitigates T1563.002 RDP Hijacking
SI-04 System Monitoring mitigates T1564.002 Hidden Users
SI-04 System Monitoring mitigates T1564.006 Run Virtual Instance
SI-04 System Monitoring mitigates T1564.007 VBA Stomping
SI-04 System Monitoring mitigates T1564.008 Email Hiding Rules
SI-04 System Monitoring mitigates T1564.009 Resource Forking
SI-04 System Monitoring mitigates T1564.010 Process Argument Spoofing
SI-04 System Monitoring mitigates T1565.001 Stored Data Manipulation
SI-04 System Monitoring mitigates T1565.002 Transmitted Data Manipulation
SI-04 System Monitoring mitigates T1565.003 Runtime Data Manipulation
SI-04 System Monitoring mitigates T1567 Exfiltration Over Web Service
SI-04 System Monitoring mitigates T1568 Dynamic Resolution
SI-04 System Monitoring mitigates T1568.002 Domain Generation Algorithms
SI-04 System Monitoring mitigates T1569 System Services
SI-04 System Monitoring mitigates T1569.002 Service Execution
SI-04 System Monitoring mitigates T1570 Lateral Tool Transfer
SI-04 System Monitoring mitigates T1571 Non-Standard Port
SI-04 System Monitoring mitigates T1573.001 Symmetric Cryptography
SI-04 System Monitoring mitigates T1573.002 Asymmetric Cryptography
SI-04 System Monitoring mitigates T1574 Hijack Execution Flow
SI-04 System Monitoring mitigates T1574.004 Dylib Hijacking
SI-04 System Monitoring mitigates T1574.005 Executable Installer File Permissions Weakness
SI-04 System Monitoring mitigates T1574.007 Path Interception by PATH Environment Variable
SI-04 System Monitoring mitigates T1574.008 Path Interception by Search Order Hijacking
SI-04 System Monitoring mitigates T1574.009 Path Interception by Unquoted Path
SI-04 System Monitoring mitigates T1574.010 Services File Permissions Weakness
SI-04 System Monitoring mitigates T1574.013 KernelCallbackTable
SI-04 System Monitoring mitigates T1578 Modify Cloud Compute Infrastructure
SI-04 System Monitoring mitigates T1578.001 Create Snapshot
SI-04 System Monitoring mitigates T1578.002 Create Cloud Instance
SI-04 System Monitoring mitigates T1578.003 Delete Cloud Instance
SI-04 System Monitoring mitigates T1598 Phishing for Information
SI-04 System Monitoring mitigates T1598.001 Spearphishing Service
SI-04 System Monitoring mitigates T1598.002 Spearphishing Attachment
SI-04 System Monitoring mitigates T1599 Network Boundary Bridging
SI-04 System Monitoring mitigates T1599.001 Network Address Translation Traversal
SI-04 System Monitoring mitigates T1601 Modify System Image
SI-04 System Monitoring mitigates T1601.001 Patch System Image
SI-04 System Monitoring mitigates T1601.002 Downgrade System Image
SI-04 System Monitoring mitigates T1602 Data from Configuration Repository
SI-04 System Monitoring mitigates T1602.001 SNMP (MIB Dump)
SI-04 System Monitoring mitigates T1602.002 Network Device Configuration Dump
SI-04 System Monitoring mitigates T1612 Build Image on Host
SI-04 System Monitoring mitigates T1613 Container and Resource Discovery
SI-04 System Monitoring mitigates T1622 Debugger Evasion
SI-04 System Monitoring mitigates T1647 Plist File Modification
SI-04 System Monitoring mitigates T1653 Power Settings
AC-04 Information Flow Enforcement mitigates T1001.002 Steganography
AC-02 Account Management mitigates T1003.002 Security Account Manager
AC-03 Access Enforcement mitigates T1003.002 Security Account Manager
AC-05 Separation of Duties mitigates T1003.002 Security Account Manager
AC-06 Least Privilege mitigates T1003.002 Security Account Manager
AC-02 Account Management mitigates T1003.003 NTDS
AC-03 Access Enforcement mitigates T1003.003 NTDS
AC-05 Separation of Duties mitigates T1003.003 NTDS
AC-06 Least Privilege mitigates T1003.003 NTDS
AC-02 Account Management mitigates T1003.004 LSA Secrets
AC-03 Access Enforcement mitigates T1003.004 LSA Secrets
AC-05 Separation of Duties mitigates T1003.004 LSA Secrets
AC-06 Least Privilege mitigates T1003.004 LSA Secrets
AC-02 Account Management mitigates T1003.006 DCSync
AC-03 Access Enforcement mitigates T1003.006 DCSync
AC-04 Information Flow Enforcement mitigates T1003.006 DCSync
AC-05 Separation of Duties mitigates T1003.006 DCSync
AC-06 Least Privilege mitigates T1003.006 DCSync
AC-02 Account Management mitigates T1003.008 /etc/passwd and /etc/shadow
AC-03 Access Enforcement mitigates T1003.008 /etc/passwd and /etc/shadow
AC-05 Separation of Duties mitigates T1003.008 /etc/passwd and /etc/shadow
AC-06 Least Privilege mitigates T1003.008 /etc/passwd and /etc/shadow
AC-03 Access Enforcement mitigates T1005 Data from Local System
AC-06 Least Privilege mitigates T1005 Data from Local System
AC-02 Account Management mitigates T1005 Data from Local System
AC-04 Information Flow Enforcement mitigates T1008 Fallback Channels
AC-11 Device Lock mitigates T1021.001 Remote Desktop Protocol
AC-12 Session Termination mitigates T1021.001 Remote Desktop Protocol
AC-02 Account Management mitigates T1021.001 Remote Desktop Protocol
AC-03 Access Enforcement mitigates T1021.001 Remote Desktop Protocol
AC-04 Information Flow Enforcement mitigates T1021.001 Remote Desktop Protocol
AC-05 Separation of Duties mitigates T1021.001 Remote Desktop Protocol
AC-06 Least Privilege mitigates T1021.001 Remote Desktop Protocol
AC-07 Unsuccessful Logon Attempts mitigates T1021.001 Remote Desktop Protocol
AC-02 Account Management mitigates T1021.002 SMB/Windows Admin Shares
AC-03 Access Enforcement mitigates T1021.002 SMB/Windows Admin Shares
AC-04 Information Flow Enforcement mitigates T1021.002 SMB/Windows Admin Shares
AC-05 Separation of Duties mitigates T1021.002 SMB/Windows Admin Shares
AC-06 Least Privilege mitigates T1021.002 SMB/Windows Admin Shares
AC-02 Account Management mitigates T1021.003 Distributed Component Object Model
AC-03 Access Enforcement mitigates T1021.003 Distributed Component Object Model
AC-04 Information Flow Enforcement mitigates T1021.003 Distributed Component Object Model
AC-05 Separation of Duties mitigates T1021.003 Distributed Component Object Model
AC-06 Least Privilege mitigates T1021.003 Distributed Component Object Model
AC-02 Account Management mitigates T1021.004 SSH
AC-03 Access Enforcement mitigates T1021.004 SSH
AC-05 Separation of Duties mitigates T1021.004 SSH
AC-06 Least Privilege mitigates T1021.004 SSH
AC-07 Unsuccessful Logon Attempts mitigates T1021.004 SSH
AC-02 Account Management mitigates T1021.005 VNC
AC-03 Access Enforcement mitigates T1021.005 VNC
AC-04 Information Flow Enforcement mitigates T1021.005 VNC
AC-06 Least Privilege mitigates T1021.005 VNC
AC-02 Account Management mitigates T1021.006 Windows Remote Management
AC-03 Access Enforcement mitigates T1021.006 Windows Remote Management
AC-04 Information Flow Enforcement mitigates T1021.006 Windows Remote Management
AC-05 Separation of Duties mitigates T1021.006 Windows Remote Management
AC-06 Least Privilege mitigates T1021.006 Windows Remote Management
AC-03 Access Enforcement mitigates T1021.007 Cloud Services
AC-05 Separation of Duties mitigates T1021.007 Cloud Services
AC-06 Least Privilege mitigates T1021.007 Cloud Services
AC-02 Account Management mitigates T1021.007 Cloud Services
AC-03 Access Enforcement mitigates T1021.008 Direct Cloud VM Connections
AC-06 Least Privilege mitigates T1021.008 Direct Cloud VM Connections
AC-02 Account Management mitigates T1021.008 Direct Cloud VM Connections
AC-02 Account Management mitigates T1025 Data from Removable Media
AC-03 Access Enforcement mitigates T1025 Data from Removable Media
AC-06 Least Privilege mitigates T1025 Data from Removable Media
AC-04 Information Flow Enforcement mitigates T1029 Scheduled Transfer
AC-04 Information Flow Enforcement mitigates T1030 Data Transfer Size Limits
AC-02 Account Management mitigates T1036.003 Rename System Utilities
AC-03 Access Enforcement mitigates T1036.003 Rename System Utilities
AC-06 Least Privilege mitigates T1036.003 Rename System Utilities
AC-02 Account Management mitigates T1036.005 Match Legitimate Name or Location
AC-03 Access Enforcement mitigates T1036.005 Match Legitimate Name or Location
AC-06 Least Privilege mitigates T1036.005 Match Legitimate Name or Location
AC-03 Access Enforcement mitigates T1037.002 Login Hook
AC-03 Access Enforcement mitigates T1037.003 Network Logon Script
AC-03 Access Enforcement mitigates T1037.004 RC Scripts
AC-03 Access Enforcement mitigates T1037.005 Startup Items
AC-02 Account Management mitigates T1041 Exfiltration Over C2 Channel
AC-03 Access Enforcement mitigates T1041 Exfiltration Over C2 Channel
AC-04 Information Flow Enforcement mitigates T1041 Exfiltration Over C2 Channel
AC-06 Least Privilege mitigates T1041 Exfiltration Over C2 Channel
AC-04 Information Flow Enforcement mitigates T1046 Network Service Discovery
AC-02 Account Management mitigates T1048 Exfiltration Over Alternative Protocol
AC-03 Access Enforcement mitigates T1048 Exfiltration Over Alternative Protocol
AC-04 Information Flow Enforcement mitigates T1048 Exfiltration Over Alternative Protocol
AC-06 Least Privilege mitigates T1048 Exfiltration Over Alternative Protocol
AC-03 Access Enforcement mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-04 Information Flow Enforcement mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-02 Account Management mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-03 Access Enforcement mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-04 Information Flow Enforcement mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-06 Least Privilege mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-03 Access Enforcement mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-04 Information Flow Enforcement mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-06 Least Privilege mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-02 Account Management mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
AC-02 Account Management mitigates T1052 Exfiltration Over Physical Medium
AC-03 Access Enforcement mitigates T1052 Exfiltration Over Physical Medium
AC-06 Least Privilege mitigates T1052 Exfiltration Over Physical Medium
AC-02 Account Management mitigates T1052.001 Exfiltration over USB
AC-03 Access Enforcement mitigates T1052.001 Exfiltration over USB
AC-06 Least Privilege mitigates T1052.001 Exfiltration over USB
AC-02 Account Management mitigates T1053.003 Cron
AC-03 Access Enforcement mitigates T1053.003 Cron
AC-05 Separation of Duties mitigates T1053.003 Cron
AC-06 Least Privilege mitigates T1053.003 Cron
AC-02 Account Management mitigates T1053.006 Systemd Timers
AC-03 Access Enforcement mitigates T1053.006 Systemd Timers
AC-05 Separation of Duties mitigates T1053.006 Systemd Timers
AC-06 Least Privilege mitigates T1053.006 Systemd Timers
AC-02 Account Management mitigates T1053.007 Container Orchestration Job
AC-03 Access Enforcement mitigates T1053.007 Container Orchestration Job
AC-05 Separation of Duties mitigates T1053.007 Container Orchestration Job
AC-06 Least Privilege mitigates T1053.007 Container Orchestration Job
AC-02 Account Management mitigates T1055 Process Injection
AC-03 Access Enforcement mitigates T1055 Process Injection
AC-05 Separation of Duties mitigates T1055 Process Injection
AC-06 Least Privilege mitigates T1055 Process Injection
AC-06 Least Privilege mitigates T1055.001 Dynamic-link Library Injection
AC-06 Least Privilege mitigates T1055.002 Portable Executable Injection
AC-06 Least Privilege mitigates T1055.003 Thread Execution Hijacking
AC-06 Least Privilege mitigates T1055.004 Asynchronous Procedure Call
AC-06 Least Privilege mitigates T1055.005 Thread Local Storage
AC-02 Account Management mitigates T1055.008 Ptrace System Calls
AC-03 Access Enforcement mitigates T1055.008 Ptrace System Calls
AC-05 Separation of Duties mitigates T1055.008 Ptrace System Calls
AC-06 Least Privilege mitigates T1055.008 Ptrace System Calls
AC-03 Access Enforcement mitigates T1055.009 Proc Memory
AC-06 Least Privilege mitigates T1055.009 Proc Memory
AC-06 Least Privilege mitigates T1055.011 Extra Window Memory Injection
AC-06 Least Privilege mitigates T1055.012 Process Hollowing
AC-06 Least Privilege mitigates T1055.013 Process Doppelgänging
AC-06 Least Privilege mitigates T1055.014 VDSO Hijacking
AC-02 Account Management mitigates T1056.003 Web Portal Capture
AC-03 Access Enforcement mitigates T1056.003 Web Portal Capture
AC-05 Separation of Duties mitigates T1056.003 Web Portal Capture
AC-06 Least Privilege mitigates T1056.003 Web Portal Capture
AC-02 Account Management mitigates T1059.001 PowerShell
AC-03 Access Enforcement mitigates T1059.001 PowerShell
AC-05 Separation of Duties mitigates T1059.001 PowerShell
AC-06 Least Privilege mitigates T1059.001 PowerShell
AC-02 Account Management mitigates T1059.002 AppleScript
AC-03 Access Enforcement mitigates T1059.002 AppleScript
AC-06 Least Privilege mitigates T1059.002 AppleScript
AC-02 Account Management mitigates T1059.003 Windows Command Shell
AC-03 Access Enforcement mitigates T1059.003 Windows Command Shell
AC-06 Least Privilege mitigates T1059.003 Windows Command Shell
AC-02 Account Management mitigates T1059.004 Unix Shell
AC-03 Access Enforcement mitigates T1059.004 Unix Shell
AC-06 Least Privilege mitigates T1059.004 Unix Shell
AC-02 Account Management mitigates T1059.005 Visual Basic
AC-03 Access Enforcement mitigates T1059.005 Visual Basic
AC-06 Least Privilege mitigates T1059.005 Visual Basic
AC-02 Account Management mitigates T1059.007 JavaScript
AC-03 Access Enforcement mitigates T1059.007 JavaScript
AC-06 Least Privilege mitigates T1059.007 JavaScript
AC-02 Account Management mitigates T1059.008 Network Device CLI
AC-03 Access Enforcement mitigates T1059.008 Network Device CLI
AC-05 Separation of Duties mitigates T1059.008 Network Device CLI
AC-06 Least Privilege mitigates T1059.008 Network Device CLI
AC-06 Least Privilege mitigates T1059.009 Cloud API
AC-03 Access Enforcement mitigates T1059.009 Cloud API
AC-02 Account Management mitigates T1059.009 Cloud API
AC-02 Account Management mitigates T1068 Exploitation for Privilege Escalation
AC-04 Information Flow Enforcement mitigates T1068 Exploitation for Privilege Escalation
AC-06 Least Privilege mitigates T1068 Exploitation for Privilege Escalation
AC-02 Account Management mitigates T1070 Indicator Removal
AC-03 Access Enforcement mitigates T1070 Indicator Removal
AC-05 Separation of Duties mitigates T1070 Indicator Removal
AC-06 Least Privilege mitigates T1070 Indicator Removal
AC-02 Account Management mitigates T1070.002 Clear Linux or Mac System Logs
AC-03 Access Enforcement mitigates T1070.002 Clear Linux or Mac System Logs
AC-05 Separation of Duties mitigates T1070.002 Clear Linux or Mac System Logs
AC-06 Least Privilege mitigates T1070.002 Clear Linux or Mac System Logs
AC-02 Account Management mitigates T1070.007 Clear Network Connection History and Configurations
AC-03 Access Enforcement mitigates T1070.007 Clear Network Connection History and Configurations
AC-05 Separation of Duties mitigates T1070.007 Clear Network Connection History and Configurations
AC-06 Least Privilege mitigates T1070.007 Clear Network Connection History and Configurations
AC-04 Information Flow Enforcement mitigates T1070.008 Clear Mailbox Data
AC-02 Account Management mitigates T1070.008 Clear Mailbox Data
AC-03 Access Enforcement mitigates T1070.008 Clear Mailbox Data
AC-05 Separation of Duties mitigates T1070.008 Clear Mailbox Data
AC-06 Least Privilege mitigates T1070.008 Clear Mailbox Data
AC-03 Access Enforcement mitigates T1070.009 Clear Persistence
AC-05 Separation of Duties mitigates T1070.009 Clear Persistence
AC-06 Least Privilege mitigates T1070.009 Clear Persistence
AC-04 Information Flow Enforcement mitigates T1071.001 Web Protocols
AC-03 Access Enforcement mitigates T1071.004 DNS
AC-04 Information Flow Enforcement mitigates T1071.004 DNS
AC-02 Account Management mitigates T1078.002 Domain Accounts
AC-03 Access Enforcement mitigates T1078.002 Domain Accounts
AC-05 Separation of Duties mitigates T1078.002 Domain Accounts
AC-06 Least Privilege mitigates T1078.002 Domain Accounts
AC-07 Unsuccessful Logon Attempts mitigates T1078.002 Domain Accounts
AC-03 Access Enforcement mitigates T1080 Taint Shared Content
AC-02 Account Management mitigates T1087.004 Cloud Account
AC-03 Access Enforcement mitigates T1087.004 Cloud Account
AC-05 Separation of Duties mitigates T1087.004 Cloud Account
AC-06 Least Privilege mitigates T1087.004 Cloud Account
AC-03 Access Enforcement mitigates T1090 Proxy
AC-04 Information Flow Enforcement mitigates T1090 Proxy
AC-04 Information Flow Enforcement mitigates T1090.001 Internal Proxy
AC-04 Information Flow Enforcement mitigates T1090.002 External Proxy
AC-03 Access Enforcement mitigates T1091 Replication Through Removable Media
AC-06 Least Privilege mitigates T1091 Replication Through Removable Media
AC-03 Access Enforcement mitigates T1095 Non-Application Layer Protocol
AC-04 Information Flow Enforcement mitigates T1095 Non-Application Layer Protocol
AC-03 Access Enforcement mitigates T1098.004 SSH Authorized Keys
AC-05 Separation of Duties mitigates T1098.004 SSH Authorized Keys
AC-06 Least Privilege mitigates T1098.004 SSH Authorized Keys
AC-03 Access Enforcement mitigates T1098.006 Additional Container Cluster Roles
AC-02 Account Management mitigates T1098.006 Additional Container Cluster Roles
AC-06 Least Privilege mitigates T1098.006 Additional Container Cluster Roles
AC-04 Information Flow Enforcement mitigates T1102.001 Dead Drop Resolver
AC-04 Information Flow Enforcement mitigates T1102.002 Bidirectional Communication
AC-04 Information Flow Enforcement mitigates T1102.003 One-Way Communication
AC-04 Information Flow Enforcement mitigates T1104 Multi-Stage Channels
AC-06 Least Privilege mitigates T1106 Native API
AC-02 Account Management mitigates T1110.001 Password Guessing
AC-03 Access Enforcement mitigates T1110.001 Password Guessing
AC-05 Separation of Duties mitigates T1110.001 Password Guessing
AC-06 Least Privilege mitigates T1110.001 Password Guessing
AC-07 Unsuccessful Logon Attempts mitigates T1110.001 Password Guessing
AC-02 Account Management mitigates T1110.002 Password Cracking
AC-03 Access Enforcement mitigates T1110.002 Password Cracking
AC-05 Separation of Duties mitigates T1110.002 Password Cracking
AC-06 Least Privilege mitigates T1110.002 Password Cracking
AC-07 Unsuccessful Logon Attempts mitigates T1110.002 Password Cracking
AC-02 Account Management mitigates T1110.003 Password Spraying
AC-03 Access Enforcement mitigates T1110.003 Password Spraying
AC-05 Separation of Duties mitigates T1110.003 Password Spraying
AC-06 Least Privilege mitigates T1110.003 Password Spraying
AC-07 Unsuccessful Logon Attempts mitigates T1110.003 Password Spraying
AC-02 Account Management mitigates T1110.004 Credential Stuffing
AC-03 Access Enforcement mitigates T1110.004 Credential Stuffing
AC-05 Separation of Duties mitigates T1110.004 Credential Stuffing
AC-06 Least Privilege mitigates T1110.004 Credential Stuffing
AC-07 Unsuccessful Logon Attempts mitigates T1110.004 Credential Stuffing
AC-06 Least Privilege mitigates T1112 Modify Registry
AC-04 Information Flow Enforcement mitigates T1114.001 Local Email Collection
AC-04 Information Flow Enforcement mitigates T1132 Data Encoding
AC-04 Information Flow Enforcement mitigates T1132.001 Standard Encoding
AC-04 Information Flow Enforcement mitigates T1132.002 Non-Standard Encoding
AC-03 Access Enforcement mitigates T1133 External Remote Services
AC-04 Information Flow Enforcement mitigates T1133 External Remote Services
AC-06 Least Privilege mitigates T1133 External Remote Services
AC-07 Unsuccessful Logon Attempts mitigates T1133 External Remote Services
AC-02 Account Management mitigates T1134 Access Token Manipulation
AC-03 Access Enforcement mitigates T1134 Access Token Manipulation
AC-05 Separation of Duties mitigates T1134 Access Token Manipulation
AC-06 Least Privilege mitigates T1134 Access Token Manipulation
AC-02 Account Management mitigates T1134.002 Create Process with Token
AC-03 Access Enforcement mitigates T1134.002 Create Process with Token
AC-05 Separation of Duties mitigates T1134.002 Create Process with Token
AC-06 Least Privilege mitigates T1134.002 Create Process with Token
AC-03 Access Enforcement mitigates T1134.005 SID-History Injection
AC-04 Information Flow Enforcement mitigates T1134.005 SID-History Injection
AC-05 Separation of Duties mitigates T1134.005 SID-History Injection
AC-06 Least Privilege mitigates T1134.005 SID-History Injection
AC-02 Account Management mitigates T1136.001 Local Account
AC-03 Access Enforcement mitigates T1136.001 Local Account
AC-05 Separation of Duties mitigates T1136.001 Local Account
AC-06 Least Privilege mitigates T1136.001 Local Account
AC-10 Concurrent Session Control mitigates T1137 Office Application Startup
AC-06 Least Privilege mitigates T1137 Office Application Startup
AC-06 Least Privilege mitigates T1137.001 Office Template Macros
AC-06 Least Privilege mitigates T1137.003 Outlook Forms
AC-06 Least Privilege mitigates T1137.004 Outlook Home Page
AC-06 Least Privilege mitigates T1137.005 Outlook Rules
AC-06 Least Privilege mitigates T1137.006 Add-ins
AC-10 Concurrent Session Control mitigates T1185 Browser Session Hijacking
AC-12 Session Termination mitigates T1185 Browser Session Hijacking
AC-02 Account Management mitigates T1185 Browser Session Hijacking
AC-03 Access Enforcement mitigates T1185 Browser Session Hijacking
AC-05 Separation of Duties mitigates T1185 Browser Session Hijacking
AC-06 Least Privilege mitigates T1185 Browser Session Hijacking
AC-03 Access Enforcement mitigates T1187 Forced Authentication
AC-04 Information Flow Enforcement mitigates T1187 Forced Authentication
AC-04 Information Flow Enforcement mitigates T1189 Drive-by Compromise
AC-06 Least Privilege mitigates T1189 Drive-by Compromise
AC-02 Account Management mitigates T1197 BITS Jobs
AC-03 Access Enforcement mitigates T1197 BITS Jobs
AC-04 Information Flow Enforcement mitigates T1197 BITS Jobs
AC-05 Separation of Duties mitigates T1197 BITS Jobs
AC-06 Least Privilege mitigates T1197 BITS Jobs
AC-03 Access Enforcement mitigates T1199 Trusted Relationship
AC-04 Information Flow Enforcement mitigates T1199 Trusted Relationship
AC-06 Least Privilege mitigates T1199 Trusted Relationship
AC-08 System Use Notification mitigates T1199 Trusted Relationship
AC-03 Access Enforcement mitigates T1200 Hardware Additions
AC-06 Least Privilege mitigates T1200 Hardware Additions
AC-04 Information Flow Enforcement mitigates T1204.001 Malicious Link
AC-04 Information Flow Enforcement mitigates T1204.003 Malicious Image
AC-03 Access Enforcement mitigates T1205 Traffic Signaling
AC-04 Information Flow Enforcement mitigates T1205 Traffic Signaling
AC-03 Access Enforcement mitigates T1205.001 Port Knocking
AC-04 Information Flow Enforcement mitigates T1205.001 Port Knocking
AC-04 Information Flow Enforcement mitigates T1205.002 Socket Filters
AC-02 Account Management mitigates T1210 Exploitation of Remote Services
AC-03 Access Enforcement mitigates T1210 Exploitation of Remote Services
AC-04 Information Flow Enforcement mitigates T1210 Exploitation of Remote Services
AC-05 Separation of Duties mitigates T1210 Exploitation of Remote Services
AC-06 Least Privilege mitigates T1210 Exploitation of Remote Services
AC-04 Information Flow Enforcement mitigates T1211 Exploitation for Defense Evasion
AC-06 Least Privilege mitigates T1211 Exploitation for Defense Evasion
AC-02 Account Management mitigates T1212 Exploitation for Credential Access
AC-04 Information Flow Enforcement mitigates T1212 Exploitation for Credential Access
AC-06 Least Privilege mitigates T1212 Exploitation for Credential Access
AC-03 Access Enforcement mitigates T1218.002 Control Panel
AC-02 Account Management mitigates T1218.007 Msiexec
AC-03 Access Enforcement mitigates T1218.007 Msiexec
AC-05 Separation of Duties mitigates T1218.007 Msiexec
AC-06 Least Privilege mitigates T1218.007 Msiexec
AC-03 Access Enforcement mitigates T1218.012 Verclsid
AC-04 Information Flow Enforcement mitigates T1218.012 Verclsid
AC-02 Account Management mitigates T1222 File and Directory Permissions Modification
AC-03 Access Enforcement mitigates T1222 File and Directory Permissions Modification
AC-05 Separation of Duties mitigates T1222 File and Directory Permissions Modification
AC-06 Least Privilege mitigates T1222 File and Directory Permissions Modification
AC-02 Account Management mitigates T1222.001 Windows File and Directory Permissions Modification
AC-03 Access Enforcement mitigates T1222.001 Windows File and Directory Permissions Modification
AC-05 Separation of Duties mitigates T1222.001 Windows File and Directory Permissions Modification
AC-06 Least Privilege mitigates T1222.001 Windows File and Directory Permissions Modification
AC-02 Account Management mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
AC-03 Access Enforcement mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
AC-05 Separation of Duties mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
AC-06 Least Privilege mitigates T1222.002 Linux and Mac File and Directory Permissions Modification
AC-04 Information Flow Enforcement mitigates T1482 Domain Trust Discovery
AC-03 Access Enforcement mitigates T1486 Data Encrypted for Impact
AC-06 Least Privilege mitigates T1486 Data Encrypted for Impact
AC-03 Access Enforcement mitigates T1491 Defacement
AC-06 Least Privilege mitigates T1491 Defacement
AC-03 Access Enforcement mitigates T1491.001 Internal Defacement
AC-06 Least Privilege mitigates T1491.001 Internal Defacement
AC-03 Access Enforcement mitigates T1491.002 External Defacement
AC-06 Least Privilege mitigates T1491.002 External Defacement
AC-02 Account Management mitigates T1495 Firmware Corruption
AC-03 Access Enforcement mitigates T1495 Firmware Corruption
AC-05 Separation of Duties mitigates T1495 Firmware Corruption
AC-06 Least Privilege mitigates T1495 Firmware Corruption
AC-03 Access Enforcement mitigates T1498 Network Denial of Service
AC-04 Information Flow Enforcement mitigates T1498 Network Denial of Service
AC-03 Access Enforcement mitigates T1498.001 Direct Network Flood
AC-04 Information Flow Enforcement mitigates T1498.001 Direct Network Flood
AC-03 Access Enforcement mitigates T1498.002 Reflection Amplification
AC-04 Information Flow Enforcement mitigates T1498.002 Reflection Amplification
AC-03 Access Enforcement mitigates T1499 Endpoint Denial of Service
AC-04 Information Flow Enforcement mitigates T1499 Endpoint Denial of Service
AC-03 Access Enforcement mitigates T1499.001 OS Exhaustion Flood
AC-04 Information Flow Enforcement mitigates T1499.001 OS Exhaustion Flood
AC-03 Access Enforcement mitigates T1499.002 Service Exhaustion Flood
AC-04 Information Flow Enforcement mitigates T1499.002 Service Exhaustion Flood
AC-03 Access Enforcement mitigates T1499.003 Application Exhaustion Flood
AC-04 Information Flow Enforcement mitigates T1499.003 Application Exhaustion Flood
AC-03 Access Enforcement mitigates T1499.004 Application or System Exploitation
AC-04 Information Flow Enforcement mitigates T1499.004 Application or System Exploitation
AC-02 Account Management mitigates T1505 Server Software Component
AC-03 Access Enforcement mitigates T1505 Server Software Component
AC-05 Separation of Duties mitigates T1505 Server Software Component
AC-06 Least Privilege mitigates T1505 Server Software Component
AC-02 Account Management mitigates T1505.002 Transport Agent
AC-03 Access Enforcement mitigates T1505.002 Transport Agent
AC-05 Separation of Duties mitigates T1505.002 Transport Agent
AC-06 Least Privilege mitigates T1505.002 Transport Agent
AC-03 Access Enforcement mitigates T1505.004 IIS Components
AC-04 Information Flow Enforcement mitigates T1505.004 IIS Components
AC-06 Least Privilege mitigates T1505.004 IIS Components
AC-12 Session Termination mitigates T1505.005 Terminal Services DLL
AC-02 Account Management mitigates T1505.005 Terminal Services DLL
AC-03 Access Enforcement mitigates T1505.005 Terminal Services DLL
AC-05 Separation of Duties mitigates T1505.005 Terminal Services DLL
AC-06 Least Privilege mitigates T1505.005 Terminal Services DLL
AC-02 Account Management mitigates T1525 Implant Internal Image
AC-03 Access Enforcement mitigates T1525 Implant Internal Image
AC-05 Separation of Duties mitigates T1525 Implant Internal Image
AC-06 Least Privilege mitigates T1525 Implant Internal Image
AC-02 Account Management mitigates T1538 Cloud Service Dashboard
AC-03 Access Enforcement mitigates T1538 Cloud Service Dashboard
AC-05 Separation of Duties mitigates T1538 Cloud Service Dashboard
AC-06 Least Privilege mitigates T1538 Cloud Service Dashboard
AC-02 Account Management mitigates T1542.003 Bootkit
AC-03 Access Enforcement mitigates T1542.003 Bootkit
AC-05 Separation of Duties mitigates T1542.003 Bootkit
AC-06 Least Privilege mitigates T1542.003 Bootkit
AC-03 Access Enforcement mitigates T1542.004 ROMMONkit
AC-06 Least Privilege mitigates T1542.004 ROMMONkit
AC-02 Account Management mitigates T1542.005 TFTP Boot
AC-03 Access Enforcement mitigates T1542.005 TFTP Boot
AC-05 Separation of Duties mitigates T1542.005 TFTP Boot
AC-06 Least Privilege mitigates T1542.005 TFTP Boot
AC-02 Account Management mitigates T1543.001 Launch Agent
AC-03 Access Enforcement mitigates T1543.001 Launch Agent
AC-05 Separation of Duties mitigates T1543.001 Launch Agent
AC-06 Least Privilege mitigates T1543.001 Launch Agent
AC-02 Account Management mitigates T1543.004 Launch Daemon
AC-03 Access Enforcement mitigates T1543.004 Launch Daemon
AC-05 Separation of Duties mitigates T1543.004 Launch Daemon
AC-06 Least Privilege mitigates T1543.004 Launch Daemon
AC-03 Access Enforcement mitigates T1546.004 Unix Shell Configuration Modification
AC-06 Least Privilege mitigates T1546.004 Unix Shell Configuration Modification
AC-06 Least Privilege mitigates T1546.011 Application Shimming
AC-03 Access Enforcement mitigates T1546.013 PowerShell Profile
AC-06 Least Privilege mitigates T1546.013 PowerShell Profile
AC-02 Account Management mitigates T1547.006 Kernel Modules and Extensions
AC-03 Access Enforcement mitigates T1547.006 Kernel Modules and Extensions
AC-05 Separation of Duties mitigates T1547.006 Kernel Modules and Extensions
AC-06 Least Privilege mitigates T1547.006 Kernel Modules and Extensions
AC-03 Access Enforcement mitigates T1547.007 Re-opened Applications
AC-02 Account Management mitigates T1547.012 Print Processors
AC-03 Access Enforcement mitigates T1547.012 Print Processors
AC-05 Separation of Duties mitigates T1547.012 Print Processors
AC-06 Least Privilege mitigates T1547.012 Print Processors
AC-02 Account Management mitigates T1547.013 XDG Autostart Entries
AC-03 Access Enforcement mitigates T1547.013 XDG Autostart Entries
AC-05 Separation of Duties mitigates T1547.013 XDG Autostart Entries
AC-06 Least Privilege mitigates T1547.013 XDG Autostart Entries
AC-02 Account Management mitigates T1548.002 Bypass User Account Control
AC-03 Access Enforcement mitigates T1548.002 Bypass User Account Control
AC-05 Separation of Duties mitigates T1548.002 Bypass User Account Control
AC-06 Least Privilege mitigates T1548.002 Bypass User Account Control
AC-02 Account Management mitigates T1548.003 Sudo and Sudo Caching
AC-03 Access Enforcement mitigates T1548.003 Sudo and Sudo Caching
AC-05 Separation of Duties mitigates T1548.003 Sudo and Sudo Caching
AC-06 Least Privilege mitigates T1548.003 Sudo and Sudo Caching
AC-02 Account Management mitigates T1550.002 Pass the Hash
AC-03 Access Enforcement mitigates T1550.002 Pass the Hash
AC-05 Separation of Duties mitigates T1550.002 Pass the Hash
AC-06 Least Privilege mitigates T1550.002 Pass the Hash
AC-02 Account Management mitigates T1550.003 Pass the Ticket
AC-03 Access Enforcement mitigates T1550.003 Pass the Ticket
AC-05 Separation of Duties mitigates T1550.003 Pass the Ticket
AC-06 Least Privilege mitigates T1550.003 Pass the Ticket
AC-02 Account Management mitigates T1552.002 Credentials in Registry
AC-03 Access Enforcement mitigates T1552.002 Credentials in Registry
AC-05 Separation of Duties mitigates T1552.002 Credentials in Registry
AC-06 Least Privilege mitigates T1552.002 Credentials in Registry
AC-03 Access Enforcement mitigates T1552.005 Cloud Instance Metadata API
AC-04 Information Flow Enforcement mitigates T1552.005 Cloud Instance Metadata API
AC-02 Account Management mitigates T1552.006 Group Policy Preferences
AC-05 Separation of Duties mitigates T1552.006 Group Policy Preferences
AC-06 Least Privilege mitigates T1552.006 Group Policy Preferences
AC-02 Account Management mitigates T1552.007 Container API
AC-03 Access Enforcement mitigates T1552.007 Container API
AC-04 Information Flow Enforcement mitigates T1552.007 Container API
AC-05 Separation of Duties mitigates T1552.007 Container API
AC-06 Least Privilege mitigates T1552.007 Container API
AC-04 Information Flow Enforcement mitigates T1552.008 Chat Messages
AC-03 Access Enforcement mitigates T1553.003 SIP and Trust Provider Hijacking
AC-06 Least Privilege mitigates T1553.003 SIP and Trust Provider Hijacking
AC-06 Least Privilege mitigates T1553.006 Code Signing Policy Modification
AC-06 Least Privilege mitigates T1555.006 Cloud Secrets Management Stores
AC-03 Access Enforcement mitigates T1555.006 Cloud Secrets Management Stores
AC-02 Account Management mitigates T1555.006 Cloud Secrets Management Stores
AC-02 Account Management mitigates T1556.003 Pluggable Authentication Modules
AC-03 Access Enforcement mitigates T1556.003 Pluggable Authentication Modules
AC-05 Separation of Duties mitigates T1556.003 Pluggable Authentication Modules
AC-06 Least Privilege mitigates T1556.003 Pluggable Authentication Modules
AC-07 Unsuccessful Logon Attempts mitigates T1556.003 Pluggable Authentication Modules
AC-02 Account Management mitigates T1556.004 Network Device Authentication
AC-03 Access Enforcement mitigates T1556.004 Network Device Authentication
AC-05 Separation of Duties mitigates T1556.004 Network Device Authentication
AC-06 Least Privilege mitigates T1556.004 Network Device Authentication
AC-07 Unsuccessful Logon Attempts mitigates T1556.004 Network Device Authentication
AC-02 Account Management mitigates T1556.005 Reversible Encryption
AC-05 Separation of Duties mitigates T1556.005 Reversible Encryption
AC-06 Least Privilege mitigates T1556.005 Reversible Encryption
AC-06 Least Privilege mitigates T1556.008 Network Provider DLL
AC-03 Access Enforcement mitigates T1556.008 Network Provider DLL
AC-03 Access Enforcement mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-04 Information Flow Enforcement mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-03 Access Enforcement mitigates T1557.002 ARP Cache Poisoning
AC-04 Information Flow Enforcement mitigates T1557.002 ARP Cache Poisoning
AC-03 Access Enforcement mitigates T1557.003 DHCP Spoofing
AC-04 Information Flow Enforcement mitigates T1557.003 DHCP Spoofing
AC-02 Account Management mitigates T1558.001 Golden Ticket
AC-03 Access Enforcement mitigates T1558.001 Golden Ticket
AC-05 Separation of Duties mitigates T1558.001 Golden Ticket
AC-06 Least Privilege mitigates T1558.001 Golden Ticket
AC-02 Account Management mitigates T1558.002 Silver Ticket
AC-03 Access Enforcement mitigates T1558.002 Silver Ticket
AC-05 Separation of Duties mitigates T1558.002 Silver Ticket
AC-06 Least Privilege mitigates T1558.002 Silver Ticket
AC-02 Account Management mitigates T1558.003 Kerberoasting
AC-03 Access Enforcement mitigates T1558.003 Kerberoasting
AC-05 Separation of Duties mitigates T1558.003 Kerberoasting
AC-06 Least Privilege mitigates T1558.003 Kerberoasting
AC-02 Account Management mitigates T1558.004 AS-REP Roasting
AC-03 Access Enforcement mitigates T1558.004 AS-REP Roasting
AC-02 Account Management mitigates T1559 Inter-Process Communication
AC-03 Access Enforcement mitigates T1559 Inter-Process Communication
AC-04 Information Flow Enforcement mitigates T1559 Inter-Process Communication
AC-05 Separation of Duties mitigates T1559 Inter-Process Communication
AC-06 Least Privilege mitigates T1559 Inter-Process Communication
AC-02 Account Management mitigates T1559.001 Component Object Model
AC-03 Access Enforcement mitigates T1559.001 Component Object Model
AC-04 Information Flow Enforcement mitigates T1559.001 Component Object Model
AC-05 Separation of Duties mitigates T1559.001 Component Object Model
AC-06 Least Privilege mitigates T1559.001 Component Object Model
AC-04 Information Flow Enforcement mitigates T1559.002 Dynamic Data Exchange
AC-06 Least Privilege mitigates T1559.002 Dynamic Data Exchange
AC-03 Access Enforcement mitigates T1561 Disk Wipe
AC-06 Least Privilege mitigates T1561 Disk Wipe
AC-03 Access Enforcement mitigates T1561.001 Disk Content Wipe
AC-06 Least Privilege mitigates T1561.001 Disk Content Wipe
AC-03 Access Enforcement mitigates T1561.002 Disk Structure Wipe
AC-06 Least Privilege mitigates T1561.002 Disk Structure Wipe
AC-02 Account Management mitigates T1562.001 Disable or Modify Tools
AC-03 Access Enforcement mitigates T1562.001 Disable or Modify Tools
AC-05 Separation of Duties mitigates T1562.001 Disable or Modify Tools
AC-06 Least Privilege mitigates T1562.001 Disable or Modify Tools
AC-02 Account Management mitigates T1562.002 Disable Windows Event Logging
AC-03 Access Enforcement mitigates T1562.002 Disable Windows Event Logging
AC-05 Separation of Duties mitigates T1562.002 Disable Windows Event Logging
AC-06 Least Privilege mitigates T1562.002 Disable Windows Event Logging
AC-03 Access Enforcement mitigates T1562.008 Disable or Modify Cloud Logs
AC-05 Separation of Duties mitigates T1562.008 Disable or Modify Cloud Logs
AC-06 Least Privilege mitigates T1562.008 Disable or Modify Cloud Logs
AC-02 Account Management mitigates T1562.008 Disable or Modify Cloud Logs
AC-02 Account Management mitigates T1562.009 Safe Mode Boot
AC-03 Access Enforcement mitigates T1562.009 Safe Mode Boot
AC-05 Separation of Duties mitigates T1562.009 Safe Mode Boot
AC-06 Least Privilege mitigates T1562.009 Safe Mode Boot
AC-06 Least Privilege mitigates T1562.012 Disable or Modify Linux Audit System
AC-03 Access Enforcement mitigates T1562.012 Disable or Modify Linux Audit System
AC-02 Account Management mitigates T1562.012 Disable or Modify Linux Audit System
AC-02 Account Management mitigates T1563.001 SSH Hijacking
AC-03 Access Enforcement mitigates T1563.001 SSH Hijacking
AC-05 Separation of Duties mitigates T1563.001 SSH Hijacking
AC-06 Least Privilege mitigates T1563.001 SSH Hijacking
AC-11 Device Lock mitigates T1563.002 RDP Hijacking
AC-12 Session Termination mitigates T1563.002 RDP Hijacking
AC-02 Account Management mitigates T1563.002 RDP Hijacking
AC-03 Access Enforcement mitigates T1563.002 RDP Hijacking
AC-04 Information Flow Enforcement mitigates T1563.002 RDP Hijacking
AC-05 Separation of Duties mitigates T1563.002 RDP Hijacking
AC-06 Least Privilege mitigates T1563.002 RDP Hijacking
AC-04 Information Flow Enforcement mitigates T1564.008 Email Hiding Rules
AC-03 Access Enforcement mitigates T1565.001 Stored Data Manipulation
AC-03 Access Enforcement mitigates T1565.003 Runtime Data Manipulation
AC-04 Information Flow Enforcement mitigates T1565.003 Runtime Data Manipulation
AC-02 Account Management mitigates T1567 Exfiltration Over Web Service
AC-03 Access Enforcement mitigates T1567 Exfiltration Over Web Service
AC-04 Information Flow Enforcement mitigates T1567 Exfiltration Over Web Service
AC-06 Least Privilege mitigates T1567 Exfiltration Over Web Service
AC-04 Information Flow Enforcement mitigates T1567.001 Exfiltration to Code Repository
AC-04 Information Flow Enforcement mitigates T1567.002 Exfiltration to Cloud Storage
AC-04 Information Flow Enforcement mitigates T1567.003 Exfiltration to Text Storage Sites
AC-04 Information Flow Enforcement mitigates T1567.004 Exfiltration Over Webhook
AC-04 Information Flow Enforcement mitigates T1568 Dynamic Resolution
AC-04 Information Flow Enforcement mitigates T1568.002 Domain Generation Algorithms
AC-02 Account Management mitigates T1569 System Services
AC-03 Access Enforcement mitigates T1569 System Services
AC-05 Separation of Duties mitigates T1569 System Services
AC-06 Least Privilege mitigates T1569 System Services
AC-02 Account Management mitigates T1569.001 Launchctl
AC-03 Access Enforcement mitigates T1569.001 Launchctl
AC-05 Separation of Duties mitigates T1569.001 Launchctl
AC-06 Least Privilege mitigates T1569.001 Launchctl
AC-02 Account Management mitigates T1569.002 Service Execution
AC-03 Access Enforcement mitigates T1569.002 Service Execution
AC-05 Separation of Duties mitigates T1569.002 Service Execution
AC-06 Least Privilege mitigates T1569.002 Service Execution
AC-03 Access Enforcement mitigates T1570 Lateral Tool Transfer
AC-04 Information Flow Enforcement mitigates T1570 Lateral Tool Transfer
AC-04 Information Flow Enforcement mitigates T1571 Non-Standard Port
AC-04 Information Flow Enforcement mitigates T1573.001 Symmetric Cryptography
AC-04 Information Flow Enforcement mitigates T1573.002 Asymmetric Cryptography
AC-02 Account Management mitigates T1574 Hijack Execution Flow
AC-03 Access Enforcement mitigates T1574 Hijack Execution Flow
AC-04 Information Flow Enforcement mitigates T1574 Hijack Execution Flow
AC-05 Separation of Duties mitigates T1574 Hijack Execution Flow
AC-06 Least Privilege mitigates T1574 Hijack Execution Flow
AC-02 Account Management mitigates T1574.004 Dylib Hijacking
AC-03 Access Enforcement mitigates T1574.004 Dylib Hijacking
AC-04 Information Flow Enforcement mitigates T1574.004 Dylib Hijacking
AC-05 Separation of Duties mitigates T1574.004 Dylib Hijacking
AC-06 Least Privilege mitigates T1574.004 Dylib Hijacking
AC-02 Account Management mitigates T1574.005 Executable Installer File Permissions Weakness
AC-03 Access Enforcement mitigates T1574.005 Executable Installer File Permissions Weakness
AC-04 Information Flow Enforcement mitigates T1574.005 Executable Installer File Permissions Weakness
AC-05 Separation of Duties mitigates T1574.005 Executable Installer File Permissions Weakness
AC-06 Least Privilege mitigates T1574.005 Executable Installer File Permissions Weakness
AC-02 Account Management mitigates T1574.007 Path Interception by PATH Environment Variable
AC-03 Access Enforcement mitigates T1574.007 Path Interception by PATH Environment Variable
AC-04 Information Flow Enforcement mitigates T1574.007 Path Interception by PATH Environment Variable
AC-05 Separation of Duties mitigates T1574.007 Path Interception by PATH Environment Variable
AC-06 Least Privilege mitigates T1574.007 Path Interception by PATH Environment Variable
AC-02 Account Management mitigates T1574.008 Path Interception by Search Order Hijacking
AC-03 Access Enforcement mitigates T1574.008 Path Interception by Search Order Hijacking
AC-04 Information Flow Enforcement mitigates T1574.008 Path Interception by Search Order Hijacking
AC-05 Separation of Duties mitigates T1574.008 Path Interception by Search Order Hijacking
AC-06 Least Privilege mitigates T1574.008 Path Interception by Search Order Hijacking
AC-02 Account Management mitigates T1574.009 Path Interception by Unquoted Path
AC-03 Access Enforcement mitigates T1574.009 Path Interception by Unquoted Path
AC-04 Information Flow Enforcement mitigates T1574.009 Path Interception by Unquoted Path
AC-05 Separation of Duties mitigates T1574.009 Path Interception by Unquoted Path
AC-06 Least Privilege mitigates T1574.009 Path Interception by Unquoted Path
AC-02 Account Management mitigates T1574.010 Services File Permissions Weakness
AC-03 Access Enforcement mitigates T1574.010 Services File Permissions Weakness
AC-04 Information Flow Enforcement mitigates T1574.010 Services File Permissions Weakness
AC-05 Separation of Duties mitigates T1574.010 Services File Permissions Weakness
AC-06 Least Privilege mitigates T1574.010 Services File Permissions Weakness
AC-06 Least Privilege mitigates T1574.011 Services Registry Permissions Weakness
AC-02 Account Management mitigates T1574.012 COR_PROFILER
AC-03 Access Enforcement mitigates T1574.012 COR_PROFILER
AC-05 Separation of Duties mitigates T1574.012 COR_PROFILER
AC-06 Least Privilege mitigates T1574.012 COR_PROFILER
AC-02 Account Management mitigates T1578 Modify Cloud Compute Infrastructure
AC-03 Access Enforcement mitigates T1578 Modify Cloud Compute Infrastructure
AC-05 Separation of Duties mitigates T1578 Modify Cloud Compute Infrastructure
AC-06 Least Privilege mitigates T1578 Modify Cloud Compute Infrastructure
AC-02 Account Management mitigates T1578.001 Create Snapshot
AC-03 Access Enforcement mitigates T1578.001 Create Snapshot
AC-05 Separation of Duties mitigates T1578.001 Create Snapshot
AC-06 Least Privilege mitigates T1578.001 Create Snapshot
AC-02 Account Management mitigates T1578.002 Create Cloud Instance
AC-03 Access Enforcement mitigates T1578.002 Create Cloud Instance
AC-05 Separation of Duties mitigates T1578.002 Create Cloud Instance
AC-06 Least Privilege mitigates T1578.002 Create Cloud Instance
AC-02 Account Management mitigates T1578.003 Delete Cloud Instance
AC-03 Access Enforcement mitigates T1578.003 Delete Cloud Instance
AC-05 Separation of Duties mitigates T1578.003 Delete Cloud Instance
AC-06 Least Privilege mitigates T1578.003 Delete Cloud Instance
AC-02 Account Management mitigates T1580 Cloud Infrastructure Discovery
AC-03 Access Enforcement mitigates T1580 Cloud Infrastructure Discovery
AC-05 Separation of Duties mitigates T1580 Cloud Infrastructure Discovery
AC-06 Least Privilege mitigates T1580 Cloud Infrastructure Discovery
AC-04 Information Flow Enforcement mitigates T1598 Phishing for Information
AC-04 Information Flow Enforcement mitigates T1598.001 Spearphishing Service
AC-04 Information Flow Enforcement mitigates T1598.002 Spearphishing Attachment
AC-02 Account Management mitigates T1599 Network Boundary Bridging
AC-03 Access Enforcement mitigates T1599 Network Boundary Bridging
AC-04 Information Flow Enforcement mitigates T1599 Network Boundary Bridging
AC-05 Separation of Duties mitigates T1599 Network Boundary Bridging
AC-06 Least Privilege mitigates T1599 Network Boundary Bridging
AC-02 Account Management mitigates T1599.001 Network Address Translation Traversal
AC-03 Access Enforcement mitigates T1599.001 Network Address Translation Traversal
AC-04 Information Flow Enforcement mitigates T1599.001 Network Address Translation Traversal
AC-05 Separation of Duties mitigates T1599.001 Network Address Translation Traversal
AC-06 Least Privilege mitigates T1599.001 Network Address Translation Traversal
AC-02 Account Management mitigates T1601 Modify System Image
AC-03 Access Enforcement mitigates T1601 Modify System Image
AC-04 Information Flow Enforcement mitigates T1601 Modify System Image
AC-05 Separation of Duties mitigates T1601 Modify System Image
AC-06 Least Privilege mitigates T1601 Modify System Image
AC-02 Account Management mitigates T1601.001 Patch System Image
AC-03 Access Enforcement mitigates T1601.001 Patch System Image
AC-04 Information Flow Enforcement mitigates T1601.001 Patch System Image
AC-05 Separation of Duties mitigates T1601.001 Patch System Image
AC-06 Least Privilege mitigates T1601.001 Patch System Image
AC-02 Account Management mitigates T1601.002 Downgrade System Image
AC-03 Access Enforcement mitigates T1601.002 Downgrade System Image
AC-04 Information Flow Enforcement mitigates T1601.002 Downgrade System Image
AC-05 Separation of Duties mitigates T1601.002 Downgrade System Image
AC-06 Least Privilege mitigates T1601.002 Downgrade System Image
AC-03 Access Enforcement mitigates T1602 Data from Configuration Repository
AC-04 Information Flow Enforcement mitigates T1602 Data from Configuration Repository
AC-03 Access Enforcement mitigates T1602.001 SNMP (MIB Dump)
AC-04 Information Flow Enforcement mitigates T1602.001 SNMP (MIB Dump)
AC-03 Access Enforcement mitigates T1602.002 Network Device Configuration Dump
AC-04 Information Flow Enforcement mitigates T1602.002 Network Device Configuration Dump
AC-02 Account Management mitigates T1606 Forge Web Credentials
AC-03 Access Enforcement mitigates T1606 Forge Web Credentials
AC-05 Separation of Duties mitigates T1606 Forge Web Credentials
AC-06 Least Privilege mitigates T1606 Forge Web Credentials
AC-02 Account Management mitigates T1606.001 Web Cookies
AC-03 Access Enforcement mitigates T1606.001 Web Cookies
AC-06 Least Privilege mitigates T1606.001 Web Cookies
AC-02 Account Management mitigates T1609 Container Administration Command
AC-03 Access Enforcement mitigates T1609 Container Administration Command
AC-04 Information Flow Enforcement mitigates T1609 Container Administration Command
AC-05 Separation of Duties mitigates T1609 Container Administration Command
AC-06 Least Privilege mitigates T1609 Container Administration Command
AC-02 Account Management mitigates T1612 Build Image on Host
AC-03 Access Enforcement mitigates T1612 Build Image on Host
AC-06 Least Privilege mitigates T1612 Build Image on Host
AC-03 Access Enforcement mitigates T1613 Container and Resource Discovery
AC-06 Least Privilege mitigates T1613 Container and Resource Discovery
AC-03 Access Enforcement mitigates T1619 Cloud Storage Object Discovery
AC-05 Separation of Duties mitigates T1619 Cloud Storage Object Discovery
AC-06 Least Privilege mitigates T1619 Cloud Storage Object Discovery
AC-03 Access Enforcement mitigates T1622 Debugger Evasion
AC-04 Information Flow Enforcement mitigates T1622 Debugger Evasion
AC-03 Access Enforcement mitigates T1647 Plist File Modification
AC-06 Least Privilege mitigates T1647 Plist File Modification
AC-04 Information Flow Enforcement mitigates T1659 Content Injection
SC-07 Boundary Protection mitigates T1001.002 Steganography
SC-07 Boundary Protection mitigates T1008 Fallback Channels
SC-07 Boundary Protection mitigates T1021.001 Remote Desktop Protocol
SC-07 Boundary Protection mitigates T1021.002 SMB/Windows Admin Shares
SC-07 Boundary Protection mitigates T1021.003 Distributed Component Object Model
SC-07 Boundary Protection mitigates T1021.005 VNC
SC-07 Boundary Protection mitigates T1021.006 Windows Remote Management
SC-07 Boundary Protection mitigates T1029 Scheduled Transfer
SC-07 Boundary Protection mitigates T1030 Data Transfer Size Limits
SC-07 Boundary Protection mitigates T1036.008 Masquerade File Type
SC-07 Boundary Protection mitigates T1041 Exfiltration Over C2 Channel
SC-07 Boundary Protection mitigates T1046 Network Service Discovery
SC-07 Boundary Protection mitigates T1048 Exfiltration Over Alternative Protocol
SC-07 Boundary Protection mitigates T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-07 Boundary Protection mitigates T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-07 Boundary Protection mitigates T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol
SC-07 Boundary Protection mitigates T1055 Process Injection
SC-07 Boundary Protection mitigates T1055.001 Dynamic-link Library Injection
SC-07 Boundary Protection mitigates T1055.002 Portable Executable Injection
SC-07 Boundary Protection mitigates T1055.003 Thread Execution Hijacking
SC-07 Boundary Protection mitigates T1055.004 Asynchronous Procedure Call
SC-07 Boundary Protection mitigates T1055.005 Thread Local Storage
SC-07 Boundary Protection mitigates T1055.008 Ptrace System Calls
SC-07 Boundary Protection mitigates T1055.009 Proc Memory
SC-07 Boundary Protection mitigates T1055.011 Extra Window Memory Injection
SC-07 Boundary Protection mitigates T1055.012 Process Hollowing
SC-07 Boundary Protection mitigates T1055.013 Process Doppelgänging
SC-07 Boundary Protection mitigates T1055.014 VDSO Hijacking
SC-07 Boundary Protection mitigates T1068 Exploitation for Privilege Escalation
SC-07 Boundary Protection mitigates T1071.001 Web Protocols
SC-07 Boundary Protection mitigates T1071.004 DNS
SC-07 Boundary Protection mitigates T1080 Taint Shared Content
SC-07 Boundary Protection mitigates T1090 Proxy
SC-07 Boundary Protection mitigates T1090.001 Internal Proxy
SC-07 Boundary Protection mitigates T1090.002 External Proxy
SC-07 Boundary Protection mitigates T1095 Non-Application Layer Protocol
SC-07 Boundary Protection mitigates T1102.001 Dead Drop Resolver
SC-07 Boundary Protection mitigates T1102.002 Bidirectional Communication
SC-07 Boundary Protection mitigates T1102.003 One-Way Communication
SC-07 Boundary Protection mitigates T1104 Multi-Stage Channels
SC-07 Boundary Protection mitigates T1132 Data Encoding
SC-07 Boundary Protection mitigates T1132.001 Standard Encoding
SC-07 Boundary Protection mitigates T1132.002 Non-Standard Encoding
SC-07 Boundary Protection mitigates T1133 External Remote Services
SC-07 Boundary Protection mitigates T1187 Forced Authentication
SC-07 Boundary Protection mitigates T1189 Drive-by Compromise
SC-07 Boundary Protection mitigates T1197 BITS Jobs
SC-07 Boundary Protection mitigates T1199 Trusted Relationship
SC-07 Boundary Protection mitigates T1204.001 Malicious Link
SC-07 Boundary Protection mitigates T1204.003 Malicious Image
SC-07 Boundary Protection mitigates T1205 Traffic Signaling
SC-07 Boundary Protection mitigates T1205.001 Port Knocking
SC-07 Boundary Protection mitigates T1210 Exploitation of Remote Services
SC-07 Boundary Protection mitigates T1211 Exploitation for Defense Evasion
SC-07 Boundary Protection mitigates T1212 Exploitation for Credential Access
SC-07 Boundary Protection mitigates T1218.012 Verclsid
SC-07 Boundary Protection mitigates T1221 Template Injection
SC-07 Boundary Protection mitigates T1482 Domain Trust Discovery
SC-07 Boundary Protection mitigates T1498 Network Denial of Service
SC-07 Boundary Protection mitigates T1498.001 Direct Network Flood
SC-07 Boundary Protection mitigates T1498.002 Reflection Amplification
SC-07 Boundary Protection mitigates T1499 Endpoint Denial of Service
SC-07 Boundary Protection mitigates T1499.001 OS Exhaustion Flood
SC-07 Boundary Protection mitigates T1499.002 Service Exhaustion Flood
SC-07 Boundary Protection mitigates T1499.003 Application Exhaustion Flood
SC-07 Boundary Protection mitigates T1499.004 Application or System Exploitation
SC-07 Boundary Protection mitigates T1505.004 IIS Components
SC-07 Boundary Protection mitigates T1542.004 ROMMONkit
SC-07 Boundary Protection mitigates T1542.005 TFTP Boot
SC-07 Boundary Protection mitigates T1552.005 Cloud Instance Metadata API
SC-07 Boundary Protection mitigates T1552.007 Container API
SC-07 Boundary Protection mitigates T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-07 Boundary Protection mitigates T1557.002 ARP Cache Poisoning
SC-07 Boundary Protection mitigates T1557.003 DHCP Spoofing
SC-07 Boundary Protection mitigates T1559 Inter-Process Communication
SC-07 Boundary Protection mitigates T1559.001 Component Object Model
SC-07 Boundary Protection mitigates T1559.002 Dynamic Data Exchange
SC-07 Boundary Protection mitigates T1560.001 Archive via Utility
SC-07 Boundary Protection mitigates T1563.002 RDP Hijacking
SC-07 Boundary Protection mitigates T1565.001 Stored Data Manipulation
SC-07 Boundary Protection mitigates T1565.003 Runtime Data Manipulation
SC-07 Boundary Protection mitigates T1567 Exfiltration Over Web Service
SC-07 Boundary Protection mitigates T1567.001 Exfiltration to Code Repository
SC-07 Boundary Protection mitigates T1567.002 Exfiltration to Cloud Storage
SC-07 Boundary Protection mitigates T1567.003 Exfiltration to Text Storage Sites
SC-07 Boundary Protection mitigates T1567.004 Exfiltration Over Webhook
SC-07 Boundary Protection mitigates T1568 Dynamic Resolution
SC-07 Boundary Protection mitigates T1568.002 Domain Generation Algorithms
SC-07 Boundary Protection mitigates T1570 Lateral Tool Transfer
SC-07 Boundary Protection mitigates T1571 Non-Standard Port
SC-07 Boundary Protection mitigates T1573.001 Symmetric Cryptography
SC-07 Boundary Protection mitigates T1573.002 Asymmetric Cryptography
SC-07 Boundary Protection mitigates T1598 Phishing for Information
SC-07 Boundary Protection mitigates T1598.001 Spearphishing Service
SC-07 Boundary Protection mitigates T1598.002 Spearphishing Attachment
SC-07 Boundary Protection mitigates T1599 Network Boundary Bridging
SC-07 Boundary Protection mitigates T1599.001 Network Address Translation Traversal
SC-07 Boundary Protection mitigates T1602 Data from Configuration Repository
SC-07 Boundary Protection mitigates T1602.001 SNMP (MIB Dump)
SC-07 Boundary Protection mitigates T1602.002 Network Device Configuration Dump
SC-07 Boundary Protection mitigates T1609 Container Administration Command
SC-07 Boundary Protection mitigates T1612 Build Image on Host
SC-07 Boundary Protection mitigates T1613 Container and Resource Discovery
SC-07 Boundary Protection mitigates T1622 Debugger Evasion
SC-07 Boundary Protection mitigates T1659 Content Injection
CM-03 Configuration Change Control mitigates T1195.003 Compromise Hardware Supply Chain
CM-03 Configuration Change Control mitigates T1495 Firmware Corruption
CM-03 Configuration Change Control mitigates T1542.003 Bootkit
CM-03 Configuration Change Control mitigates T1542.004 ROMMONkit
CM-03 Configuration Change Control mitigates T1542.005 TFTP Boot
CM-03 Configuration Change Control mitigates T1547.007 Re-opened Applications
CM-03 Configuration Change Control mitigates T1547.013 XDG Autostart Entries
CM-03 Configuration Change Control mitigates T1553.006 Code Signing Policy Modification
CM-03 Configuration Change Control mitigates T1556.008 Network Provider DLL
CM-03 Configuration Change Control mitigates T1562.008 Disable or Modify Cloud Logs
CM-03 Configuration Change Control mitigates T1562.012 Disable or Modify Linux Audit System
CM-03 Configuration Change Control mitigates T1564.008 Email Hiding Rules
CM-03 Configuration Change Control mitigates T1601 Modify System Image
CM-03 Configuration Change Control mitigates T1601.001 Patch System Image
CM-03 Configuration Change Control mitigates T1601.002 Downgrade System Image
CM-03 Configuration Change Control mitigates T1647 Plist File Modification
CM-03 Configuration Change Control mitigates T1653 Power Settings