|
CP-09
|
System Backup
| mitigates |
T1003
|
OS Credential Dumping
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1119
|
Automated Collection
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1485
|
Data Destruction
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1565
|
Data Manipulation
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1485
|
Data Destruction
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1485.001
|
Lifecycle-Triggered Deletion
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1565
|
Data Manipulation
|
|
CP-02
|
Contingency Plan
| mitigates |
T1485
|
Data Destruction
|
|
CP-02
|
Contingency Plan
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1119
|
Automated Collection
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1565
|
Data Manipulation
|
|
CP-09
|
System Backup
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CP-09
|
System Backup
| mitigates |
T1119
|
Automated Collection
|
|
CP-09
|
System Backup
| mitigates |
T1485
|
Data Destruction
|
|
CP-09
|
System Backup
| mitigates |
T1485.001
|
Lifecycle-Triggered Deletion
|
|
CP-09
|
System Backup
| mitigates |
T1490
|
Inhibit System Recovery
|
|
CP-09
|
System Backup
| mitigates |
T1565
|
Data Manipulation
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1070
|
Indicator Removal
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1070
|
Indicator Removal
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1070.008
|
Clear Mailbox Data
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1486
|
Data Encrypted for Impact
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1491
|
Defacement
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1491.001
|
Internal Defacement
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1491.002
|
External Defacement
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1561
|
Disk Wipe
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1561.001
|
Disk Content Wipe
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1561.002
|
Disk Structure Wipe
|
|
CP-07
|
Alternate Processing Site
| mitigates |
T1565.001
|
Stored Data Manipulation
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1486
|
Data Encrypted for Impact
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1491
|
Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1491.001
|
Internal Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1491.002
|
External Defacement
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1561
|
Disk Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1561.001
|
Disk Content Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1561.002
|
Disk Structure Wipe
|
|
CP-10
|
System Recovery and Reconstitution
| mitigates |
T1565.001
|
Stored Data Manipulation
|
|
CP-02
|
Contingency Plan
| mitigates |
T1486
|
Data Encrypted for Impact
|
|
CP-02
|
Contingency Plan
| mitigates |
T1491
|
Defacement
|
|
CP-02
|
Contingency Plan
| mitigates |
T1491.001
|
Internal Defacement
|
|
CP-02
|
Contingency Plan
| mitigates |
T1491.002
|
External Defacement
|
|
CP-02
|
Contingency Plan
| mitigates |
T1561
|
Disk Wipe
|
|
CP-02
|
Contingency Plan
| mitigates |
T1561.001
|
Disk Content Wipe
|
|
CP-02
|
Contingency Plan
| mitigates |
T1561.002
|
Disk Structure Wipe
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1070.008
|
Clear Mailbox Data
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1486
|
Data Encrypted for Impact
|
|
CP-06
|
Alternate Storage Site
| mitigates |
T1565.001
|
Stored Data Manipulation
|
|
CP-09
|
System Backup
| mitigates |
T1003.003
|
NTDS
|
|
CP-09
|
System Backup
| mitigates |
T1005
|
Data from Local System
|
|
CP-09
|
System Backup
| mitigates |
T1025
|
Data from Removable Media
|
|
CP-09
|
System Backup
| mitigates |
T1070
|
Indicator Removal
|
|
CP-09
|
System Backup
| mitigates |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CP-09
|
System Backup
| mitigates |
T1070.008
|
Clear Mailbox Data
|
|
CP-09
|
System Backup
| mitigates |
T1486
|
Data Encrypted for Impact
|
|
CP-09
|
System Backup
| mitigates |
T1491
|
Defacement
|
|
CP-09
|
System Backup
| mitigates |
T1491.001
|
Internal Defacement
|
|
CP-09
|
System Backup
| mitigates |
T1491.002
|
External Defacement
|
|
CP-09
|
System Backup
| mitigates |
T1561
|
Disk Wipe
|
|
CP-09
|
System Backup
| mitigates |
T1561.001
|
Disk Content Wipe
|
|
CP-09
|
System Backup
| mitigates |
T1561.002
|
Disk Structure Wipe
|
|
CP-09
|
System Backup
| mitigates |
T1565.001
|
Stored Data Manipulation
|
|
CP-09
|
System Backup
| mitigates |
T1565.003
|
Runtime Data Manipulation
|
