1. Home
  2. Mapping Frameworks
  3. NIST 800-53 Home

NIST 800-53

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. These mappings provide resources for assessing security control coverage of real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat intelligence into the risk management process. Shared understanding of how the implementation of NIST 800-53 security controls in an environment can mitigate adversary techniques of interest is an important step to bring security operations teams and risk management teams together to build a structured, threat-informed approach to securing systems and environments.

NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 16.1, 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise

NIST 800-53 Mapping Methodology | Mapping Scope

Download Mapping Artifacts:

download JSON

download YAML

download CSV

download Excel

download STIX Bundles

download Navigator Layers

SELECT VERSIONS

NIST 800-53 Version

ATT&CK Version

ATT&CK Domain

Capability Groups

ID Capability Group Name Number of Mappings Number of Capabilities
AC Access Control 1075 18
CA Security Assessment and Authorization 250 3
CM Configuration Management 946 8
CP Contingency Planning 60 5
IA Identification and Authentication 305 10
MP Media Protection 5 1
PL Planning 2 1
RA Risk Assessment 114 3
SA System and Services Acquisition 88 10
SC System and Communications Protection 420 27
SI System and Information Integrity 890 11
SR Supply Chain Risk Management 36 4

All Mappings

This is a very large mapping. To reduce the size, we have only downloaded the first 550 of 4,191 mappings. Load all data (4.2 MB)

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token
AC-11 Device Lock Protects T1021.001 Remote Desktop Protocol
AC-11 Device Lock Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-14 Permitted Actions Without Identification or Authentication Protects T1137.002 Office Test
AC-16 Security and Privacy Attributes Protects T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes Protects T1003.003 NTDS
AC-16 Security and Privacy Attributes Protects T1020.001 Traffic Duplication
AC-16 Security and Privacy Attributes Protects T1040 Network Sniffing
AC-16 Security and Privacy Attributes Protects T1070 Indicator Removal on Host
AC-16 Security and Privacy Attributes Protects T1070.001 Clear Windows Event Logs
AC-16 Security and Privacy Attributes Protects T1070.002 Clear Linux or Mac System Logs
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-16 Security and Privacy Attributes Protects T1114.001 Local Email Collection
AC-16 Security and Privacy Attributes Protects T1114.002 Remote Email Collection
AC-16 Security and Privacy Attributes Protects T1114.003 Email Forwarding Rule
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-16 Security and Privacy Attributes Protects T1204 User Execution
AC-16 Security and Privacy Attributes Protects T1204.001 Malicious Link
AC-16 Security and Privacy Attributes Protects T1204.002 Malicious File
AC-16 Security and Privacy Attributes Protects T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage Object
AC-16 Security and Privacy Attributes Protects T1537 Transfer Data to Cloud Account
AC-16 Security and Privacy Attributes Protects T1547.007 Re-opened Applications
AC-16 Security and Privacy Attributes Protects T1547.011 Plist Modification
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-16 Security and Privacy Attributes Protects T1548.003 Sudo and Sudo Caching
AC-16 Security and Privacy Attributes Protects T1550.001 Application Access Token
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes Protects T1552.004 Private Keys
AC-16 Security and Privacy Attributes Protects T1552.005 Cloud Instance Metadata API
AC-16 Security and Privacy Attributes Protects T1557 Man-in-the-Middle
AC-16 Security and Privacy Attributes Protects T1557.002 ARP Cache Poisoning
AC-16 Security and Privacy Attributes Protects T1558 Steal or Forge Kerberos Tickets
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes Protects T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes Protects T1558.004 AS-REP Roasting
AC-16 Security and Privacy Attributes Protects T1564.004 NTFS File Attributes
AC-16 Security and Privacy Attributes Protects T1565 Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.002 Transmitted Data Manipulation
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1070 Indicator Removal on Host
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1204 User Execution
AC-17 Remote Access Protects T1204.001 Malicious Link
AC-17 Remote Access Protects T1204.002 Malicious File
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1543.003 Windows Service
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1557 Man-in-the-Middle
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
AC-18 Wireless Access Protects T1020.001 Traffic Duplication
AC-18 Wireless Access Protects T1040 Network Sniffing
AC-18 Wireless Access Protects T1070 Indicator Removal on Host
AC-18 Wireless Access Protects T1070.001 Clear Windows Event Logs
AC-18 Wireless Access Protects T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1530 Data from Cloud Storage Object
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552.004 Private Keys
AC-18 Wireless Access Protects T1557 Man-in-the-Middle
AC-18 Wireless Access Protects T1557.002 ARP Cache Poisoning
AC-18 Wireless Access Protects T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.003 Kerberoasting
AC-18 Wireless Access Protects T1558.004 AS-REP Roasting
AC-18 Wireless Access Protects T1565 Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1070 Indicator Removal on Host
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage Object
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1557 Man-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-2 Account Management Protects T1003 OS Credential Dumping
AC-2 Account Management Protects T1003.001 LSASS Memory
AC-2 Account Management Protects T1003.002 Security Account Manager
AC-2 Account Management Protects T1003.003 NTDS
AC-2 Account Management Protects T1003.004 LSA Secrets
AC-2 Account Management Protects T1003.005 Cached Domain Credentials
AC-2 Account Management Protects T1003.006 DCSync
AC-2 Account Management Protects T1003.007 Proc Filesystem
AC-2 Account Management Protects T1003.008 /etc/passwd and /etc/shadow
AC-2 Account Management Protects T1021 Remote Services
AC-2 Account Management Protects T1021.001 Remote Desktop Protocol
AC-2 Account Management Protects T1021.002 SMB/Windows Admin Shares
AC-2 Account Management Protects T1021.003 Distributed Component Object Model
AC-2 Account Management Protects T1021.004 SSH
AC-2 Account Management Protects T1021.005 VNC
AC-2 Account Management Protects T1021.006 Windows Remote Management
AC-2 Account Management Protects T1036 Masquerading
AC-2 Account Management Protects T1036.003 Rename System Utilities
AC-2 Account Management Protects T1036.005 Match Legitimate Name or Location
AC-2 Account Management Protects T1047 Windows Management Instrumentation
AC-2 Account Management Protects T1053 Scheduled Task/Job
AC-2 Account Management Protects T1053.001 At (Linux)
AC-2 Account Management Protects T1053.002 At (Windows)
AC-2 Account Management Protects T1053.003 Cron
AC-2 Account Management Protects T1053.004 Launchd
AC-2 Account Management Protects T1053.005 Scheduled Task
AC-2 Account Management Protects T1053.006 Systemd Timers
AC-2 Account Management Protects T1055 Process Injection
AC-2 Account Management Protects T1055.008 Ptrace System Calls
AC-2 Account Management Protects T1056.003 Web Portal Capture
AC-2 Account Management Protects T1059 Command and Scripting Interpreter
AC-2 Account Management Protects T1059.001 PowerShell
AC-2 Account Management Protects T1059.008 Network Device CLI
AC-2 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-2 Account Management Protects T1070 Indicator Removal on Host
AC-2 Account Management Protects T1070.001 Clear Windows Event Logs
AC-2 Account Management Protects T1070.002 Clear Linux or Mac System Logs
AC-2 Account Management Protects T1070.003 Clear Command History
AC-2 Account Management Protects T1072 Software Deployment Tools
AC-2 Account Management Protects T1078 Valid Accounts
AC-2 Account Management Protects T1078.001 Default Accounts
AC-2 Account Management Protects T1078.002 Domain Accounts
AC-2 Account Management Protects T1078.003 Local Accounts
AC-2 Account Management Protects T1078.004 Cloud Accounts
AC-2 Account Management Protects T1087.004 Cloud Account
AC-2 Account Management Protects T1098 Account Manipulation
AC-2 Account Management Protects T1098.001 Additional Cloud Credentials
AC-2 Account Management Protects T1098.002 Exchange Email Delegate Permissions
AC-2 Account Management Protects T1098.003 Add Office 365 Global Administrator Role
AC-2 Account Management Protects T1110 Brute Force
AC-2 Account Management Protects T1110.001 Password Guessing
AC-2 Account Management Protects T1110.002 Password Cracking
AC-2 Account Management Protects T1110.003 Password Spraying
AC-2 Account Management Protects T1110.004 Credential Stuffing
AC-2 Account Management Protects T1134 Access Token Manipulation
AC-2 Account Management Protects T1134.001 Token Impersonation/Theft
AC-2 Account Management Protects T1134.002 Create Process with Token
AC-2 Account Management Protects T1134.003 Make and Impersonate Token
AC-2 Account Management Protects T1136 Create Account
AC-2 Account Management Protects T1136.001 Local Account
AC-2 Account Management Protects T1136.002 Domain Account
AC-2 Account Management Protects T1136.003 Cloud Account
AC-2 Account Management Protects T1185 Man in the Browser
AC-2 Account Management Protects T1190 Exploit Public-Facing Application
AC-2 Account Management Protects T1197 BITS Jobs
AC-2 Account Management Protects T1204 User Execution
AC-2 Account Management Protects T1204.001 Malicious Link
AC-2 Account Management Protects T1204.002 Malicious File
AC-2 Account Management Protects T1210 Exploitation of Remote Services
AC-2 Account Management Protects T1212 Exploitation for Credential Access
AC-2 Account Management Protects T1213 Data from Information Repositories
AC-2 Account Management Protects T1213.001 Confluence
AC-2 Account Management Protects T1213.002 Sharepoint
AC-2 Account Management Protects T1218 Signed Binary Proxy Execution
AC-2 Account Management Protects T1218.007 Msiexec
AC-2 Account Management Protects T1222 File and Directory Permissions Modification
AC-2 Account Management Protects T1222.001 Windows File and Directory Permissions Modification
AC-2 Account Management Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-2 Account Management Protects T1484 Domain Policy Modification
AC-2 Account Management Protects T1489 Service Stop
AC-2 Account Management Protects T1495 Firmware Corruption
AC-2 Account Management Protects T1505 Server Software Component
AC-2 Account Management Protects T1505.001 SQL Stored Procedures
AC-2 Account Management Protects T1505.002 Transport Agent
AC-2 Account Management Protects T1525 Implant Container Image
AC-2 Account Management Protects T1528 Steal Application Access Token
AC-2 Account Management Protects T1530 Data from Cloud Storage Object
AC-2 Account Management Protects T1537 Transfer Data to Cloud Account
AC-2 Account Management Protects T1538 Cloud Service Dashboard
AC-2 Account Management Protects T1542 Pre-OS Boot
AC-2 Account Management Protects T1542.001 System Firmware
AC-2 Account Management Protects T1542.003 Bootkit
AC-2 Account Management Protects T1542.005 TFTP Boot
AC-2 Account Management Protects T1543 Create or Modify System Process
AC-2 Account Management Protects T1543.001 Launch Agent
AC-2 Account Management Protects T1543.002 Systemd Service
AC-2 Account Management Protects T1543.003 Windows Service
AC-2 Account Management Protects T1543.004 Launch Daemon
AC-2 Account Management Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-2 Account Management Protects T1547.004 Winlogon Helper DLL
AC-2 Account Management Protects T1547.006 Kernel Modules and Extensions
AC-2 Account Management Protects T1547.009 Shortcut Modification
AC-2 Account Management Protects T1547.012 Print Processors
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1548.002 Bypass User Account Control
AC-2 Account Management Protects T1548.003 Sudo and Sudo Caching
AC-2 Account Management Protects T1550 Use Alternate Authentication Material
AC-2 Account Management Protects T1550.002 Pass the Hash
AC-2 Account Management Protects T1550.003 Pass the Ticket
AC-2 Account Management Protects T1552 Unsecured Credentials
AC-2 Account Management Protects T1552.001 Credentials In Files
AC-2 Account Management Protects T1552.002 Credentials in Registry
AC-2 Account Management Protects T1552.004 Private Keys
AC-2 Account Management Protects T1552.006 Group Policy Preferences
AC-2 Account Management Protects T1556 Modify Authentication Process
AC-2 Account Management Protects T1556.001 Domain Controller Authentication
AC-2 Account Management Protects T1556.003 Pluggable Authentication Modules
AC-2 Account Management Protects T1556.004 Network Device Authentication
AC-2 Account Management Protects T1558 Steal or Forge Kerberos Tickets
AC-2 Account Management Protects T1558.001 Golden Ticket
AC-2 Account Management Protects T1558.002 Silver Ticket
AC-2 Account Management Protects T1558.003 Kerberoasting
AC-2 Account Management Protects T1558.004 AS-REP Roasting
AC-2 Account Management Protects T1559 Inter-Process Communication
AC-2 Account Management Protects T1559.001 Component Object Model
AC-2 Account Management Protects T1562 Impair Defenses
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-2 Account Management Protects T1562.002 Disable Windows Event Logging
AC-2 Account Management Protects T1562.004 Disable or Modify System Firewall
AC-2 Account Management Protects T1562.006 Indicator Blocking
AC-2 Account Management Protects T1562.007 Disable or Modify Cloud Firewall
AC-2 Account Management Protects T1562.008 Disable Cloud Logs
AC-2 Account Management Protects T1563 Remote Service Session Hijacking
AC-2 Account Management Protects T1563.001 SSH Hijacking
AC-2 Account Management Protects T1563.002 RDP Hijacking
AC-2 Account Management Protects T1569 System Services
AC-2 Account Management Protects T1569.001 Launchctl
AC-2 Account Management Protects T1569.002 Service Execution
AC-2 Account Management Protects T1574 Hijack Execution Flow
AC-2 Account Management Protects T1574.002 DLL Side-Loading
AC-2 Account Management Protects T1574.004 Dylib Hijacking
AC-2 Account Management Protects T1574.005 Executable Installer File Permissions Weakness
AC-2 Account Management Protects T1574.007 Path Interception by PATH Environment Variable
AC-2 Account Management Protects T1574.008 Path Interception by Search Order Hijacking
AC-2 Account Management Protects T1574.009 Path Interception by Unquoted Path
AC-2 Account Management Protects T1574.010 Services File Permissions Weakness
AC-2 Account Management Protects T1574.012 COR_PROFILER
AC-2 Account Management Protects T1578 Modify Cloud Compute Infrastructure
AC-2 Account Management Protects T1578.001 Create Snapshot
AC-2 Account Management Protects T1578.002 Create Cloud Instance
AC-2 Account Management Protects T1578.003 Delete Cloud Instance
AC-2 Account Management Protects T1580 Cloud Infrastructure Discovery
AC-2 Account Management Protects T1599 Network Boundary Bridging
AC-2 Account Management Protects T1599.001 Network Address Translation Traversal
AC-2 Account Management Protects T1601 Modify System Image
AC-2 Account Management Protects T1601.001 Patch System Image
AC-2 Account Management Protects T1601.002 Downgrade System Image
AC-20 Use of External Systems Protects T1020.001 Traffic Duplication
AC-20 Use of External Systems Protects T1021 Remote Services
AC-20 Use of External Systems Protects T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems Protects T1021.004 SSH
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1078.002 Domain Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems Protects T1098.002 Exchange Email Delegate Permissions
AC-20 Use of External Systems Protects T1098.003 Add Office 365 Global Administrator Role
AC-20 Use of External Systems Protects T1110 Brute Force
AC-20 Use of External Systems Protects T1110.001 Password Guessing
AC-20 Use of External Systems Protects T1110.002 Password Cracking
AC-20 Use of External Systems Protects T1110.003 Password Spraying
AC-20 Use of External Systems Protects T1110.004 Credential Stuffing
AC-20 Use of External Systems Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114.001 Local Email Collection
AC-20 Use of External Systems Protects T1114.002 Remote Email Collection
AC-20 Use of External Systems Protects T1114.003 Email Forwarding Rule
AC-20 Use of External Systems Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1134.005 SID-History Injection
AC-20 Use of External Systems Protects T1136 Create Account
AC-20 Use of External Systems Protects T1136.001 Local Account
AC-20 Use of External Systems Protects T1136.002 Domain Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage Object
AC-20 Use of External Systems Protects T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems Protects T1539 Steal Web Session Cookie
AC-20 Use of External Systems Protects T1550.001 Application Access Token
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552.004 Private Keys
AC-20 Use of External Systems Protects T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems Protects T1556 Modify Authentication Process
AC-20 Use of External Systems Protects T1556.001 Domain Controller Authentication
AC-20 Use of External Systems Protects T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems Protects T1556.004 Network Device Authentication
AC-20 Use of External Systems Protects T1557 Man-in-the-Middle
AC-20 Use of External Systems Protects T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems Protects T1565 Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems Protects T1567 Exfiltration Over Web Service
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-21 Information Sharing Protects T1204 User Execution
AC-21 Information Sharing Protects T1204.001 Malicious Link
AC-21 Information Sharing Protects T1204.002 Malicious File
AC-23 Data Mining Protection Protects T1133 External Remote Services
AC-23 Data Mining Protection Protects T1204 User Execution
AC-23 Data Mining Protection Protects T1204.001 Malicious Link
AC-23 Data Mining Protection Protects T1204.002 Malicious File
AC-3 Access Enforcement Protects T1003 OS Credential Dumping
AC-3 Access Enforcement Protects T1003.001 LSASS Memory
AC-3 Access Enforcement Protects T1003.002 Security Account Manager
AC-3 Access Enforcement Protects T1003.003 NTDS
AC-3 Access Enforcement Protects T1003.004 LSA Secrets
AC-3 Access Enforcement Protects T1003.005 Cached Domain Credentials
AC-3 Access Enforcement Protects T1003.006 DCSync
AC-3 Access Enforcement Protects T1003.007 Proc Filesystem
AC-3 Access Enforcement Protects T1003.008 /etc/passwd and /etc/shadow
AC-3 Access Enforcement Protects T1021 Remote Services
AC-3 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-3 Access Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-3 Access Enforcement Protects T1021.003 Distributed Component Object Model
AC-3 Access Enforcement Protects T1021.004 SSH
AC-3 Access Enforcement Protects T1021.005 VNC
AC-3 Access Enforcement Protects T1021.006 Windows Remote Management
AC-3 Access Enforcement Protects T1036 Masquerading
AC-3 Access Enforcement Protects T1036.003 Rename System Utilities
AC-3 Access Enforcement Protects T1036.005 Match Legitimate Name or Location
AC-3 Access Enforcement Protects T1037 Boot or Logon Initialization Scripts
AC-3 Access Enforcement Protects T1037.002 Logon Script (Mac)
AC-3 Access Enforcement Protects T1037.003 Network Logon Script
AC-3 Access Enforcement Protects T1037.004 Rc.common
AC-3 Access Enforcement Protects T1037.005 Startup Items
AC-3 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-3 Access Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-3 Access Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-3 Access Enforcement Protects T1052 Exfiltration Over Physical Medium
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-3 Access Enforcement Protects T1053 Scheduled Task/Job
AC-3 Access Enforcement Protects T1053.001 At (Linux)
AC-3 Access Enforcement Protects T1053.002 At (Windows)
AC-3 Access Enforcement Protects T1053.003 Cron
AC-3 Access Enforcement Protects T1053.004 Launchd
AC-3 Access Enforcement Protects T1053.005 Scheduled Task
AC-3 Access Enforcement Protects T1053.006 Systemd Timers
AC-3 Access Enforcement Protects T1055 Process Injection
AC-3 Access Enforcement Protects T1055.008 Ptrace System Calls
AC-3 Access Enforcement Protects T1055.009 Proc Memory
AC-3 Access Enforcement Protects T1056.003 Web Portal Capture
AC-3 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-3 Access Enforcement Protects T1059.001 PowerShell
AC-3 Access Enforcement Protects T1059.008 Network Device CLI
AC-3 Access Enforcement Protects T1070 Indicator Removal on Host
AC-3 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-3 Access Enforcement Protects T1070.002 Clear Linux or Mac System Logs
AC-3 Access Enforcement Protects T1070.003 Clear Command History
AC-3 Access Enforcement Protects T1071.004 DNS
AC-3 Access Enforcement Protects T1072 Software Deployment Tools
AC-3 Access Enforcement Protects T1078 Valid Accounts
AC-3 Access Enforcement Protects T1078.002 Domain Accounts
AC-3 Access Enforcement Protects T1078.003 Local Accounts
AC-3 Access Enforcement Protects T1078.004 Cloud Accounts
AC-3 Access Enforcement Protects T1080 Taint Shared Content
AC-3 Access Enforcement Protects T1087.004 Cloud Account
AC-3 Access Enforcement Protects T1090 Proxy
AC-3 Access Enforcement Protects T1090.003 Multi-hop Proxy
AC-3 Access Enforcement Protects T1091 Replication Through Removable Media
AC-3 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-3 Access Enforcement Protects T1098 Account Manipulation
AC-3 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-3 Access Enforcement Protects T1098.002 Exchange Email Delegate Permissions
AC-3 Access Enforcement Protects T1098.003 Add Office 365 Global Administrator Role
AC-3 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-3 Access Enforcement Protects T1110 Brute Force
AC-3 Access Enforcement Protects T1110.001 Password Guessing
AC-3 Access Enforcement Protects T1110.002 Password Cracking
AC-3 Access Enforcement Protects T1110.003 Password Spraying
AC-3 Access Enforcement Protects T1110.004 Credential Stuffing
AC-3 Access Enforcement Protects T1114 Email Collection
AC-3 Access Enforcement Protects T1114.002 Remote Email Collection
AC-3 Access Enforcement Protects T1133 External Remote Services
AC-3 Access Enforcement Protects T1134 Access Token Manipulation
AC-3 Access Enforcement Protects T1134.001 Token Impersonation/Theft
AC-3 Access Enforcement Protects T1134.002 Create Process with Token
AC-3 Access Enforcement Protects T1134.003 Make and Impersonate Token
AC-3 Access Enforcement Protects T1134.005 SID-History Injection
AC-3 Access Enforcement Protects T1136 Create Account
AC-3 Access Enforcement Protects T1136.001 Local Account
AC-3 Access Enforcement Protects T1136.002 Domain Account
AC-3 Access Enforcement Protects T1136.003 Cloud Account
AC-3 Access Enforcement Protects T1185 Man in the Browser
AC-3 Access Enforcement Protects T1187 Forced Authentication
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1197 BITS Jobs
AC-3 Access Enforcement Protects T1199 Trusted Relationship
AC-3 Access Enforcement Protects T1200 Hardware Additions
AC-3 Access Enforcement Protects T1204 User Execution
AC-3 Access Enforcement Protects T1204.001 Malicious Link
AC-3 Access Enforcement Protects T1204.002 Malicious File
AC-3 Access Enforcement Protects T1205 Traffic Signaling
AC-3 Access Enforcement Protects T1205.001 Port Knocking
AC-3 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-3 Access Enforcement Protects T1213 Data from Information Repositories
AC-3 Access Enforcement Protects T1213.001 Confluence
AC-3 Access Enforcement Protects T1213.002 Sharepoint
AC-3 Access Enforcement Protects T1218 Signed Binary Proxy Execution
AC-3 Access Enforcement Protects T1218.002 Control Panel
AC-3 Access Enforcement Protects T1218.007 Msiexec
AC-3 Access Enforcement Protects T1218.012 Verclsid
AC-3 Access Enforcement Protects T1219 Remote Access Software
AC-3 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.001 Windows File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1484 Domain Policy Modification
AC-3 Access Enforcement Protects T1485 Data Destruction
AC-3 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-3 Access Enforcement Protects T1489 Service Stop
AC-3 Access Enforcement Protects T1490 Inhibit System Recovery
AC-3 Access Enforcement Protects T1491 Defacement
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-3 Access Enforcement Protects T1495 Firmware Corruption
AC-3 Access Enforcement Protects T1498 Network Denial of Service
AC-3 Access Enforcement Protects T1498.001 Direct Network Flood
AC-3 Access Enforcement Protects T1498.002 Reflection Amplification
AC-3 Access Enforcement Protects T1499 Endpoint Denial of Service
AC-3 Access Enforcement Protects T1499.001 OS Exhaustion Flood
AC-3 Access Enforcement Protects T1499.002 Service Exhaustion Flood
AC-3 Access Enforcement Protects T1499.003 Application Exhaustion Flood
AC-3 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-3 Access Enforcement Protects T1505 Server Software Component
AC-3 Access Enforcement Protects T1505.001 SQL Stored Procedures
AC-3 Access Enforcement Protects T1505.002 Transport Agent
AC-3 Access Enforcement Protects T1525 Implant Container Image
AC-3 Access Enforcement Protects T1528 Steal Application Access Token
AC-3 Access Enforcement Protects T1530 Data from Cloud Storage Object
AC-3 Access Enforcement Protects T1537 Transfer Data to Cloud Account
AC-3 Access Enforcement Protects T1538 Cloud Service Dashboard
AC-3 Access Enforcement Protects T1539 Steal Web Session Cookie
AC-3 Access Enforcement Protects T1542 Pre-OS Boot
AC-3 Access Enforcement Protects T1542.001 System Firmware
AC-3 Access Enforcement Protects T1542.003 Bootkit
AC-3 Access Enforcement Protects T1542.004 ROMMONkit
AC-3 Access Enforcement Protects T1542.005 TFTP Boot
AC-3 Access Enforcement Protects T1543 Create or Modify System Process
AC-3 Access Enforcement Protects T1543.001 Launch Agent
AC-3 Access Enforcement Protects T1543.002 Systemd Service
AC-3 Access Enforcement Protects T1543.003 Windows Service
AC-3 Access Enforcement Protects T1543.004 Launch Daemon
AC-3 Access Enforcement Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-3 Access Enforcement Protects T1546.004 .bash_profile and .bashrc
AC-3 Access Enforcement Protects T1546.013 PowerShell Profile
AC-3 Access Enforcement Protects T1547.003 Time Providers
AC-3 Access Enforcement Protects T1547.004 Winlogon Helper DLL
AC-3 Access Enforcement Protects T1547.006 Kernel Modules and Extensions
AC-3 Access Enforcement Protects T1547.007 Re-opened Applications
AC-3 Access Enforcement Protects T1547.009 Shortcut Modification
AC-3 Access Enforcement Protects T1547.011 Plist Modification
AC-3 Access Enforcement Protects T1547.012 Print Processors
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548.002 Bypass User Account Control
AC-3 Access Enforcement Protects T1548.003 Sudo and Sudo Caching
AC-3 Access Enforcement Protects T1550 Use Alternate Authentication Material
AC-3 Access Enforcement Protects T1550.002 Pass the Hash
AC-3 Access Enforcement Protects T1550.003 Pass the Ticket
AC-3 Access Enforcement Protects T1552 Unsecured Credentials
AC-3 Access Enforcement Protects T1552.002 Credentials in Registry
AC-3 Access Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-3 Access Enforcement Protects T1553.003 SIP and Trust Provider Hijacking
AC-3 Access Enforcement Protects T1556 Modify Authentication Process
AC-3 Access Enforcement Protects T1556.001 Domain Controller Authentication
AC-3 Access Enforcement Protects T1556.003 Pluggable Authentication Modules
AC-3 Access Enforcement Protects T1556.004 Network Device Authentication
AC-3 Access Enforcement Protects T1557 Man-in-the-Middle
AC-3 Access Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-3 Access Enforcement Protects T1557.002 ARP Cache Poisoning
AC-3 Access Enforcement Protects T1558 Steal or Forge Kerberos Tickets
AC-3 Access Enforcement Protects T1558.001 Golden Ticket
AC-3 Access Enforcement Protects T1558.002 Silver Ticket
AC-3 Access Enforcement Protects T1558.003 Kerberoasting
AC-3 Access Enforcement Protects T1558.004 AS-REP Roasting
AC-3 Access Enforcement Protects T1559 Inter-Process Communication
AC-3 Access Enforcement Protects T1559.001 Component Object Model
AC-3 Access Enforcement Protects T1561 Disk Wipe
AC-3 Access Enforcement Protects T1561.001 Disk Content Wipe
AC-3 Access Enforcement Protects T1561.002 Disk Structure Wipe
AC-3 Access Enforcement Protects T1562 Impair Defenses
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.002 Disable Windows Event Logging
AC-3 Access Enforcement Protects T1562.004 Disable or Modify System Firewall
AC-3 Access Enforcement Protects T1562.006 Indicator Blocking
AC-3 Access Enforcement Protects T1562.007 Disable or Modify Cloud Firewall
AC-3 Access Enforcement Protects T1562.008 Disable Cloud Logs
AC-3 Access Enforcement Protects T1563 Remote Service Session Hijacking
AC-3 Access Enforcement Protects T1563.001 SSH Hijacking
AC-3 Access Enforcement Protects T1563.002 RDP Hijacking