NIST 800-53 AC-3 Mappings

Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection (PE) family.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1003 OS Credential Dumping
AC-3 Access Enforcement Protects T1003.001 LSASS Memory
AC-3 Access Enforcement Protects T1003.002 Security Account Manager
AC-3 Access Enforcement Protects T1003.003 NTDS
AC-3 Access Enforcement Protects T1003.004 LSA Secrets
AC-3 Access Enforcement Protects T1003.005 Cached Domain Credentials
AC-3 Access Enforcement Protects T1003.006 DCSync
AC-3 Access Enforcement Protects T1003.007 Proc Filesystem
AC-3 Access Enforcement Protects T1003.008 /etc/passwd and /etc/shadow
AC-3 Access Enforcement Protects T1021 Remote Services
AC-3 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-3 Access Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-3 Access Enforcement Protects T1021.003 Distributed Component Object Model
AC-3 Access Enforcement Protects T1021.004 SSH
AC-3 Access Enforcement Protects T1021.005 VNC
AC-3 Access Enforcement Protects T1021.006 Windows Remote Management
AC-3 Access Enforcement Protects T1036 Masquerading
AC-3 Access Enforcement Protects T1036.003 Rename System Utilities
AC-3 Access Enforcement Protects T1036.005 Match Legitimate Name or Location
AC-3 Access Enforcement Protects T1037 Boot or Logon Initialization Scripts
AC-3 Access Enforcement Protects T1037.002 Logon Script (Mac)
AC-3 Access Enforcement Protects T1037.003 Network Logon Script
AC-3 Access Enforcement Protects T1037.004 Rc.common
AC-3 Access Enforcement Protects T1037.005 Startup Items
AC-3 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-3 Access Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-3 Access Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-3 Access Enforcement Protects T1052 Exfiltration Over Physical Medium
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-3 Access Enforcement Protects T1053 Scheduled Task/Job
AC-3 Access Enforcement Protects T1053.001 At (Linux)
AC-3 Access Enforcement Protects T1053.002 At (Windows)
AC-3 Access Enforcement Protects T1053.003 Cron
AC-3 Access Enforcement Protects T1053.004 Launchd
AC-3 Access Enforcement Protects T1053.005 Scheduled Task
AC-3 Access Enforcement Protects T1053.006 Systemd Timers
AC-3 Access Enforcement Protects T1055 Process Injection
AC-3 Access Enforcement Protects T1055.008 Ptrace System Calls
AC-3 Access Enforcement Protects T1055.009 Proc Memory
AC-3 Access Enforcement Protects T1056.003 Web Portal Capture
AC-3 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-3 Access Enforcement Protects T1059.001 PowerShell
AC-3 Access Enforcement Protects T1059.008 Network Device CLI
AC-3 Access Enforcement Protects T1070 Indicator Removal on Host
AC-3 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-3 Access Enforcement Protects T1070.002 Clear Linux or Mac System Logs
AC-3 Access Enforcement Protects T1070.003 Clear Command History
AC-3 Access Enforcement Protects T1071.004 DNS
AC-3 Access Enforcement Protects T1072 Software Deployment Tools
AC-3 Access Enforcement Protects T1078 Valid Accounts
AC-3 Access Enforcement Protects T1078.002 Domain Accounts
AC-3 Access Enforcement Protects T1078.003 Local Accounts
AC-3 Access Enforcement Protects T1078.004 Cloud Accounts
AC-3 Access Enforcement Protects T1080 Taint Shared Content
AC-3 Access Enforcement Protects T1087.004 Cloud Account
AC-3 Access Enforcement Protects T1090 Proxy
AC-3 Access Enforcement Protects T1090.003 Multi-hop Proxy
AC-3 Access Enforcement Protects T1091 Replication Through Removable Media
AC-3 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-3 Access Enforcement Protects T1098 Account Manipulation
AC-3 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-3 Access Enforcement Protects T1098.002 Exchange Email Delegate Permissions
AC-3 Access Enforcement Protects T1098.003 Add Office 365 Global Administrator Role
AC-3 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-3 Access Enforcement Protects T1110 Brute Force
AC-3 Access Enforcement Protects T1110.001 Password Guessing
AC-3 Access Enforcement Protects T1110.002 Password Cracking
AC-3 Access Enforcement Protects T1110.003 Password Spraying
AC-3 Access Enforcement Protects T1110.004 Credential Stuffing
AC-3 Access Enforcement Protects T1114 Email Collection
AC-3 Access Enforcement Protects T1114.002 Remote Email Collection
AC-3 Access Enforcement Protects T1133 External Remote Services
AC-3 Access Enforcement Protects T1134 Access Token Manipulation
AC-3 Access Enforcement Protects T1134.001 Token Impersonation/Theft
AC-3 Access Enforcement Protects T1134.002 Create Process with Token
AC-3 Access Enforcement Protects T1134.003 Make and Impersonate Token
AC-3 Access Enforcement Protects T1134.005 SID-History Injection
AC-3 Access Enforcement Protects T1136 Create Account
AC-3 Access Enforcement Protects T1136.001 Local Account
AC-3 Access Enforcement Protects T1136.002 Domain Account
AC-3 Access Enforcement Protects T1136.003 Cloud Account
AC-3 Access Enforcement Protects T1185 Man in the Browser
AC-3 Access Enforcement Protects T1187 Forced Authentication
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1197 BITS Jobs
AC-3 Access Enforcement Protects T1199 Trusted Relationship
AC-3 Access Enforcement Protects T1200 Hardware Additions
AC-3 Access Enforcement Protects T1204 User Execution
AC-3 Access Enforcement Protects T1204.001 Malicious Link
AC-3 Access Enforcement Protects T1204.002 Malicious File
AC-3 Access Enforcement Protects T1205 Traffic Signaling
AC-3 Access Enforcement Protects T1205.001 Port Knocking
AC-3 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-3 Access Enforcement Protects T1213 Data from Information Repositories
AC-3 Access Enforcement Protects T1213.001 Confluence
AC-3 Access Enforcement Protects T1213.002 Sharepoint
AC-3 Access Enforcement Protects T1218 Signed Binary Proxy Execution
AC-3 Access Enforcement Protects T1218.002 Control Panel
AC-3 Access Enforcement Protects T1218.007 Msiexec
AC-3 Access Enforcement Protects T1218.012 Verclsid
AC-3 Access Enforcement Protects T1219 Remote Access Software
AC-3 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.001 Windows File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1484 Domain Policy Modification
AC-3 Access Enforcement Protects T1485 Data Destruction
AC-3 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-3 Access Enforcement Protects T1489 Service Stop
AC-3 Access Enforcement Protects T1490 Inhibit System Recovery
AC-3 Access Enforcement Protects T1491 Defacement
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-3 Access Enforcement Protects T1495 Firmware Corruption
AC-3 Access Enforcement Protects T1498 Network Denial of Service
AC-3 Access Enforcement Protects T1498.001 Direct Network Flood
AC-3 Access Enforcement Protects T1498.002 Reflection Amplification
AC-3 Access Enforcement Protects T1499 Endpoint Denial of Service
AC-3 Access Enforcement Protects T1499.001 OS Exhaustion Flood
AC-3 Access Enforcement Protects T1499.002 Service Exhaustion Flood
AC-3 Access Enforcement Protects T1499.003 Application Exhaustion Flood
AC-3 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-3 Access Enforcement Protects T1505 Server Software Component
AC-3 Access Enforcement Protects T1505.001 SQL Stored Procedures
AC-3 Access Enforcement Protects T1505.002 Transport Agent
AC-3 Access Enforcement Protects T1525 Implant Container Image
AC-3 Access Enforcement Protects T1528 Steal Application Access Token
AC-3 Access Enforcement Protects T1530 Data from Cloud Storage Object
AC-3 Access Enforcement Protects T1537 Transfer Data to Cloud Account
AC-3 Access Enforcement Protects T1538 Cloud Service Dashboard
AC-3 Access Enforcement Protects T1539 Steal Web Session Cookie
AC-3 Access Enforcement Protects T1542 Pre-OS Boot
AC-3 Access Enforcement Protects T1542.001 System Firmware
AC-3 Access Enforcement Protects T1542.003 Bootkit
AC-3 Access Enforcement Protects T1542.004 ROMMONkit
AC-3 Access Enforcement Protects T1542.005 TFTP Boot
AC-3 Access Enforcement Protects T1543 Create or Modify System Process
AC-3 Access Enforcement Protects T1543.001 Launch Agent
AC-3 Access Enforcement Protects T1543.002 Systemd Service
AC-3 Access Enforcement Protects T1543.003 Windows Service
AC-3 Access Enforcement Protects T1543.004 Launch Daemon
AC-3 Access Enforcement Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-3 Access Enforcement Protects T1546.004 .bash_profile and .bashrc
AC-3 Access Enforcement Protects T1546.013 PowerShell Profile
AC-3 Access Enforcement Protects T1547.003 Time Providers
AC-3 Access Enforcement Protects T1547.004 Winlogon Helper DLL
AC-3 Access Enforcement Protects T1547.006 Kernel Modules and Extensions
AC-3 Access Enforcement Protects T1547.007 Re-opened Applications
AC-3 Access Enforcement Protects T1547.009 Shortcut Modification
AC-3 Access Enforcement Protects T1547.011 Plist Modification
AC-3 Access Enforcement Protects T1547.012 Print Processors
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548.002 Bypass User Account Control
AC-3 Access Enforcement Protects T1548.003 Sudo and Sudo Caching
AC-3 Access Enforcement Protects T1550 Use Alternate Authentication Material
AC-3 Access Enforcement Protects T1550.002 Pass the Hash
AC-3 Access Enforcement Protects T1550.003 Pass the Ticket
AC-3 Access Enforcement Protects T1552 Unsecured Credentials
AC-3 Access Enforcement Protects T1552.002 Credentials in Registry
AC-3 Access Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-3 Access Enforcement Protects T1553.003 SIP and Trust Provider Hijacking
AC-3 Access Enforcement Protects T1556 Modify Authentication Process
AC-3 Access Enforcement Protects T1556.001 Domain Controller Authentication
AC-3 Access Enforcement Protects T1556.003 Pluggable Authentication Modules
AC-3 Access Enforcement Protects T1556.004 Network Device Authentication
AC-3 Access Enforcement Protects T1557 Man-in-the-Middle
AC-3 Access Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-3 Access Enforcement Protects T1557.002 ARP Cache Poisoning
AC-3 Access Enforcement Protects T1558 Steal or Forge Kerberos Tickets
AC-3 Access Enforcement Protects T1558.001 Golden Ticket
AC-3 Access Enforcement Protects T1558.002 Silver Ticket
AC-3 Access Enforcement Protects T1558.003 Kerberoasting
AC-3 Access Enforcement Protects T1558.004 AS-REP Roasting
AC-3 Access Enforcement Protects T1559 Inter-Process Communication
AC-3 Access Enforcement Protects T1559.001 Component Object Model
AC-3 Access Enforcement Protects T1561 Disk Wipe
AC-3 Access Enforcement Protects T1561.001 Disk Content Wipe
AC-3 Access Enforcement Protects T1561.002 Disk Structure Wipe
AC-3 Access Enforcement Protects T1562 Impair Defenses
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.002 Disable Windows Event Logging
AC-3 Access Enforcement Protects T1562.004 Disable or Modify System Firewall
AC-3 Access Enforcement Protects T1562.006 Indicator Blocking
AC-3 Access Enforcement Protects T1562.007 Disable or Modify Cloud Firewall
AC-3 Access Enforcement Protects T1562.008 Disable Cloud Logs
AC-3 Access Enforcement Protects T1563 Remote Service Session Hijacking
AC-3 Access Enforcement Protects T1563.001 SSH Hijacking
AC-3 Access Enforcement Protects T1563.002 RDP Hijacking
AC-3 Access Enforcement Protects T1564.004 NTFS File Attributes
AC-3 Access Enforcement Protects T1565 Data Manipulation
AC-3 Access Enforcement Protects T1565.001 Stored Data Manipulation
AC-3 Access Enforcement Protects T1565.003 Runtime Data Manipulation
AC-3 Access Enforcement Protects T1569 System Services
AC-3 Access Enforcement Protects T1569.001 Launchctl
AC-3 Access Enforcement Protects T1569.002 Service Execution
AC-3 Access Enforcement Protects T1570 Lateral Tool Transfer
AC-3 Access Enforcement Protects T1572 Protocol Tunneling
AC-3 Access Enforcement Protects T1574 Hijack Execution Flow
AC-3 Access Enforcement Protects T1574.002 DLL Side-Loading
AC-3 Access Enforcement Protects T1574.004 Dylib Hijacking
AC-3 Access Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-3 Access Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-3 Access Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-3 Access Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-3 Access Enforcement Protects T1574.010 Services File Permissions Weakness
AC-3 Access Enforcement Protects T1574.012 COR_PROFILER
AC-3 Access Enforcement Protects T1578 Modify Cloud Compute Infrastructure
AC-3 Access Enforcement Protects T1578.001 Create Snapshot
AC-3 Access Enforcement Protects T1578.002 Create Cloud Instance
AC-3 Access Enforcement Protects T1578.003 Delete Cloud Instance
AC-3 Access Enforcement Protects T1580 Cloud Infrastructure Discovery
AC-3 Access Enforcement Protects T1599 Network Boundary Bridging
AC-3 Access Enforcement Protects T1599.001 Network Address Translation Traversal
AC-3 Access Enforcement Protects T1601 Modify System Image
AC-3 Access Enforcement Protects T1601.001 Patch System Image
AC-3 Access Enforcement Protects T1601.002 Downgrade System Image
AC-3 Access Enforcement Protects T1602 Data from Configuration Repository
AC-3 Access Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-3 Access Enforcement Protects T1602.002 Network Device Configuration Dump