NIST 800-53 CM-7 Mappings

Systems provide a wide variety of functions and services. Some of the functions and services routinely provided by default may not be necessary to support essential organizational missions, functions, or operations. Additionally, it is sometimes convenient to provide multiple services from a single system component, but doing so increases risk over limiting the services provided by that single component. Where feasible, organizations limit component functionality to a single function per component. Organizations consider removing unused or unnecessary software and disabling unused or unnecessary physical and logical ports and protocols to prevent unauthorized connection of components, transfer of information, and tunneling. Organizations employ network scanning tools, intrusion detection and prevention systems, and end-point protection technologies, such as firewalls and host-based intrusion detection systems, to identify and prevent the use of prohibited functions, protocols, ports, and services. Least functionality can also be achieved as part of the fundamental design and development of the system (see SA-08, SC-02, and SC-03).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-7 Least Functionality Protects T1003 OS Credential Dumping
CM-7 Least Functionality Protects T1003.001 LSASS Memory
CM-7 Least Functionality Protects T1003.002 Security Account Manager
CM-7 Least Functionality Protects T1003.005 Cached Domain Credentials
CM-7 Least Functionality Protects T1008 Fallback Channels
CM-7 Least Functionality Protects T1011 Exfiltration Over Other Network Medium
CM-7 Least Functionality Protects T1011.001 Exfiltration Over Bluetooth
CM-7 Least Functionality Protects T1021.001 Remote Desktop Protocol
CM-7 Least Functionality Protects T1021.002 SMB/Windows Admin Shares
CM-7 Least Functionality Protects T1021.003 Distributed Component Object Model
CM-7 Least Functionality Protects T1021.005 VNC
CM-7 Least Functionality Protects T1021.006 Windows Remote Management
CM-7 Least Functionality Protects T1036 Masquerading
CM-7 Least Functionality Protects T1036.005 Match Legitimate Name or Location
CM-7 Least Functionality Protects T1037 Boot or Logon Initialization Scripts
CM-7 Least Functionality Protects T1037.001 Logon Script (Windows)
CM-7 Least Functionality Protects T1046 Network Service Scanning
CM-7 Least Functionality Protects T1048 Exfiltration Over Alternative Protocol
CM-7 Least Functionality Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
CM-7 Least Functionality Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
CM-7 Least Functionality Protects T1053 Scheduled Task/Job
CM-7 Least Functionality Protects T1053.002 At (Windows)
CM-7 Least Functionality Protects T1053.005 Scheduled Task
CM-7 Least Functionality Protects T1059 Command and Scripting Interpreter
CM-7 Least Functionality Protects T1059.002 AppleScript
CM-7 Least Functionality Protects T1059.003 Windows Command Shell
CM-7 Least Functionality Protects T1059.004 Unix Shell
CM-7 Least Functionality Protects T1059.005 Visual Basic
CM-7 Least Functionality Protects T1059.006 Python
CM-7 Least Functionality Protects T1059.007 JavaScript/JScript
CM-7 Least Functionality Protects T1071 Application Layer Protocol
CM-7 Least Functionality Protects T1071.001 Web Protocols
CM-7 Least Functionality Protects T1071.002 File Transfer Protocols
CM-7 Least Functionality Protects T1071.003 Mail Protocols
CM-7 Least Functionality Protects T1071.004 DNS
CM-7 Least Functionality Protects T1072 Software Deployment Tools
CM-7 Least Functionality Protects T1080 Taint Shared Content
CM-7 Least Functionality Protects T1087 Account Discovery
CM-7 Least Functionality Protects T1087.001 Local Account
CM-7 Least Functionality Protects T1087.002 Domain Account
CM-7 Least Functionality Protects T1090 Proxy
CM-7 Least Functionality Protects T1090.001 Internal Proxy
CM-7 Least Functionality Protects T1090.002 External Proxy
CM-7 Least Functionality Protects T1090.003 Multi-hop Proxy
CM-7 Least Functionality Protects T1092 Communication Through Removable Media
CM-7 Least Functionality Protects T1095 Non-Application Layer Protocol
CM-7 Least Functionality Protects T1098 Account Manipulation
CM-7 Least Functionality Protects T1098.001 Additional Cloud Credentials
CM-7 Least Functionality Protects T1098.004 SSH Authorized Keys
CM-7 Least Functionality Protects T1102 Web Service
CM-7 Least Functionality Protects T1102.001 Dead Drop Resolver
CM-7 Least Functionality Protects T1102.002 Bidirectional Communication
CM-7 Least Functionality Protects T1102.003 One-Way Communication
CM-7 Least Functionality Protects T1104 Multi-Stage Channels
CM-7 Least Functionality Protects T1105 Ingress Tool Transfer
CM-7 Least Functionality Protects T1106 Native API
CM-7 Least Functionality Protects T1112 Modify Registry
CM-7 Least Functionality Protects T1127 Trusted Developer Utilities Proxy Execution
CM-7 Least Functionality Protects T1129 Shared Modules
CM-7 Least Functionality Protects T1133 External Remote Services
CM-7 Least Functionality Protects T1135 Network Share Discovery
CM-7 Least Functionality Protects T1136 Create Account
CM-7 Least Functionality Protects T1136.002 Domain Account
CM-7 Least Functionality Protects T1136.003 Cloud Account
CM-7 Least Functionality Protects T1176 Browser Extensions
CM-7 Least Functionality Protects T1187 Forced Authentication
CM-7 Least Functionality Protects T1190 Exploit Public-Facing Application
CM-7 Least Functionality Protects T1195 Supply Chain Compromise
CM-7 Least Functionality Protects T1195.001 Compromise Software Dependencies and Development Tools
CM-7 Least Functionality Protects T1195.002 Compromise Software Supply Chain
CM-7 Least Functionality Protects T1197 BITS Jobs
CM-7 Least Functionality Protects T1199 Trusted Relationship
CM-7 Least Functionality Protects T1204 User Execution
CM-7 Least Functionality Protects T1204.001 Malicious Link
CM-7 Least Functionality Protects T1204.002 Malicious File
CM-7 Least Functionality Protects T1205 Traffic Signaling
CM-7 Least Functionality Protects T1205.001 Port Knocking
CM-7 Least Functionality Protects T1210 Exploitation of Remote Services
CM-7 Least Functionality Protects T1213 Data from Information Repositories
CM-7 Least Functionality Protects T1213.001 Confluence
CM-7 Least Functionality Protects T1213.002 Sharepoint
CM-7 Least Functionality Protects T1216 Signed Script Proxy Execution
CM-7 Least Functionality Protects T1216.001 PubPrn
CM-7 Least Functionality Protects T1218 Signed Binary Proxy Execution
CM-7 Least Functionality Protects T1218.001 Compiled HTML File
CM-7 Least Functionality Protects T1218.002 Control Panel
CM-7 Least Functionality Protects T1218.003 CMSTP
CM-7 Least Functionality Protects T1218.004 InstallUtil
CM-7 Least Functionality Protects T1218.005 Mshta
CM-7 Least Functionality Protects T1218.008 Odbcconf
CM-7 Least Functionality Protects T1218.009 Regsvcs/Regasm
CM-7 Least Functionality Protects T1218.012 Verclsid
CM-7 Least Functionality Protects T1219 Remote Access Software
CM-7 Least Functionality Protects T1220 XSL Script Processing
CM-7 Least Functionality Protects T1221 Template Injection
CM-7 Least Functionality Protects T1482 Domain Trust Discovery
CM-7 Least Functionality Protects T1484 Domain Policy Modification
CM-7 Least Functionality Protects T1489 Service Stop
CM-7 Least Functionality Protects T1490 Inhibit System Recovery
CM-7 Least Functionality Protects T1498 Network Denial of Service
CM-7 Least Functionality Protects T1498.001 Direct Network Flood
CM-7 Least Functionality Protects T1498.002 Reflection Amplification
CM-7 Least Functionality Protects T1499 Endpoint Denial of Service
CM-7 Least Functionality Protects T1499.001 OS Exhaustion Flood
CM-7 Least Functionality Protects T1499.002 Service Exhaustion Flood
CM-7 Least Functionality Protects T1499.003 Application Exhaustion Flood
CM-7 Least Functionality Protects T1499.004 Application or System Exploitation
CM-7 Least Functionality Protects T1525 Implant Container Image
CM-7 Least Functionality Protects T1530 Data from Cloud Storage Object
CM-7 Least Functionality Protects T1537 Transfer Data to Cloud Account
CM-7 Least Functionality Protects T1542.004 ROMMONkit
CM-7 Least Functionality Protects T1542.005 TFTP Boot
CM-7 Least Functionality Protects T1543 Create or Modify System Process
CM-7 Least Functionality Protects T1543.003 Windows Service
CM-7 Least Functionality Protects T1546.002 Screensaver
CM-7 Least Functionality Protects T1546.006 LC_LOAD_DYLIB Addition
CM-7 Least Functionality Protects T1546.008 Accessibility Features
CM-7 Least Functionality Protects T1546.009 AppCert DLLs
CM-7 Least Functionality Protects T1546.010 AppInit DLLs
CM-7 Least Functionality Protects T1547.004 Winlogon Helper DLL
CM-7 Least Functionality Protects T1547.006 Kernel Modules and Extensions
CM-7 Least Functionality Protects T1547.007 Re-opened Applications
CM-7 Least Functionality Protects T1547.011 Plist Modification
CM-7 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-7 Least Functionality Protects T1548.001 Setuid and Setgid
CM-7 Least Functionality Protects T1548.003 Sudo and Sudo Caching
CM-7 Least Functionality Protects T1548.004 Elevated Execution with Prompt
CM-7 Least Functionality Protects T1552 Unsecured Credentials
CM-7 Least Functionality Protects T1552.003 Bash History
CM-7 Least Functionality Protects T1552.005 Cloud Instance Metadata API
CM-7 Least Functionality Protects T1553 Subvert Trust Controls
CM-7 Least Functionality Protects T1553.001 Gatekeeper Bypass
CM-7 Least Functionality Protects T1553.003 SIP and Trust Provider Hijacking
CM-7 Least Functionality Protects T1553.004 Install Root Certificate
CM-7 Least Functionality Protects T1556 Modify Authentication Process
CM-7 Least Functionality Protects T1556.002 Password Filter DLL
CM-7 Least Functionality Protects T1557 Man-in-the-Middle
CM-7 Least Functionality Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-7 Least Functionality Protects T1557.002 ARP Cache Poisoning
CM-7 Least Functionality Protects T1559 Inter-Process Communication
CM-7 Least Functionality Protects T1559.002 Dynamic Data Exchange
CM-7 Least Functionality Protects T1562 Impair Defenses
CM-7 Least Functionality Protects T1562.001 Disable or Modify Tools
CM-7 Least Functionality Protects T1562.002 Disable Windows Event Logging
CM-7 Least Functionality Protects T1562.003 Impair Command History Logging
CM-7 Least Functionality Protects T1562.004 Disable or Modify System Firewall
CM-7 Least Functionality Protects T1563 Remote Service Session Hijacking
CM-7 Least Functionality Protects T1563.001 SSH Hijacking
CM-7 Least Functionality Protects T1563.002 RDP Hijacking
CM-7 Least Functionality Protects T1564.002 Hidden Users
CM-7 Least Functionality Protects T1564.003 Hidden Window
CM-7 Least Functionality Protects T1564.006 Run Virtual Instance
CM-7 Least Functionality Protects T1565 Data Manipulation
CM-7 Least Functionality Protects T1565.003 Runtime Data Manipulation
CM-7 Least Functionality Protects T1569 System Services
CM-7 Least Functionality Protects T1569.002 Service Execution
CM-7 Least Functionality Protects T1570 Lateral Tool Transfer
CM-7 Least Functionality Protects T1571 Non-Standard Port
CM-7 Least Functionality Protects T1572 Protocol Tunneling
CM-7 Least Functionality Protects T1573 Encrypted Channel
CM-7 Least Functionality Protects T1573.001 Symmetric Cryptography
CM-7 Least Functionality Protects T1573.002 Asymmetric Cryptography
CM-7 Least Functionality Protects T1574 Hijack Execution Flow
CM-7 Least Functionality Protects T1574.001 DLL Search Order Hijacking
CM-7 Least Functionality Protects T1574.006 LD_PRELOAD
CM-7 Least Functionality Protects T1574.007 Path Interception by PATH Environment Variable
CM-7 Least Functionality Protects T1574.008 Path Interception by Search Order Hijacking
CM-7 Least Functionality Protects T1574.009 Path Interception by Unquoted Path
CM-7 Least Functionality Protects T1574.012 COR_PROFILER
CM-7 Least Functionality Protects T1599 Network Boundary Bridging
CM-7 Least Functionality Protects T1599.001 Network Address Translation Traversal
CM-7 Least Functionality Protects T1601 Modify System Image
CM-7 Least Functionality Protects T1601.001 Patch System Image
CM-7 Least Functionality Protects T1601.002 Downgrade System Image
CM-7 Least Functionality Protects T1602 Data from Configuration Repository
CM-7 Least Functionality Protects T1602.001 SNMP (MIB Dump)
CM-7 Least Functionality Protects T1602.002 Network Device Configuration Dump