NIST 800-53 CM-8 Mappings

System components are discrete, identifiable information technology assets that include hardware, software, and firmware. Organizations may choose to implement centralized system component inventories that include components from all organizational systems. In such situations, organizations ensure that the inventories include system-specific information required for component accountability. The information necessary for effective accountability of system components includes the system name, software owners, software version numbers, hardware inventory specifications, software license information, and for networked components, the machine names and network addresses across all implemented protocols (e.g., IPv4, IPv6). Inventory specifications include date of receipt, cost, model, serial number, manufacturer, supplier information, component type, and physical location.

Preventing duplicate accounting of system components addresses the lack of accountability that occurs when component ownership and system association is not known, especially in large or complex connected systems. Effective prevention of duplicate accounting of system components necessitates use of a unique identifier for each component. For software inventory, centrally managed software that is accessed via other systems is addressed as a component of the system on which it is installed and managed. Software installed on multiple organizational systems and managed at the system level is addressed for each individual system and may appear more than once in a centralized component inventory, necessitating a system association for each software instance in the centralized inventory to avoid duplicate accounting of components. Scanning systems implementing multiple network protocols (e.g., IPv4 and IPv6) can result in duplicate components being identified in different address spaces. The implementation of CM-08(07) can help to eliminate duplicate accounting of components.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-8 System Component Inventory Protects T1011.001 Exfiltration Over Bluetooth
CM-8 System Component Inventory Protects T1020.001 Traffic Duplication
CM-8 System Component Inventory Protects T1021.001 Remote Desktop Protocol
CM-8 System Component Inventory Protects T1021.003 Distributed Component Object Model
CM-8 System Component Inventory Protects T1021.004 SSH
CM-8 System Component Inventory Protects T1021.005 VNC
CM-8 System Component Inventory Protects T1021.006 Windows Remote Management
CM-8 System Component Inventory Protects T1046 Network Service Scanning
CM-8 System Component Inventory Protects T1052 Exfiltration Over Physical Medium
CM-8 System Component Inventory Protects T1052.001 Exfiltration over USB
CM-8 System Component Inventory Protects T1053 Scheduled Task/Job
CM-8 System Component Inventory Protects T1053.002 At (Windows)
CM-8 System Component Inventory Protects T1053.005 Scheduled Task
CM-8 System Component Inventory Protects T1059 Command and Scripting Interpreter
CM-8 System Component Inventory Protects T1059.001 PowerShell
CM-8 System Component Inventory Protects T1059.005 Visual Basic
CM-8 System Component Inventory Protects T1059.007 JavaScript/JScript
CM-8 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
CM-8 System Component Inventory Protects T1072 Software Deployment Tools
CM-8 System Component Inventory Protects T1091 Replication Through Removable Media
CM-8 System Component Inventory Protects T1092 Communication Through Removable Media
CM-8 System Component Inventory Protects T1098.004 SSH Authorized Keys
CM-8 System Component Inventory Protects T1119 Automated Collection
CM-8 System Component Inventory Protects T1127 Trusted Developer Utilities Proxy Execution
CM-8 System Component Inventory Protects T1127.001 MSBuild
CM-8 System Component Inventory Protects T1133 External Remote Services
CM-8 System Component Inventory Protects T1137 Office Application Startup
CM-8 System Component Inventory Protects T1137.001 Office Template Macros
CM-8 System Component Inventory Protects T1189 Drive-by Compromise
CM-8 System Component Inventory Protects T1190 Exploit Public-Facing Application
CM-8 System Component Inventory Protects T1195.003 Compromise Hardware Supply Chain
CM-8 System Component Inventory Protects T1203 Exploitation for Client Execution
CM-8 System Component Inventory Protects T1204 User Execution
CM-8 System Component Inventory Protects T1204.001 Malicious Link
CM-8 System Component Inventory Protects T1204.002 Malicious File
CM-8 System Component Inventory Protects T1210 Exploitation of Remote Services
CM-8 System Component Inventory Protects T1211 Exploitation for Defense Evasion
CM-8 System Component Inventory Protects T1212 Exploitation for Credential Access
CM-8 System Component Inventory Protects T1218 Signed Binary Proxy Execution
CM-8 System Component Inventory Protects T1218.003 CMSTP
CM-8 System Component Inventory Protects T1218.004 InstallUtil
CM-8 System Component Inventory Protects T1218.005 Mshta
CM-8 System Component Inventory Protects T1218.008 Odbcconf
CM-8 System Component Inventory Protects T1218.009 Regsvcs/Regasm
CM-8 System Component Inventory Protects T1218.012 Verclsid
CM-8 System Component Inventory Protects T1221 Template Injection
CM-8 System Component Inventory Protects T1495 Firmware Corruption
CM-8 System Component Inventory Protects T1505 Server Software Component
CM-8 System Component Inventory Protects T1505.001 SQL Stored Procedures
CM-8 System Component Inventory Protects T1505.002 Transport Agent
CM-8 System Component Inventory Protects T1530 Data from Cloud Storage Object
CM-8 System Component Inventory Protects T1542 Pre-OS Boot
CM-8 System Component Inventory Protects T1542.001 System Firmware
CM-8 System Component Inventory Protects T1542.003 Bootkit
CM-8 System Component Inventory Protects T1542.004 ROMMONkit
CM-8 System Component Inventory Protects T1542.005 TFTP Boot
CM-8 System Component Inventory Protects T1546.002 Screensaver
CM-8 System Component Inventory Protects T1546.006 LC_LOAD_DYLIB Addition
CM-8 System Component Inventory Protects T1546.014 Emond
CM-8 System Component Inventory Protects T1547.007 Re-opened Applications
CM-8 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
CM-8 System Component Inventory Protects T1548.004 Elevated Execution with Prompt
CM-8 System Component Inventory Protects T1557 Man-in-the-Middle
CM-8 System Component Inventory Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
CM-8 System Component Inventory Protects T1557.002 ARP Cache Poisoning
CM-8 System Component Inventory Protects T1559 Inter-Process Communication
CM-8 System Component Inventory Protects T1559.002 Dynamic Data Exchange
CM-8 System Component Inventory Protects T1563 Remote Service Session Hijacking
CM-8 System Component Inventory Protects T1563.001 SSH Hijacking
CM-8 System Component Inventory Protects T1563.002 RDP Hijacking
CM-8 System Component Inventory Protects T1564.006 Run Virtual Instance
CM-8 System Component Inventory Protects T1564.007 VBA Stomping
CM-8 System Component Inventory Protects T1565 Data Manipulation
CM-8 System Component Inventory Protects T1565.001 Stored Data Manipulation
CM-8 System Component Inventory Protects T1565.002 Transmitted Data Manipulation
CM-8 System Component Inventory Protects T1574 Hijack Execution Flow
CM-8 System Component Inventory Protects T1574.002 DLL Side-Loading
CM-8 System Component Inventory Protects T1574.004 Dylib Hijacking
CM-8 System Component Inventory Protects T1574.007 Path Interception by PATH Environment Variable
CM-8 System Component Inventory Protects T1574.008 Path Interception by Search Order Hijacking
CM-8 System Component Inventory Protects T1574.009 Path Interception by Unquoted Path
CM-8 System Component Inventory Protects T1601 Modify System Image
CM-8 System Component Inventory Protects T1601.001 Patch System Image
CM-8 System Component Inventory Protects T1601.002 Downgrade System Image
CM-8 System Component Inventory Protects T1602 Data from Configuration Repository
CM-8 System Component Inventory Protects T1602.001 SNMP (MIB Dump)
CM-8 System Component Inventory Protects T1602.002 Network Device Configuration Dump