NIST 800-53 SC-7 Mappings

Managed interfaces include gateways, routers, firewalls, guards, network-based malicious code analysis, virtualization systems, or encrypted tunnels implemented within a security architecture. Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. Restricting or prohibiting interfaces within organizational systems includes restricting external web traffic to designated web servers within managed interfaces, prohibiting external traffic that appears to be spoofing internal addresses, and prohibiting internal traffic that appears to be spoofing external addresses. SP 800-189 provides additional information on source address validation techniques to prevent ingress and egress of traffic with spoofed addresses. Commercial telecommunications services are provided by network components and consolidated management systems shared by customers. These services may also include third party-provided access lines and other service elements. Such services may represent sources of increased risk despite contract security provisions. Boundary protection may be implemented as a common control for all or part of an organizational network such that the boundary to be protected is greater than a system-specific boundary (i.e., an authorization boundary).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-7 Boundary Protection Protects T1001 Data Obfuscation
SC-7 Boundary Protection Protects T1001.001 Junk Data
SC-7 Boundary Protection Protects T1001.002 Steganography
SC-7 Boundary Protection Protects T1001.003 Protocol Impersonation
SC-7 Boundary Protection Protects T1008 Fallback Channels
SC-7 Boundary Protection Protects T1021.001 Remote Desktop Protocol
SC-7 Boundary Protection Protects T1021.002 SMB/Windows Admin Shares
SC-7 Boundary Protection Protects T1021.003 Distributed Component Object Model
SC-7 Boundary Protection Protects T1021.005 VNC
SC-7 Boundary Protection Protects T1021.006 Windows Remote Management
SC-7 Boundary Protection Protects T1029 Scheduled Transfer
SC-7 Boundary Protection Protects T1030 Data Transfer Size Limits
SC-7 Boundary Protection Protects T1041 Exfiltration Over C2 Channel
SC-7 Boundary Protection Protects T1046 Network Service Scanning
SC-7 Boundary Protection Protects T1048 Exfiltration Over Alternative Protocol
SC-7 Boundary Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SC-7 Boundary Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SC-7 Boundary Protection Protects T1055 Process Injection
SC-7 Boundary Protection Protects T1055.001 Dynamic-link Library Injection
SC-7 Boundary Protection Protects T1055.002 Portable Executable Injection
SC-7 Boundary Protection Protects T1055.003 Thread Execution Hijacking
SC-7 Boundary Protection Protects T1055.004 Asynchronous Procedure Call
SC-7 Boundary Protection Protects T1055.005 Thread Local Storage
SC-7 Boundary Protection Protects T1055.008 Ptrace System Calls
SC-7 Boundary Protection Protects T1055.009 Proc Memory
SC-7 Boundary Protection Protects T1055.011 Extra Window Memory Injection
SC-7 Boundary Protection Protects T1055.012 Process Hollowing
SC-7 Boundary Protection Protects T1055.013 Process Doppelgänging
SC-7 Boundary Protection Protects T1055.014 VDSO Hijacking
SC-7 Boundary Protection Protects T1068 Exploitation for Privilege Escalation
SC-7 Boundary Protection Protects T1071 Application Layer Protocol
SC-7 Boundary Protection Protects T1071.001 Web Protocols
SC-7 Boundary Protection Protects T1071.002 File Transfer Protocols
SC-7 Boundary Protection Protects T1071.003 Mail Protocols
SC-7 Boundary Protection Protects T1071.004 DNS
SC-7 Boundary Protection Protects T1072 Software Deployment Tools
SC-7 Boundary Protection Protects T1080 Taint Shared Content
SC-7 Boundary Protection Protects T1090 Proxy
SC-7 Boundary Protection Protects T1090.001 Internal Proxy
SC-7 Boundary Protection Protects T1090.002 External Proxy
SC-7 Boundary Protection Protects T1090.003 Multi-hop Proxy
SC-7 Boundary Protection Protects T1095 Non-Application Layer Protocol
SC-7 Boundary Protection Protects T1098 Account Manipulation
SC-7 Boundary Protection Protects T1098.001 Additional Cloud Credentials
SC-7 Boundary Protection Protects T1102 Web Service
SC-7 Boundary Protection Protects T1102.001 Dead Drop Resolver
SC-7 Boundary Protection Protects T1102.002 Bidirectional Communication
SC-7 Boundary Protection Protects T1102.003 One-Way Communication
SC-7 Boundary Protection Protects T1104 Multi-Stage Channels
SC-7 Boundary Protection Protects T1105 Ingress Tool Transfer
SC-7 Boundary Protection Protects T1114 Email Collection
SC-7 Boundary Protection Protects T1114.003 Email Forwarding Rule
SC-7 Boundary Protection Protects T1132 Data Encoding
SC-7 Boundary Protection Protects T1132.001 Standard Encoding
SC-7 Boundary Protection Protects T1132.002 Non-Standard Encoding
SC-7 Boundary Protection Protects T1133 External Remote Services
SC-7 Boundary Protection Protects T1136 Create Account
SC-7 Boundary Protection Protects T1136.002 Domain Account
SC-7 Boundary Protection Protects T1136.003 Cloud Account
SC-7 Boundary Protection Protects T1176 Browser Extensions
SC-7 Boundary Protection Protects T1187 Forced Authentication
SC-7 Boundary Protection Protects T1189 Drive-by Compromise
SC-7 Boundary Protection Protects T1190 Exploit Public-Facing Application
SC-7 Boundary Protection Protects T1197 BITS Jobs
SC-7 Boundary Protection Protects T1199 Trusted Relationship
SC-7 Boundary Protection Protects T1203 Exploitation for Client Execution
SC-7 Boundary Protection Protects T1204 User Execution
SC-7 Boundary Protection Protects T1204.001 Malicious Link
SC-7 Boundary Protection Protects T1204.002 Malicious File
SC-7 Boundary Protection Protects T1205 Traffic Signaling
SC-7 Boundary Protection Protects T1205.001 Port Knocking
SC-7 Boundary Protection Protects T1210 Exploitation of Remote Services
SC-7 Boundary Protection Protects T1211 Exploitation for Defense Evasion
SC-7 Boundary Protection Protects T1212 Exploitation for Credential Access
SC-7 Boundary Protection Protects T1218.012 Verclsid
SC-7 Boundary Protection Protects T1219 Remote Access Software
SC-7 Boundary Protection Protects T1221 Template Injection
SC-7 Boundary Protection Protects T1482 Domain Trust Discovery
SC-7 Boundary Protection Protects T1489 Service Stop
SC-7 Boundary Protection Protects T1498 Network Denial of Service
SC-7 Boundary Protection Protects T1498.001 Direct Network Flood
SC-7 Boundary Protection Protects T1498.002 Reflection Amplification
SC-7 Boundary Protection Protects T1499 Endpoint Denial of Service
SC-7 Boundary Protection Protects T1499.001 OS Exhaustion Flood
SC-7 Boundary Protection Protects T1499.002 Service Exhaustion Flood
SC-7 Boundary Protection Protects T1499.003 Application Exhaustion Flood
SC-7 Boundary Protection Protects T1499.004 Application or System Exploitation
SC-7 Boundary Protection Protects T1530 Data from Cloud Storage Object
SC-7 Boundary Protection Protects T1537 Transfer Data to Cloud Account
SC-7 Boundary Protection Protects T1542 Pre-OS Boot
SC-7 Boundary Protection Protects T1542.004 ROMMONkit
SC-7 Boundary Protection Protects T1542.005 TFTP Boot
SC-7 Boundary Protection Protects T1552 Unsecured Credentials
SC-7 Boundary Protection Protects T1552.001 Credentials In Files
SC-7 Boundary Protection Protects T1552.004 Private Keys
SC-7 Boundary Protection Protects T1552.005 Cloud Instance Metadata API
SC-7 Boundary Protection Protects T1557 Man-in-the-Middle
SC-7 Boundary Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SC-7 Boundary Protection Protects T1557.002 ARP Cache Poisoning
SC-7 Boundary Protection Protects T1559 Inter-Process Communication
SC-7 Boundary Protection Protects T1559.001 Component Object Model
SC-7 Boundary Protection Protects T1559.002 Dynamic Data Exchange
SC-7 Boundary Protection Protects T1560 Archive Collected Data
SC-7 Boundary Protection Protects T1560.001 Archive via Utility
SC-7 Boundary Protection Protects T1563 Remote Service Session Hijacking
SC-7 Boundary Protection Protects T1563.002 RDP Hijacking
SC-7 Boundary Protection Protects T1565 Data Manipulation
SC-7 Boundary Protection Protects T1565.001 Stored Data Manipulation
SC-7 Boundary Protection Protects T1565.003 Runtime Data Manipulation
SC-7 Boundary Protection Protects T1566 Phishing
SC-7 Boundary Protection Protects T1566.001 Spearphishing Attachment
SC-7 Boundary Protection Protects T1566.002 Spearphishing Link
SC-7 Boundary Protection Protects T1566.003 Spearphishing via Service
SC-7 Boundary Protection Protects T1567 Exfiltration Over Web Service
SC-7 Boundary Protection Protects T1567.001 Exfiltration to Code Repository
SC-7 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
SC-7 Boundary Protection Protects T1568 Dynamic Resolution
SC-7 Boundary Protection Protects T1568.002 Domain Generation Algorithms
SC-7 Boundary Protection Protects T1570 Lateral Tool Transfer
SC-7 Boundary Protection Protects T1571 Non-Standard Port
SC-7 Boundary Protection Protects T1572 Protocol Tunneling
SC-7 Boundary Protection Protects T1573 Encrypted Channel
SC-7 Boundary Protection Protects T1573.001 Symmetric Cryptography
SC-7 Boundary Protection Protects T1573.002 Asymmetric Cryptography
SC-7 Boundary Protection Protects T1598 Phishing for Information
SC-7 Boundary Protection Protects T1598.001 Spearphishing Service
SC-7 Boundary Protection Protects T1598.002 Spearphishing Attachment
SC-7 Boundary Protection Protects T1598.003 Spearphishing Link
SC-7 Boundary Protection Protects T1599 Network Boundary Bridging
SC-7 Boundary Protection Protects T1599.001 Network Address Translation Traversal
SC-7 Boundary Protection Protects T1602 Data from Configuration Repository
SC-7 Boundary Protection Protects T1602.001 SNMP (MIB Dump)
SC-7 Boundary Protection Protects T1602.002 Network Device Configuration Dump