NIST 800-53 SI-2 Mappings

The need to remediate system flaws applies to all types of software and firmware. Organizations identify systems affected by software flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security and privacy responsibilities. Security-relevant updates include patches, service packs, and malicious code signatures. Organizations also address flaws discovered during assessments, continuous monitoring, incident response activities, and system error handling. By incorporating flaw remediation into configuration management processes, required remediation actions can be tracked and verified.

Organization-defined time periods for updating security-relevant software and firmware may vary based on a variety of risk factors, including the security category of the system, the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw), the organizational risk tolerance, the mission supported by the system, or the threat environment. Some types of flaw remediation may require more testing than other types. Organizations determine the type of testing needed for the specific type of flaw remediation activity under consideration and the types of changes that are to be configuration-managed. In some situations, organizations may determine that the testing of software or firmware updates is not necessary or practical, such as when implementing simple malicious code signature updates. In testing decisions, organizations consider whether security-relevant software or firmware updates are obtained from authorized sources with appropriate digital signatures.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-2 Flaw Remediation Protects T1027 Obfuscated Files or Information
SI-2 Flaw Remediation Protects T1027.002 Software Packing
SI-2 Flaw Remediation Protects T1055 Process Injection
SI-2 Flaw Remediation Protects T1055.001 Dynamic-link Library Injection
SI-2 Flaw Remediation Protects T1055.002 Portable Executable Injection
SI-2 Flaw Remediation Protects T1055.003 Thread Execution Hijacking
SI-2 Flaw Remediation Protects T1055.004 Asynchronous Procedure Call
SI-2 Flaw Remediation Protects T1055.005 Thread Local Storage
SI-2 Flaw Remediation Protects T1055.008 Ptrace System Calls
SI-2 Flaw Remediation Protects T1055.009 Proc Memory
SI-2 Flaw Remediation Protects T1055.011 Extra Window Memory Injection
SI-2 Flaw Remediation Protects T1055.012 Process Hollowing
SI-2 Flaw Remediation Protects T1055.013 Process Doppelgänging
SI-2 Flaw Remediation Protects T1055.014 VDSO Hijacking
SI-2 Flaw Remediation Protects T1059 Command and Scripting Interpreter
SI-2 Flaw Remediation Protects T1059.001 PowerShell
SI-2 Flaw Remediation Protects T1059.005 Visual Basic
SI-2 Flaw Remediation Protects T1059.006 Python
SI-2 Flaw Remediation Protects T1068 Exploitation for Privilege Escalation
SI-2 Flaw Remediation Protects T1072 Software Deployment Tools
SI-2 Flaw Remediation Protects T1137 Office Application Startup
SI-2 Flaw Remediation Protects T1137.003 Outlook Forms
SI-2 Flaw Remediation Protects T1137.004 Outlook Home Page
SI-2 Flaw Remediation Protects T1137.005 Outlook Rules
SI-2 Flaw Remediation Protects T1189 Drive-by Compromise
SI-2 Flaw Remediation Protects T1190 Exploit Public-Facing Application
SI-2 Flaw Remediation Protects T1195 Supply Chain Compromise
SI-2 Flaw Remediation Protects T1195.001 Compromise Software Dependencies and Development Tools
SI-2 Flaw Remediation Protects T1195.002 Compromise Software Supply Chain
SI-2 Flaw Remediation Protects T1195.003 Compromise Hardware Supply Chain
SI-2 Flaw Remediation Protects T1204 User Execution
SI-2 Flaw Remediation Protects T1204.001 Malicious Link
SI-2 Flaw Remediation Protects T1210 Exploitation of Remote Services
SI-2 Flaw Remediation Protects T1211 Exploitation for Defense Evasion
SI-2 Flaw Remediation Protects T1212 Exploitation for Credential Access
SI-2 Flaw Remediation Protects T1221 Template Injection
SI-2 Flaw Remediation Protects T1495 Firmware Corruption
SI-2 Flaw Remediation Protects T1525 Implant Container Image
SI-2 Flaw Remediation Protects T1542 Pre-OS Boot
SI-2 Flaw Remediation Protects T1542.001 System Firmware
SI-2 Flaw Remediation Protects T1542.003 Bootkit
SI-2 Flaw Remediation Protects T1542.004 ROMMONkit
SI-2 Flaw Remediation Protects T1542.005 TFTP Boot
SI-2 Flaw Remediation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-2 Flaw Remediation Protects T1546.010 AppInit DLLs
SI-2 Flaw Remediation Protects T1546.011 Application Shimming
SI-2 Flaw Remediation Protects T1547.006 Kernel Modules and Extensions
SI-2 Flaw Remediation Protects T1548.002 Bypass User Account Control
SI-2 Flaw Remediation Protects T1550.002 Pass the Hash
SI-2 Flaw Remediation Protects T1552 Unsecured Credentials
SI-2 Flaw Remediation Protects T1552.006 Group Policy Preferences
SI-2 Flaw Remediation Protects T1559 Inter-Process Communication
SI-2 Flaw Remediation Protects T1559.002 Dynamic Data Exchange
SI-2 Flaw Remediation Protects T1566 Phishing
SI-2 Flaw Remediation Protects T1566.001 Spearphishing Attachment
SI-2 Flaw Remediation Protects T1566.003 Spearphishing via Service
SI-2 Flaw Remediation Protects T1574 Hijack Execution Flow
SI-2 Flaw Remediation Protects T1574.002 DLL Side-Loading
SI-2 Flaw Remediation Protects T1601 Modify System Image
SI-2 Flaw Remediation Protects T1601.001 Patch System Image
SI-2 Flaw Remediation Protects T1601.002 Downgrade System Image