NIST 800-53 SI-7 Mappings

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity. Software includes operating systems (with key internal components, such as kernels or drivers), middleware, and applications. Firmware interfaces include Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS). Information includes personally identifiable information and metadata that contains security and privacy attributes associated with information. Integrity-checking mechanisms—including parity checks, cyclical redundancy checks, cryptographic hashes, and associated tools—can automatically monitor the integrity of systems and hosted applications.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-7 Software, Firmware, and Information Integrity Protects T1003 OS Credential Dumping
SI-7 Software, Firmware, and Information Integrity Protects T1003.003 NTDS
SI-7 Software, Firmware, and Information Integrity Protects T1020.001 Traffic Duplication
SI-7 Software, Firmware, and Information Integrity Protects T1027 Obfuscated Files or Information
SI-7 Software, Firmware, and Information Integrity Protects T1027.002 Software Packing
SI-7 Software, Firmware, and Information Integrity Protects T1036 Masquerading
SI-7 Software, Firmware, and Information Integrity Protects T1036.001 Invalid Code Signature
SI-7 Software, Firmware, and Information Integrity Protects T1036.005 Match Legitimate Name or Location
SI-7 Software, Firmware, and Information Integrity Protects T1037 Boot or Logon Initialization Scripts
SI-7 Software, Firmware, and Information Integrity Protects T1037.002 Logon Script (Mac)
SI-7 Software, Firmware, and Information Integrity Protects T1037.003 Network Logon Script
SI-7 Software, Firmware, and Information Integrity Protects T1037.004 Rc.common
SI-7 Software, Firmware, and Information Integrity Protects T1037.005 Startup Items
SI-7 Software, Firmware, and Information Integrity Protects T1040 Network Sniffing
SI-7 Software, Firmware, and Information Integrity Protects T1053.006 Systemd Timers
SI-7 Software, Firmware, and Information Integrity Protects T1056.002 GUI Input Capture
SI-7 Software, Firmware, and Information Integrity Protects T1059 Command and Scripting Interpreter
SI-7 Software, Firmware, and Information Integrity Protects T1059.001 PowerShell
SI-7 Software, Firmware, and Information Integrity Protects T1059.002 AppleScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.003 Windows Command Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.004 Unix Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.005 Visual Basic
SI-7 Software, Firmware, and Information Integrity Protects T1059.006 Python
SI-7 Software, Firmware, and Information Integrity Protects T1059.007 JavaScript/JScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.008 Network Device CLI
SI-7 Software, Firmware, and Information Integrity Protects T1068 Exploitation for Privilege Escalation
SI-7 Software, Firmware, and Information Integrity Protects T1070 Indicator Removal on Host
SI-7 Software, Firmware, and Information Integrity Protects T1070.001 Clear Windows Event Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.002 Clear Linux or Mac System Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.003 Clear Command History
SI-7 Software, Firmware, and Information Integrity Protects T1072 Software Deployment Tools
SI-7 Software, Firmware, and Information Integrity Protects T1080 Taint Shared Content
SI-7 Software, Firmware, and Information Integrity Protects T1098.001 Additional Cloud Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1098.002 Exchange Email Delegate Permissions
SI-7 Software, Firmware, and Information Integrity Protects T1098.003 Add Office 365 Global Administrator Role
SI-7 Software, Firmware, and Information Integrity Protects T1114 Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.001 Local Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.002 Remote Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.003 Email Forwarding Rule
SI-7 Software, Firmware, and Information Integrity Protects T1119 Automated Collection
SI-7 Software, Firmware, and Information Integrity Protects T1127 Trusted Developer Utilities Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1129 Shared Modules
SI-7 Software, Firmware, and Information Integrity Protects T1133 External Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1136 Create Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.001 Local Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.002 Domain Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.003 Cloud Account
SI-7 Software, Firmware, and Information Integrity Protects T1176 Browser Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1185 Man in the Browser
SI-7 Software, Firmware, and Information Integrity Protects T1189 Drive-by Compromise
SI-7 Software, Firmware, and Information Integrity Protects T1190 Exploit Public-Facing Application
SI-7 Software, Firmware, and Information Integrity Protects T1195.003 Compromise Hardware Supply Chain
SI-7 Software, Firmware, and Information Integrity Protects T1203 Exploitation for Client Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204 User Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204.001 Malicious Link
SI-7 Software, Firmware, and Information Integrity Protects T1204.002 Malicious File
SI-7 Software, Firmware, and Information Integrity Protects T1210 Exploitation of Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1211 Exploitation for Defense Evasion
SI-7 Software, Firmware, and Information Integrity Protects T1212 Exploitation for Credential Access
SI-7 Software, Firmware, and Information Integrity Protects T1216 Signed Script Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1216.001 PubPrn
SI-7 Software, Firmware, and Information Integrity Protects T1218 Signed Binary Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1218.001 Compiled HTML File
SI-7 Software, Firmware, and Information Integrity Protects T1218.002 Control Panel
SI-7 Software, Firmware, and Information Integrity Protects T1218.003 CMSTP
SI-7 Software, Firmware, and Information Integrity Protects T1218.004 InstallUtil
SI-7 Software, Firmware, and Information Integrity Protects T1218.005 Mshta
SI-7 Software, Firmware, and Information Integrity Protects T1218.008 Odbcconf
SI-7 Software, Firmware, and Information Integrity Protects T1218.009 Regsvcs/Regasm
SI-7 Software, Firmware, and Information Integrity Protects T1218.010 Regsvr32
SI-7 Software, Firmware, and Information Integrity Protects T1218.011 Rundll32
SI-7 Software, Firmware, and Information Integrity Protects T1218.012 Verclsid
SI-7 Software, Firmware, and Information Integrity Protects T1219 Remote Access Software
SI-7 Software, Firmware, and Information Integrity Protects T1220 XSL Script Processing
SI-7 Software, Firmware, and Information Integrity Protects T1221 Template Injection
SI-7 Software, Firmware, and Information Integrity Protects T1222 File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.001 Windows File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1485 Data Destruction
SI-7 Software, Firmware, and Information Integrity Protects T1486 Data Encrypted for Impact
SI-7 Software, Firmware, and Information Integrity Protects T1490 Inhibit System Recovery
SI-7 Software, Firmware, and Information Integrity Protects T1491 Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.001 Internal Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1495 Firmware Corruption
SI-7 Software, Firmware, and Information Integrity Protects T1505 Server Software Component
SI-7 Software, Firmware, and Information Integrity Protects T1505.001 SQL Stored Procedures
SI-7 Software, Firmware, and Information Integrity Protects T1505.002 Transport Agent
SI-7 Software, Firmware, and Information Integrity Protects T1525 Implant Container Image
SI-7 Software, Firmware, and Information Integrity Protects T1530 Data from Cloud Storage Object
SI-7 Software, Firmware, and Information Integrity Protects T1542 Pre-OS Boot
SI-7 Software, Firmware, and Information Integrity Protects T1542.001 System Firmware
SI-7 Software, Firmware, and Information Integrity Protects T1542.003 Bootkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.004 ROMMONkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.005 TFTP Boot
SI-7 Software, Firmware, and Information Integrity Protects T1543 Create or Modify System Process
SI-7 Software, Firmware, and Information Integrity Protects T1543.002 Systemd Service
SI-7 Software, Firmware, and Information Integrity Protects T1546 Event Triggered Execution
SI-7 Software, Firmware, and Information Integrity Protects T1546.002 Screensaver
SI-7 Software, Firmware, and Information Integrity Protects T1546.004 .bash_profile and .bashrc
SI-7 Software, Firmware, and Information Integrity Protects T1546.006 LC_LOAD_DYLIB Addition
SI-7 Software, Firmware, and Information Integrity Protects T1546.008 Accessibility Features
SI-7 Software, Firmware, and Information Integrity Protects T1546.009 AppCert DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.010 AppInit DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.013 PowerShell Profile
SI-7 Software, Firmware, and Information Integrity Protects T1547.002 Authentication Package
SI-7 Software, Firmware, and Information Integrity Protects T1547.003 Time Providers
SI-7 Software, Firmware, and Information Integrity Protects T1547.004 Winlogon Helper DLL
SI-7 Software, Firmware, and Information Integrity Protects T1547.005 Security Support Provider
SI-7 Software, Firmware, and Information Integrity Protects T1547.006 Kernel Modules and Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1547.008 LSASS Driver
SI-7 Software, Firmware, and Information Integrity Protects T1547.011 Plist Modification
SI-7 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
SI-7 Software, Firmware, and Information Integrity Protects T1548.004 Elevated Execution with Prompt
SI-7 Software, Firmware, and Information Integrity Protects T1550.001 Application Access Token
SI-7 Software, Firmware, and Information Integrity Protects T1550.004 Web Session Cookie
SI-7 Software, Firmware, and Information Integrity Protects T1552 Unsecured Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1552.004 Private Keys
SI-7 Software, Firmware, and Information Integrity Protects T1553 Subvert Trust Controls
SI-7 Software, Firmware, and Information Integrity Protects T1553.001 Gatekeeper Bypass
SI-7 Software, Firmware, and Information Integrity Protects T1553.003 SIP and Trust Provider Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1554 Compromise Client Software Binary
SI-7 Software, Firmware, and Information Integrity Protects T1556 Modify Authentication Process
SI-7 Software, Firmware, and Information Integrity Protects T1556.001 Domain Controller Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1556.003 Pluggable Authentication Modules
SI-7 Software, Firmware, and Information Integrity Protects T1556.004 Network Device Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1557 Man-in-the-Middle
SI-7 Software, Firmware, and Information Integrity Protects T1557.002 ARP Cache Poisoning
SI-7 Software, Firmware, and Information Integrity Protects T1558 Steal or Forge Kerberos Tickets
SI-7 Software, Firmware, and Information Integrity Protects T1558.002 Silver Ticket
SI-7 Software, Firmware, and Information Integrity Protects T1558.003 Kerberoasting
SI-7 Software, Firmware, and Information Integrity Protects T1558.004 AS-REP Roasting
SI-7 Software, Firmware, and Information Integrity Protects T1561 Disk Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.001 Disk Content Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.002 Disk Structure Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1562 Impair Defenses
SI-7 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
SI-7 Software, Firmware, and Information Integrity Protects T1562.002 Disable Windows Event Logging
SI-7 Software, Firmware, and Information Integrity Protects T1562.004 Disable or Modify System Firewall
SI-7 Software, Firmware, and Information Integrity Protects T1562.006 Indicator Blocking
SI-7 Software, Firmware, and Information Integrity Protects T1564.003 Hidden Window
SI-7 Software, Firmware, and Information Integrity Protects T1564.004 NTFS File Attributes
SI-7 Software, Firmware, and Information Integrity Protects T1564.006 Run Virtual Instance
SI-7 Software, Firmware, and Information Integrity Protects T1565 Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.002 Transmitted Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1569 System Services
SI-7 Software, Firmware, and Information Integrity Protects T1569.002 Service Execution
SI-7 Software, Firmware, and Information Integrity Protects T1574 Hijack Execution Flow
SI-7 Software, Firmware, and Information Integrity Protects T1574.001 DLL Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.002 DLL Side-Loading
SI-7 Software, Firmware, and Information Integrity Protects T1574.004 Dylib Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.006 LD_PRELOAD
SI-7 Software, Firmware, and Information Integrity Protects T1574.007 Path Interception by PATH Environment Variable
SI-7 Software, Firmware, and Information Integrity Protects T1574.008 Path Interception by Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.009 Path Interception by Unquoted Path
SI-7 Software, Firmware, and Information Integrity Protects T1574.012 COR_PROFILER
SI-7 Software, Firmware, and Information Integrity Protects T1599 Network Boundary Bridging
SI-7 Software, Firmware, and Information Integrity Protects T1599.001 Network Address Translation Traversal
SI-7 Software, Firmware, and Information Integrity Protects T1601 Modify System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.001 Patch System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.002 Downgrade System Image
SI-7 Software, Firmware, and Information Integrity Protects T1602 Data from Configuration Repository
SI-7 Software, Firmware, and Information Integrity Protects T1602.001 SNMP (MIB Dump)
SI-7 Software, Firmware, and Information Integrity Protects T1602.002 Network Device Configuration Dump