NIST 800-53 CA-8 Mappings

Penetration testing is a specialized type of assessment conducted on systems or individual system components to identify vulnerabilities that could be exploited by adversaries. Penetration testing goes beyond automated vulnerability scanning and is conducted by agents and teams with demonstrable skills and experience that include technical expertise in network, operating system, and/or application level security. Penetration testing can be used to validate vulnerabilities or determine the degree of penetration resistance of systems to adversaries within specified constraints. Such constraints include time, resources, and skills. Penetration testing attempts to duplicate the actions of adversaries and provides a more in-depth analysis of security- and privacy-related weaknesses or deficiencies. Penetration testing is especially important when organizations are transitioning from older technologies to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols).

Organizations can use the results of vulnerability analyses to support penetration testing activities. Penetration testing can be conducted internally or externally on the hardware, software, or firmware components of a system and can exercise both physical and technical controls. A standard method for penetration testing includes a pretest analysis based on full knowledge of the system, pretest identification of potential vulnerabilities based on the pretest analysis, and testing designed to determine the exploitability of vulnerabilities. All parties agree to the rules of engagement before commencing penetration testing scenarios. Organizations correlate the rules of engagement for the penetration tests with the tools, techniques, and procedures that are anticipated to be employed by adversaries. Penetration testing may result in the exposure of information that is protected by laws or regulations, to individuals conducting the testing. Rules of engagement, contracts, or other appropriate mechanisms can be used to communicate expectations for how to protect this information. Risk assessments guide the decisions on the level of independence required for the personnel conducting penetration testing.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CA-8 Penetration Testing Protects T1021.001 Remote Desktop Protocol
CA-8 Penetration Testing Protects T1021.005 VNC
CA-8 Penetration Testing Protects T1053 Scheduled Task/Job
CA-8 Penetration Testing Protects T1053.001 At (Linux)
CA-8 Penetration Testing Protects T1053.002 At (Windows)
CA-8 Penetration Testing Protects T1053.003 Cron
CA-8 Penetration Testing Protects T1053.004 Launchd
CA-8 Penetration Testing Protects T1053.005 Scheduled Task
CA-8 Penetration Testing Protects T1059 Command and Scripting Interpreter
CA-8 Penetration Testing Protects T1068 Exploitation for Privilege Escalation
CA-8 Penetration Testing Protects T1078 Valid Accounts
CA-8 Penetration Testing Protects T1176 Browser Extensions
CA-8 Penetration Testing Protects T1195.003 Compromise Hardware Supply Chain
CA-8 Penetration Testing Protects T1204.003 Malicious Image
CA-8 Penetration Testing Protects T1210 Exploitation of Remote Services
CA-8 Penetration Testing Protects T1211 Exploitation for Defense Evasion
CA-8 Penetration Testing Protects T1212 Exploitation for Credential Access
CA-8 Penetration Testing Protects T1213 Data from Information Repositories
CA-8 Penetration Testing Protects T1213.001 Confluence
CA-8 Penetration Testing Protects T1213.002 Sharepoint
CA-8 Penetration Testing Protects T1482 Domain Trust Discovery
CA-8 Penetration Testing Protects T1484 Domain Policy Modification
CA-8 Penetration Testing Protects T1495 Firmware Corruption
CA-8 Penetration Testing Protects T1505 Server Software Component
CA-8 Penetration Testing Protects T1505.001 SQL Stored Procedures
CA-8 Penetration Testing Protects T1505.002 Transport Agent
CA-8 Penetration Testing Protects T1525 Implant Internal Image
CA-8 Penetration Testing Protects T1528 Steal Application Access Token
CA-8 Penetration Testing Protects T1530 Data from Cloud Storage Object
CA-8 Penetration Testing Protects T1542 Pre-OS Boot
CA-8 Penetration Testing Protects T1542.001 System Firmware
CA-8 Penetration Testing Protects T1542.003 Bootkit
CA-8 Penetration Testing Protects T1542.004 ROMMONkit
CA-8 Penetration Testing Protects T1542.005 TFTP Boot
CA-8 Penetration Testing Protects T1543 Create or Modify System Process
CA-8 Penetration Testing Protects T1543.003 Windows Service
CA-8 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CA-8 Penetration Testing Protects T1548.002 Bypass User Account Control
CA-8 Penetration Testing Protects T1550.001 Application Access Token
CA-8 Penetration Testing Protects T1552 Unsecured Credentials
CA-8 Penetration Testing Protects T1552.001 Credentials In Files
CA-8 Penetration Testing Protects T1552.002 Credentials in Registry
CA-8 Penetration Testing Protects T1552.004 Private Keys
CA-8 Penetration Testing Protects T1552.006 Group Policy Preferences
CA-8 Penetration Testing Protects T1553 Subvert Trust Controls
CA-8 Penetration Testing Protects T1553.006 Code Signing Policy Modification
CA-8 Penetration Testing Protects T1554 Compromise Client Software Binary
CA-8 Penetration Testing Protects T1558.004 AS-REP Roasting
CA-8 Penetration Testing Protects T1560 Archive Collected Data
CA-8 Penetration Testing Protects T1560.001 Archive via Utility
CA-8 Penetration Testing Protects T1562 Impair Defenses
CA-8 Penetration Testing Protects T1563 Remote Service Session Hijacking
CA-8 Penetration Testing Protects T1574 Hijack Execution Flow
CA-8 Penetration Testing Protects T1574.001 DLL Search Order Hijacking
CA-8 Penetration Testing Protects T1574.005 Executable Installer File Permissions Weakness
CA-8 Penetration Testing Protects T1574.007 Path Interception by PATH Environment Variable
CA-8 Penetration Testing Protects T1574.008 Path Interception by Search Order Hijacking
CA-8 Penetration Testing Protects T1574.009 Path Interception by Unquoted Path
CA-8 Penetration Testing Protects T1574.010 Services File Permissions Weakness
CA-8 Penetration Testing Protects T1578 Modify Cloud Compute Infrastructure
CA-8 Penetration Testing Protects T1578.001 Create Snapshot
CA-8 Penetration Testing Protects T1578.002 Create Cloud Instance
CA-8 Penetration Testing Protects T1578.003 Delete Cloud Instance
CA-8 Penetration Testing Protects T1601 Modify System Image
CA-8 Penetration Testing Protects T1601.001 Patch System Image
CA-8 Penetration Testing Protects T1601.002 Downgrade System Image
CA-8 Penetration Testing Protects T1612 Build Image on Host