Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information. Authenticity protection includes protecting against man-in-the-middle
attacks, session hijacking, and the insertion of false information into sessions.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-23 | Session Authenticity | Protects | T1071 | Application Layer Protocol |
| SC-23 | Session Authenticity | Protects | T1071.001 | Web Protocols |
| SC-23 | Session Authenticity | Protects | T1071.002 | File Transfer Protocols |
| SC-23 | Session Authenticity | Protects | T1071.003 | Mail Protocols |
| SC-23 | Session Authenticity | Protects | T1071.004 | DNS |
| SC-23 | Session Authenticity | Protects | T1535 | Unused/Unsupported Cloud Regions |
| SC-23 | Session Authenticity | Protects | T1550.004 | Web Session Cookie |
| SC-23 | Session Authenticity | Protects | T1557 | Man-in-the-Middle |
| SC-23 | Session Authenticity | Protects | T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay |
| SC-23 | Session Authenticity | Protects | T1557.002 | ARP Cache Poisoning |
| SC-23 | Session Authenticity | Protects | T1563.001 | SSH Hijacking |
| SC-23 | Session Authenticity | Protects | T1573 | Encrypted Channel |
| SC-23 | Session Authenticity | Protects | T1573.001 | Symmetric Cryptography |
| SC-23 | Session Authenticity | Protects | T1573.002 | Asymmetric Cryptography |