NIST 800-53 SC-26 Mappings

Decoys (i.e., honeypots, honeynets, or deception nets) are established to attract adversaries and deflect attacks away from the operational systems that support organizational mission and business functions. Use of decoys requires some supporting isolation measures to ensure that any deflected malicious code does not infect organizational systems. Depending on the specific usage of the decoy, consultation with the Office of the General Counsel before deployment may be needed.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-26 Decoys Protects T1068 Exploitation for Privilege Escalation
SC-26 Decoys Protects T1210 Exploitation of Remote Services
SC-26 Decoys Protects T1211 Exploitation for Defense Evasion
SC-26 Decoys Protects T1212 Exploitation for Credential Access