NIST 800-53 SI-16 Mappings

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-16 Memory Protection Protects T1055.009 Proc Memory
SI-16 Memory Protection Protects T1543 Create or Modify System Process
SI-16 Memory Protection Protects T1543.002 Systemd Service
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection Protects T1565 Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.003 Runtime Data Manipulation
SI-16 Memory Protection Protects T1611 Escape to Host