NIST 800-53 Access Control Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token
AC-11 Device Lock Protects T1021.001 Remote Desktop Protocol
AC-11 Device Lock Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1072 Software Deployment Tools
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-14 Permitted Actions Without Identification or Authentication Protects T1137.002 Office Test
AC-16 Security and Privacy Attributes Protects T1003 OS Credential Dumping
AC-16 Security and Privacy Attributes Protects T1003.003 NTDS
AC-16 Security and Privacy Attributes Protects T1020.001 Traffic Duplication
AC-16 Security and Privacy Attributes Protects T1040 Network Sniffing
AC-16 Security and Privacy Attributes Protects T1070 Indicator Removal on Host
AC-16 Security and Privacy Attributes Protects T1070.001 Clear Windows Event Logs
AC-16 Security and Privacy Attributes Protects T1070.002 Clear Linux or Mac System Logs
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-16 Security and Privacy Attributes Protects T1114.001 Local Email Collection
AC-16 Security and Privacy Attributes Protects T1114.002 Remote Email Collection
AC-16 Security and Privacy Attributes Protects T1114.003 Email Forwarding Rule
AC-16 Security and Privacy Attributes Protects T1119 Automated Collection
AC-16 Security and Privacy Attributes Protects T1213 Data from Information Repositories
AC-16 Security and Privacy Attributes Protects T1213.001 Confluence
AC-16 Security and Privacy Attributes Protects T1213.002 Sharepoint
AC-16 Security and Privacy Attributes Protects T1222 File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.001 Windows File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage Object
AC-16 Security and Privacy Attributes Protects T1537 Transfer Data to Cloud Account
AC-16 Security and Privacy Attributes Protects T1547.007 Re-opened Applications
AC-16 Security and Privacy Attributes Protects T1547.011 Plist Modification
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-16 Security and Privacy Attributes Protects T1548.003 Sudo and Sudo Caching
AC-16 Security and Privacy Attributes Protects T1550.001 Application Access Token
AC-16 Security and Privacy Attributes Protects T1552 Unsecured Credentials
AC-16 Security and Privacy Attributes Protects T1552.004 Private Keys
AC-16 Security and Privacy Attributes Protects T1552.005 Cloud Instance Metadata API
AC-16 Security and Privacy Attributes Protects T1557 Man-in-the-Middle
AC-16 Security and Privacy Attributes Protects T1557.002 ARP Cache Poisoning
AC-16 Security and Privacy Attributes Protects T1558 Steal or Forge Kerberos Tickets
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-16 Security and Privacy Attributes Protects T1558.003 Kerberoasting
AC-16 Security and Privacy Attributes Protects T1558.004 AS-REP Roasting
AC-16 Security and Privacy Attributes Protects T1564.004 NTFS File Attributes
AC-16 Security and Privacy Attributes Protects T1565 Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.001 Stored Data Manipulation
AC-16 Security and Privacy Attributes Protects T1565.002 Transmitted Data Manipulation
AC-16 Security and Privacy Attributes Protects T1602 Data from Configuration Repository
AC-16 Security and Privacy Attributes Protects T1602.001 SNMP (MIB Dump)
AC-16 Security and Privacy Attributes Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1020.001 Traffic Duplication
AC-17 Remote Access Protects T1021 Remote Services
AC-17 Remote Access Protects T1021.001 Remote Desktop Protocol
AC-17 Remote Access Protects T1021.002 SMB/Windows Admin Shares
AC-17 Remote Access Protects T1021.003 Distributed Component Object Model
AC-17 Remote Access Protects T1021.004 SSH
AC-17 Remote Access Protects T1021.005 VNC
AC-17 Remote Access Protects T1021.006 Windows Remote Management
AC-17 Remote Access Protects T1037 Boot or Logon Initialization Scripts
AC-17 Remote Access Protects T1037.001 Logon Script (Windows)
AC-17 Remote Access Protects T1040 Network Sniffing
AC-17 Remote Access Protects T1047 Windows Management Instrumentation
AC-17 Remote Access Protects T1070 Indicator Removal on Host
AC-17 Remote Access Protects T1070.001 Clear Windows Event Logs
AC-17 Remote Access Protects T1070.002 Clear Linux or Mac System Logs
AC-17 Remote Access Protects T1114 Email Collection
AC-17 Remote Access Protects T1114.001 Local Email Collection
AC-17 Remote Access Protects T1114.002 Remote Email Collection
AC-17 Remote Access Protects T1114.003 Email Forwarding Rule
AC-17 Remote Access Protects T1119 Automated Collection
AC-17 Remote Access Protects T1133 External Remote Services
AC-17 Remote Access Protects T1137 Office Application Startup
AC-17 Remote Access Protects T1137.002 Office Test
AC-17 Remote Access Protects T1213 Data from Information Repositories
AC-17 Remote Access Protects T1213.001 Confluence
AC-17 Remote Access Protects T1213.002 Sharepoint
AC-17 Remote Access Protects T1219 Remote Access Software
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1537 Transfer Data to Cloud Account
AC-17 Remote Access Protects T1543 Create or Modify System Process
AC-17 Remote Access Protects T1543.003 Windows Service
AC-17 Remote Access Protects T1547.003 Time Providers
AC-17 Remote Access Protects T1547.004 Winlogon Helper DLL
AC-17 Remote Access Protects T1547.009 Shortcut Modification
AC-17 Remote Access Protects T1547.011 Plist Modification
AC-17 Remote Access Protects T1547.012 Print Processors
AC-17 Remote Access Protects T1547.013 XDG Autostart Entries
AC-17 Remote Access Protects T1550.001 Application Access Token
AC-17 Remote Access Protects T1552 Unsecured Credentials
AC-17 Remote Access Protects T1552.002 Credentials in Registry
AC-17 Remote Access Protects T1552.004 Private Keys
AC-17 Remote Access Protects T1552.007 Container API
AC-17 Remote Access Protects T1557 Man-in-the-Middle
AC-17 Remote Access Protects T1557.002 ARP Cache Poisoning
AC-17 Remote Access Protects T1558 Steal or Forge Kerberos Tickets
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.003 Kerberoasting
AC-17 Remote Access Protects T1558.004 AS-REP Roasting
AC-17 Remote Access Protects T1563 Remote Service Session Hijacking
AC-17 Remote Access Protects T1563.001 SSH Hijacking
AC-17 Remote Access Protects T1563.002 RDP Hijacking
AC-17 Remote Access Protects T1565 Data Manipulation
AC-17 Remote Access Protects T1565.001 Stored Data Manipulation
AC-17 Remote Access Protects T1565.002 Transmitted Data Manipulation
AC-17 Remote Access Protects T1602 Data from Configuration Repository
AC-17 Remote Access Protects T1602.001 SNMP (MIB Dump)
AC-17 Remote Access Protects T1602.002 Network Device Configuration Dump
AC-17 Remote Access Protects T1609 Container Administration Command
AC-17 Remote Access Protects T1610 Deploy Container
AC-17 Remote Access Protects T1612 Build Image on Host
AC-17 Remote Access Protects T1613 Container and Resource Discovery
AC-18 Wireless Access Protects T1011 Exfiltration Over Other Network Medium
AC-18 Wireless Access Protects T1011.001 Exfiltration Over Bluetooth
AC-18 Wireless Access Protects T1020.001 Traffic Duplication
AC-18 Wireless Access Protects T1040 Network Sniffing
AC-18 Wireless Access Protects T1070 Indicator Removal on Host
AC-18 Wireless Access Protects T1070.001 Clear Windows Event Logs
AC-18 Wireless Access Protects T1070.002 Clear Linux or Mac System Logs
AC-18 Wireless Access Protects T1119 Automated Collection
AC-18 Wireless Access Protects T1530 Data from Cloud Storage Object
AC-18 Wireless Access Protects T1552 Unsecured Credentials
AC-18 Wireless Access Protects T1552.004 Private Keys
AC-18 Wireless Access Protects T1557 Man-in-the-Middle
AC-18 Wireless Access Protects T1557.002 ARP Cache Poisoning
AC-18 Wireless Access Protects T1558 Steal or Forge Kerberos Tickets
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.003 Kerberoasting
AC-18 Wireless Access Protects T1558.004 AS-REP Roasting
AC-18 Wireless Access Protects T1565 Data Manipulation
AC-18 Wireless Access Protects T1565.001 Stored Data Manipulation
AC-18 Wireless Access Protects T1565.002 Transmitted Data Manipulation
AC-18 Wireless Access Protects T1602 Data from Configuration Repository
AC-18 Wireless Access Protects T1602.001 SNMP (MIB Dump)
AC-18 Wireless Access Protects T1602.002 Network Device Configuration Dump
AC-19 Access Control for Mobile Devices Protects T1020.001 Traffic Duplication
AC-19 Access Control for Mobile Devices Protects T1040 Network Sniffing
AC-19 Access Control for Mobile Devices Protects T1070 Indicator Removal on Host
AC-19 Access Control for Mobile Devices Protects T1070.001 Clear Windows Event Logs
AC-19 Access Control for Mobile Devices Protects T1070.002 Clear Linux or Mac System Logs
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.001 Local Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.002 Remote Email Collection
AC-19 Access Control for Mobile Devices Protects T1114.003 Email Forwarding Rule
AC-19 Access Control for Mobile Devices Protects T1119 Automated Collection
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage Object
AC-19 Access Control for Mobile Devices Protects T1550.001 Application Access Token
AC-19 Access Control for Mobile Devices Protects T1552 Unsecured Credentials
AC-19 Access Control for Mobile Devices Protects T1552.004 Private Keys
AC-19 Access Control for Mobile Devices Protects T1557 Man-in-the-Middle
AC-19 Access Control for Mobile Devices Protects T1557.002 ARP Cache Poisoning
AC-19 Access Control for Mobile Devices Protects T1558 Steal or Forge Kerberos Tickets
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.003 Kerberoasting
AC-19 Access Control for Mobile Devices Protects T1558.004 AS-REP Roasting
AC-19 Access Control for Mobile Devices Protects T1565 Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.001 Stored Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1565.002 Transmitted Data Manipulation
AC-19 Access Control for Mobile Devices Protects T1602 Data from Configuration Repository
AC-19 Access Control for Mobile Devices Protects T1602.001 SNMP (MIB Dump)
AC-19 Access Control for Mobile Devices Protects T1602.002 Network Device Configuration Dump
AC-2 Account Management Protects T1003 OS Credential Dumping
AC-2 Account Management Protects T1003.001 LSASS Memory
AC-2 Account Management Protects T1003.002 Security Account Manager
AC-2 Account Management Protects T1003.003 NTDS
AC-2 Account Management Protects T1003.004 LSA Secrets
AC-2 Account Management Protects T1003.005 Cached Domain Credentials
AC-2 Account Management Protects T1003.006 DCSync
AC-2 Account Management Protects T1003.007 Proc Filesystem
AC-2 Account Management Protects T1003.008 /etc/passwd and /etc/shadow
AC-2 Account Management Protects T1021 Remote Services
AC-2 Account Management Protects T1021.001 Remote Desktop Protocol
AC-2 Account Management Protects T1021.002 SMB/Windows Admin Shares
AC-2 Account Management Protects T1021.003 Distributed Component Object Model
AC-2 Account Management Protects T1021.004 SSH
AC-2 Account Management Protects T1021.005 VNC
AC-2 Account Management Protects T1021.006 Windows Remote Management
AC-2 Account Management Protects T1036 Masquerading
AC-2 Account Management Protects T1036.003 Rename System Utilities
AC-2 Account Management Protects T1036.005 Match Legitimate Name or Location
AC-2 Account Management Protects T1047 Windows Management Instrumentation
AC-2 Account Management Protects T1053 Scheduled Task/Job
AC-2 Account Management Protects T1053.001 At (Linux)
AC-2 Account Management Protects T1053.002 At (Windows)
AC-2 Account Management Protects T1053.003 Cron
AC-2 Account Management Protects T1053.004 Launchd
AC-2 Account Management Protects T1053.005 Scheduled Task
AC-2 Account Management Protects T1053.006 Systemd Timers
AC-2 Account Management Protects T1053.007 Container Orchestration Job
AC-2 Account Management Protects T1055 Process Injection
AC-2 Account Management Protects T1055.008 Ptrace System Calls
AC-2 Account Management Protects T1056.003 Web Portal Capture
AC-2 Account Management Protects T1059 Command and Scripting Interpreter
AC-2 Account Management Protects T1059.001 PowerShell
AC-2 Account Management Protects T1059.008 Network Device CLI
AC-2 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-2 Account Management Protects T1070 Indicator Removal on Host
AC-2 Account Management Protects T1070.001 Clear Windows Event Logs
AC-2 Account Management Protects T1070.002 Clear Linux or Mac System Logs
AC-2 Account Management Protects T1070.003 Clear Command History
AC-2 Account Management Protects T1072 Software Deployment Tools
AC-2 Account Management Protects T1078 Valid Accounts
AC-2 Account Management Protects T1078.001 Default Accounts
AC-2 Account Management Protects T1078.002 Domain Accounts
AC-2 Account Management Protects T1078.003 Local Accounts
AC-2 Account Management Protects T1078.004 Cloud Accounts
AC-2 Account Management Protects T1087.004 Cloud Account
AC-2 Account Management Protects T1098 Account Manipulation
AC-2 Account Management Protects T1098.001 Additional Cloud Credentials
AC-2 Account Management Protects T1098.002 Exchange Email Delegate Permissions
AC-2 Account Management Protects T1098.003 Add Office 365 Global Administrator Role
AC-2 Account Management Protects T1110 Brute Force
AC-2 Account Management Protects T1110.001 Password Guessing
AC-2 Account Management Protects T1110.002 Password Cracking
AC-2 Account Management Protects T1110.003 Password Spraying
AC-2 Account Management Protects T1110.004 Credential Stuffing
AC-2 Account Management Protects T1134 Access Token Manipulation
AC-2 Account Management Protects T1134.001 Token Impersonation/Theft
AC-2 Account Management Protects T1134.002 Create Process with Token
AC-2 Account Management Protects T1134.003 Make and Impersonate Token
AC-2 Account Management Protects T1136 Create Account
AC-2 Account Management Protects T1136.001 Local Account
AC-2 Account Management Protects T1136.002 Domain Account
AC-2 Account Management Protects T1136.003 Cloud Account
AC-2 Account Management Protects T1185 Man in the Browser
AC-2 Account Management Protects T1190 Exploit Public-Facing Application
AC-2 Account Management Protects T1197 BITS Jobs
AC-2 Account Management Protects T1210 Exploitation of Remote Services
AC-2 Account Management Protects T1212 Exploitation for Credential Access
AC-2 Account Management Protects T1213 Data from Information Repositories
AC-2 Account Management Protects T1213.001 Confluence
AC-2 Account Management Protects T1213.002 Sharepoint
AC-2 Account Management Protects T1218 Signed Binary Proxy Execution
AC-2 Account Management Protects T1218.007 Msiexec
AC-2 Account Management Protects T1222 File and Directory Permissions Modification
AC-2 Account Management Protects T1222.001 Windows File and Directory Permissions Modification
AC-2 Account Management Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-2 Account Management Protects T1484 Domain Policy Modification
AC-2 Account Management Protects T1489 Service Stop
AC-2 Account Management Protects T1495 Firmware Corruption
AC-2 Account Management Protects T1505 Server Software Component
AC-2 Account Management Protects T1505.001 SQL Stored Procedures
AC-2 Account Management Protects T1505.002 Transport Agent
AC-2 Account Management Protects T1525 Implant Internal Image
AC-2 Account Management Protects T1528 Steal Application Access Token
AC-2 Account Management Protects T1530 Data from Cloud Storage Object
AC-2 Account Management Protects T1537 Transfer Data to Cloud Account
AC-2 Account Management Protects T1538 Cloud Service Dashboard
AC-2 Account Management Protects T1542 Pre-OS Boot
AC-2 Account Management Protects T1542.001 System Firmware
AC-2 Account Management Protects T1542.003 Bootkit
AC-2 Account Management Protects T1542.005 TFTP Boot
AC-2 Account Management Protects T1543 Create or Modify System Process
AC-2 Account Management Protects T1543.001 Launch Agent
AC-2 Account Management Protects T1543.002 Systemd Service
AC-2 Account Management Protects T1543.003 Windows Service
AC-2 Account Management Protects T1543.004 Launch Daemon
AC-2 Account Management Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-2 Account Management Protects T1547.004 Winlogon Helper DLL
AC-2 Account Management Protects T1547.006 Kernel Modules and Extensions
AC-2 Account Management Protects T1547.009 Shortcut Modification
AC-2 Account Management Protects T1547.012 Print Processors
AC-2 Account Management Protects T1547.013 XDG Autostart Entries
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1548.002 Bypass User Account Control
AC-2 Account Management Protects T1548.003 Sudo and Sudo Caching
AC-2 Account Management Protects T1550 Use Alternate Authentication Material
AC-2 Account Management Protects T1550.002 Pass the Hash
AC-2 Account Management Protects T1550.003 Pass the Ticket
AC-2 Account Management Protects T1552 Unsecured Credentials
AC-2 Account Management Protects T1552.001 Credentials In Files
AC-2 Account Management Protects T1552.002 Credentials in Registry
AC-2 Account Management Protects T1552.004 Private Keys
AC-2 Account Management Protects T1552.006 Group Policy Preferences
AC-2 Account Management Protects T1552.007 Container API
AC-2 Account Management Protects T1556 Modify Authentication Process
AC-2 Account Management Protects T1556.001 Domain Controller Authentication
AC-2 Account Management Protects T1556.003 Pluggable Authentication Modules
AC-2 Account Management Protects T1556.004 Network Device Authentication
AC-2 Account Management Protects T1558 Steal or Forge Kerberos Tickets
AC-2 Account Management Protects T1558.001 Golden Ticket
AC-2 Account Management Protects T1558.002 Silver Ticket
AC-2 Account Management Protects T1558.003 Kerberoasting
AC-2 Account Management Protects T1558.004 AS-REP Roasting
AC-2 Account Management Protects T1559 Inter-Process Communication
AC-2 Account Management Protects T1559.001 Component Object Model
AC-2 Account Management Protects T1562 Impair Defenses
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-2 Account Management Protects T1562.002 Disable Windows Event Logging
AC-2 Account Management Protects T1562.004 Disable or Modify System Firewall
AC-2 Account Management Protects T1562.006 Indicator Blocking
AC-2 Account Management Protects T1562.007 Disable or Modify Cloud Firewall
AC-2 Account Management Protects T1562.008 Disable Cloud Logs
AC-2 Account Management Protects T1563 Remote Service Session Hijacking
AC-2 Account Management Protects T1563.001 SSH Hijacking
AC-2 Account Management Protects T1563.002 RDP Hijacking
AC-2 Account Management Protects T1569 System Services
AC-2 Account Management Protects T1569.001 Launchctl
AC-2 Account Management Protects T1569.002 Service Execution
AC-2 Account Management Protects T1574 Hijack Execution Flow
AC-2 Account Management Protects T1574.004 Dylib Hijacking
AC-2 Account Management Protects T1574.005 Executable Installer File Permissions Weakness
AC-2 Account Management Protects T1574.007 Path Interception by PATH Environment Variable
AC-2 Account Management Protects T1574.008 Path Interception by Search Order Hijacking
AC-2 Account Management Protects T1574.009 Path Interception by Unquoted Path
AC-2 Account Management Protects T1574.010 Services File Permissions Weakness
AC-2 Account Management Protects T1574.012 COR_PROFILER
AC-2 Account Management Protects T1578 Modify Cloud Compute Infrastructure
AC-2 Account Management Protects T1578.001 Create Snapshot
AC-2 Account Management Protects T1578.002 Create Cloud Instance
AC-2 Account Management Protects T1578.003 Delete Cloud Instance
AC-2 Account Management Protects T1580 Cloud Infrastructure Discovery
AC-2 Account Management Protects T1599 Network Boundary Bridging
AC-2 Account Management Protects T1599.001 Network Address Translation Traversal
AC-2 Account Management Protects T1601 Modify System Image
AC-2 Account Management Protects T1601.001 Patch System Image
AC-2 Account Management Protects T1601.002 Downgrade System Image
AC-2 Account Management Protects T1609 Container Administration Command
AC-2 Account Management Protects T1610 Deploy Container
AC-2 Account Management Protects T1611 Escape to Host
AC-2 Account Management Protects T1612 Build Image on Host
AC-2 Account Management Protects T1613 Container and Resource Discovery
AC-20 Use of External Systems Protects T1020.001 Traffic Duplication
AC-20 Use of External Systems Protects T1021 Remote Services
AC-20 Use of External Systems Protects T1021.001 Remote Desktop Protocol
AC-20 Use of External Systems Protects T1021.004 SSH
AC-20 Use of External Systems Protects T1072 Software Deployment Tools
AC-20 Use of External Systems Protects T1078.002 Domain Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1098.001 Additional Cloud Credentials
AC-20 Use of External Systems Protects T1098.002 Exchange Email Delegate Permissions
AC-20 Use of External Systems Protects T1098.003 Add Office 365 Global Administrator Role
AC-20 Use of External Systems Protects T1110 Brute Force
AC-20 Use of External Systems Protects T1110.001 Password Guessing
AC-20 Use of External Systems Protects T1110.002 Password Cracking
AC-20 Use of External Systems Protects T1110.003 Password Spraying
AC-20 Use of External Systems Protects T1110.004 Credential Stuffing
AC-20 Use of External Systems Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114.001 Local Email Collection
AC-20 Use of External Systems Protects T1114.002 Remote Email Collection
AC-20 Use of External Systems Protects T1114.003 Email Forwarding Rule
AC-20 Use of External Systems Protects T1119 Automated Collection
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1134.005 SID-History Injection
AC-20 Use of External Systems Protects T1136 Create Account
AC-20 Use of External Systems Protects T1136.001 Local Account
AC-20 Use of External Systems Protects T1136.002 Domain Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage Object
AC-20 Use of External Systems Protects T1537 Transfer Data to Cloud Account
AC-20 Use of External Systems Protects T1539 Steal Web Session Cookie
AC-20 Use of External Systems Protects T1550.001 Application Access Token
AC-20 Use of External Systems Protects T1552 Unsecured Credentials
AC-20 Use of External Systems Protects T1552.004 Private Keys
AC-20 Use of External Systems Protects T1552.005 Cloud Instance Metadata API
AC-20 Use of External Systems Protects T1556 Modify Authentication Process
AC-20 Use of External Systems Protects T1556.001 Domain Controller Authentication
AC-20 Use of External Systems Protects T1556.003 Pluggable Authentication Modules
AC-20 Use of External Systems Protects T1556.004 Network Device Authentication
AC-20 Use of External Systems Protects T1557 Man-in-the-Middle
AC-20 Use of External Systems Protects T1557.002 ARP Cache Poisoning
AC-20 Use of External Systems Protects T1565 Data Manipulation
AC-20 Use of External Systems Protects T1565.001 Stored Data Manipulation
AC-20 Use of External Systems Protects T1565.002 Transmitted Data Manipulation
AC-20 Use of External Systems Protects T1567 Exfiltration Over Web Service
AC-20 Use of External Systems Protects T1567.001 Exfiltration to Code Repository
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-20 Use of External Systems Protects T1602 Data from Configuration Repository
AC-20 Use of External Systems Protects T1602.001 SNMP (MIB Dump)
AC-20 Use of External Systems Protects T1602.002 Network Device Configuration Dump
AC-21 Information Sharing Protects T1213 Data from Information Repositories
AC-21 Information Sharing Protects T1213.001 Confluence
AC-21 Information Sharing Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1133 External Remote Services
AC-23 Data Mining Protection Protects T1213 Data from Information Repositories
AC-23 Data Mining Protection Protects T1213.001 Confluence
AC-23 Data Mining Protection Protects T1213.002 Sharepoint
AC-23 Data Mining Protection Protects T1552.007 Container API
AC-3 Access Enforcement Protects T1003 OS Credential Dumping
AC-3 Access Enforcement Protects T1003.001 LSASS Memory
AC-3 Access Enforcement Protects T1003.002 Security Account Manager
AC-3 Access Enforcement Protects T1003.003 NTDS
AC-3 Access Enforcement Protects T1003.004 LSA Secrets
AC-3 Access Enforcement Protects T1003.005 Cached Domain Credentials
AC-3 Access Enforcement Protects T1003.006 DCSync
AC-3 Access Enforcement Protects T1003.007 Proc Filesystem
AC-3 Access Enforcement Protects T1003.008 /etc/passwd and /etc/shadow
AC-3 Access Enforcement Protects T1021 Remote Services
AC-3 Access Enforcement Protects T1021.001 Remote Desktop Protocol
AC-3 Access Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-3 Access Enforcement Protects T1021.003 Distributed Component Object Model
AC-3 Access Enforcement Protects T1021.004 SSH
AC-3 Access Enforcement Protects T1021.005 VNC
AC-3 Access Enforcement Protects T1021.006 Windows Remote Management
AC-3 Access Enforcement Protects T1036 Masquerading
AC-3 Access Enforcement Protects T1036.003 Rename System Utilities
AC-3 Access Enforcement Protects T1036.005 Match Legitimate Name or Location
AC-3 Access Enforcement Protects T1037 Boot or Logon Initialization Scripts
AC-3 Access Enforcement Protects T1037.002 Logon Script (Mac)
AC-3 Access Enforcement Protects T1037.003 Network Logon Script
AC-3 Access Enforcement Protects T1037.004 RC Scripts
AC-3 Access Enforcement Protects T1037.005 Startup Items
AC-3 Access Enforcement Protects T1047 Windows Management Instrumentation
AC-3 Access Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-3 Access Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-3 Access Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-3 Access Enforcement Protects T1052 Exfiltration Over Physical Medium
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-3 Access Enforcement Protects T1053 Scheduled Task/Job
AC-3 Access Enforcement Protects T1053.001 At (Linux)
AC-3 Access Enforcement Protects T1053.002 At (Windows)
AC-3 Access Enforcement Protects T1053.003 Cron
AC-3 Access Enforcement Protects T1053.004 Launchd
AC-3 Access Enforcement Protects T1053.005 Scheduled Task
AC-3 Access Enforcement Protects T1053.006 Systemd Timers
AC-3 Access Enforcement Protects T1053.007 Container Orchestration Job
AC-3 Access Enforcement Protects T1055 Process Injection
AC-3 Access Enforcement Protects T1055.008 Ptrace System Calls
AC-3 Access Enforcement Protects T1055.009 Proc Memory
AC-3 Access Enforcement Protects T1056.003 Web Portal Capture
AC-3 Access Enforcement Protects T1059 Command and Scripting Interpreter
AC-3 Access Enforcement Protects T1059.001 PowerShell
AC-3 Access Enforcement Protects T1059.008 Network Device CLI
AC-3 Access Enforcement Protects T1070 Indicator Removal on Host
AC-3 Access Enforcement Protects T1070.001 Clear Windows Event Logs
AC-3 Access Enforcement Protects T1070.002 Clear Linux or Mac System Logs
AC-3 Access Enforcement Protects T1070.003 Clear Command History
AC-3 Access Enforcement Protects T1071.004 DNS
AC-3 Access Enforcement Protects T1072 Software Deployment Tools
AC-3 Access Enforcement Protects T1078 Valid Accounts
AC-3 Access Enforcement Protects T1078.002 Domain Accounts
AC-3 Access Enforcement Protects T1078.003 Local Accounts
AC-3 Access Enforcement Protects T1078.004 Cloud Accounts
AC-3 Access Enforcement Protects T1080 Taint Shared Content
AC-3 Access Enforcement Protects T1087.004 Cloud Account
AC-3 Access Enforcement Protects T1090 Proxy
AC-3 Access Enforcement Protects T1090.003 Multi-hop Proxy
AC-3 Access Enforcement Protects T1091 Replication Through Removable Media
AC-3 Access Enforcement Protects T1095 Non-Application Layer Protocol
AC-3 Access Enforcement Protects T1098 Account Manipulation
AC-3 Access Enforcement Protects T1098.001 Additional Cloud Credentials
AC-3 Access Enforcement Protects T1098.002 Exchange Email Delegate Permissions
AC-3 Access Enforcement Protects T1098.003 Add Office 365 Global Administrator Role
AC-3 Access Enforcement Protects T1098.004 SSH Authorized Keys
AC-3 Access Enforcement Protects T1110 Brute Force
AC-3 Access Enforcement Protects T1110.001 Password Guessing
AC-3 Access Enforcement Protects T1110.002 Password Cracking
AC-3 Access Enforcement Protects T1110.003 Password Spraying
AC-3 Access Enforcement Protects T1110.004 Credential Stuffing
AC-3 Access Enforcement Protects T1114 Email Collection
AC-3 Access Enforcement Protects T1114.002 Remote Email Collection
AC-3 Access Enforcement Protects T1133 External Remote Services
AC-3 Access Enforcement Protects T1134 Access Token Manipulation
AC-3 Access Enforcement Protects T1134.001 Token Impersonation/Theft
AC-3 Access Enforcement Protects T1134.002 Create Process with Token
AC-3 Access Enforcement Protects T1134.003 Make and Impersonate Token
AC-3 Access Enforcement Protects T1134.005 SID-History Injection
AC-3 Access Enforcement Protects T1136 Create Account
AC-3 Access Enforcement Protects T1136.001 Local Account
AC-3 Access Enforcement Protects T1136.002 Domain Account
AC-3 Access Enforcement Protects T1136.003 Cloud Account
AC-3 Access Enforcement Protects T1185 Man in the Browser
AC-3 Access Enforcement Protects T1187 Forced Authentication
AC-3 Access Enforcement Protects T1190 Exploit Public-Facing Application
AC-3 Access Enforcement Protects T1197 BITS Jobs
AC-3 Access Enforcement Protects T1199 Trusted Relationship
AC-3 Access Enforcement Protects T1200 Hardware Additions
AC-3 Access Enforcement Protects T1205 Traffic Signaling
AC-3 Access Enforcement Protects T1205.001 Port Knocking
AC-3 Access Enforcement Protects T1210 Exploitation of Remote Services
AC-3 Access Enforcement Protects T1213 Data from Information Repositories
AC-3 Access Enforcement Protects T1213.001 Confluence
AC-3 Access Enforcement Protects T1213.002 Sharepoint
AC-3 Access Enforcement Protects T1218 Signed Binary Proxy Execution
AC-3 Access Enforcement Protects T1218.002 Control Panel
AC-3 Access Enforcement Protects T1218.007 Msiexec
AC-3 Access Enforcement Protects T1218.012 Verclsid
AC-3 Access Enforcement Protects T1219 Remote Access Software
AC-3 Access Enforcement Protects T1222 File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.001 Windows File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-3 Access Enforcement Protects T1484 Domain Policy Modification
AC-3 Access Enforcement Protects T1485 Data Destruction
AC-3 Access Enforcement Protects T1486 Data Encrypted for Impact
AC-3 Access Enforcement Protects T1489 Service Stop
AC-3 Access Enforcement Protects T1490 Inhibit System Recovery
AC-3 Access Enforcement Protects T1491 Defacement
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-3 Access Enforcement Protects T1495 Firmware Corruption
AC-3 Access Enforcement Protects T1498 Network Denial of Service
AC-3 Access Enforcement Protects T1498.001 Direct Network Flood
AC-3 Access Enforcement Protects T1498.002 Reflection Amplification
AC-3 Access Enforcement Protects T1499 Endpoint Denial of Service
AC-3 Access Enforcement Protects T1499.001 OS Exhaustion Flood
AC-3 Access Enforcement Protects T1499.002 Service Exhaustion Flood
AC-3 Access Enforcement Protects T1499.003 Application Exhaustion Flood
AC-3 Access Enforcement Protects T1499.004 Application or System Exploitation
AC-3 Access Enforcement Protects T1505 Server Software Component
AC-3 Access Enforcement Protects T1505.001 SQL Stored Procedures
AC-3 Access Enforcement Protects T1505.002 Transport Agent
AC-3 Access Enforcement Protects T1525 Implant Internal Image
AC-3 Access Enforcement Protects T1528 Steal Application Access Token
AC-3 Access Enforcement Protects T1530 Data from Cloud Storage Object
AC-3 Access Enforcement Protects T1537 Transfer Data to Cloud Account
AC-3 Access Enforcement Protects T1538 Cloud Service Dashboard
AC-3 Access Enforcement Protects T1539 Steal Web Session Cookie
AC-3 Access Enforcement Protects T1542 Pre-OS Boot
AC-3 Access Enforcement Protects T1542.001 System Firmware
AC-3 Access Enforcement Protects T1542.003 Bootkit
AC-3 Access Enforcement Protects T1542.004 ROMMONkit
AC-3 Access Enforcement Protects T1542.005 TFTP Boot
AC-3 Access Enforcement Protects T1543 Create or Modify System Process
AC-3 Access Enforcement Protects T1543.001 Launch Agent
AC-3 Access Enforcement Protects T1543.002 Systemd Service
AC-3 Access Enforcement Protects T1543.003 Windows Service
AC-3 Access Enforcement Protects T1543.004 Launch Daemon
AC-3 Access Enforcement Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-3 Access Enforcement Protects T1546.004 Unix Shell Configuration Modification
AC-3 Access Enforcement Protects T1546.013 PowerShell Profile
AC-3 Access Enforcement Protects T1547.003 Time Providers
AC-3 Access Enforcement Protects T1547.004 Winlogon Helper DLL
AC-3 Access Enforcement Protects T1547.006 Kernel Modules and Extensions
AC-3 Access Enforcement Protects T1547.007 Re-opened Applications
AC-3 Access Enforcement Protects T1547.009 Shortcut Modification
AC-3 Access Enforcement Protects T1547.011 Plist Modification
AC-3 Access Enforcement Protects T1547.012 Print Processors
AC-3 Access Enforcement Protects T1547.013 XDG Autostart Entries
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548.002 Bypass User Account Control
AC-3 Access Enforcement Protects T1548.003 Sudo and Sudo Caching
AC-3 Access Enforcement Protects T1550 Use Alternate Authentication Material
AC-3 Access Enforcement Protects T1550.002 Pass the Hash
AC-3 Access Enforcement Protects T1550.003 Pass the Ticket
AC-3 Access Enforcement Protects T1552 Unsecured Credentials
AC-3 Access Enforcement Protects T1552.002 Credentials in Registry
AC-3 Access Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-3 Access Enforcement Protects T1552.007 Container API
AC-3 Access Enforcement Protects T1553.003 SIP and Trust Provider Hijacking
AC-3 Access Enforcement Protects T1556 Modify Authentication Process
AC-3 Access Enforcement Protects T1556.001 Domain Controller Authentication
AC-3 Access Enforcement Protects T1556.003 Pluggable Authentication Modules
AC-3 Access Enforcement Protects T1556.004 Network Device Authentication
AC-3 Access Enforcement Protects T1557 Man-in-the-Middle
AC-3 Access Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-3 Access Enforcement Protects T1557.002 ARP Cache Poisoning
AC-3 Access Enforcement Protects T1558 Steal or Forge Kerberos Tickets
AC-3 Access Enforcement Protects T1558.001 Golden Ticket
AC-3 Access Enforcement Protects T1558.002 Silver Ticket
AC-3 Access Enforcement Protects T1558.003 Kerberoasting
AC-3 Access Enforcement Protects T1558.004 AS-REP Roasting
AC-3 Access Enforcement Protects T1559 Inter-Process Communication
AC-3 Access Enforcement Protects T1559.001 Component Object Model
AC-3 Access Enforcement Protects T1561 Disk Wipe
AC-3 Access Enforcement Protects T1561.001 Disk Content Wipe
AC-3 Access Enforcement Protects T1561.002 Disk Structure Wipe
AC-3 Access Enforcement Protects T1562 Impair Defenses
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.002 Disable Windows Event Logging
AC-3 Access Enforcement Protects T1562.004 Disable or Modify System Firewall
AC-3 Access Enforcement Protects T1562.006 Indicator Blocking
AC-3 Access Enforcement Protects T1562.007 Disable or Modify Cloud Firewall
AC-3 Access Enforcement Protects T1562.008 Disable Cloud Logs
AC-3 Access Enforcement Protects T1563 Remote Service Session Hijacking
AC-3 Access Enforcement Protects T1563.001 SSH Hijacking
AC-3 Access Enforcement Protects T1563.002 RDP Hijacking
AC-3 Access Enforcement Protects T1564.004 NTFS File Attributes
AC-3 Access Enforcement Protects T1565 Data Manipulation
AC-3 Access Enforcement Protects T1565.001 Stored Data Manipulation
AC-3 Access Enforcement Protects T1565.003 Runtime Data Manipulation
AC-3 Access Enforcement Protects T1569 System Services
AC-3 Access Enforcement Protects T1569.001 Launchctl
AC-3 Access Enforcement Protects T1569.002 Service Execution
AC-3 Access Enforcement Protects T1570 Lateral Tool Transfer
AC-3 Access Enforcement Protects T1572 Protocol Tunneling
AC-3 Access Enforcement Protects T1574 Hijack Execution Flow
AC-3 Access Enforcement Protects T1574.004 Dylib Hijacking
AC-3 Access Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-3 Access Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-3 Access Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-3 Access Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-3 Access Enforcement Protects T1574.010 Services File Permissions Weakness
AC-3 Access Enforcement Protects T1574.012 COR_PROFILER
AC-3 Access Enforcement Protects T1578 Modify Cloud Compute Infrastructure
AC-3 Access Enforcement Protects T1578.001 Create Snapshot
AC-3 Access Enforcement Protects T1578.002 Create Cloud Instance
AC-3 Access Enforcement Protects T1578.003 Delete Cloud Instance
AC-3 Access Enforcement Protects T1580 Cloud Infrastructure Discovery
AC-3 Access Enforcement Protects T1599 Network Boundary Bridging
AC-3 Access Enforcement Protects T1599.001 Network Address Translation Traversal
AC-3 Access Enforcement Protects T1601 Modify System Image
AC-3 Access Enforcement Protects T1601.001 Patch System Image
AC-3 Access Enforcement Protects T1601.002 Downgrade System Image
AC-3 Access Enforcement Protects T1602 Data from Configuration Repository
AC-3 Access Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-3 Access Enforcement Protects T1602.002 Network Device Configuration Dump
AC-3 Access Enforcement Protects T1609 Container Administration Command
AC-3 Access Enforcement Protects T1610 Deploy Container
AC-3 Access Enforcement Protects T1611 Escape to Host
AC-3 Access Enforcement Protects T1612 Build Image on Host
AC-3 Access Enforcement Protects T1613 Container and Resource Discovery
AC-4 Information Flow Enforcement Protects T1001 Data Obfuscation
AC-4 Information Flow Enforcement Protects T1001.001 Junk Data
AC-4 Information Flow Enforcement Protects T1001.002 Steganography
AC-4 Information Flow Enforcement Protects T1001.003 Protocol Impersonation
AC-4 Information Flow Enforcement Protects T1003 OS Credential Dumping
AC-4 Information Flow Enforcement Protects T1003.001 LSASS Memory
AC-4 Information Flow Enforcement Protects T1003.005 Cached Domain Credentials
AC-4 Information Flow Enforcement Protects T1003.006 DCSync
AC-4 Information Flow Enforcement Protects T1008 Fallback Channels
AC-4 Information Flow Enforcement Protects T1021.001 Remote Desktop Protocol
AC-4 Information Flow Enforcement Protects T1021.002 SMB/Windows Admin Shares
AC-4 Information Flow Enforcement Protects T1021.003 Distributed Component Object Model
AC-4 Information Flow Enforcement Protects T1021.005 VNC
AC-4 Information Flow Enforcement Protects T1021.006 Windows Remote Management
AC-4 Information Flow Enforcement Protects T1029 Scheduled Transfer
AC-4 Information Flow Enforcement Protects T1030 Data Transfer Size Limits
AC-4 Information Flow Enforcement Protects T1041 Exfiltration Over C2 Channel
AC-4 Information Flow Enforcement Protects T1046 Network Service Scanning
AC-4 Information Flow Enforcement Protects T1048 Exfiltration Over Alternative Protocol
AC-4 Information Flow Enforcement Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
AC-4 Information Flow Enforcement Protects T1068 Exploitation for Privilege Escalation
AC-4 Information Flow Enforcement Protects T1071 Application Layer Protocol
AC-4 Information Flow Enforcement Protects T1071.001 Web Protocols
AC-4 Information Flow Enforcement Protects T1071.002 File Transfer Protocols
AC-4 Information Flow Enforcement Protects T1071.003 Mail Protocols
AC-4 Information Flow Enforcement Protects T1071.004 DNS
AC-4 Information Flow Enforcement Protects T1072 Software Deployment Tools
AC-4 Information Flow Enforcement Protects T1090 Proxy
AC-4 Information Flow Enforcement Protects T1090.001 Internal Proxy
AC-4 Information Flow Enforcement Protects T1090.002 External Proxy
AC-4 Information Flow Enforcement Protects T1090.003 Multi-hop Proxy
AC-4 Information Flow Enforcement Protects T1095 Non-Application Layer Protocol
AC-4 Information Flow Enforcement Protects T1098 Account Manipulation
AC-4 Information Flow Enforcement Protects T1098.001 Additional Cloud Credentials
AC-4 Information Flow Enforcement Protects T1102 Web Service
AC-4 Information Flow Enforcement Protects T1102.001 Dead Drop Resolver
AC-4 Information Flow Enforcement Protects T1102.002 Bidirectional Communication
AC-4 Information Flow Enforcement Protects T1102.003 One-Way Communication
AC-4 Information Flow Enforcement Protects T1104 Multi-Stage Channels
AC-4 Information Flow Enforcement Protects T1105 Ingress Tool Transfer
AC-4 Information Flow Enforcement Protects T1114 Email Collection
AC-4 Information Flow Enforcement Protects T1114.001 Local Email Collection
AC-4 Information Flow Enforcement Protects T1114.002 Remote Email Collection
AC-4 Information Flow Enforcement Protects T1114.003 Email Forwarding Rule
AC-4 Information Flow Enforcement Protects T1132 Data Encoding
AC-4 Information Flow Enforcement Protects T1132.001 Standard Encoding
AC-4 Information Flow Enforcement Protects T1132.002 Non-Standard Encoding
AC-4 Information Flow Enforcement Protects T1133 External Remote Services
AC-4 Information Flow Enforcement Protects T1134.005 SID-History Injection
AC-4 Information Flow Enforcement Protects T1136 Create Account
AC-4 Information Flow Enforcement Protects T1136.002 Domain Account
AC-4 Information Flow Enforcement Protects T1136.003 Cloud Account
AC-4 Information Flow Enforcement Protects T1187 Forced Authentication
AC-4 Information Flow Enforcement Protects T1189 Drive-by Compromise
AC-4 Information Flow Enforcement Protects T1190 Exploit Public-Facing Application
AC-4 Information Flow Enforcement Protects T1197 BITS Jobs
AC-4 Information Flow Enforcement Protects T1199 Trusted Relationship
AC-4 Information Flow Enforcement Protects T1203 Exploitation for Client Execution
AC-4 Information Flow Enforcement Protects T1204 User Execution
AC-4 Information Flow Enforcement Protects T1204.001 Malicious Link
AC-4 Information Flow Enforcement Protects T1204.002 Malicious File
AC-4 Information Flow Enforcement Protects T1204.003 Malicious Image
AC-4 Information Flow Enforcement Protects T1205 Traffic Signaling
AC-4 Information Flow Enforcement Protects T1205.001 Port Knocking
AC-4 Information Flow Enforcement Protects T1210 Exploitation of Remote Services
AC-4 Information Flow Enforcement Protects T1211 Exploitation for Defense Evasion
AC-4 Information Flow Enforcement Protects T1212 Exploitation for Credential Access
AC-4 Information Flow Enforcement Protects T1213 Data from Information Repositories
AC-4 Information Flow Enforcement Protects T1213.001 Confluence
AC-4 Information Flow Enforcement Protects T1213.002 Sharepoint
AC-4 Information Flow Enforcement Protects T1218.012 Verclsid
AC-4 Information Flow Enforcement Protects T1219 Remote Access Software
AC-4 Information Flow Enforcement Protects T1482 Domain Trust Discovery
AC-4 Information Flow Enforcement Protects T1484 Domain Policy Modification
AC-4 Information Flow Enforcement Protects T1489 Service Stop
AC-4 Information Flow Enforcement Protects T1498 Network Denial of Service
AC-4 Information Flow Enforcement Protects T1498.001 Direct Network Flood
AC-4 Information Flow Enforcement Protects T1498.002 Reflection Amplification
AC-4 Information Flow Enforcement Protects T1499 Endpoint Denial of Service
AC-4 Information Flow Enforcement Protects T1499.001 OS Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.002 Service Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.003 Application Exhaustion Flood
AC-4 Information Flow Enforcement Protects T1499.004 Application or System Exploitation
AC-4 Information Flow Enforcement Protects T1528 Steal Application Access Token
AC-4 Information Flow Enforcement Protects T1530 Data from Cloud Storage Object
AC-4 Information Flow Enforcement Protects T1537 Transfer Data to Cloud Account
AC-4 Information Flow Enforcement Protects T1547.003 Time Providers
AC-4 Information Flow Enforcement Protects T1552 Unsecured Credentials
AC-4 Information Flow Enforcement Protects T1552.001 Credentials In Files
AC-4 Information Flow Enforcement Protects T1552.005 Cloud Instance Metadata API
AC-4 Information Flow Enforcement Protects T1552.007 Container API
AC-4 Information Flow Enforcement Protects T1557 Man-in-the-Middle
AC-4 Information Flow Enforcement Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
AC-4 Information Flow Enforcement Protects T1557.002 ARP Cache Poisoning
AC-4 Information Flow Enforcement Protects T1559 Inter-Process Communication
AC-4 Information Flow Enforcement Protects T1559.001 Component Object Model
AC-4 Information Flow Enforcement Protects T1559.002 Dynamic Data Exchange
AC-4 Information Flow Enforcement Protects T1563 Remote Service Session Hijacking
AC-4 Information Flow Enforcement Protects T1563.002 RDP Hijacking
AC-4 Information Flow Enforcement Protects T1565 Data Manipulation
AC-4 Information Flow Enforcement Protects T1565.003 Runtime Data Manipulation
AC-4 Information Flow Enforcement Protects T1566 Phishing
AC-4 Information Flow Enforcement Protects T1566.001 Spearphishing Attachment
AC-4 Information Flow Enforcement Protects T1566.002 Spearphishing Link
AC-4 Information Flow Enforcement Protects T1566.003 Spearphishing via Service
AC-4 Information Flow Enforcement Protects T1567 Exfiltration Over Web Service
AC-4 Information Flow Enforcement Protects T1567.001 Exfiltration to Code Repository
AC-4 Information Flow Enforcement Protects T1567.002 Exfiltration to Cloud Storage
AC-4 Information Flow Enforcement Protects T1568 Dynamic Resolution
AC-4 Information Flow Enforcement Protects T1568.002 Domain Generation Algorithms
AC-4 Information Flow Enforcement Protects T1570 Lateral Tool Transfer
AC-4 Information Flow Enforcement Protects T1571 Non-Standard Port
AC-4 Information Flow Enforcement Protects T1572 Protocol Tunneling
AC-4 Information Flow Enforcement Protects T1573 Encrypted Channel
AC-4 Information Flow Enforcement Protects T1573.001 Symmetric Cryptography
AC-4 Information Flow Enforcement Protects T1573.002 Asymmetric Cryptography
AC-4 Information Flow Enforcement Protects T1574 Hijack Execution Flow
AC-4 Information Flow Enforcement Protects T1574.004 Dylib Hijacking
AC-4 Information Flow Enforcement Protects T1574.005 Executable Installer File Permissions Weakness
AC-4 Information Flow Enforcement Protects T1574.007 Path Interception by PATH Environment Variable
AC-4 Information Flow Enforcement Protects T1574.008 Path Interception by Search Order Hijacking
AC-4 Information Flow Enforcement Protects T1574.009 Path Interception by Unquoted Path
AC-4 Information Flow Enforcement Protects T1574.010 Services File Permissions Weakness
AC-4 Information Flow Enforcement Protects T1598 Phishing for Information
AC-4 Information Flow Enforcement Protects T1598.001 Spearphishing Service
AC-4 Information Flow Enforcement Protects T1598.002 Spearphishing Attachment
AC-4 Information Flow Enforcement Protects T1598.003 Spearphishing Link
AC-4 Information Flow Enforcement Protects T1599 Network Boundary Bridging
AC-4 Information Flow Enforcement Protects T1599.001 Network Address Translation Traversal
AC-4 Information Flow Enforcement Protects T1601 Modify System Image
AC-4 Information Flow Enforcement Protects T1601.001 Patch System Image
AC-4 Information Flow Enforcement Protects T1601.002 Downgrade System Image
AC-4 Information Flow Enforcement Protects T1602 Data from Configuration Repository
AC-4 Information Flow Enforcement Protects T1602.001 SNMP (MIB Dump)
AC-4 Information Flow Enforcement Protects T1602.002 Network Device Configuration Dump
AC-4 Information Flow Enforcement Protects T1611 Escape to Host
AC-5 Separation of Duties Protects T1003 OS Credential Dumping
AC-5 Separation of Duties Protects T1003.001 LSASS Memory
AC-5 Separation of Duties Protects T1003.002 Security Account Manager
AC-5 Separation of Duties Protects T1003.003 NTDS
AC-5 Separation of Duties Protects T1003.004 LSA Secrets
AC-5 Separation of Duties Protects T1003.005 Cached Domain Credentials
AC-5 Separation of Duties Protects T1003.006 DCSync
AC-5 Separation of Duties Protects T1003.007 Proc Filesystem
AC-5 Separation of Duties Protects T1003.008 /etc/passwd and /etc/shadow
AC-5 Separation of Duties Protects T1021 Remote Services
AC-5 Separation of Duties Protects T1021.001 Remote Desktop Protocol
AC-5 Separation of Duties Protects T1021.002 SMB/Windows Admin Shares
AC-5 Separation of Duties Protects T1021.003 Distributed Component Object Model
AC-5 Separation of Duties Protects T1021.004 SSH
AC-5 Separation of Duties Protects T1021.006 Windows Remote Management
AC-5 Separation of Duties Protects T1047 Windows Management Instrumentation
AC-5 Separation of Duties Protects T1053 Scheduled Task/Job
AC-5 Separation of Duties Protects T1053.001 At (Linux)
AC-5 Separation of Duties Protects T1053.002 At (Windows)
AC-5 Separation of Duties Protects T1053.003 Cron
AC-5 Separation of Duties Protects T1053.004 Launchd
AC-5 Separation of Duties Protects T1053.005 Scheduled Task
AC-5 Separation of Duties Protects T1053.006 Systemd Timers
AC-5 Separation of Duties Protects T1053.007 Container Orchestration Job
AC-5 Separation of Duties Protects T1055 Process Injection
AC-5 Separation of Duties Protects T1055.008 Ptrace System Calls
AC-5 Separation of Duties Protects T1056.003 Web Portal Capture
AC-5 Separation of Duties Protects T1059 Command and Scripting Interpreter
AC-5 Separation of Duties Protects T1059.001 PowerShell
AC-5 Separation of Duties Protects T1059.008 Network Device CLI
AC-5 Separation of Duties Protects T1070 Indicator Removal on Host
AC-5 Separation of Duties Protects T1070.001 Clear Windows Event Logs
AC-5 Separation of Duties Protects T1070.002 Clear Linux or Mac System Logs
AC-5 Separation of Duties Protects T1070.003 Clear Command History
AC-5 Separation of Duties Protects T1072 Software Deployment Tools
AC-5 Separation of Duties Protects T1078 Valid Accounts
AC-5 Separation of Duties Protects T1078.001 Default Accounts
AC-5 Separation of Duties Protects T1078.002 Domain Accounts
AC-5 Separation of Duties Protects T1078.003 Local Accounts
AC-5 Separation of Duties Protects T1078.004 Cloud Accounts
AC-5 Separation of Duties Protects T1087.004 Cloud Account
AC-5 Separation of Duties Protects T1098 Account Manipulation
AC-5 Separation of Duties Protects T1098.001 Additional Cloud Credentials
AC-5 Separation of Duties Protects T1098.002 Exchange Email Delegate Permissions
AC-5 Separation of Duties Protects T1098.003 Add Office 365 Global Administrator Role
AC-5 Separation of Duties Protects T1110 Brute Force
AC-5 Separation of Duties Protects T1110.001 Password Guessing
AC-5 Separation of Duties Protects T1110.002 Password Cracking
AC-5 Separation of Duties Protects T1110.003 Password Spraying
AC-5 Separation of Duties Protects T1110.004 Credential Stuffing
AC-5 Separation of Duties Protects T1134 Access Token Manipulation
AC-5 Separation of Duties Protects T1134.001 Token Impersonation/Theft
AC-5 Separation of Duties Protects T1134.002 Create Process with Token
AC-5 Separation of Duties Protects T1134.003 Make and Impersonate Token
AC-5 Separation of Duties Protects T1134.005 SID-History Injection
AC-5 Separation of Duties Protects T1136 Create Account
AC-5 Separation of Duties Protects T1136.001 Local Account
AC-5 Separation of Duties Protects T1136.002 Domain Account
AC-5 Separation of Duties Protects T1136.003 Cloud Account
AC-5 Separation of Duties Protects T1185 Man in the Browser
AC-5 Separation of Duties Protects T1190 Exploit Public-Facing Application
AC-5 Separation of Duties Protects T1197 BITS Jobs
AC-5 Separation of Duties Protects T1210 Exploitation of Remote Services
AC-5 Separation of Duties Protects T1213 Data from Information Repositories
AC-5 Separation of Duties Protects T1213.001 Confluence
AC-5 Separation of Duties Protects T1213.002 Sharepoint
AC-5 Separation of Duties Protects T1218 Signed Binary Proxy Execution
AC-5 Separation of Duties Protects T1218.007 Msiexec
AC-5 Separation of Duties Protects T1222 File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.001 Windows File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-5 Separation of Duties Protects T1484 Domain Policy Modification
AC-5 Separation of Duties Protects T1489 Service Stop
AC-5 Separation of Duties Protects T1495 Firmware Corruption
AC-5 Separation of Duties Protects T1505 Server Software Component
AC-5 Separation of Duties Protects T1505.001 SQL Stored Procedures
AC-5 Separation of Duties Protects T1505.002 Transport Agent
AC-5 Separation of Duties Protects T1525 Implant Internal Image
AC-5 Separation of Duties Protects T1528 Steal Application Access Token
AC-5 Separation of Duties Protects T1530 Data from Cloud Storage Object
AC-5 Separation of Duties Protects T1537 Transfer Data to Cloud Account
AC-5 Separation of Duties Protects T1538 Cloud Service Dashboard
AC-5 Separation of Duties Protects T1542 Pre-OS Boot
AC-5 Separation of Duties Protects T1542.001 System Firmware
AC-5 Separation of Duties Protects T1542.003 Bootkit
AC-5 Separation of Duties Protects T1542.005 TFTP Boot
AC-5 Separation of Duties Protects T1543 Create or Modify System Process
AC-5 Separation of Duties Protects T1543.001 Launch Agent
AC-5 Separation of Duties Protects T1543.002 Systemd Service
AC-5 Separation of Duties Protects T1543.003 Windows Service
AC-5 Separation of Duties Protects T1543.004 Launch Daemon
AC-5 Separation of Duties Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-5 Separation of Duties Protects T1547.004 Winlogon Helper DLL
AC-5 Separation of Duties Protects T1547.006 Kernel Modules and Extensions
AC-5 Separation of Duties Protects T1547.009 Shortcut Modification
AC-5 Separation of Duties Protects T1547.012 Print Processors
AC-5 Separation of Duties Protects T1547.013 XDG Autostart Entries
AC-5 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-5 Separation of Duties Protects T1548.002 Bypass User Account Control
AC-5 Separation of Duties Protects T1548.003 Sudo and Sudo Caching
AC-5 Separation of Duties Protects T1550 Use Alternate Authentication Material
AC-5 Separation of Duties Protects T1550.002 Pass the Hash
AC-5 Separation of Duties Protects T1550.003 Pass the Ticket
AC-5 Separation of Duties Protects T1552 Unsecured Credentials
AC-5 Separation of Duties Protects T1552.001 Credentials In Files
AC-5 Separation of Duties Protects T1552.002 Credentials in Registry
AC-5 Separation of Duties Protects T1552.006 Group Policy Preferences
AC-5 Separation of Duties Protects T1552.007 Container API
AC-5 Separation of Duties Protects T1556 Modify Authentication Process
AC-5 Separation of Duties Protects T1556.001 Domain Controller Authentication
AC-5 Separation of Duties Protects T1556.003 Pluggable Authentication Modules
AC-5 Separation of Duties Protects T1556.004 Network Device Authentication
AC-5 Separation of Duties Protects T1558 Steal or Forge Kerberos Tickets
AC-5 Separation of Duties Protects T1558.001 Golden Ticket
AC-5 Separation of Duties Protects T1558.002 Silver Ticket
AC-5 Separation of Duties Protects T1558.003 Kerberoasting
AC-5 Separation of Duties Protects T1559 Inter-Process Communication
AC-5 Separation of Duties Protects T1559.001 Component Object Model
AC-5 Separation of Duties Protects T1562 Impair Defenses
AC-5 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-5 Separation of Duties Protects T1562.002 Disable Windows Event Logging
AC-5 Separation of Duties Protects T1562.004 Disable or Modify System Firewall
AC-5 Separation of Duties Protects T1562.006 Indicator Blocking
AC-5 Separation of Duties Protects T1562.007 Disable or Modify Cloud Firewall
AC-5 Separation of Duties Protects T1562.008 Disable Cloud Logs
AC-5 Separation of Duties Protects T1563 Remote Service Session Hijacking
AC-5 Separation of Duties Protects T1563.001 SSH Hijacking
AC-5 Separation of Duties Protects T1563.002 RDP Hijacking
AC-5 Separation of Duties Protects T1569 System Services
AC-5 Separation of Duties Protects T1569.001 Launchctl
AC-5 Separation of Duties Protects T1569.002 Service Execution
AC-5 Separation of Duties Protects T1574 Hijack Execution Flow
AC-5 Separation of Duties Protects T1574.004 Dylib Hijacking
AC-5 Separation of Duties Protects T1574.005 Executable Installer File Permissions Weakness
AC-5 Separation of Duties Protects T1574.007 Path Interception by PATH Environment Variable
AC-5 Separation of Duties Protects T1574.008 Path Interception by Search Order Hijacking
AC-5 Separation of Duties Protects T1574.009 Path Interception by Unquoted Path
AC-5 Separation of Duties Protects T1574.010 Services File Permissions Weakness
AC-5 Separation of Duties Protects T1574.012 COR_PROFILER
AC-5 Separation of Duties Protects T1578 Modify Cloud Compute Infrastructure
AC-5 Separation of Duties Protects T1578.001 Create Snapshot
AC-5 Separation of Duties Protects T1578.002 Create Cloud Instance
AC-5 Separation of Duties Protects T1578.003 Delete Cloud Instance
AC-5 Separation of Duties Protects T1580 Cloud Infrastructure Discovery
AC-5 Separation of Duties Protects T1599 Network Boundary Bridging
AC-5 Separation of Duties Protects T1599.001 Network Address Translation Traversal
AC-5 Separation of Duties Protects T1601 Modify System Image
AC-5 Separation of Duties Protects T1601.001 Patch System Image
AC-5 Separation of Duties Protects T1601.002 Downgrade System Image
AC-5 Separation of Duties Protects T1611 Escape to Host
AC-6 Least Privilege Protects T1003 OS Credential Dumping
AC-6 Least Privilege Protects T1003.001 LSASS Memory
AC-6 Least Privilege Protects T1003.002 Security Account Manager
AC-6 Least Privilege Protects T1003.003 NTDS
AC-6 Least Privilege Protects T1003.004 LSA Secrets
AC-6 Least Privilege Protects T1003.005 Cached Domain Credentials
AC-6 Least Privilege Protects T1003.006 DCSync
AC-6 Least Privilege Protects T1003.007 Proc Filesystem
AC-6 Least Privilege Protects T1003.008 /etc/passwd and /etc/shadow
AC-6 Least Privilege Protects T1021 Remote Services
AC-6 Least Privilege Protects T1021.001 Remote Desktop Protocol
AC-6 Least Privilege Protects T1021.002 SMB/Windows Admin Shares
AC-6 Least Privilege Protects T1021.003 Distributed Component Object Model
AC-6 Least Privilege Protects T1021.004 SSH
AC-6 Least Privilege Protects T1021.005 VNC
AC-6 Least Privilege Protects T1021.006 Windows Remote Management
AC-6 Least Privilege Protects T1036 Masquerading
AC-6 Least Privilege Protects T1036.003 Rename System Utilities
AC-6 Least Privilege Protects T1036.005 Match Legitimate Name or Location
AC-6 Least Privilege Protects T1047 Windows Management Instrumentation
AC-6 Least Privilege Protects T1052 Exfiltration Over Physical Medium
AC-6 Least Privilege Protects T1052.001 Exfiltration over USB
AC-6 Least Privilege Protects T1053 Scheduled Task/Job
AC-6 Least Privilege Protects T1053.001 At (Linux)
AC-6 Least Privilege Protects T1053.002 At (Windows)
AC-6 Least Privilege Protects T1053.003 Cron
AC-6 Least Privilege Protects T1053.004 Launchd
AC-6 Least Privilege Protects T1053.005 Scheduled Task
AC-6 Least Privilege Protects T1053.006 Systemd Timers
AC-6 Least Privilege Protects T1053.007 Container Orchestration Job
AC-6 Least Privilege Protects T1055 Process Injection
AC-6 Least Privilege Protects T1055.001 Dynamic-link Library Injection
AC-6 Least Privilege Protects T1055.002 Portable Executable Injection
AC-6 Least Privilege Protects T1055.003 Thread Execution Hijacking
AC-6 Least Privilege Protects T1055.004 Asynchronous Procedure Call
AC-6 Least Privilege Protects T1055.005 Thread Local Storage
AC-6 Least Privilege Protects T1055.008 Ptrace System Calls
AC-6 Least Privilege Protects T1055.009 Proc Memory
AC-6 Least Privilege Protects T1055.011 Extra Window Memory Injection
AC-6 Least Privilege Protects T1055.012 Process Hollowing
AC-6 Least Privilege Protects T1055.013 Process Doppelgänging
AC-6 Least Privilege Protects T1055.014 VDSO Hijacking
AC-6 Least Privilege Protects T1056.003 Web Portal Capture
AC-6 Least Privilege Protects T1059 Command and Scripting Interpreter
AC-6 Least Privilege Protects T1059.001 PowerShell
AC-6 Least Privilege Protects T1059.006 Python
AC-6 Least Privilege Protects T1059.008 Network Device CLI
AC-6 Least Privilege Protects T1068 Exploitation for Privilege Escalation
AC-6 Least Privilege Protects T1070 Indicator Removal on Host
AC-6 Least Privilege Protects T1070.001 Clear Windows Event Logs
AC-6 Least Privilege Protects T1070.002 Clear Linux or Mac System Logs
AC-6 Least Privilege Protects T1070.003 Clear Command History
AC-6 Least Privilege Protects T1072 Software Deployment Tools
AC-6 Least Privilege Protects T1078 Valid Accounts
AC-6 Least Privilege Protects T1078.001 Default Accounts
AC-6 Least Privilege Protects T1078.002 Domain Accounts
AC-6 Least Privilege Protects T1078.003 Local Accounts
AC-6 Least Privilege Protects T1078.004 Cloud Accounts
AC-6 Least Privilege Protects T1087.004 Cloud Account
AC-6 Least Privilege Protects T1091 Replication Through Removable Media
AC-6 Least Privilege Protects T1098 Account Manipulation
AC-6 Least Privilege Protects T1098.001 Additional Cloud Credentials
AC-6 Least Privilege Protects T1098.002 Exchange Email Delegate Permissions
AC-6 Least Privilege Protects T1098.003 Add Office 365 Global Administrator Role
AC-6 Least Privilege Protects T1110 Brute Force
AC-6 Least Privilege Protects T1110.001 Password Guessing
AC-6 Least Privilege Protects T1110.002 Password Cracking
AC-6 Least Privilege Protects T1110.003 Password Spraying
AC-6 Least Privilege Protects T1110.004 Credential Stuffing
AC-6 Least Privilege Protects T1112 Modify Registry
AC-6 Least Privilege Protects T1133 External Remote Services
AC-6 Least Privilege Protects T1134 Access Token Manipulation
AC-6 Least Privilege Protects T1134.001 Token Impersonation/Theft
AC-6 Least Privilege Protects T1134.002 Create Process with Token
AC-6 Least Privilege Protects T1134.003 Make and Impersonate Token
AC-6 Least Privilege Protects T1134.005 SID-History Injection
AC-6 Least Privilege Protects T1136 Create Account
AC-6 Least Privilege Protects T1136.001 Local Account
AC-6 Least Privilege Protects T1136.002 Domain Account
AC-6 Least Privilege Protects T1136.003 Cloud Account
AC-6 Least Privilege Protects T1137.002 Office Test
AC-6 Least Privilege Protects T1176 Browser Extensions
AC-6 Least Privilege Protects T1185 Man in the Browser
AC-6 Least Privilege Protects T1189 Drive-by Compromise
AC-6 Least Privilege Protects T1190 Exploit Public-Facing Application
AC-6 Least Privilege Protects T1197 BITS Jobs
AC-6 Least Privilege Protects T1199 Trusted Relationship
AC-6 Least Privilege Protects T1200 Hardware Additions
AC-6 Least Privilege Protects T1203 Exploitation for Client Execution
AC-6 Least Privilege Protects T1210 Exploitation of Remote Services
AC-6 Least Privilege Protects T1211 Exploitation for Defense Evasion
AC-6 Least Privilege Protects T1212 Exploitation for Credential Access
AC-6 Least Privilege Protects T1213 Data from Information Repositories
AC-6 Least Privilege Protects T1213.001 Confluence
AC-6 Least Privilege Protects T1213.002 Sharepoint
AC-6 Least Privilege Protects T1218 Signed Binary Proxy Execution
AC-6 Least Privilege Protects T1218.007 Msiexec
AC-6 Least Privilege Protects T1222 File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.001 Windows File and Directory Permissions Modification
AC-6 Least Privilege Protects T1222.002 Linux and Mac File and Directory Permissions Modification
AC-6 Least Privilege Protects T1484 Domain Policy Modification
AC-6 Least Privilege Protects T1485 Data Destruction
AC-6 Least Privilege Protects T1486 Data Encrypted for Impact
AC-6 Least Privilege Protects T1489 Service Stop
AC-6 Least Privilege Protects T1490 Inhibit System Recovery
AC-6 Least Privilege Protects T1491 Defacement
AC-6 Least Privilege Protects T1491.001 Internal Defacement
AC-6 Least Privilege Protects T1491.002 External Defacement
AC-6 Least Privilege Protects T1495 Firmware Corruption
AC-6 Least Privilege Protects T1505 Server Software Component
AC-6 Least Privilege Protects T1505.001 SQL Stored Procedures
AC-6 Least Privilege Protects T1505.002 Transport Agent
AC-6 Least Privilege Protects T1525 Implant Internal Image
AC-6 Least Privilege Protects T1528 Steal Application Access Token
AC-6 Least Privilege Protects T1530 Data from Cloud Storage Object
AC-6 Least Privilege Protects T1537 Transfer Data to Cloud Account
AC-6 Least Privilege Protects T1538 Cloud Service Dashboard
AC-6 Least Privilege Protects T1539 Steal Web Session Cookie
AC-6 Least Privilege Protects T1542 Pre-OS Boot
AC-6 Least Privilege Protects T1542.001 System Firmware
AC-6 Least Privilege Protects T1542.003 Bootkit
AC-6 Least Privilege Protects T1542.004 ROMMONkit
AC-6 Least Privilege Protects T1542.005 TFTP Boot
AC-6 Least Privilege Protects T1543 Create or Modify System Process
AC-6 Least Privilege Protects T1543.001 Launch Agent
AC-6 Least Privilege Protects T1543.002 Systemd Service
AC-6 Least Privilege Protects T1543.003 Windows Service
AC-6 Least Privilege Protects T1543.004 Launch Daemon
AC-6 Least Privilege Protects T1546.003 Windows Management Instrumentation Event Subscription
AC-6 Least Privilege Protects T1546.004 Unix Shell Configuration Modification
AC-6 Least Privilege Protects T1546.011 Application Shimming
AC-6 Least Privilege Protects T1546.013 PowerShell Profile
AC-6 Least Privilege Protects T1547.003 Time Providers
AC-6 Least Privilege Protects T1547.004 Winlogon Helper DLL
AC-6 Least Privilege Protects T1547.006 Kernel Modules and Extensions
AC-6 Least Privilege Protects T1547.009 Shortcut Modification
AC-6 Least Privilege Protects T1547.011 Plist Modification
AC-6 Least Privilege Protects T1547.012 Print Processors
AC-6 Least Privilege Protects T1547.013 XDG Autostart Entries
AC-6 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
AC-6 Least Privilege Protects T1548.002 Bypass User Account Control
AC-6 Least Privilege Protects T1548.003 Sudo and Sudo Caching
AC-6 Least Privilege Protects T1550 Use Alternate Authentication Material
AC-6 Least Privilege Protects T1550.002 Pass the Hash
AC-6 Least Privilege Protects T1550.003 Pass the Ticket
AC-6 Least Privilege Protects T1552 Unsecured Credentials
AC-6 Least Privilege Protects T1552.001 Credentials In Files
AC-6 Least Privilege Protects T1552.002 Credentials in Registry
AC-6 Least Privilege Protects T1552.006 Group Policy Preferences
AC-6 Least Privilege Protects T1552.007 Container API
AC-6 Least Privilege Protects T1553 Subvert Trust Controls
AC-6 Least Privilege Protects T1553.003 SIP and Trust Provider Hijacking
AC-6 Least Privilege Protects T1553.006 Code Signing Policy Modification
AC-6 Least Privilege Protects T1556 Modify Authentication Process
AC-6 Least Privilege Protects T1556.001 Domain Controller Authentication
AC-6 Least Privilege Protects T1556.003 Pluggable Authentication Modules
AC-6 Least Privilege Protects T1556.004 Network Device Authentication
AC-6 Least Privilege Protects T1558 Steal or Forge Kerberos Tickets
AC-6 Least Privilege Protects T1558.001 Golden Ticket
AC-6 Least Privilege Protects T1558.002 Silver Ticket
AC-6 Least Privilege Protects T1558.003 Kerberoasting
AC-6 Least Privilege Protects T1559 Inter-Process Communication
AC-6 Least Privilege Protects T1559.001 Component Object Model
AC-6 Least Privilege Protects T1559.002 Dynamic Data Exchange
AC-6 Least Privilege Protects T1561 Disk Wipe
AC-6 Least Privilege Protects T1561.001 Disk Content Wipe
AC-6 Least Privilege Protects T1561.002 Disk Structure Wipe
AC-6 Least Privilege Protects T1562 Impair Defenses
AC-6 Least Privilege Protects T1562.001 Disable or Modify Tools
AC-6 Least Privilege Protects T1562.002 Disable Windows Event Logging
AC-6 Least Privilege Protects T1562.004 Disable or Modify System Firewall
AC-6 Least Privilege Protects T1562.006 Indicator Blocking
AC-6 Least Privilege Protects T1562.007 Disable or Modify Cloud Firewall
AC-6 Least Privilege Protects T1562.008 Disable Cloud Logs
AC-6 Least Privilege Protects T1563 Remote Service Session Hijacking
AC-6 Least Privilege Protects T1563.001 SSH Hijacking
AC-6 Least Privilege Protects T1563.002 RDP Hijacking
AC-6 Least Privilege Protects T1569 System Services
AC-6 Least Privilege Protects T1569.001 Launchctl
AC-6 Least Privilege Protects T1569.002 Service Execution
AC-6 Least Privilege Protects T1574 Hijack Execution Flow
AC-6 Least Privilege Protects T1574.004 Dylib Hijacking
AC-6 Least Privilege Protects T1574.005 Executable Installer File Permissions Weakness
AC-6 Least Privilege Protects T1574.007 Path Interception by PATH Environment Variable
AC-6 Least Privilege Protects T1574.008 Path Interception by Search Order Hijacking
AC-6 Least Privilege Protects T1574.009 Path Interception by Unquoted Path
AC-6 Least Privilege Protects T1574.010 Services File Permissions Weakness
AC-6 Least Privilege Protects T1574.011 Services Registry Permissions Weakness
AC-6 Least Privilege Protects T1574.012 COR_PROFILER
AC-6 Least Privilege Protects T1578 Modify Cloud Compute Infrastructure
AC-6 Least Privilege Protects T1578.001 Create Snapshot
AC-6 Least Privilege Protects T1578.002 Create Cloud Instance
AC-6 Least Privilege Protects T1578.003 Delete Cloud Instance
AC-6 Least Privilege Protects T1580 Cloud Infrastructure Discovery
AC-6 Least Privilege Protects T1599 Network Boundary Bridging
AC-6 Least Privilege Protects T1599.001 Network Address Translation Traversal
AC-6 Least Privilege Protects T1601 Modify System Image
AC-6 Least Privilege Protects T1601.001 Patch System Image
AC-6 Least Privilege Protects T1601.002 Downgrade System Image
AC-6 Least Privilege Protects T1609 Container Administration Command
AC-6 Least Privilege Protects T1610 Deploy Container
AC-6 Least Privilege Protects T1611 Escape to Host
AC-6 Least Privilege Protects T1612 Build Image on Host
AC-6 Least Privilege Protects T1613 Container and Resource Discovery
AC-7 Unsuccessful Logon Attempts Protects T1021 Remote Services
AC-7 Unsuccessful Logon Attempts Protects T1021.001 Remote Desktop Protocol
AC-7 Unsuccessful Logon Attempts Protects T1021.004 SSH
AC-7 Unsuccessful Logon Attempts Protects T1078.002 Domain Accounts
AC-7 Unsuccessful Logon Attempts Protects T1078.004 Cloud Accounts
AC-7 Unsuccessful Logon Attempts Protects T1110 Brute Force
AC-7 Unsuccessful Logon Attempts Protects T1110.001 Password Guessing
AC-7 Unsuccessful Logon Attempts Protects T1110.002 Password Cracking
AC-7 Unsuccessful Logon Attempts Protects T1110.003 Password Spraying
AC-7 Unsuccessful Logon Attempts Protects T1110.004 Credential Stuffing
AC-7 Unsuccessful Logon Attempts Protects T1133 External Remote Services
AC-7 Unsuccessful Logon Attempts Protects T1530 Data from Cloud Storage Object
AC-7 Unsuccessful Logon Attempts Protects T1556 Modify Authentication Process
AC-7 Unsuccessful Logon Attempts Protects T1556.001 Domain Controller Authentication
AC-7 Unsuccessful Logon Attempts Protects T1556.003 Pluggable Authentication Modules
AC-7 Unsuccessful Logon Attempts Protects T1556.004 Network Device Authentication
AC-8 System Use Notification Protects T1199 Trusted Relationship

Capabilities

Capability ID Capability Name Number of Mappings
AC-2 Account Management 161
AC-12 Session Termination 3
AC-20 Use of External Systems 49
AC-18 Wireless Access 23
AC-6 Least Privilege 204
AC-7 Unsuccessful Logon Attempts 16
AC-8 System Use Notification 1
AC-4 Information Flow Enforcement 138
AC-5 Separation of Duties 150
AC-11 Device Lock 2
AC-17 Remote Access 61
AC-3 Access Enforcement 224
AC-23 Data Mining Protection 5
AC-10 Concurrent Session Control 3
AC-14 Permitted Actions Without Identification or Authentication 1
AC-21 Information Sharing 3
AC-19 Access Control for Mobile Devices 26
AC-16 Security and Privacy Attributes 41