| IA-11 |
Re-authentication |
Protects |
T1110 |
Brute Force |
| IA-11 |
Re-authentication |
Protects |
T1110.001 |
Password Guessing |
| IA-11 |
Re-authentication |
Protects |
T1110.002 |
Password Cracking |
| IA-11 |
Re-authentication |
Protects |
T1110.003 |
Password Spraying |
| IA-11 |
Re-authentication |
Protects |
T1110.004 |
Credential Stuffing |
| IA-12 |
Identity Proofing |
Protects |
T1078 |
Valid Accounts |
| IA-12 |
Identity Proofing |
Protects |
T1078.002 |
Domain Accounts |
| IA-12 |
Identity Proofing |
Protects |
T1078.003 |
Local Accounts |
| IA-12 |
Identity Proofing |
Protects |
T1078.004 |
Cloud Accounts |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003 |
OS Credential Dumping |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.001 |
LSASS Memory |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.002 |
Security Account Manager |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.003 |
NTDS |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.004 |
LSA Secrets |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.006 |
DCSync |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.007 |
Proc Filesystem |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021 |
Remote Services |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.001 |
Remote Desktop Protocol |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.002 |
SMB/Windows Admin Shares |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.003 |
Distributed Component Object Model |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.004 |
SSH |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.005 |
VNC |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1021.006 |
Windows Remote Management |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1040 |
Network Sniffing |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1047 |
Windows Management Instrumentation |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053 |
Scheduled Task/Job |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.001 |
At (Linux) |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.002 |
At (Windows) |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.003 |
Cron |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.004 |
Launchd |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.005 |
Scheduled Task |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.006 |
Systemd Timers |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1053.007 |
Container Orchestration Job |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1055 |
Process Injection |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1055.008 |
Ptrace System Calls |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1056.003 |
Web Portal Capture |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1059.001 |
PowerShell |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1059.008 |
Network Device CLI |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1072 |
Software Deployment Tools |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1078 |
Valid Accounts |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1078.002 |
Domain Accounts |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1078.003 |
Local Accounts |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1078.004 |
Cloud Accounts |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1087.004 |
Cloud Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1098 |
Account Manipulation |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1098.001 |
Additional Cloud Credentials |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1098.002 |
Exchange Email Delegate Permissions |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1098.003 |
Add Office 365 Global Administrator Role |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1110 |
Brute Force |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1110.001 |
Password Guessing |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1110.002 |
Password Cracking |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1110.003 |
Password Spraying |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1110.004 |
Credential Stuffing |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1111 |
Two-Factor Authentication Interception |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1114 |
Email Collection |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1114.002 |
Remote Email Collection |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1133 |
External Remote Services |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1134 |
Access Token Manipulation |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1134.001 |
Token Impersonation/Theft |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1134.002 |
Create Process with Token |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1134.003 |
Make and Impersonate Token |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1136 |
Create Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1136.001 |
Local Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1136.002 |
Domain Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1136.003 |
Cloud Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1185 |
Man in the Browser |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1190 |
Exploit Public-Facing Application |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1197 |
BITS Jobs |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1210 |
Exploitation of Remote Services |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1213 |
Data from Information Repositories |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1213.001 |
Confluence |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1213.002 |
Sharepoint |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1218 |
Signed Binary Proxy Execution |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1218.007 |
Msiexec |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1222 |
File and Directory Permissions Modification |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1222.001 |
Windows File and Directory Permissions Modification |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1222.002 |
Linux and Mac File and Directory Permissions Modification |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1484 |
Domain Policy Modification |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1489 |
Service Stop |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1495 |
Firmware Corruption |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1505 |
Server Software Component |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1505.001 |
SQL Stored Procedures |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1505.002 |
Transport Agent |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1525 |
Implant Internal Image |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1528 |
Steal Application Access Token |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1537 |
Transfer Data to Cloud Account |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1538 |
Cloud Service Dashboard |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1539 |
Steal Web Session Cookie |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1542 |
Pre-OS Boot |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1542.001 |
System Firmware |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1542.003 |
Bootkit |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1542.005 |
TFTP Boot |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1543 |
Create or Modify System Process |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1543.001 |
Launch Agent |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1543.002 |
Systemd Service |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1543.003 |
Windows Service |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1543.004 |
Launch Daemon |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1546.003 |
Windows Management Instrumentation Event Subscription |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1547.004 |
Winlogon Helper DLL |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1547.006 |
Kernel Modules and Extensions |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1547.009 |
Shortcut Modification |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1547.012 |
Print Processors |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1547.013 |
XDG Autostart Entries |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1548 |
Abuse Elevation Control Mechanism |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1548.002 |
Bypass User Account Control |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1548.003 |
Sudo and Sudo Caching |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1550 |
Use Alternate Authentication Material |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1550.001 |
Application Access Token |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1550.002 |
Pass the Hash |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1550.003 |
Pass the Ticket |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552 |
Unsecured Credentials |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552.001 |
Credentials In Files |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552.002 |
Credentials in Registry |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552.004 |
Private Keys |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552.006 |
Group Policy Preferences |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1552.007 |
Container API |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1555.005 |
Password Managers |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1556 |
Modify Authentication Process |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1556.001 |
Domain Controller Authentication |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1556.003 |
Pluggable Authentication Modules |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1556.004 |
Network Device Authentication |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1558 |
Steal or Forge Kerberos Tickets |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1558.001 |
Golden Ticket |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1558.002 |
Silver Ticket |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1558.003 |
Kerberoasting |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1558.004 |
AS-REP Roasting |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1559 |
Inter-Process Communication |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1559.001 |
Component Object Model |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562 |
Impair Defenses |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.001 |
Disable or Modify Tools |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.002 |
Disable Windows Event Logging |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.004 |
Disable or Modify System Firewall |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.006 |
Indicator Blocking |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.007 |
Disable or Modify Cloud Firewall |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1562.008 |
Disable Cloud Logs |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1563 |
Remote Service Session Hijacking |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1563.001 |
SSH Hijacking |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1563.002 |
RDP Hijacking |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1569 |
System Services |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1569.001 |
Launchctl |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1569.002 |
Service Execution |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1574 |
Hijack Execution Flow |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1574.005 |
Executable Installer File Permissions Weakness |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1574.010 |
Services File Permissions Weakness |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1574.012 |
COR_PROFILER |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1578.001 |
Create Snapshot |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1578.002 |
Create Cloud Instance |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1578.003 |
Delete Cloud Instance |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1580 |
Cloud Infrastructure Discovery |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1599 |
Network Boundary Bridging |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1599.001 |
Network Address Translation Traversal |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1601 |
Modify System Image |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1601.001 |
Patch System Image |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1601.002 |
Downgrade System Image |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1610 |
Deploy Container |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1611 |
Escape to Host |
| IA-2 |
Identification and Authentication (organizational Users) |
Protects |
T1613 |
Container and Resource Discovery |
| IA-3 |
Device Identification and Authentication |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-3 |
Device Identification and Authentication |
Protects |
T1537 |
Transfer Data to Cloud Account |
| IA-3 |
Device Identification and Authentication |
Protects |
T1552 |
Unsecured Credentials |
| IA-3 |
Device Identification and Authentication |
Protects |
T1552.005 |
Cloud Instance Metadata API |
| IA-3 |
Device Identification and Authentication |
Protects |
T1602 |
Data from Configuration Repository |
| IA-3 |
Device Identification and Authentication |
Protects |
T1602.001 |
SNMP (MIB Dump) |
| IA-3 |
Device Identification and Authentication |
Protects |
T1602.002 |
Network Device Configuration Dump |
| IA-4 |
Identifier Management |
Protects |
T1003 |
OS Credential Dumping |
| IA-4 |
Identifier Management |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-4 |
Identifier Management |
Protects |
T1003.006 |
DCSync |
| IA-4 |
Identifier Management |
Protects |
T1021.001 |
Remote Desktop Protocol |
| IA-4 |
Identifier Management |
Protects |
T1021.005 |
VNC |
| IA-4 |
Identifier Management |
Protects |
T1053 |
Scheduled Task/Job |
| IA-4 |
Identifier Management |
Protects |
T1053.002 |
At (Windows) |
| IA-4 |
Identifier Management |
Protects |
T1053.005 |
Scheduled Task |
| IA-4 |
Identifier Management |
Protects |
T1110 |
Brute Force |
| IA-4 |
Identifier Management |
Protects |
T1110.001 |
Password Guessing |
| IA-4 |
Identifier Management |
Protects |
T1110.002 |
Password Cracking |
| IA-4 |
Identifier Management |
Protects |
T1110.003 |
Password Spraying |
| IA-4 |
Identifier Management |
Protects |
T1110.004 |
Credential Stuffing |
| IA-4 |
Identifier Management |
Protects |
T1213 |
Data from Information Repositories |
| IA-4 |
Identifier Management |
Protects |
T1213.001 |
Confluence |
| IA-4 |
Identifier Management |
Protects |
T1213.002 |
Sharepoint |
| IA-4 |
Identifier Management |
Protects |
T1528 |
Steal Application Access Token |
| IA-4 |
Identifier Management |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-4 |
Identifier Management |
Protects |
T1537 |
Transfer Data to Cloud Account |
| IA-4 |
Identifier Management |
Protects |
T1543 |
Create or Modify System Process |
| IA-4 |
Identifier Management |
Protects |
T1543.003 |
Windows Service |
| IA-4 |
Identifier Management |
Protects |
T1550.001 |
Application Access Token |
| IA-4 |
Identifier Management |
Protects |
T1552 |
Unsecured Credentials |
| IA-4 |
Identifier Management |
Protects |
T1552.005 |
Cloud Instance Metadata API |
| IA-4 |
Identifier Management |
Protects |
T1562 |
Impair Defenses |
| IA-4 |
Identifier Management |
Protects |
T1563 |
Remote Service Session Hijacking |
| IA-4 |
Identifier Management |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
| IA-4 |
Identifier Management |
Protects |
T1578.001 |
Create Snapshot |
| IA-4 |
Identifier Management |
Protects |
T1578.002 |
Create Cloud Instance |
| IA-4 |
Identifier Management |
Protects |
T1578.003 |
Delete Cloud Instance |
| IA-4 |
Identifier Management |
Protects |
T1602 |
Data from Configuration Repository |
| IA-4 |
Identifier Management |
Protects |
T1602.001 |
SNMP (MIB Dump) |
| IA-4 |
Identifier Management |
Protects |
T1602.002 |
Network Device Configuration Dump |
| IA-5 |
Authenticator Management |
Protects |
T1003 |
OS Credential Dumping |
| IA-5 |
Authenticator Management |
Protects |
T1003.001 |
LSASS Memory |
| IA-5 |
Authenticator Management |
Protects |
T1003.002 |
Security Account Manager |
| IA-5 |
Authenticator Management |
Protects |
T1003.003 |
NTDS |
| IA-5 |
Authenticator Management |
Protects |
T1003.004 |
LSA Secrets |
| IA-5 |
Authenticator Management |
Protects |
T1003.005 |
Cached Domain Credentials |
| IA-5 |
Authenticator Management |
Protects |
T1003.006 |
DCSync |
| IA-5 |
Authenticator Management |
Protects |
T1003.007 |
Proc Filesystem |
| IA-5 |
Authenticator Management |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
| IA-5 |
Authenticator Management |
Protects |
T1021 |
Remote Services |
| IA-5 |
Authenticator Management |
Protects |
T1021.001 |
Remote Desktop Protocol |
| IA-5 |
Authenticator Management |
Protects |
T1021.004 |
SSH |
| IA-5 |
Authenticator Management |
Protects |
T1040 |
Network Sniffing |
| IA-5 |
Authenticator Management |
Protects |
T1072 |
Software Deployment Tools |
| IA-5 |
Authenticator Management |
Protects |
T1078 |
Valid Accounts |
| IA-5 |
Authenticator Management |
Protects |
T1078.002 |
Domain Accounts |
| IA-5 |
Authenticator Management |
Protects |
T1078.004 |
Cloud Accounts |
| IA-5 |
Authenticator Management |
Protects |
T1098.001 |
Additional Cloud Credentials |
| IA-5 |
Authenticator Management |
Protects |
T1098.002 |
Exchange Email Delegate Permissions |
| IA-5 |
Authenticator Management |
Protects |
T1098.003 |
Add Office 365 Global Administrator Role |
| IA-5 |
Authenticator Management |
Protects |
T1110 |
Brute Force |
| IA-5 |
Authenticator Management |
Protects |
T1110.001 |
Password Guessing |
| IA-5 |
Authenticator Management |
Protects |
T1110.002 |
Password Cracking |
| IA-5 |
Authenticator Management |
Protects |
T1110.003 |
Password Spraying |
| IA-5 |
Authenticator Management |
Protects |
T1110.004 |
Credential Stuffing |
| IA-5 |
Authenticator Management |
Protects |
T1111 |
Two-Factor Authentication Interception |
| IA-5 |
Authenticator Management |
Protects |
T1114 |
Email Collection |
| IA-5 |
Authenticator Management |
Protects |
T1114.002 |
Remote Email Collection |
| IA-5 |
Authenticator Management |
Protects |
T1133 |
External Remote Services |
| IA-5 |
Authenticator Management |
Protects |
T1136 |
Create Account |
| IA-5 |
Authenticator Management |
Protects |
T1136.001 |
Local Account |
| IA-5 |
Authenticator Management |
Protects |
T1136.002 |
Domain Account |
| IA-5 |
Authenticator Management |
Protects |
T1136.003 |
Cloud Account |
| IA-5 |
Authenticator Management |
Protects |
T1528 |
Steal Application Access Token |
| IA-5 |
Authenticator Management |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-5 |
Authenticator Management |
Protects |
T1539 |
Steal Web Session Cookie |
| IA-5 |
Authenticator Management |
Protects |
T1550.003 |
Pass the Ticket |
| IA-5 |
Authenticator Management |
Protects |
T1552 |
Unsecured Credentials |
| IA-5 |
Authenticator Management |
Protects |
T1552.001 |
Credentials In Files |
| IA-5 |
Authenticator Management |
Protects |
T1552.002 |
Credentials in Registry |
| IA-5 |
Authenticator Management |
Protects |
T1552.004 |
Private Keys |
| IA-5 |
Authenticator Management |
Protects |
T1552.006 |
Group Policy Preferences |
| IA-5 |
Authenticator Management |
Protects |
T1555 |
Credentials from Password Stores |
| IA-5 |
Authenticator Management |
Protects |
T1555.001 |
Keychain |
| IA-5 |
Authenticator Management |
Protects |
T1555.002 |
Securityd Memory |
| IA-5 |
Authenticator Management |
Protects |
T1555.004 |
Windows Credential Manager |
| IA-5 |
Authenticator Management |
Protects |
T1555.005 |
Password Managers |
| IA-5 |
Authenticator Management |
Protects |
T1556 |
Modify Authentication Process |
| IA-5 |
Authenticator Management |
Protects |
T1556.001 |
Domain Controller Authentication |
| IA-5 |
Authenticator Management |
Protects |
T1556.003 |
Pluggable Authentication Modules |
| IA-5 |
Authenticator Management |
Protects |
T1556.004 |
Network Device Authentication |
| IA-5 |
Authenticator Management |
Protects |
T1558 |
Steal or Forge Kerberos Tickets |
| IA-5 |
Authenticator Management |
Protects |
T1558.001 |
Golden Ticket |
| IA-5 |
Authenticator Management |
Protects |
T1558.002 |
Silver Ticket |
| IA-5 |
Authenticator Management |
Protects |
T1558.003 |
Kerberoasting |
| IA-5 |
Authenticator Management |
Protects |
T1558.004 |
AS-REP Roasting |
| IA-5 |
Authenticator Management |
Protects |
T1563.001 |
SSH Hijacking |
| IA-5 |
Authenticator Management |
Protects |
T1599 |
Network Boundary Bridging |
| IA-5 |
Authenticator Management |
Protects |
T1599.001 |
Network Address Translation Traversal |
| IA-5 |
Authenticator Management |
Protects |
T1601 |
Modify System Image |
| IA-5 |
Authenticator Management |
Protects |
T1601.001 |
Patch System Image |
| IA-5 |
Authenticator Management |
Protects |
T1601.002 |
Downgrade System Image |
| IA-6 |
Authentication Feedback |
Protects |
T1021.001 |
Remote Desktop Protocol |
| IA-6 |
Authentication Feedback |
Protects |
T1021.005 |
VNC |
| IA-6 |
Authentication Feedback |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-6 |
Authentication Feedback |
Protects |
T1563 |
Remote Service Session Hijacking |
| IA-6 |
Authentication Feedback |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
| IA-6 |
Authentication Feedback |
Protects |
T1578.001 |
Create Snapshot |
| IA-6 |
Authentication Feedback |
Protects |
T1578.002 |
Create Cloud Instance |
| IA-6 |
Authentication Feedback |
Protects |
T1578.003 |
Delete Cloud Instance |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1495 |
Firmware Corruption |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1542 |
Pre-OS Boot |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1542.001 |
System Firmware |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1542.003 |
Bootkit |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1542.004 |
ROMMONkit |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1542.005 |
TFTP Boot |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1553 |
Subvert Trust Controls |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1553.006 |
Code Signing Policy Modification |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1601 |
Modify System Image |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1601.001 |
Patch System Image |
| IA-7 |
Cryptographic Module Authentication |
Protects |
T1601.002 |
Downgrade System Image |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1053 |
Scheduled Task/Job |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1053.007 |
Container Orchestration Job |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1059.001 |
PowerShell |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1059.008 |
Network Device CLI |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1087.004 |
Cloud Account |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1190 |
Exploit Public-Facing Application |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1210 |
Exploitation of Remote Services |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1213 |
Data from Information Repositories |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1213.001 |
Confluence |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1213.002 |
Sharepoint |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1528 |
Steal Application Access Token |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1530 |
Data from Cloud Storage Object |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1537 |
Transfer Data to Cloud Account |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1538 |
Cloud Service Dashboard |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1542 |
Pre-OS Boot |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1542.001 |
System Firmware |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1542.003 |
Bootkit |
| IA-8 |
Identification and Authentication (non-organizational Users) |
Protects |
T1542.005 |
TFTP Boot |
| IA-9 |
Service Identification and Authentication |
Protects |
T1036 |
Masquerading |
| IA-9 |
Service Identification and Authentication |
Protects |
T1036.001 |
Invalid Code Signature |
| IA-9 |
Service Identification and Authentication |
Protects |
T1036.005 |
Match Legitimate Name or Location |
| IA-9 |
Service Identification and Authentication |
Protects |
T1059 |
Command and Scripting Interpreter |
| IA-9 |
Service Identification and Authentication |
Protects |
T1059.001 |
PowerShell |
| IA-9 |
Service Identification and Authentication |
Protects |
T1059.002 |
AppleScript |
| IA-9 |
Service Identification and Authentication |
Protects |
T1505 |
Server Software Component |
| IA-9 |
Service Identification and Authentication |
Protects |
T1505.001 |
SQL Stored Procedures |
| IA-9 |
Service Identification and Authentication |
Protects |
T1505.002 |
Transport Agent |
| IA-9 |
Service Identification and Authentication |
Protects |
T1525 |
Implant Internal Image |
| IA-9 |
Service Identification and Authentication |
Protects |
T1546 |
Event Triggered Execution |
| IA-9 |
Service Identification and Authentication |
Protects |
T1546.006 |
LC_LOAD_DYLIB Addition |
| IA-9 |
Service Identification and Authentication |
Protects |
T1546.013 |
PowerShell Profile |
| IA-9 |
Service Identification and Authentication |
Protects |
T1553 |
Subvert Trust Controls |
| IA-9 |
Service Identification and Authentication |
Protects |
T1553.004 |
Install Root Certificate |
| IA-9 |
Service Identification and Authentication |
Protects |
T1554 |
Compromise Client Software Binary |
| IA-9 |
Service Identification and Authentication |
Protects |
T1566 |
Phishing |
| IA-9 |
Service Identification and Authentication |
Protects |
T1566.001 |
Spearphishing Attachment |
| IA-9 |
Service Identification and Authentication |
Protects |
T1566.002 |
Spearphishing Link |
| IA-9 |
Service Identification and Authentication |
Protects |
T1598 |
Phishing for Information |
| IA-9 |
Service Identification and Authentication |
Protects |
T1598.002 |
Spearphishing Attachment |
| IA-9 |
Service Identification and Authentication |
Protects |
T1598.003 |
Spearphishing Link |
