NIST 800-53 System and Services Acquisition Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SA-10 Developer Configuration Management Protects T1078 Valid Accounts
SA-10 Developer Configuration Management Protects T1078.001 Default Accounts
SA-10 Developer Configuration Management Protects T1078.003 Local Accounts
SA-10 Developer Configuration Management Protects T1078.004 Cloud Accounts
SA-10 Developer Configuration Management Protects T1195.003 Compromise Hardware Supply Chain
SA-10 Developer Configuration Management Protects T1495 Firmware Corruption
SA-10 Developer Configuration Management Protects T1505 Server Software Component
SA-10 Developer Configuration Management Protects T1505.001 SQL Stored Procedures
SA-10 Developer Configuration Management Protects T1505.002 Transport Agent
SA-10 Developer Configuration Management Protects T1542 Pre-OS Boot
SA-10 Developer Configuration Management Protects T1542.001 System Firmware
SA-10 Developer Configuration Management Protects T1542.003 Bootkit
SA-10 Developer Configuration Management Protects T1542.004 ROMMONkit
SA-10 Developer Configuration Management Protects T1542.005 TFTP Boot
SA-10 Developer Configuration Management Protects T1553 Subvert Trust Controls
SA-10 Developer Configuration Management Protects T1553.006 Code Signing Policy Modification
SA-10 Developer Configuration Management Protects T1574.002 DLL Side-Loading
SA-10 Developer Configuration Management Protects T1601 Modify System Image
SA-10 Developer Configuration Management Protects T1601.001 Patch System Image
SA-10 Developer Configuration Management Protects T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation Protects T1078 Valid Accounts
SA-11 Developer Testing and Evaluation Protects T1078.001 Default Accounts
SA-11 Developer Testing and Evaluation Protects T1078.003 Local Accounts
SA-11 Developer Testing and Evaluation Protects T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation Protects T1134.005 SID-History Injection
SA-11 Developer Testing and Evaluation Protects T1195.003 Compromise Hardware Supply Chain
SA-11 Developer Testing and Evaluation Protects T1495 Firmware Corruption
SA-11 Developer Testing and Evaluation Protects T1505 Server Software Component
SA-11 Developer Testing and Evaluation Protects T1505.001 SQL Stored Procedures
SA-11 Developer Testing and Evaluation Protects T1505.002 Transport Agent
SA-11 Developer Testing and Evaluation Protects T1528 Steal Application Access Token
SA-11 Developer Testing and Evaluation Protects T1542 Pre-OS Boot
SA-11 Developer Testing and Evaluation Protects T1542.001 System Firmware
SA-11 Developer Testing and Evaluation Protects T1542.003 Bootkit
SA-11 Developer Testing and Evaluation Protects T1542.004 ROMMONkit
SA-11 Developer Testing and Evaluation Protects T1542.005 TFTP Boot
SA-11 Developer Testing and Evaluation Protects T1552 Unsecured Credentials
SA-11 Developer Testing and Evaluation Protects T1552.001 Credentials In Files
SA-11 Developer Testing and Evaluation Protects T1552.002 Credentials in Registry
SA-11 Developer Testing and Evaluation Protects T1552.004 Private Keys
SA-11 Developer Testing and Evaluation Protects T1552.006 Group Policy Preferences
SA-11 Developer Testing and Evaluation Protects T1553 Subvert Trust Controls
SA-11 Developer Testing and Evaluation Protects T1553.006 Code Signing Policy Modification
SA-11 Developer Testing and Evaluation Protects T1558.004 AS-REP Roasting
SA-11 Developer Testing and Evaluation Protects T1574.002 DLL Side-Loading
SA-11 Developer Testing and Evaluation Protects T1601 Modify System Image
SA-11 Developer Testing and Evaluation Protects T1601.001 Patch System Image
SA-11 Developer Testing and Evaluation Protects T1601.002 Downgrade System Image
SA-11 Developer Testing and Evaluation Protects T1612 Build Image on Host
SA-12 Supply Chain Protection Protects T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools Protects T1078 Valid Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.001 Default Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.003 Local Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.004 Cloud Accounts
SA-15 Development Process, Standards, and Tools Protects T1528 Steal Application Access Token
SA-15 Development Process, Standards, and Tools Protects T1552 Unsecured Credentials
SA-15 Development Process, Standards, and Tools Protects T1552.001 Credentials In Files
SA-15 Development Process, Standards, and Tools Protects T1552.002 Credentials in Registry
SA-15 Development Process, Standards, and Tools Protects T1552.004 Private Keys
SA-15 Development Process, Standards, and Tools Protects T1552.006 Group Policy Preferences
SA-15 Development Process, Standards, and Tools Protects T1558.004 AS-REP Roasting
SA-15 Development Process, Standards, and Tools Protects T1574.002 DLL Side-Loading
SA-16 Developer-provided Training Protects T1078 Valid Accounts
SA-16 Developer-provided Training Protects T1078.001 Default Accounts
SA-16 Developer-provided Training Protects T1078.003 Local Accounts
SA-16 Developer-provided Training Protects T1078.004 Cloud Accounts
SA-16 Developer-provided Training Protects T1574.002 DLL Side-Loading
SA-17 Developer Security and Privacy Architecture and Design Protects T1078 Valid Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.001 Default Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.004 Cloud Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1134.005 SID-History Injection
SA-17 Developer Security and Privacy Architecture and Design Protects T1482 Domain Trust Discovery
SA-17 Developer Security and Privacy Architecture and Design Protects T1574.002 DLL Side-Loading
SA-22 Unsupported System Components Protects T1189 Drive-by Compromise
SA-22 Unsupported System Components Protects T1195 Supply Chain Compromise
SA-22 Unsupported System Components Protects T1195.001 Compromise Software Dependencies and Development Tools
SA-22 Unsupported System Components Protects T1195.002 Compromise Software Supply Chain
SA-22 Unsupported System Components Protects T1543 Create or Modify System Process
SA-22 Unsupported System Components Protects T1543.002 Systemd Service
SA-3 System Development Life Cycle Protects T1078 Valid Accounts
SA-3 System Development Life Cycle Protects T1078.001 Default Accounts
SA-3 System Development Life Cycle Protects T1078.003 Local Accounts
SA-3 System Development Life Cycle Protects T1078.004 Cloud Accounts
SA-3 System Development Life Cycle Protects T1574.002 DLL Side-Loading
SA-4 Acquisition Process Protects T1078 Valid Accounts
SA-4 Acquisition Process Protects T1078.001 Default Accounts
SA-4 Acquisition Process Protects T1078.003 Local Accounts
SA-4 Acquisition Process Protects T1078.004 Cloud Accounts
SA-4 Acquisition Process Protects T1134.005 SID-History Injection
SA-4 Acquisition Process Protects T1574.002 DLL Side-Loading
SA-8 Security and Privacy Engineering Principles Protects T1078 Valid Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.001 Default Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.003 Local Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.004 Cloud Accounts
SA-8 Security and Privacy Engineering Principles Protects T1134.005 SID-History Injection
SA-8 Security and Privacy Engineering Principles Protects T1190 Exploit Public-Facing Application
SA-8 Security and Privacy Engineering Principles Protects T1482 Domain Trust Discovery
SA-8 Security and Privacy Engineering Principles Protects T1574.002 DLL Side-Loading

Capabilities

Capability ID Capability Name Number of Mappings
SA-22 Unsupported System Components 6
SA-3 System Development Life Cycle 5
SA-10 Developer Configuration Management 20
SA-11 Developer Testing and Evaluation 29
SA-8 Security and Privacy Engineering Principles 8
SA-4 Acquisition Process 6
SA-15 Development Process, Standards, and Tools 12
SA-17 Developer Security and Privacy Architecture and Design 7
SA-12 Supply Chain Protection 1
SA-16 Developer-provided Training 5