Audit
Compliance audit answer
For a whole framework: every control, the ATT&CK techniques it defends, and whether you can detect them
This is the one-page answer to "are my controls actually backed by detection?". For each control in the framework it shows the ATT&CK techniques the control maps to, and marks each technique detectable when a real rule (Sigma, CAR, IDS, YARA, Falco) covers it, or a gap when nothing does. Honest by construction: control-to-technique links come only from the published mappings, and a technique counts as detectable only if a real rule maps to it. Controls with no ATT&CK mapping are shown as such, not hidden. Export the full matrix for your auditor below.
What this measures: whether a public detection rule exists for each technique (Sigma, CAR, IDS, YARA, Falco), not whether you have deployed it. It shows what is detectable in principle, the ceiling, not your live coverage. For coverage against your own rules and telemetry, use the Detection workspace.
1246
NIST 800-53 controls
109
controls with ATT&CK mapping
470
distinct techniques defended
308
of those, detectable
65%
overall detection coverage
▤
Coverage by control family
20 families| Family | Controls | Mapped | Techniques | Detectable | Coverage |
|---|---|---|---|---|---|
| AC | 154 | 18 | 382 | 253 | 66% |
| AT | 17 | 0 | 0 | 0 | 0% |
| AU | 69 | 0 | 0 | 0 | 0% |
| CA | 35 | 3 | 211 | 144 | 68% |
| CM | 72 | 9 | 398 | 278 | 69% |
| CP | 60 | 5 | 22 | 14 | 63% |
| IA | 82 | 11 | 205 | 144 | 70% |
| IR | 42 | 0 | 0 | 0 | 0% |
| MA | 30 | 0 | 0 | 0 | 0% |
| MP | 31 | 1 | 6 | 2 | 33% |
| PE | 59 | 0 | 0 | 0 | 0% |
| PL | 17 | 0 | 0 | 0 | 0% |
| PM | 37 | 0 | 0 | 0 | 0% |
| PS | 18 | 0 | 0 | 0 | 0% |
| PT | 21 | 0 | 0 | 0 | 0% |
| RA | 28 | 3 | 117 | 84 | 71% |
| SA | 151 | 10 | 52 | 34 | 65% |
| SC | 169 | 34 | 244 | 160 | 65% |
| SI | 125 | 12 | 416 | 278 | 66% |
| SR | 29 | 3 | 22 | 13 | 59% |
▤
Control-by-control coverage
1246 controls
NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 872 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default.
AC-02
Account Management
150/220 detectable
T1003.007T1003.008T1020.001T1021.008T1025T1036.010T1048.002T1052T1052.001T1053.006T1053.007T1056.003T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1098.002T1098.006T1098.007T1110.003T1110.004T1213.001T1213.002T1213.004T1213.005T1218.015T1485.001T1530T1538T1542T1542.005T1543.005T1547.012T1547.013T1548.005T1548.006T1555.006T1556.001T1556.003T1556.005T1556.007T1556.009T1558.001T1558.002T1558.004T1558.005T1562.004T1562.007T1562.008T1562.009T1562.012T1563T1563.001T1566.003T1574.004T1578.001T1578.002T1578.005T1599T1601T1601.001T1601.002T1606.001T1612T1648T1651T1654T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1021.007T1036T1036.003T1036.005T1041T1047T1048T1048.003T1053T1053.002T1053.003T1053.005T1055T1055.008T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1059.009T1068T1070T1070.001T1070.003T1072T1078T1078.001T1078.002T1078.003T1078.004T1087T1087.004T1098T1098.001T1098.003T1098.005T1110T1110.001T1110.002T1134T1134.001T1134.002T1134.003T1136T1136.001T1136.002T1136.003T1185T1190T1195T1197T1210T1212T1213T1213.003T1218T1218.007T1222T1222.001T1222.002T1484T1489T1490T1495T1505T1505.002T1505.003T1505.005T1525T1528T1537T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546T1546.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.002T1550.003T1552T1552.001T1552.002T1552.004T1552.006T1552.007T1553T1555.005T1556T1556.004T1556.006T1558T1558.003T1559T1559.001T1562T1562.001T1562.002T1562.006T1563.002T1567T1569T1569.001T1569.002T1574T1574.005T1574.007T1574.008T1574.009T1574.010T1574.012T1578T1578.003T1580T1599.001T1606T1606.002T1609T1610T1611T1613T1619T1621
AC-03
Access Enforcement
191/281 detectable
T1003.007T1003.008T1020.001T1021.008T1025T1036.010T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1053.006T1053.007T1056.003T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1080T1098.002T1098.006T1098.007T1110.003T1110.004T1114.002T1213.001T1213.002T1213.004T1213.005T1218.012T1485.001T1491T1491.002T1498.001T1498.002T1499.002T1499.003T1530T1538T1542T1542.004T1542.005T1543.005T1547.007T1547.012T1547.013T1548.005T1548.006T1555.002T1555.006T1556.001T1556.003T1556.007T1556.008T1556.009T1557.004T1558.001T1558.002T1558.004T1558.005T1561T1562.004T1562.007T1562.008T1562.009T1562.012T1563T1563.001T1565.003T1574.004T1578.001T1578.002T1578.005T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1606.001T1612T1647T1648T1651T1654T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1021.007T1027T1036T1036.003T1036.005T1037T1037.005T1041T1047T1048T1048.001T1048.003T1053T1053.002T1053.003T1053.005T1055T1055.008T1055.009T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1059.009T1070T1070.001T1070.003T1071.004T1072T1078T1078.002T1078.003T1078.004T1087.004T1090T1090.003T1091T1095T1098T1098.001T1098.003T1098.004T1098.005T1110T1110.001T1110.002T1114T1133T1134T1134.001T1134.002T1134.003T1134.005T1136T1136.001T1136.002T1136.003T1185T1187T1190T1195T1197T1199T1200T1205T1205.001T1210T1213T1213.003T1218T1218.002T1218.007T1219T1222T1222.001T1222.002T1484T1485T1486T1489T1490T1491.001T1495T1498T1499T1499.001T1499.004T1505T1505.002T1505.003T1505.004T1505.005T1525T1528T1537T1539T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546T1546.003T1546.004T1546.013T1547.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.002T1550.003T1552T1552.002T1552.005T1552.007T1553T1553.003T1555T1555.005T1556T1556.004T1556.006T1557T1557.001T1557.002T1557.003T1558T1558.003T1559T1559.001T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1563.002T1564.004T1565T1565.001T1567T1569T1569.001T1569.002T1570T1572T1574T1574.005T1574.007T1574.008T1574.009T1574.010T1574.012T1574.014T1578T1578.003T1580T1599.001T1606T1606.002T1609T1610T1611T1613T1619T1622
AC-04
Information Flow Enforcement
110/158 detectable
T1001.001T1001.002T1020.001T1048.002T1070.008T1071.002T1071.003T1071.005T1098.007T1104T1114.002T1132.002T1204.003T1205.002T1213.001T1213.002T1213.004T1213.005T1218.012T1498.001T1498.002T1499.002T1499.003T1530T1552.008T1557.004T1563T1564.008T1565.003T1566.003T1567.003T1567.004T1573.001T1573.002T1574.004T1598T1598.001T1598.002T1598.003T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1654T1659T1001T1001.003T1003T1003.001T1003.005T1003.006T1008T1021.001T1021.002T1021.003T1021.005T1021.006T1029T1030T1041T1046T1048T1048.001T1048.003T1068T1071T1071.001T1071.004T1072T1090T1090.001T1090.002T1090.003T1095T1098T1098.001T1102T1102.001T1102.002T1102.003T1105T1114T1114.001T1114.003T1132T1132.001T1133T1134.005T1136T1136.002T1136.003T1187T1189T1190T1197T1199T1203T1204T1204.001T1204.002T1205T1205.001T1210T1211T1212T1213T1218T1219T1482T1484T1489T1498T1499T1499.001T1499.004T1505.004T1528T1537T1547.003T1552T1552.001T1552.005T1552.007T1557T1557.001T1557.002T1557.003T1559T1559.001T1559.002T1563.002T1565T1566T1566.001T1566.002T1567T1567.001T1567.002T1568T1568.002T1570T1571T1572T1573T1574T1574.005T1574.007T1574.008T1574.009T1574.010T1590.002T1599.001T1609T1611T1622
AC-05
Separation of Duties
122/167 detectable
T1003.007T1003.008T1053.006T1053.007T1056.003T1059.008T1070.002T1070.007T1070.008T1070.009T1098.002T1098.007T1110.003T1110.004T1213.001T1213.002T1213.004T1530T1538T1542T1542.005T1543.005T1547.012T1547.013T1548.006T1556.001T1556.003T1556.005T1556.009T1558.001T1558.002T1562.004T1562.007T1562.008T1562.009T1563T1563.001T1574.004T1578.001T1578.002T1599T1601T1601.001T1601.002T1657T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1021T1021.001T1021.002T1021.003T1021.004T1021.006T1021.007T1047T1053T1053.002T1053.003T1053.005T1055T1055.008T1059T1059.001T1070T1070.001T1070.003T1072T1078T1078.001T1078.002T1078.003T1078.004T1087.004T1098T1098.001T1098.003T1098.004T1098.005T1110T1110.001T1110.002T1134T1134.001T1134.002T1134.003T1134.005T1136T1136.001T1136.002T1136.003T1185T1190T1197T1210T1213T1213.003T1218T1218.007T1222T1222.001T1222.002T1484T1489T1495T1505T1505.002T1505.003T1505.005T1525T1528T1537T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.002T1550.003T1552T1552.001T1552.002T1552.006T1552.007T1556T1556.004T1558T1558.003T1559T1559.001T1562T1562.001T1562.002T1562.006T1563.002T1569T1569.001T1569.002T1574T1574.005T1574.007T1574.008T1574.009T1574.010T1574.012T1578T1578.003T1580T1599.001T1606T1609T1611T1619
AC-06
Least Privilege
183/270 detectable
T1003.007T1003.008T1020.001T1021.008T1025T1048.002T1052T1052.001T1053.006T1053.007T1055.002T1055.004T1055.005T1055.013T1055.014T1056.003T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1098.002T1098.006T1098.007T1110.003T1110.004T1137.001T1137.004T1137.005T1176T1213.001T1213.002T1213.004T1213.005T1218.015T1485.001T1491T1491.002T1530T1538T1542T1542.004T1542.005T1543.005T1546.016T1547.012T1547.013T1548.005T1548.006T1553.006T1555.002T1555.006T1556.001T1556.003T1556.005T1556.007T1556.008T1556.009T1558.001T1558.002T1558.005T1561T1562.004T1562.007T1562.008T1562.009T1562.012T1563T1563.001T1566.003T1574.004T1578.001T1578.002T1578.005T1599T1601T1601.001T1601.002T1606.001T1612T1647T1648T1651T1654T1657T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1021.007T1036T1036.003T1036.005T1041T1047T1048T1048.003T1053T1053.002T1053.003T1053.005T1055T1055.001T1055.003T1055.008T1055.009T1055.011T1055.012T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1059.009T1068T1070T1070.001T1070.003T1072T1078T1078.001T1078.002T1078.003T1078.004T1087.004T1091T1098T1098.001T1098.003T1098.004T1098.005T1106T1110T1110.001T1110.002T1112T1133T1134T1134.001T1134.002T1134.003T1134.005T1136T1136.001T1136.002T1136.003T1137T1137.002T1137.003T1137.006T1185T1189T1190T1195T1197T1199T1200T1203T1210T1211T1212T1213T1213.003T1218T1218.007T1222T1222.001T1222.002T1484T1485T1486T1489T1490T1491.001T1495T1505T1505.002T1505.003T1505.004T1505.005T1525T1528T1537T1539T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546T1546.003T1546.004T1546.011T1546.013T1547.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.002T1550.003T1552T1552.001T1552.002T1552.006T1552.007T1553T1553.003T1555T1556T1556.004T1556.006T1558T1558.003T1559T1559.001T1559.002T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1563.002T1567T1569T1569.001T1569.002T1574T1574.005T1574.007T1574.008T1574.009T1574.010T1574.011T1574.012T1574.014T1578T1578.003T1580T1599.001T1606T1606.002T1609T1610T1611T1613T1619T1621
AC-07
Unsuccessful Logon Attempts
11/16 detectable
AC-08
System Use Notification
1/1 detectable
AC-1
Policy and Procedures
no ATT&CK mapping
AC-11.1
Pattern-hiding Displays
enhancement of AC-11
AC-12.1
User-initiated Logouts
enhancement of AC-12
AC-12.2
Termination Message
enhancement of AC-12
AC-12.3
Timeout Warning Message
enhancement of AC-12
AC-13
Supervision and Review — Access Control
no ATT&CK mapping
AC-14
Permitted Actions Without Identification or Authentication
1/1 detectable
AC-14.1
Necessary Uses
enhancement of AC-14
AC-15
Automated Marking
no ATT&CK mapping
AC-16
Security and Privacy Attributes
35/57 detectable
T1020.001T1025T1048.002T1052T1052.001T1070.002T1070.008T1114.002T1213.001T1213.002T1213.004T1213.005T1530T1547.007T1548.006T1556.009T1558.002T1558.004T1602T1602.001T1602.002T1647T1003T1003.003T1005T1040T1041T1048T1048.003T1070T1070.001T1114T1114.001T1114.003T1119T1213T1222T1222.001T1222.002T1505T1505.002T1537T1548T1548.003T1550.001T1552T1552.004T1552.005T1557T1557.002T1558T1558.003T1564.004T1565T1565.001T1565.002T1567
AC-16.1
Dynamic Attribute Association
enhancement of AC-16
AC-16.10
Attribute Configuration by Authorized Individuals
enhancement of AC-16
AC-16.2
Attribute Value Changes by Authorized Individuals
enhancement of AC-16
AC-16.3
Maintenance of Attribute Associations by System
enhancement of AC-16
AC-16.4
Association of Attributes by Authorized Individuals
enhancement of AC-16
AC-16.5
Attribute Displays on Objects to Be Output
enhancement of AC-16
AC-16.6
Maintenance of Attribute Association
enhancement of AC-16
AC-16.7
Consistent Attribute Interpretation
enhancement of AC-16
AC-16.8
Association Techniques and Technologies
enhancement of AC-16
AC-16.9
Attribute Reassignment — Regrading Mechanisms
enhancement of AC-16
AC-17
Remote Access
55/81 detectable
T1020.001T1021.008T1059.008T1070.002T1070.008T1114.002T1127.002T1213.001T1213.002T1213.005T1530T1547.012T1547.013T1558.002T1558.004T1563T1563.001T1567.003T1567.004T1602T1602.001T1602.002T1612T1647T1651T1659T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1037T1037.001T1040T1047T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1070T1070.001T1114T1114.001T1114.003T1119T1133T1137T1137.002T1213T1219T1505.004T1505.005T1537T1543T1547.003T1547.004T1547.009T1550.001T1552T1552.002T1552.004T1552.005T1552.007T1557T1557.002T1558T1558.003T1563.002T1565T1565.001T1565.002T1609T1610T1613T1619
AC-17.1
Monitoring and Control
enhancement of AC-17
AC-17.10
Authenticate Remote Commands
enhancement of AC-17
AC-17.2
Protection of Confidentiality and Integrity Using Encryption
enhancement of AC-17
AC-17.3
Managed Access Control Points
enhancement of AC-17
AC-17.4
Privileged Commands and Access
enhancement of AC-17
AC-17.5
Monitoring for Unauthorized Connections
enhancement of AC-17
AC-17.6
Protection of Mechanism Information
enhancement of AC-17
AC-17.7
Additional Protection for Security Function Access
enhancement of AC-17
AC-17.8
Disable Nonsecure Network Protocols
enhancement of AC-17
AC-17.9
Disconnect or Disable Access
enhancement of AC-17
AC-18
Wireless Access
13/25 detectable
AC-18.1
Authentication and Encryption
enhancement of AC-18
AC-18.2
Monitoring Unauthorized Connections
enhancement of AC-18
AC-18.3
Disable Wireless Networking
enhancement of AC-18
AC-18.4
Restrict Configurations by Users
enhancement of AC-18
AC-18.5
Antennas and Transmission Power Levels
enhancement of AC-18
AC-19
Access Control for Mobile Devices
16/27 detectable
AC-19.1
Use of Writable and Portable Storage Devices
enhancement of AC-19
AC-19.2
Use of Personally Owned Portable Storage Devices
enhancement of AC-19
AC-19.3
Use of Portable Storage Devices with No Identifiable Owner
enhancement of AC-19
AC-19.4
Restrictions for Classified Information
enhancement of AC-19
AC-19.5
Full Device or Container-based Encryption
enhancement of AC-19
AC-2
Account Management
no ATT&CK mapping
AC-2.1
Automated System Account Management
enhancement of AC-2
AC-2.10
Shared and Group Account Credential Change
enhancement of AC-2
AC-2.11
Usage Conditions
enhancement of AC-2
AC-2.12
Account Monitoring for Atypical Usage
enhancement of AC-2
AC-2.13
Disable Accounts for High-risk Individuals
enhancement of AC-2
AC-2.2
Automated Temporary and Emergency Account Management
enhancement of AC-2
AC-2.3
Disable Accounts
enhancement of AC-2
AC-2.4
Automated Audit Actions
enhancement of AC-2
AC-2.5
Inactivity Logout
enhancement of AC-2
AC-2.6
Dynamic Privilege Management
enhancement of AC-2
AC-2.7
Privileged User Accounts
enhancement of AC-2
AC-2.8
Dynamic Account Management
enhancement of AC-2
AC-2.9
Restrictions on Use of Shared and Group Accounts
enhancement of AC-2
AC-20
Use of External Systems
46/64 detectable
T1020.001T1021.008T1048.002T1052T1052.001T1070.008T1098.002T1110.003T1110.004T1111T1114.002T1530T1556.001T1556.003T1578.005T1602T1602.001T1602.002T1021T1021.001T1021.004T1021.007T1041T1048T1048.003T1072T1078.002T1078.004T1098.001T1098.003T1098.004T1098.005T1110T1110.001T1110.002T1114T1114.001T1114.003T1119T1133T1134.005T1136T1136.001T1136.002T1136.003T1200T1505.005T1537T1539T1550.001T1552T1552.004T1552.005T1555T1556T1556.004T1557T1557.002T1565T1565.001T1565.002T1567T1567.001T1567.002
AC-20.1
Limits on Authorized Use
enhancement of AC-20
AC-20.2
Portable Storage Devices — Restricted Use
enhancement of AC-20
AC-20.3
Non-organizationally Owned Systems — Restricted Use
enhancement of AC-20
AC-20.4
Network Accessible Storage Devices — Prohibited Use
enhancement of AC-20
AC-20.5
Portable Storage Devices — Prohibited Use
enhancement of AC-20
AC-21.1
Automated Decision Support
enhancement of AC-21
AC-21.2
Information Search and Retrieval
enhancement of AC-21
AC-22
Publicly Accessible Content
no ATT&CK mapping
AC-23
Data Mining Protection
7/15 detectable
AC-24
Access Control Decisions
no ATT&CK mapping
AC-24.1
Transmit Access Authorization Information
enhancement of AC-24
AC-24.2
No User or Process Identity
enhancement of AC-24
AC-25
Reference Monitor
no ATT&CK mapping
AC-3
Access Enforcement
no ATT&CK mapping
AC-3.1
Restricted Access to Privileged Functions
enhancement of AC-3
AC-3.10
Audited Override of Access Control Mechanisms
enhancement of AC-3
AC-3.11
Restrict Access to Specific Information Types
enhancement of AC-3
AC-3.12
Assert and Enforce Application Access
enhancement of AC-3
AC-3.13
Attribute-based Access Control
enhancement of AC-3
AC-3.14
Individual Access
enhancement of AC-3
AC-3.15
Discretionary and Mandatory Access Control
enhancement of AC-3
AC-3.2
Dual Authorization
enhancement of AC-3
AC-3.3
Mandatory Access Control
enhancement of AC-3
AC-3.4
Discretionary Access Control
enhancement of AC-3
AC-3.5
Security-relevant Information
enhancement of AC-3
AC-3.6
Protection of User and System Information
enhancement of AC-3
AC-3.7
Role-based Access Control
enhancement of AC-3
AC-3.8
Revocation of Access Authorizations
enhancement of AC-3
AC-3.9
Controlled Release
enhancement of AC-3
AC-4
Information Flow Enforcement
no ATT&CK mapping
AC-4.1
Object Security and Privacy Attributes
enhancement of AC-4
AC-4.10
Enable and Disable Security or Privacy Policy Filters
enhancement of AC-4
AC-4.11
Configuration of Security or Privacy Policy Filters
enhancement of AC-4
AC-4.12
Data Type Identifiers
enhancement of AC-4
AC-4.13
Decomposition into Policy-relevant Subcomponents
enhancement of AC-4
AC-4.14
Security or Privacy Policy Filter Constraints
enhancement of AC-4
AC-4.15
Detection of Unsanctioned Information
enhancement of AC-4
AC-4.16
Information Transfers on Interconnected Systems
enhancement of AC-4
AC-4.17
Domain Authentication
enhancement of AC-4
AC-4.18
Security Attribute Binding
enhancement of AC-4
AC-4.19
Validation of Metadata
enhancement of AC-4
AC-4.2
Processing Domains
enhancement of AC-4
AC-4.20
Approved Solutions
enhancement of AC-4
AC-4.21
Physical or Logical Separation of Information Flows
enhancement of AC-4
AC-4.22
Access Only
enhancement of AC-4
AC-4.23
Modify Non-releasable Information
enhancement of AC-4
AC-4.24
Internal Normalized Format
enhancement of AC-4
AC-4.25
Data Sanitization
enhancement of AC-4
AC-4.26
Audit Filtering Actions
enhancement of AC-4
AC-4.27
Redundant/Independent Filtering Mechanisms
enhancement of AC-4
AC-4.28
Linear Filter Pipelines
enhancement of AC-4
AC-4.29
Filter Orchestration Engines
enhancement of AC-4
AC-4.3
Dynamic Information Flow Control
enhancement of AC-4
AC-4.30
Filter Mechanisms Using Multiple Processes
enhancement of AC-4
AC-4.31
Failed Content Transfer Prevention
enhancement of AC-4
AC-4.32
Process Requirements for Information Transfer
enhancement of AC-4
AC-4.4
Flow Control of Encrypted Information
enhancement of AC-4
AC-4.5
Embedded Data Types
enhancement of AC-4
AC-4.6
Metadata
enhancement of AC-4
AC-4.7
One-way Flow Mechanisms
enhancement of AC-4
AC-4.8
Security and Privacy Policy Filters
enhancement of AC-4
AC-4.9
Human Reviews
enhancement of AC-4
AC-5
Separation of Duties
no ATT&CK mapping
AC-6
Least Privilege
no ATT&CK mapping
AC-6.1
Authorize Access to Security Functions
enhancement of AC-6
AC-6.10
Prohibit Non-privileged Users from Executing Privileged Functions
enhancement of AC-6
AC-6.2
Non-privileged Access for Nonsecurity Functions
enhancement of AC-6
AC-6.3
Network Access to Privileged Commands
enhancement of AC-6
AC-6.4
Separate Processing Domains
enhancement of AC-6
AC-6.5
Privileged Accounts
enhancement of AC-6
AC-6.6
Privileged Access by Non-organizational Users
enhancement of AC-6
AC-6.7
Review of User Privileges
enhancement of AC-6
AC-6.8
Privilege Levels for Code Execution
enhancement of AC-6
AC-6.9
Log Use of Privileged Functions
enhancement of AC-6
AC-7
Unsuccessful Logon Attempts
no ATT&CK mapping
AC-7.1
Automatic Account Lock
enhancement of AC-7
AC-7.2
Purge or Wipe Mobile Device
enhancement of AC-7
AC-7.3
Biometric Attempt Limiting
enhancement of AC-7
AC-7.4
Use of Alternate Authentication Factor
enhancement of AC-7
AC-8
System Use Notification
no ATT&CK mapping
AC-9
Previous Logon Notification
no ATT&CK mapping
AC-9.1
Unsuccessful Logons
enhancement of AC-9
AC-9.2
Successful and Unsuccessful Logons
enhancement of AC-9
AC-9.3
Notification of Account Changes
enhancement of AC-9
AC-9.4
Additional Logon Information
enhancement of AC-9
AT-1
Policy and Procedures
no ATT&CK mapping
AT-2
Literacy Training and Awareness
no ATT&CK mapping
AT-2.1
Practical Exercises
enhancement of AT-2
AT-2.2
Insider Threat
enhancement of AT-2
AT-2.3
Social Engineering and Mining
enhancement of AT-2
AT-2.4
Suspicious Communications and Anomalous System Behavior
enhancement of AT-2
AT-2.5
Advanced Persistent Threat
enhancement of AT-2
AT-2.6
Cyber Threat Environment
enhancement of AT-2
AT-3
Role-based Training
no ATT&CK mapping
AT-3.1
Environmental Controls
enhancement of AT-3
AT-3.2
Physical Security Controls
enhancement of AT-3
AT-3.3
Practical Exercises
enhancement of AT-3
AT-3.4
Suspicious Communications and Anomalous System Behavior
enhancement of AT-3
AT-3.5
Processing Personally Identifiable Information
enhancement of AT-3
AT-4
Training Records
no ATT&CK mapping
AT-5
Contacts with Security Groups and Associations
no ATT&CK mapping
AT-6
Training Feedback
no ATT&CK mapping
AU-1
Policy and Procedures
no ATT&CK mapping
AU-10
Non-repudiation
no ATT&CK mapping
AU-10.1
Association of Identities
enhancement of AU-10
AU-10.2
Validate Binding of Information Producer Identity
enhancement of AU-10
AU-10.3
Chain of Custody
enhancement of AU-10
AU-10.4
Validate Binding of Information Reviewer Identity
enhancement of AU-10
AU-10.5
Digital Signatures
enhancement of AU-10
AU-11
Audit Record Retention
no ATT&CK mapping
AU-11.1
Long-term Retrieval Capability
enhancement of AU-11
AU-12
Audit Record Generation
no ATT&CK mapping
AU-12.1
System-wide and Time-correlated Audit Trail
enhancement of AU-12
AU-12.2
Standardized Formats
enhancement of AU-12
AU-12.3
Changes by Authorized Individuals
enhancement of AU-12
AU-12.4
Query Parameter Audits of Personally Identifiable Information
enhancement of AU-12
AU-13
Monitoring for Information Disclosure
no ATT&CK mapping
AU-13.1
Use of Automated Tools
enhancement of AU-13
AU-13.2
Review of Monitored Sites
enhancement of AU-13
AU-13.3
Unauthorized Replication of Information
enhancement of AU-13
AU-14
Session Audit
no ATT&CK mapping
AU-14.1
System Start-up
enhancement of AU-14
AU-14.2
Capture and Record Content
enhancement of AU-14
AU-14.3
Remote Viewing and Listening
enhancement of AU-14
AU-15
Alternate Audit Logging Capability
no ATT&CK mapping
AU-16
Cross-organizational Audit Logging
no ATT&CK mapping
AU-16.1
Identity Preservation
enhancement of AU-16
AU-16.2
Sharing of Audit Information
enhancement of AU-16
AU-16.3
Disassociability
enhancement of AU-16
AU-2
Event Logging
no ATT&CK mapping
AU-2.1
Compilation of Audit Records from Multiple Sources
enhancement of AU-2
AU-2.2
Selection of Audit Events by Component
enhancement of AU-2
AU-2.3
Reviews and Updates
enhancement of AU-2
AU-2.4
Privileged Functions
enhancement of AU-2
AU-3
Content of Audit Records
no ATT&CK mapping
AU-3.1
Additional Audit Information
enhancement of AU-3
AU-3.2
Centralized Management of Planned Audit Record Content
enhancement of AU-3
AU-3.3
Limit Personally Identifiable Information Elements
enhancement of AU-3
AU-4
Audit Log Storage Capacity
no ATT&CK mapping
AU-4.1
Transfer to Alternate Storage
enhancement of AU-4
AU-5
Response to Audit Logging Process Failures
no ATT&CK mapping
AU-5.1
Storage Capacity Warning
enhancement of AU-5
AU-5.2
Real-time Alerts
enhancement of AU-5
AU-5.3
Configurable Traffic Volume Thresholds
enhancement of AU-5
AU-5.4
Shutdown on Failure
enhancement of AU-5
AU-5.5
Alternate Audit Logging Capability
enhancement of AU-5
AU-6
Audit Record Review, Analysis, and Reporting
no ATT&CK mapping
AU-6.1
Automated Process Integration
enhancement of AU-6
AU-6.10
Audit Level Adjustment
enhancement of AU-6
AU-6.2
Automated Security Alerts
enhancement of AU-6
AU-6.3
Correlate Audit Record Repositories
enhancement of AU-6
AU-6.4
Central Review and Analysis
enhancement of AU-6
AU-6.5
Integrated Analysis of Audit Records
enhancement of AU-6
AU-6.6
Correlation with Physical Monitoring
enhancement of AU-6
AU-6.7
Permitted Actions
enhancement of AU-6
AU-6.8
Full Text Analysis of Privileged Commands
enhancement of AU-6
AU-6.9
Correlation with Information from Nontechnical Sources
enhancement of AU-6
AU-7
Audit Record Reduction and Report Generation
no ATT&CK mapping
AU-7.1
Automatic Processing
enhancement of AU-7
AU-7.2
Automatic Sort and Search
enhancement of AU-7
AU-8
Time Stamps
no ATT&CK mapping
AU-8.1
Synchronization with Authoritative Time Source
enhancement of AU-8
AU-8.2
Secondary Authoritative Time Source
enhancement of AU-8
AU-9
Protection of Audit Information
no ATT&CK mapping
AU-9.1
Hardware Write-once Media
enhancement of AU-9
AU-9.2
Store on Separate Physical Systems or Components
enhancement of AU-9
AU-9.3
Cryptographic Protection
enhancement of AU-9
AU-9.4
Access by Subset of Privileged Users
enhancement of AU-9
AU-9.5
Dual Authorization
enhancement of AU-9
AU-9.6
Read-only Access
enhancement of AU-9
AU-9.7
Store on Component with Different Operating System
enhancement of AU-9
CA-07
Continuous Monitoring
144/210 detectable
T1001.001T1001.002T1003.007T1003.008T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1053.006T1059.010T1070.002T1070.007T1070.008T1070.009T1071.002T1071.003T1080T1104T1110.003T1110.004T1111T1132.002T1176T1204.003T1213.001T1213.002T1213.004T1213.005T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1542.004T1542.005T1546.016T1547.013T1548.006T1555.002T1556.001T1557.004T1558.002T1558.004T1558.005T1562.004T1563.001T1564.010T1565.003T1566.003T1573.001T1573.002T1574.004T1574.013T1598T1598.001T1598.002T1598.003T1599T1602T1602.001T1602.002T1647T1001T1001.003T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1008T1021.002T1021.005T1029T1030T1036T1036.003T1036.005T1036.007T1037T1037.005T1041T1046T1048T1048.001T1048.003T1055.009T1056.002T1059T1059.005T1059.007T1068T1070T1070.001T1070.003T1071T1071.001T1071.004T1072T1078T1078.001T1078.003T1078.004T1090T1090.001T1090.002T1090.003T1095T1102T1102.001T1102.002T1102.003T1105T1110T1110.001T1110.002T1132T1132.001T1185T1187T1189T1190T1195T1195.001T1195.002T1197T1201T1203T1204T1204.001T1204.002T1205T1205.001T1210T1211T1212T1213T1213.003T1218T1218.002T1218.010T1218.011T1219T1221T1222T1222.001T1222.002T1489T1498T1499T1499.001T1499.004T1528T1537T1539T1543T1543.002T1546.003T1546.004T1546.013T1547.003T1548T1548.003T1550.003T1552T1552.001T1552.002T1552.004T1552.005T1553.003T1555T1555.001T1556T1557T1557.001T1557.002T1557.003T1558T1558.003T1562T1562.001T1562.002T1562.006T1564.004T1565T1565.001T1566T1566.001T1566.002T1567T1568T1568.002T1569T1569.002T1570T1571T1572T1573T1574T1574.007T1574.008T1574.009T1574.014T1599.001T1622
CA-1
Policy and Procedures
no ATT&CK mapping
CA-2
Control Assessments
no ATT&CK mapping
CA-2.1
Independent Assessors
enhancement of CA-2
CA-2.2
Specialized Assessments
enhancement of CA-2
CA-2.3
Leveraging Results from External Organizations
enhancement of CA-2
CA-3
Information Exchange
no ATT&CK mapping
CA-3.1
Unclassified National Security System Connections
enhancement of CA-3
CA-3.2
Classified National Security System Connections
enhancement of CA-3
CA-3.3
Unclassified Non-national Security System Connections
enhancement of CA-3
CA-3.4
Connections to Public Networks
enhancement of CA-3
CA-3.5
Restrictions on External System Connections
enhancement of CA-3
CA-3.6
Transfer Authorizations
enhancement of CA-3
CA-3.7
Transitive Information Exchanges
enhancement of CA-3
CA-4
Security Certification
no ATT&CK mapping
CA-5
Plan of Action and Milestones
no ATT&CK mapping
CA-5.1
Automation Support for Accuracy and Currency
enhancement of CA-5
CA-6
Authorization
no ATT&CK mapping
CA-6.1
Joint Authorization — Intra-organization
enhancement of CA-6
CA-6.2
Joint Authorization — Inter-organization
enhancement of CA-6
CA-7
Continuous Monitoring
no ATT&CK mapping
CA-7.1
Independent Assessment
enhancement of CA-7
CA-7.2
Types of Assessments
enhancement of CA-7
CA-7.3
Trend Analyses
enhancement of CA-7
CA-7.4
Risk Monitoring
enhancement of CA-7
CA-7.5
Consistency Analysis
enhancement of CA-7
CA-7.6
Automation Support for Monitoring
enhancement of CA-7
CA-8
Penetration Testing
no ATT&CK mapping
CA-8.1
Independent Penetration Testing Agent or Team
enhancement of CA-8
CA-8.2
Red Team Exercises
enhancement of CA-8
CA-8.3
Facility Penetration Testing
enhancement of CA-8
CA-9
Internal System Connections
no ATT&CK mapping
CA-9.1
Compliance Checks
enhancement of CA-9
CM-02
Baseline Configuration
200/287 detectable
T1001.001T1001.002T1003.007T1003.008T1011.001T1020.001T1036.001T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1071.002T1071.003T1080T1092T1104T1110.003T1110.004T1111T1114.002T1127.002T1132.002T1137.001T1137.004T1137.005T1176T1195.003T1204.003T1213.001T1213.002T1213.005T1216.002T1218.004T1218.012T1218.015T1491T1491.002T1530T1542T1542.004T1542.005T1546.006T1547.007T1547.013T1548.004T1548.006T1553.006T1556.008T1557.004T1558.001T1558.002T1558.004T1561T1562.003T1562.004T1562.010T1563T1563.001T1564.007T1564.009T1573.001T1573.002T1574.004T1574.013T1578.001T1578.002T1598T1598.002T1598.003T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1612T1647T1001T1001.003T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1008T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1027T1029T1030T1036T1036.003T1036.005T1036.007T1037T1037.005T1046T1047T1048T1048.001T1048.003T1053T1053.002T1053.003T1053.005T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1068T1070T1070.001T1070.003T1071T1071.001T1071.004T1072T1090T1090.001T1090.002T1091T1095T1098.004T1102T1102.001T1102.002T1102.003T1105T1106T1110T1110.001T1110.002T1114T1119T1127T1127.001T1129T1132T1132.001T1133T1134.005T1137T1137.002T1137.003T1137.006T1185T1187T1189T1195T1201T1204T1204.001T1204.002T1205T1210T1211T1212T1213T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.007T1218.008T1218.009T1218.013T1218.014T1219T1220T1221T1482T1484T1485T1486T1490T1491.001T1495T1505T1505.001T1505.002T1505.003T1505.004T1505.005T1525T1528T1539T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546T1546.002T1546.003T1546.004T1546.010T1546.013T1546.014T1547.003T1547.008T1548T1548.002T1548.003T1550.001T1550.003T1552T1552.001T1552.002T1552.004T1552.006T1553T1553.001T1553.003T1553.005T1554T1555.004T1555.005T1556T1556.004T1557T1557.001T1557.002T1557.003T1558T1558.003T1559T1559.001T1559.002T1560T1560.001T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1563.002T1564.006T1565T1565.001T1565.002T1566T1566.001T1566.002T1569T1569.002T1570T1571T1572T1573T1574T1574.001T1574.005T1574.007T1574.008T1574.009T1574.010T1578T1578.003T1599.001T1622T1653
CM-03
Configuration Change Control
14/35 detectable
CM-05
Access Restrictions for Change
112/162 detectable
T1003.007T1003.008T1020.001T1021.008T1053.006T1053.007T1056.003T1059.008T1098.002T1098.007T1176T1195.003T1213.001T1213.002T1213.005T1218.015T1530T1542T1542.004T1542.005T1546.016T1547.007T1547.012T1547.013T1548.005T1548.006T1553.006T1556.001T1556.003T1556.008T1556.009T1558.001T1558.002T1559.003T1562.004T1562.007T1562.008T1562.009T1562.011T1562.012T1563T1563.001T1564.008T1578.001T1578.002T1599T1601T1601.001T1601.002T1647T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1047T1053T1053.002T1053.003T1053.005T1055T1055.008T1059T1059.001T1059.006T1072T1078T1078.002T1078.003T1078.004T1098T1098.001T1098.003T1098.004T1098.005T1134T1134.001T1134.002T1134.003T1136T1136.001T1136.002T1136.003T1137.002T1185T1190T1195T1195.001T1197T1210T1213T1218T1218.007T1222T1222.001T1222.002T1484T1489T1495T1505T1505.002T1525T1528T1537T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546.003T1547.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.002T1550.003T1552T1552.002T1552.007T1553T1554T1556T1556.004T1558T1558.003T1559T1559.001T1562T1562.001T1562.002T1562.006T1563.002T1569T1569.001T1569.002T1574T1574.005T1574.010T1574.011T1574.012T1574.014T1578T1578.003T1599.001T1611T1619T1621
CM-06
Configuration Settings
244/344 detectable
T1001.001T1001.002T1003.007T1003.008T1011T1011.001T1020.001T1021.008T1036.001T1036.010T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1053.006T1056.003T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1071.002T1071.003T1092T1098.002T1098.007T1104T1110.003T1110.004T1111T1114.002T1127.002T1132.002T1137.001T1137.004T1137.005T1176T1204.003T1213.001T1213.002T1213.004T1213.005T1216.002T1218.004T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1542T1542.004T1542.005T1546.006T1546.016T1547.007T1547.013T1548.004T1548.006T1556.001T1556.003T1556.008T1556.009T1557.004T1558.001T1558.002T1558.004T1559.003T1562.003T1562.004T1562.009T1562.010T1562.011T1562.012T1563T1563.001T1564.007T1564.009T1565.003T1573.001T1573.002T1574.004T1598T1598.002T1598.003T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1612T1647T1648T1001T1001.003T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1008T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1027T1027.010T1029T1030T1036T1036.003T1036.005T1036.007T1037T1037.005T1046T1047T1048T1048.001T1048.003T1053T1053.002T1053.005T1055T1055.008T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1068T1070T1070.001T1070.003T1071T1071.001T1071.004T1072T1078T1078.002T1078.003T1078.004T1087T1087.001T1087.002T1090T1090.001T1090.002T1090.003T1091T1095T1098T1098.001T1098.003T1098.004T1098.005T1102T1102.001T1102.002T1102.003T1105T1106T1110T1110.001T1110.002T1114T1114.003T1119T1127T1127.001T1132T1132.001T1133T1134T1134.001T1134.002T1134.003T1134.005T1135T1136T1136.001T1136.002T1136.003T1137T1137.002T1137.003T1137.006T1187T1189T1190T1195T1195.001T1197T1199T1201T1204T1204.001T1204.002T1205T1205.001T1210T1211T1212T1213T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.007T1218.008T1218.009T1218.013T1218.014T1219T1220T1221T1222T1222.001T1222.002T1482T1484T1489T1490T1495T1498T1499T1499.001T1499.004T1505T1505.001T1505.002T1505.003T1505.004T1505.005T1525T1528T1537T1539T1542.001T1542.003T1543T1543.002T1546T1546.002T1546.003T1546.004T1546.008T1546.013T1546.014T1547.002T1547.003T1547.005T1547.006T1547.008T1547.009T1548T1548.001T1548.002T1548.003T1550T1550.001T1550.002T1550.003T1552T1552.001T1552.002T1552.003T1552.004T1552.005T1552.006T1552.007T1553T1553.001T1553.003T1553.004T1553.005T1554T1555.004T1555.005T1556T1556.002T1556.004T1557T1557.001T1557.002T1557.003T1558T1558.003T1559T1559.001T1559.002T1562T1562.001T1562.002T1562.006T1563.002T1564.002T1564.006T1565T1565.001T1565.002T1566T1566.001T1566.002T1569T1569.002T1570T1571T1572T1573T1574T1574.001T1574.005T1574.006T1574.007T1574.008T1574.009T1574.010T1574.014T1590.002T1599.001T1609T1610T1611T1613T1622
CM-07
Least Functionality
162/225 detectable
T1011T1011.001T1020.001T1021.008T1036.008T1048.002T1052T1052.001T1059.010T1071.002T1071.003T1080T1092T1098.007T1104T1127.002T1176T1204.003T1213.001T1213.002T1213.004T1213.005T1216.002T1218.004T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1542.004T1542.005T1546.006T1547.007T1548.004T1548.006T1553.006T1555.006T1556.008T1556.009T1559.003T1562.003T1562.004T1562.009T1562.010T1563T1563.001T1564.008T1564.009T1565.003T1573.001T1573.002T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1612T1647T1648T1003T1003.001T1003.002T1003.005T1008T1021T1021.001T1021.002T1021.003T1021.005T1021.006T1027T1036T1036.005T1036.007T1037T1037.001T1040T1046T1047T1048T1048.001T1048.003T1053T1053.002T1053.005T1059T1059.005T1059.007T1059.009T1068T1071T1071.001T1071.004T1072T1078T1078.004T1087T1087.001T1087.002T1090T1090.001T1090.002T1090.003T1095T1098T1098.001T1098.004T1102T1102.001T1102.002T1102.003T1105T1106T1112T1127T1129T1133T1135T1136T1136.002T1136.003T1187T1190T1195T1195.001T1195.002T1197T1199T1204T1204.001T1204.002T1205T1205.001T1210T1213T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.007T1218.008T1218.009T1218.013T1218.014T1219T1220T1221T1482T1484T1489T1490T1498T1499T1499.001T1499.004T1505.004T1525T1537T1543T1546.002T1546.008T1546.009T1546.010T1547.004T1547.006T1547.009T1548T1548.001T1548.003T1552T1552.003T1552.005T1552.007T1553T1553.001T1553.003T1553.004T1553.005T1555.004T1556T1556.002T1557T1557.001T1557.002T1557.003T1559T1559.002T1562T1562.001T1562.002T1562.006T1563.002T1564.002T1564.003T1564.006T1565T1569T1569.002T1570T1571T1572T1573T1574T1574.001T1574.006T1574.007T1574.008T1574.009T1574.012T1574.014T1590.002T1599.001T1609T1610T1611T1613T1622T1653
CM-08
System Component Inventory
66/101 detectable
T1011.001T1020.001T1052T1052.001T1059.010T1092T1127.002T1137.001T1195.003T1213.001T1213.002T1213.005T1218.004T1218.012T1218.015T1530T1542T1542.004T1542.005T1546.006T1547.007T1548.004T1548.006T1553.006T1556.009T1563T1563.001T1564.007T1574.004T1601T1601.001T1601.002T1602T1602.001T1602.002T1021.001T1021.003T1021.004T1021.005T1021.006T1046T1053T1053.002T1053.005T1059T1059.001T1059.005T1059.007T1068T1072T1091T1098.004T1119T1127T1127.001T1133T1137T1189T1190T1195T1203T1210T1211T1212T1213T1218T1218.003T1218.005T1218.008T1218.009T1218.013T1218.014T1221T1495T1505T1505.001T1505.002T1505.004T1542.001T1542.003T1546.002T1546.014T1548T1553T1557T1557.001T1557.002T1557.003T1559T1559.002T1563.002T1564.006T1565T1565.001T1565.002T1574T1574.007T1574.008T1574.009T1593.003T1622
CM-1
Policy and Procedures
no ATT&CK mapping
CM-10
Software Usage Restrictions
8/9 detectable
CM-10.1
Open-source Software
enhancement of CM-10
CM-11
User-installed Software
28/33 detectable
CM-11.1
Alerts for Unauthorized Installations
enhancement of CM-11
CM-11.2
Software Installation with Privileged Status
enhancement of CM-11
CM-11.3
Automated Enforcement and Monitoring
enhancement of CM-11
CM-12.1
Automated Tools to Support Information Location
enhancement of CM-12
CM-13
Data Action Mapping
no ATT&CK mapping
CM-14
Signed Components
no ATT&CK mapping
CM-2
Baseline Configuration
no ATT&CK mapping
CM-2.1
Reviews and Updates
enhancement of CM-2
CM-2.2
Automation Support for Accuracy and Currency
enhancement of CM-2
CM-2.3
Retention of Previous Configurations
enhancement of CM-2
CM-2.4
Unauthorized Software
enhancement of CM-2
CM-2.5
Authorized Software
enhancement of CM-2
CM-2.6
Development and Test Environments
enhancement of CM-2
CM-2.7
Configure Systems and Components for High-risk Areas
enhancement of CM-2
CM-3
Configuration Change Control
no ATT&CK mapping
CM-3.1
Automated Documentation, Notification, and Prohibition of Changes
enhancement of CM-3
CM-3.2
Testing, Validation, and Documentation of Changes
enhancement of CM-3
CM-3.3
Automated Change Implementation
enhancement of CM-3
CM-3.4
Security and Privacy Representatives
enhancement of CM-3
CM-3.5
Automated Security Response
enhancement of CM-3
CM-3.6
Cryptography Management
enhancement of CM-3
CM-3.7
Review System Changes
enhancement of CM-3
CM-3.8
Prevent or Restrict Configuration Changes
enhancement of CM-3
CM-4
Impact Analyses
no ATT&CK mapping
CM-4.1
Separate Test Environments
enhancement of CM-4
CM-4.2
Verification of Controls
enhancement of CM-4
CM-5
Access Restrictions for Change
no ATT&CK mapping
CM-5.1
Automated Access Enforcement and Audit Records
enhancement of CM-5
CM-5.2
Review System Changes
enhancement of CM-5
CM-5.3
Signed Components
enhancement of CM-5
CM-5.4
Dual Authorization
enhancement of CM-5
CM-5.5
Privilege Limitation for Production and Operation
enhancement of CM-5
CM-5.6
Limit Library Privileges
enhancement of CM-5
CM-5.7
Automatic Implementation of Security Safeguards
enhancement of CM-5
CM-6
Configuration Settings
no ATT&CK mapping
CM-6.1
Automated Management, Application, and Verification
enhancement of CM-6
CM-6.2
Respond to Unauthorized Changes
enhancement of CM-6
CM-6.3
Unauthorized Change Detection
enhancement of CM-6
CM-6.4
Conformance Demonstration
enhancement of CM-6
CM-7
Least Functionality
no ATT&CK mapping
CM-7.1
Periodic Review
enhancement of CM-7
CM-7.2
Prevent Program Execution
enhancement of CM-7
CM-7.3
Registration Compliance
enhancement of CM-7
CM-7.4
Unauthorized Software — Deny-by-exception
enhancement of CM-7
CM-7.5
Authorized Software — Allow-by-exception
enhancement of CM-7
CM-7.6
Confined Environments with Limited Privileges
enhancement of CM-7
CM-7.7
Code Execution in Protected Environments
enhancement of CM-7
CM-7.8
Binary or Machine Executable Code
enhancement of CM-7
CM-7.9
Prohibiting The Use of Unauthorized Hardware
enhancement of CM-7
CM-8
System Component Inventory
no ATT&CK mapping
CM-8.1
Updates During Installation and Removal
enhancement of CM-8
CM-8.2
Automated Maintenance
enhancement of CM-8
CM-8.3
Automated Unauthorized Component Detection
enhancement of CM-8
CM-8.4
Accountability Information
enhancement of CM-8
CM-8.5
No Duplicate Accounting of Components
enhancement of CM-8
CM-8.6
Assessed Configurations and Approved Deviations
enhancement of CM-8
CM-8.7
Centralized Repository
enhancement of CM-8
CM-8.8
Automated Location Tracking
enhancement of CM-8
CM-8.9
Assignment of Components to Systems
enhancement of CM-8
CM-9
Configuration Management Plan
no ATT&CK mapping
CM-9.1
Assignment of Responsibility
enhancement of CM-9
CP-06
Alternate Storage Site
6/8 detectable
CP-07
Alternate Processing Site
11/16 detectable
CP-09
System Backup
14/22 detectable
CP-1
Policy and Procedures
no ATT&CK mapping
CP-10
System Recovery and Reconstitution
8/12 detectable
CP-10.1
Contingency Plan Testing
enhancement of CP-10
CP-10.2
Transaction Recovery
enhancement of CP-10
CP-10.3
Compensating Security Controls
enhancement of CP-10
CP-10.4
Restore Within Time Period
enhancement of CP-10
CP-10.5
Failover Capability
enhancement of CP-10
CP-10.6
Component Protection
enhancement of CP-10
CP-11
Alternate Communications Protocols
no ATT&CK mapping
CP-12
Safe Mode
no ATT&CK mapping
CP-13
Alternative Security Mechanisms
no ATT&CK mapping
CP-2
Contingency Plan
no ATT&CK mapping
CP-2.1
Coordinate with Related Plans
enhancement of CP-2
CP-2.2
Capacity Planning
enhancement of CP-2
CP-2.3
Resume Mission and Business Functions
enhancement of CP-2
CP-2.4
Resume All Mission and Business Functions
enhancement of CP-2
CP-2.5
Continue Mission and Business Functions
enhancement of CP-2
CP-2.6
Alternate Processing and Storage Sites
enhancement of CP-2
CP-2.7
Coordinate with External Service Providers
enhancement of CP-2
CP-2.8
Identify Critical Assets
enhancement of CP-2
CP-3
Contingency Training
no ATT&CK mapping
CP-3.1
Simulated Events
enhancement of CP-3
CP-3.2
Mechanisms Used in Training Environments
enhancement of CP-3
CP-4
Contingency Plan Testing
no ATT&CK mapping
CP-4.1
Coordinate with Related Plans
enhancement of CP-4
CP-4.2
Alternate Processing Site
enhancement of CP-4
CP-4.3
Automated Testing
enhancement of CP-4
CP-4.4
Full Recovery and Reconstitution
enhancement of CP-4
CP-4.5
Self-challenge
enhancement of CP-4
CP-5
Contingency Plan Update
no ATT&CK mapping
CP-6
Alternate Storage Site
no ATT&CK mapping
CP-6.1
Separation from Primary Site
enhancement of CP-6
CP-6.2
Recovery Time and Recovery Point Objectives
enhancement of CP-6
CP-6.3
Accessibility
enhancement of CP-6
CP-7
Alternate Processing Site
no ATT&CK mapping
CP-7.1
Separation from Primary Site
enhancement of CP-7
CP-7.2
Accessibility
enhancement of CP-7
CP-7.3
Priority of Service
enhancement of CP-7
CP-7.4
Preparation for Use
enhancement of CP-7
CP-7.5
Equivalent Information Security Safeguards
enhancement of CP-7
CP-7.6
Inability to Return to Primary Site
enhancement of CP-7
CP-8
Telecommunications Services
no ATT&CK mapping
CP-8.1
Priority of Service Provisions
enhancement of CP-8
CP-8.2
Single Points of Failure
enhancement of CP-8
CP-8.3
Separation of Primary and Alternate Providers
enhancement of CP-8
CP-8.4
Provider Contingency Plan
enhancement of CP-8
CP-8.5
Alternate Telecommunication Service Testing
enhancement of CP-8
CP-9
System Backup
no ATT&CK mapping
CP-9.1
Testing for Reliability and Integrity
enhancement of CP-9
CP-9.2
Test Restoration Using Sampling
enhancement of CP-9
CP-9.3
Separate Storage for Critical Information
enhancement of CP-9
CP-9.4
Protection from Unauthorized Modification
enhancement of CP-9
CP-9.5
Transfer to Alternate Storage Site
enhancement of CP-9
CP-9.6
Redundant Secondary System
enhancement of CP-9
CP-9.7
Dual Authorization for Deletion or Destruction
enhancement of CP-9
CP-9.8
Cryptographic Protection
enhancement of CP-9
IA-02
Identification and Authentication (Organizational Users)
126/173 detectable
T1003.007T1003.008T1021.008T1036.010T1053.006T1053.007T1056.003T1059.008T1098.002T1098.007T1110.003T1110.004T1111T1114.002T1213.001T1213.002T1213.004T1213.005T1530T1538T1542T1542.005T1543.005T1547.012T1547.013T1556.001T1556.003T1556.007T1556.009T1558.001T1558.002T1558.004T1558.005T1562.004T1562.007T1562.008T1562.009T1563T1563.001T1578.001T1578.002T1599T1601T1601.001T1601.002T1648T1651T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1021.007T1036.007T1040T1047T1053T1053.002T1053.003T1053.005T1055T1055.008T1059T1059.001T1059.009T1072T1078T1078.002T1078.003T1078.004T1087.004T1098T1098.001T1098.003T1098.004T1110T1110.001T1110.002T1114T1133T1134T1134.001T1134.002T1134.003T1136T1136.001T1136.002T1136.003T1185T1190T1197T1210T1212T1213T1213.003T1218T1218.007T1222T1222.001T1222.002T1484T1489T1495T1505T1505.002T1505.004T1525T1528T1537T1539T1542.001T1542.003T1543T1543.001T1543.002T1543.003T1543.004T1546.003T1547.004T1547.006T1547.009T1548T1548.002T1548.003T1550T1550.001T1550.002T1550.003T1552T1552.001T1552.002T1552.004T1552.006T1552.007T1555.005T1556T1556.004T1556.006T1558T1558.003T1559T1559.001T1562T1562.001T1562.002T1562.006T1563.002T1569T1569.001T1569.002T1574T1574.005T1574.010T1574.012T1578T1578.003T1580T1599.001T1610T1611T1613T1619T1621T1649
IA-03
Device Identification and Authentication
4/8 detectable
IA-04
Identifier Management
22/36 detectable
IA-05
Authenticator Management
48/72 detectable
T1003.007T1003.008T1021.008T1098.002T1098.006T1110.003T1110.004T1111T1114.002T1530T1555.002T1556.001T1556.003T1556.005T1556.009T1558.001T1558.002T1558.004T1558.005T1563.001T1599T1601T1601.001T1601.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1021T1021.001T1021.004T1021.007T1040T1072T1078T1078.002T1078.004T1098.001T1098.003T1098.004T1110T1110.001T1110.002T1114T1133T1136T1136.001T1136.002T1136.003T1212T1528T1539T1550.003T1552T1552.001T1552.002T1552.004T1552.006T1555T1555.001T1555.004T1555.005T1556T1556.004T1558T1558.003T1599.001T1621T1649
IA-06
Authentication Feedback
4/8 detectable
IA-07
Cryptographic Module Authentication
4/12 detectable
IA-08
Identification and Authentication (Non-Organizational Users)
12/22 detectable
IA-09
Service Identification and Authentication
16/22 detectable
IA-1
Policy and Procedures
no ATT&CK mapping
IA-10
Adaptive Authentication
no ATT&CK mapping
IA-12.1
Supervisor Authorization
enhancement of IA-12
IA-12.2
Identity Evidence
enhancement of IA-12
IA-12.3
Identity Evidence Validation and Verification
enhancement of IA-12
IA-12.4
In-person Validation and Verification
enhancement of IA-12
IA-12.5
Address Confirmation
enhancement of IA-12
IA-12.6
Accept Externally-proofed Identities
enhancement of IA-12
IA-13
Identity Providers and Authorization Servers
14/17 detectable
IA-13.1
Protection of Cryptographic Keys
enhancement of IA-13
IA-13.2
Verification of Identity Assertions and Access Tokens
enhancement of IA-13
IA-13.3
Token Management
enhancement of IA-13
IA-2
Identification and Authentication (Organizational Users)
no ATT&CK mapping
IA-2.1
Multi-factor Authentication to Privileged Accounts
enhancement of IA-2
IA-2.10
Single Sign-on
enhancement of IA-2
IA-2.11
Remote Access — Separate Device
enhancement of IA-2
IA-2.12
Acceptance of PIV Credentials
enhancement of IA-2
IA-2.13
Out-of-band Authentication
enhancement of IA-2
IA-2.2
Multi-factor Authentication to Non-privileged Accounts
enhancement of IA-2
IA-2.3
Local Access to Privileged Accounts
enhancement of IA-2
IA-2.4
Local Access to Non-privileged Accounts
enhancement of IA-2
IA-2.5
Individual Authentication with Group Authentication
enhancement of IA-2
IA-2.6
Access to Accounts —separate Device
enhancement of IA-2
IA-2.7
Network Access to Non-privileged Accounts — Separate Device
enhancement of IA-2
IA-2.8
Access to Accounts — Replay Resistant
enhancement of IA-2
IA-2.9
Network Access to Non-privileged Accounts — Replay Resistant
enhancement of IA-2
IA-3
Device Identification and Authentication
no ATT&CK mapping
IA-3.1
Cryptographic Bidirectional Authentication
enhancement of IA-3
IA-3.2
Cryptographic Bidirectional Network Authentication
enhancement of IA-3
IA-3.3
Dynamic Address Allocation
enhancement of IA-3
IA-3.4
Device Attestation
enhancement of IA-3
IA-4
Identifier Management
no ATT&CK mapping
IA-4.1
Prohibit Account Identifiers as Public Identifiers
enhancement of IA-4
IA-4.2
Supervisor Authorization
enhancement of IA-4
IA-4.3
Multiple Forms of Certification
enhancement of IA-4
IA-4.4
Identify User Status
enhancement of IA-4
IA-4.5
Dynamic Management
enhancement of IA-4
IA-4.6
Cross-organization Management
enhancement of IA-4
IA-4.7
In-person Registration
enhancement of IA-4
IA-4.8
Pairwise Pseudonymous Identifiers
enhancement of IA-4
IA-4.9
Attribute Maintenance and Protection
enhancement of IA-4
IA-5
Authenticator Management
no ATT&CK mapping
IA-5.1
Password-based Authentication
enhancement of IA-5
IA-5.10
Dynamic Credential Binding
enhancement of IA-5
IA-5.11
Hardware Token-based Authentication
enhancement of IA-5
IA-5.12
Biometric Authentication Performance
enhancement of IA-5
IA-5.13
Expiration of Cached Authenticators
enhancement of IA-5
IA-5.14
Managing Content of PKI Trust Stores
enhancement of IA-5
IA-5.15
GSA-approved Products and Services
enhancement of IA-5
IA-5.16
In-person or Trusted External Party Authenticator Issuance
enhancement of IA-5
IA-5.17
Presentation Attack Detection for Biometric Authenticators
enhancement of IA-5
IA-5.18
Password Managers
enhancement of IA-5
IA-5.2
Public Key-based Authentication
enhancement of IA-5
IA-5.3
In-person or Trusted External Party Registration
enhancement of IA-5
IA-5.4
Automated Support for Password Strength Determination
enhancement of IA-5
IA-5.5
Change Authenticators Prior to Delivery
enhancement of IA-5
IA-5.6
Protection of Authenticators
enhancement of IA-5
IA-5.7
No Embedded Unencrypted Static Authenticators
enhancement of IA-5
IA-5.8
Multiple System Accounts
enhancement of IA-5
IA-5.9
Federated Credential Management
enhancement of IA-5
IA-6
Authentication Feedback
no ATT&CK mapping
IA-7
Cryptographic Module Authentication
no ATT&CK mapping
IA-8
Identification and Authentication (Non-organizational Users)
no ATT&CK mapping
IA-8.1
Acceptance of PIV Credentials from Other Agencies
enhancement of IA-8
IA-8.2
Acceptance of External Authenticators
enhancement of IA-8
IA-8.3
Use of FICAM-approved Products
enhancement of IA-8
IA-8.4
Use of Defined Profiles
enhancement of IA-8
IA-8.5
Acceptance of PIV-I Credentials
enhancement of IA-8
IA-8.6
Disassociability
enhancement of IA-8
IA-9
Service Identification and Authentication
no ATT&CK mapping
IA-9.1
Information Exchange
enhancement of IA-9
IA-9.2
Transmission of Decisions
enhancement of IA-9
IR-1
Policy and Procedures
no ATT&CK mapping
IR-10
Integrated Information Security Analysis Team
no ATT&CK mapping
IR-2
Incident Response Training
no ATT&CK mapping
IR-2.1
Simulated Events
enhancement of IR-2
IR-2.2
Automated Training Environments
enhancement of IR-2
IR-2.3
Breach
enhancement of IR-2
IR-3
Incident Response Testing
no ATT&CK mapping
IR-3.1
Automated Testing
enhancement of IR-3
IR-3.2
Coordination with Related Plans
enhancement of IR-3
IR-3.3
Continuous Improvement
enhancement of IR-3
IR-4
Incident Handling
no ATT&CK mapping
IR-4.1
Automated Incident Handling Processes
enhancement of IR-4
IR-4.10
Supply Chain Coordination
enhancement of IR-4
IR-4.11
Integrated Incident Response Team
enhancement of IR-4
IR-4.12
Malicious Code and Forensic Analysis
enhancement of IR-4
IR-4.13
Behavior Analysis
enhancement of IR-4
IR-4.14
Security Operations Center
enhancement of IR-4
IR-4.15
Public Relations and Reputation Repair
enhancement of IR-4
IR-4.2
Dynamic Reconfiguration
enhancement of IR-4
IR-4.3
Continuity of Operations
enhancement of IR-4
IR-4.4
Information Correlation
enhancement of IR-4
IR-4.5
Automatic Disabling of System
enhancement of IR-4
IR-4.6
Insider Threats
enhancement of IR-4
IR-4.7
Insider Threats — Intra-organization Coordination
enhancement of IR-4
IR-4.8
Correlation with External Organizations
enhancement of IR-4
IR-4.9
Dynamic Response Capability
enhancement of IR-4
IR-5
Incident Monitoring
no ATT&CK mapping
IR-5.1
Automated Tracking, Data Collection, and Analysis
enhancement of IR-5
IR-6
Incident Reporting
no ATT&CK mapping
IR-6.1
Automated Reporting
enhancement of IR-6
IR-6.2
Vulnerabilities Related to Incidents
enhancement of IR-6
IR-6.3
Supply Chain Coordination
enhancement of IR-6
IR-7
Incident Response Assistance
no ATT&CK mapping
IR-7.1
Automation Support for Availability of Information and Support
enhancement of IR-7
IR-7.2
Coordination with External Providers
enhancement of IR-7
IR-8
Incident Response Plan
no ATT&CK mapping
IR-8.1
Breaches
enhancement of IR-8
IR-9
Information Spillage Response
no ATT&CK mapping
IR-9.1
Responsible Personnel
enhancement of IR-9
IR-9.2
Training
enhancement of IR-9
IR-9.3
Post-spill Operations
enhancement of IR-9
IR-9.4
Exposure to Unauthorized Personnel
enhancement of IR-9
MA-1
Policy and Procedures
no ATT&CK mapping
MA-2
Controlled Maintenance
no ATT&CK mapping
MA-2.1
Record Content
enhancement of MA-2
MA-2.2
Automated Maintenance Activities
enhancement of MA-2
MA-3
Maintenance Tools
no ATT&CK mapping
MA-3.1
Inspect Tools
enhancement of MA-3
MA-3.2
Inspect Media
enhancement of MA-3
MA-3.3
Prevent Unauthorized Removal
enhancement of MA-3
MA-3.4
Restricted Tool Use
enhancement of MA-3
MA-3.5
Execution with Privilege
enhancement of MA-3
MA-3.6
Software Updates and Patches
enhancement of MA-3
MA-4
Nonlocal Maintenance
no ATT&CK mapping
MA-4.1
Logging and Review
enhancement of MA-4
MA-4.2
Document Nonlocal Maintenance
enhancement of MA-4
MA-4.3
Comparable Security and Sanitization
enhancement of MA-4
MA-4.4
Authentication and Separation of Maintenance Sessions
enhancement of MA-4
MA-4.5
Approvals and Notifications
enhancement of MA-4
MA-4.6
Cryptographic Protection
enhancement of MA-4
MA-4.7
Disconnect Verification
enhancement of MA-4
MA-5
Maintenance Personnel
no ATT&CK mapping
MA-5.1
Individuals Without Appropriate Access
enhancement of MA-5
MA-5.2
Security Clearances for Classified Systems
enhancement of MA-5
MA-5.3
Citizenship Requirements for Classified Systems
enhancement of MA-5
MA-5.4
Foreign Nationals
enhancement of MA-5
MA-5.5
Non-system Maintenance
enhancement of MA-5
MA-6
Timely Maintenance
no ATT&CK mapping
MA-6.1
Preventive Maintenance
enhancement of MA-6
MA-6.2
Predictive Maintenance
enhancement of MA-6
MA-6.3
Automated Support for Predictive Maintenance
enhancement of MA-6
MA-7
Field Maintenance
no ATT&CK mapping
MP-1
Policy and Procedures
no ATT&CK mapping
MP-2
Media Access
no ATT&CK mapping
MP-2.1
Automated Restricted Access
enhancement of MP-2
MP-2.2
Cryptographic Protection
enhancement of MP-2
MP-3
Media Marking
no ATT&CK mapping
MP-4
Media Storage
no ATT&CK mapping
MP-4.1
Cryptographic Protection
enhancement of MP-4
MP-4.2
Automated Restricted Access
enhancement of MP-4
MP-5
Media Transport
no ATT&CK mapping
MP-5.1
Protection Outside of Controlled Areas
enhancement of MP-5
MP-5.2
Documentation of Activities
enhancement of MP-5
MP-5.3
Custodians
enhancement of MP-5
MP-5.4
Cryptographic Protection
enhancement of MP-5
MP-6
Media Sanitization
no ATT&CK mapping
MP-6.1
Review, Approve, Track, Document, and Verify
enhancement of MP-6
MP-6.2
Equipment Testing
enhancement of MP-6
MP-6.3
Nondestructive Techniques
enhancement of MP-6
MP-6.4
Controlled Unclassified Information
enhancement of MP-6
MP-6.5
Classified Information
enhancement of MP-6
MP-6.6
Media Destruction
enhancement of MP-6
MP-6.7
Dual Authorization
enhancement of MP-6
MP-6.8
Remote Purging or Wiping of Information
enhancement of MP-6
MP-7
Media Use
no ATT&CK mapping
MP-7.1
Prohibit Use Without Owner
enhancement of MP-7
MP-7.2
Prohibit Use of Sanitization-resistant Media
enhancement of MP-7
MP-8
Media Downgrading
no ATT&CK mapping
MP-8.1
Documentation of Process
enhancement of MP-8
MP-8.2
Equipment Testing
enhancement of MP-8
MP-8.3
Controlled Unclassified Information
enhancement of MP-8
MP-8.4
Classified Information
enhancement of MP-8
PE-1
Policy and Procedures
no ATT&CK mapping
PE-10
Emergency Shutoff
no ATT&CK mapping
PE-10.1
Accidental and Unauthorized Activation
enhancement of PE-10
PE-11
Emergency Power
no ATT&CK mapping
PE-11.1
Alternate Power Supply — Minimal Operational Capability
enhancement of PE-11
PE-11.2
Alternate Power Supply — Self-contained
enhancement of PE-11
PE-12
Emergency Lighting
no ATT&CK mapping
PE-12.1
Essential Mission and Business Functions
enhancement of PE-12
PE-13
Fire Protection
no ATT&CK mapping
PE-13.1
Detection Systems — Automatic Activation and Notification
enhancement of PE-13
PE-13.2
Suppression Systems — Automatic Activation and Notification
enhancement of PE-13
PE-13.3
Automatic Fire Suppression
enhancement of PE-13
PE-13.4
Inspections
enhancement of PE-13
PE-14
Environmental Controls
no ATT&CK mapping
PE-14.1
Automatic Controls
enhancement of PE-14
PE-14.2
Monitoring with Alarms and Notifications
enhancement of PE-14
PE-15
Water Damage Protection
no ATT&CK mapping
PE-15.1
Automation Support
enhancement of PE-15
PE-16
Delivery and Removal
no ATT&CK mapping
PE-17
Alternate Work Site
no ATT&CK mapping
PE-18
Location of System Components
no ATT&CK mapping
PE-18.1
Facility Site
enhancement of PE-18
PE-19
Information Leakage
no ATT&CK mapping
PE-19.1
National Emissions Policies and Procedures
enhancement of PE-19
PE-2
Physical Access Authorizations
no ATT&CK mapping
PE-2.1
Access by Position or Role
enhancement of PE-2
PE-2.2
Two Forms of Identification
enhancement of PE-2
PE-2.3
Restrict Unescorted Access
enhancement of PE-2
PE-20
Asset Monitoring and Tracking
no ATT&CK mapping
PE-21
Electromagnetic Pulse Protection
no ATT&CK mapping
PE-22
Component Marking
no ATT&CK mapping
PE-23
Facility Location
no ATT&CK mapping
PE-3
Physical Access Control
no ATT&CK mapping
PE-3.1
System Access
enhancement of PE-3
PE-3.2
Facility and Systems
enhancement of PE-3
PE-3.3
Continuous Guards
enhancement of PE-3
PE-3.4
Lockable Casings
enhancement of PE-3
PE-3.5
Tamper Protection
enhancement of PE-3
PE-3.6
Facility Penetration Testing
enhancement of PE-3
PE-3.7
Physical Barriers
enhancement of PE-3
PE-3.8
Access Control Vestibules
enhancement of PE-3
PE-4
Access Control for Transmission
no ATT&CK mapping
PE-5
Access Control for Output Devices
no ATT&CK mapping
PE-5.1
Access to Output by Authorized Individuals
enhancement of PE-5
PE-5.2
Link to Individual Identity
enhancement of PE-5
PE-5.3
Marking Output Devices
enhancement of PE-5
PE-6
Monitoring Physical Access
no ATT&CK mapping
PE-6.1
Intrusion Alarms and Surveillance Equipment
enhancement of PE-6
PE-6.2
Automated Intrusion Recognition and Responses
enhancement of PE-6
PE-6.3
Video Surveillance
enhancement of PE-6
PE-6.4
Monitoring Physical Access to Systems
enhancement of PE-6
PE-7
Visitor Control
no ATT&CK mapping
PE-8
Visitor Access Records
no ATT&CK mapping
PE-8.1
Automated Records Maintenance and Review
enhancement of PE-8
PE-8.2
Physical Access Records
enhancement of PE-8
PE-8.3
Limit Personally Identifiable Information Elements
enhancement of PE-8
PE-9
Power Equipment and Cabling
no ATT&CK mapping
PE-9.1
Redundant Cabling
enhancement of PE-9
PE-9.2
Automatic Voltage Controls
enhancement of PE-9
PL-1
Policy and Procedures
no ATT&CK mapping
PL-10
Baseline Selection
no ATT&CK mapping
PL-11
Baseline Tailoring
no ATT&CK mapping
PL-2
System Security and Privacy Plans
no ATT&CK mapping
PL-2.1
Concept of Operations
enhancement of PL-2
PL-2.2
Functional Architecture
enhancement of PL-2
PL-2.3
Plan and Coordinate with Other Organizational Entities
enhancement of PL-2
PL-3
System Security Plan Update
no ATT&CK mapping
PL-4
Rules of Behavior
no ATT&CK mapping
PL-4.1
Social Media and External Site/Application Usage Restrictions
enhancement of PL-4
PL-5
Privacy Impact Assessment
no ATT&CK mapping
PL-6
Security-related Activity Planning
no ATT&CK mapping
PL-7
Concept of Operations
no ATT&CK mapping
PL-8
Security and Privacy Architectures
no ATT&CK mapping
PL-8.1
Defense in Depth
enhancement of PL-8
PL-8.2
Supplier Diversity
enhancement of PL-8
PL-9
Central Management
no ATT&CK mapping
PM-1
Information Security Program Plan
no ATT&CK mapping
PM-10
Authorization Process
no ATT&CK mapping
PM-11
Mission and Business Process Definition
no ATT&CK mapping
PM-12
Insider Threat Program
no ATT&CK mapping
PM-13
Security and Privacy Workforce
no ATT&CK mapping
PM-14
Testing, Training, and Monitoring
no ATT&CK mapping
PM-15
Security and Privacy Groups and Associations
no ATT&CK mapping
PM-16
Threat Awareness Program
no ATT&CK mapping
PM-16.1
Automated Means for Sharing Threat Intelligence
enhancement of PM-16
PM-17
Protecting Controlled Unclassified Information on External Systems
no ATT&CK mapping
PM-18
Privacy Program Plan
no ATT&CK mapping
PM-19
Privacy Program Leadership Role
no ATT&CK mapping
PM-2
Information Security Program Leadership Role
no ATT&CK mapping
PM-20
Dissemination of Privacy Program Information
no ATT&CK mapping
PM-20.1
Privacy Policies on Websites, Applications, and Digital Services
enhancement of PM-20
PM-21
Accounting of Disclosures
no ATT&CK mapping
PM-22
Personally Identifiable Information Quality Management
no ATT&CK mapping
PM-23
Data Governance Body
no ATT&CK mapping
PM-24
Data Integrity Board
no ATT&CK mapping
PM-25
Minimization of Personally Identifiable Information Used in Testing, Training, and Research
no ATT&CK mapping
PM-26
Complaint Management
no ATT&CK mapping
PM-27
Privacy Reporting
no ATT&CK mapping
PM-28
Risk Framing
no ATT&CK mapping
PM-29
Risk Management Program Leadership Roles
no ATT&CK mapping
PM-3
Information Security and Privacy Resources
no ATT&CK mapping
PM-30
Supply Chain Risk Management Strategy
no ATT&CK mapping
PM-30.1
Suppliers of Critical or Mission-essential Items
enhancement of PM-30
PM-31
Continuous Monitoring Strategy
no ATT&CK mapping
PM-32
Purposing
no ATT&CK mapping
PM-4
Plan of Action and Milestones Process
no ATT&CK mapping
PM-5
System Inventory
no ATT&CK mapping
PM-5.1
Inventory of Personally Identifiable Information
enhancement of PM-5
PM-6
Measures of Performance
no ATT&CK mapping
PM-7
Enterprise Architecture
no ATT&CK mapping
PM-7.1
Offloading
enhancement of PM-7
PM-8
Critical Infrastructure Plan
no ATT&CK mapping
PM-9
Risk Management Strategy
no ATT&CK mapping
PS-1
Policy and Procedures
no ATT&CK mapping
PS-2
Position Risk Designation
no ATT&CK mapping
PS-3
Personnel Screening
no ATT&CK mapping
PS-3.1
Classified Information
enhancement of PS-3
PS-3.2
Formal Indoctrination
enhancement of PS-3
PS-3.3
Information Requiring Special Protective Measures
enhancement of PS-3
PS-3.4
Citizenship Requirements
enhancement of PS-3
PS-4
Personnel Termination
no ATT&CK mapping
PS-4.1
Post-employment Requirements
enhancement of PS-4
PS-4.2
Automated Actions
enhancement of PS-4
PS-5
Personnel Transfer
no ATT&CK mapping
PS-6
Access Agreements
no ATT&CK mapping
PS-6.1
Information Requiring Special Protection
enhancement of PS-6
PS-6.2
Classified Information Requiring Special Protection
enhancement of PS-6
PS-6.3
Post-employment Requirements
enhancement of PS-6
PS-7
External Personnel Security
no ATT&CK mapping
PS-8
Personnel Sanctions
no ATT&CK mapping
PS-9
Position Descriptions
no ATT&CK mapping
PT-1
Policy and Procedures
no ATT&CK mapping
PT-2
Authority to Process Personally Identifiable Information
no ATT&CK mapping
PT-2.1
Data Tagging
enhancement of PT-2
PT-2.2
Automation
enhancement of PT-2
PT-3
Personally Identifiable Information Processing Purposes
no ATT&CK mapping
PT-3.1
Data Tagging
enhancement of PT-3
PT-3.2
Automation
enhancement of PT-3
PT-4
Consent
no ATT&CK mapping
PT-4.1
Tailored Consent
enhancement of PT-4
PT-4.2
Just-in-time Consent
enhancement of PT-4
PT-4.3
Revocation
enhancement of PT-4
PT-5
Privacy Notice
no ATT&CK mapping
PT-5.1
Just-in-time Notice
enhancement of PT-5
PT-5.2
Privacy Act Statements
enhancement of PT-5
PT-6
System of Records Notice
no ATT&CK mapping
PT-6.1
Routine Uses
enhancement of PT-6
PT-6.2
Exemption Rules
enhancement of PT-6
PT-7
Specific Categories of Personally Identifiable Information
no ATT&CK mapping
PT-7.1
Social Security Numbers
enhancement of PT-7
PT-7.2
First Amendment Information
enhancement of PT-7
PT-8
Computer Matching Requirements
no ATT&CK mapping
RA-05
Vulnerability Monitoring and Scanning
80/107 detectable
T1011.001T1052T1052.001T1092T1127.002T1137.001T1176T1204.003T1213.001T1213.002T1213.005T1218.004T1218.012T1218.015T1530T1542.004T1542.005T1547.007T1548.006T1558.004T1562.010T1563T1563.001T1574.004T1578.001T1578.002T1612T1021.001T1021.003T1021.004T1021.005T1021.006T1046T1047T1053T1053.002T1053.003T1053.005T1059T1059.001T1059.005T1059.007T1068T1078T1091T1098.004T1127T1127.001T1133T1137T1190T1195T1195.001T1195.002T1210T1211T1212T1213T1213.003T1218T1218.003T1218.005T1218.008T1218.009T1218.013T1218.014T1221T1482T1484T1505T1505.001T1505.002T1505.003T1505.004T1505.005T1525T1528T1543T1546.002T1546.014T1547.006T1547.008T1548T1548.002T1548.003T1552T1552.001T1552.002T1552.004T1552.006T1557T1559T1559.002T1560T1560.001T1562T1563.002T1566T1574T1574.001T1574.005T1574.007T1574.008T1574.009T1574.010T1578T1578.003
RA-09
Criticality Analysis
4/12 detectable
RA-1
Policy and Procedures
no ATT&CK mapping
RA-2
Security Categorization
no ATT&CK mapping
RA-2.1
Impact-level Prioritization
enhancement of RA-2
RA-3
Risk Assessment
no ATT&CK mapping
RA-3.1
Supply Chain Risk Assessment
enhancement of RA-3
RA-3.2
Use of All-source Intelligence
enhancement of RA-3
RA-3.3
Dynamic Threat Awareness
enhancement of RA-3
RA-3.4
Predictive Cyber Analytics
enhancement of RA-3
RA-4
Risk Assessment Update
no ATT&CK mapping
RA-5
Vulnerability Monitoring and Scanning
no ATT&CK mapping
RA-5.1
Update Tool Capability
enhancement of RA-5
RA-5.10
Correlate Scanning Information
enhancement of RA-5
RA-5.11
Public Disclosure Program
enhancement of RA-5
RA-5.2
Update Vulnerabilities to Be Scanned
enhancement of RA-5
RA-5.3
Breadth and Depth of Coverage
enhancement of RA-5
RA-5.4
Discoverable Information
enhancement of RA-5
RA-5.5
Privileged Access
enhancement of RA-5
RA-5.6
Automated Trend Analyses
enhancement of RA-5
RA-5.7
Automated Detection and Notification of Unauthorized Components
enhancement of RA-5
RA-5.8
Review Historic Audit Logs
enhancement of RA-5
RA-5.9
Penetration Testing and Analyses
enhancement of RA-5
RA-6
Technical Surveillance Countermeasures Survey
no ATT&CK mapping
RA-7
Risk Response
no ATT&CK mapping
RA-8
Privacy Impact Assessments
no ATT&CK mapping
RA-9
Criticality Analysis
no ATT&CK mapping
SA-03
System Development Life Cycle
5/6 detectable
SA-08
Security and Privacy Engineering Principles
13/20 detectable
SA-1
Policy and Procedures
no ATT&CK mapping
SA-10
Developer Configuration Management
15/27 detectable
SA-10.1
Software and Firmware Integrity Verification
enhancement of SA-10
SA-10.2
Alternative Configuration Management Processes
enhancement of SA-10
SA-10.3
Hardware Integrity Verification
enhancement of SA-10
SA-10.4
Trusted Generation
enhancement of SA-10
SA-10.5
Mapping Integrity for Version Control
enhancement of SA-10
SA-10.6
Trusted Distribution
enhancement of SA-10
SA-10.7
Security and Privacy Representatives
enhancement of SA-10
SA-11
Developer Testing and Evaluation
21/34 detectable
SA-11.1
Static Code Analysis
enhancement of SA-11
SA-11.2
Threat Modeling and Vulnerability Analyses
enhancement of SA-11
SA-11.3
Independent Verification of Assessment Plans and Evidence
enhancement of SA-11
SA-11.4
Manual Code Reviews
enhancement of SA-11
SA-11.5
Penetration Testing
enhancement of SA-11
SA-11.6
Attack Surface Reviews
enhancement of SA-11
SA-11.7
Verify Scope of Testing and Evaluation
enhancement of SA-11
SA-11.8
Dynamic Code Analysis
enhancement of SA-11
SA-11.9
Interactive Application Security Testing
enhancement of SA-11
SA-12
Supply Chain Protection
no ATT&CK mapping
SA-12.1
Acquisition Strategies / Tools / Methods
enhancement of SA-12
SA-12.10
Validate as Genuine and Not Altered
enhancement of SA-12
SA-12.11
Penetration Testing / Analysis of Elements, Processes, and Actors
enhancement of SA-12
SA-12.12
Inter-organizational Agreements
enhancement of SA-12
SA-12.13
Critical Information System Components
enhancement of SA-12
SA-12.14
Identity and Traceability
enhancement of SA-12
SA-12.15
Processes to Address Weaknesses or Deficiencies
enhancement of SA-12
SA-12.2
Supplier Reviews
enhancement of SA-12
SA-12.3
Trusted Shipping and Warehousing
enhancement of SA-12
SA-12.4
Diversity of Suppliers
enhancement of SA-12
SA-12.5
Limitation of Harm
enhancement of SA-12
SA-12.6
Minimizing Procurement Time
enhancement of SA-12
SA-12.7
Assessments Prior to Selection / Acceptance / Update
enhancement of SA-12
SA-12.8
Use of All-source Intelligence
enhancement of SA-12
SA-12.9
Operations Security
enhancement of SA-12
SA-13
Trustworthiness
no ATT&CK mapping
SA-14
Criticality Analysis
no ATT&CK mapping
SA-14.1
Critical Components with No Viable Alternative Sourcing
enhancement of SA-14
SA-15
Development Process, Standards, and Tools
12/14 detectable
SA-15.1
Quality Metrics
enhancement of SA-15
SA-15.10
Incident Response Plan
enhancement of SA-15
SA-15.11
Archive System or Component
enhancement of SA-15
SA-15.12
Minimize Personally Identifiable Information
enhancement of SA-15
SA-15.13
Logging Syntax
enhancement of SA-15
SA-15.2
Security and Privacy Tracking Tools
enhancement of SA-15
SA-15.3
Criticality Analysis
enhancement of SA-15
SA-15.4
Threat Modeling and Vulnerability Analysis
enhancement of SA-15
SA-15.5
Attack Surface Reduction
enhancement of SA-15
SA-15.6
Continuous Improvement
enhancement of SA-15
SA-15.7
Automated Vulnerability Analysis
enhancement of SA-15
SA-15.8
Reuse of Threat and Vulnerability Information
enhancement of SA-15
SA-15.9
Use of Live Data
enhancement of SA-15
SA-17
Developer Security and Privacy Architecture and Design
6/7 detectable
SA-17.1
Formal Policy Model
enhancement of SA-17
SA-17.2
Security-relevant Components
enhancement of SA-17
SA-17.3
Formal Correspondence
enhancement of SA-17
SA-17.4
Informal Correspondence
enhancement of SA-17
SA-17.5
Conceptually Simple Design
enhancement of SA-17
SA-17.6
Structure for Testing
enhancement of SA-17
SA-17.7
Structure for Least Privilege
enhancement of SA-17
SA-17.8
Orchestration
enhancement of SA-17
SA-17.9
Design Diversity
enhancement of SA-17
SA-18
Tamper Resistance and Detection
no ATT&CK mapping
SA-18.1
Multiple Phases of System Development Life Cycle
enhancement of SA-18
SA-18.2
Inspection of Systems or Components
enhancement of SA-18
SA-19
Component Authenticity
no ATT&CK mapping
SA-19.1
Anti-counterfeit Training
enhancement of SA-19
SA-19.2
Configuration Control for Component Service and Repair
enhancement of SA-19
SA-19.3
Component Disposal
enhancement of SA-19
SA-19.4
Anti-counterfeit Scanning
enhancement of SA-19
SA-2
Allocation of Resources
no ATT&CK mapping
SA-20
Customized Development of Critical Components
no ATT&CK mapping
SA-21
Developer Screening
no ATT&CK mapping
SA-21.1
Validation of Screening
enhancement of SA-21
SA-22.1
Alternative Sources for Continued Support
enhancement of SA-22
SA-23
Specialization
no ATT&CK mapping
SA-24
Design For Cyber Resiliency
no ATT&CK mapping
SA-3
System Development Life Cycle
no ATT&CK mapping
SA-3.1
Manage Preproduction Environment
enhancement of SA-3
SA-3.2
Use of Live or Operational Data
enhancement of SA-3
SA-3.3
Technology Refresh
enhancement of SA-3
SA-4
Acquisition Process
no ATT&CK mapping
SA-4.1
Functional Properties of Controls
enhancement of SA-4
SA-4.10
Use of Approved PIV Products
enhancement of SA-4
SA-4.11
System of Records
enhancement of SA-4
SA-4.12
Data Ownership
enhancement of SA-4
SA-4.2
Design and Implementation Information for Controls
enhancement of SA-4
SA-4.3
Development Methods, Techniques, and Practices
enhancement of SA-4
SA-4.4
Assignment of Components to Systems
enhancement of SA-4
SA-4.5
System, Component, and Service Configurations
enhancement of SA-4
SA-4.6
Use of Information Assurance Products
enhancement of SA-4
SA-4.7
NIAP-approved Protection Profiles
enhancement of SA-4
SA-4.8
Continuous Monitoring Plan for Controls
enhancement of SA-4
SA-4.9
Functions, Ports, Protocols, and Services in Use
enhancement of SA-4
SA-5
System Documentation
no ATT&CK mapping
SA-5.1
Functional Properties of Security Controls
enhancement of SA-5
SA-5.2
Security-relevant External System Interfaces
enhancement of SA-5
SA-5.3
High-level Design
enhancement of SA-5
SA-5.4
Low-level Design
enhancement of SA-5
SA-5.5
Source Code
enhancement of SA-5
SA-6
Software Usage Restrictions
no ATT&CK mapping
SA-7
User-installed Software
no ATT&CK mapping
SA-8
Security and Privacy Engineering Principles
no ATT&CK mapping
SA-8.1
Clear Abstractions
enhancement of SA-8
SA-8.10
Hierarchical Trust
enhancement of SA-8
SA-8.11
Inverse Modification Threshold
enhancement of SA-8
SA-8.12
Hierarchical Protection
enhancement of SA-8
SA-8.13
Minimized Security Elements
enhancement of SA-8
SA-8.14
Least Privilege
enhancement of SA-8
SA-8.15
Predicate Permission
enhancement of SA-8
SA-8.16
Self-reliant Trustworthiness
enhancement of SA-8
SA-8.17
Secure Distributed Composition
enhancement of SA-8
SA-8.18
Trusted Communications Channels
enhancement of SA-8
SA-8.19
Continuous Protection
enhancement of SA-8
SA-8.2
Least Common Mechanism
enhancement of SA-8
SA-8.20
Secure Metadata Management
enhancement of SA-8
SA-8.21
Self-analysis
enhancement of SA-8
SA-8.22
Accountability and Traceability
enhancement of SA-8
SA-8.23
Secure Defaults
enhancement of SA-8
SA-8.24
Secure Failure and Recovery
enhancement of SA-8
SA-8.25
Economic Security
enhancement of SA-8
SA-8.26
Performance Security
enhancement of SA-8
SA-8.27
Human Factored Security
enhancement of SA-8
SA-8.28
Acceptable Security
enhancement of SA-8
SA-8.29
Repeatable and Documented Procedures
enhancement of SA-8
SA-8.3
Modularity and Layering
enhancement of SA-8
SA-8.30
Procedural Rigor
enhancement of SA-8
SA-8.31
Secure System Modification
enhancement of SA-8
SA-8.32
Sufficient Documentation
enhancement of SA-8
SA-8.33
Minimization
enhancement of SA-8
SA-8.4
Partially Ordered Dependencies
enhancement of SA-8
SA-8.5
Efficiently Mediated Access
enhancement of SA-8
SA-8.6
Minimized Sharing
enhancement of SA-8
SA-8.7
Reduced Complexity
enhancement of SA-8
SA-8.8
Secure Evolvability
enhancement of SA-8
SA-8.9
Trusted Components
enhancement of SA-8
SA-9
External System Services
no ATT&CK mapping
SA-9.1
Risk Assessments and Organizational Approvals
enhancement of SA-9
SA-9.2
Identification of Functions, Ports, Protocols, and Services
enhancement of SA-9
SA-9.3
Establish and Maintain Trust Relationship with Providers
enhancement of SA-9
SA-9.4
Consistent Interests of Consumers and Providers
enhancement of SA-9
SA-9.5
Processing, Storage, and Service Location
enhancement of SA-9
SA-9.6
Organization-controlled Cryptographic Keys
enhancement of SA-9
SA-9.7
Organization-controlled Integrity Checking
enhancement of SA-9
SA-9.8
Processing and Storage Location — U.S. Jurisdiction
enhancement of SA-9
SC-02
Separation of System and User Functionality
8/8 detectable
SC-03
Security Function Isolation
15/18 detectable
SC-04
Information in Shared System Resources
15/29 detectable
SC-05
Denial-of-service Protection
0/1 detectable
SC-06
Resource Availability
0/1 detectable
SC-07
Boundary Protection
109/156 detectable
T1001.001T1001.002T1020.001T1036.008T1048.002T1055.002T1055.004T1055.005T1055.013T1055.014T1071.002T1071.003T1071.005T1080T1104T1132.002T1176T1204.003T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1542T1542.004T1542.005T1557.004T1563T1565.003T1566.003T1567.003T1567.004T1573.001T1573.002T1598T1598.001T1598.002T1598.003T1599T1602T1602.001T1602.002T1612T1648T1659T1001T1001.003T1008T1021.001T1021.002T1021.003T1021.005T1021.006T1029T1030T1041T1046T1048T1048.001T1048.003T1055T1055.001T1055.003T1055.008T1055.009T1055.011T1055.012T1068T1071T1071.001T1071.004T1072T1078T1090T1090.001T1090.002T1090.003T1095T1098T1098.001T1102T1102.001T1102.002T1102.003T1105T1114T1114.003T1132T1132.001T1133T1136T1136.002T1136.003T1187T1189T1190T1197T1199T1203T1204T1204.001T1204.002T1205T1205.001T1210T1211T1212T1218T1219T1221T1482T1489T1498T1499T1499.001T1499.004T1505.004T1537T1552T1552.001T1552.004T1552.005T1552.007T1557T1557.001T1557.002T1557.003T1559T1559.001T1559.002T1560T1560.001T1563.002T1565T1565.001T1566T1566.001T1566.002T1567T1567.001T1567.002T1568T1568.002T1570T1571T1572T1573T1590.002T1599.001T1609T1610T1611T1613T1622
SC-08
Transmission Confidentiality and Integrity
11/20 detectable
SC-1
Policy and Procedures
no ATT&CK mapping
SC-11
Trusted Path
no ATT&CK mapping
SC-11.1
Irrefutable Communications Path
enhancement of SC-11
SC-12
Cryptographic Key Establishment and Management
7/11 detectable
SC-12.1
Availability
enhancement of SC-12
SC-12.2
Symmetric Keys
enhancement of SC-12
SC-12.3
Asymmetric Keys
enhancement of SC-12
SC-12.4
PKI Certificates
enhancement of SC-12
SC-12.5
PKI Certificates / Hardware Tokens
enhancement of SC-12
SC-12.6
Physical Control of Keys
enhancement of SC-12
SC-13.1
FIPS-validated Cryptography
enhancement of SC-13
SC-13.2
NSA-approved Cryptography
enhancement of SC-13
SC-13.3
Individuals Without Formal Access Approvals
enhancement of SC-13
SC-13.4
Digital Signatures
enhancement of SC-13
SC-14
Public Access Protections
no ATT&CK mapping
SC-15
Collaborative Computing Devices and Applications
no ATT&CK mapping
SC-15.1
Physical or Logical Disconnect
enhancement of SC-15
SC-15.2
Blocking Inbound and Outbound Communications Traffic
enhancement of SC-15
SC-15.3
Disabling and Removal in Secure Work Areas
enhancement of SC-15
SC-15.4
Explicitly Indicate Current Participants
enhancement of SC-15
SC-16
Transmission of Security and Privacy Attributes
3/5 detectable
SC-16.1
Integrity Verification
enhancement of SC-16
SC-16.2
Anti-spoofing Mechanisms
enhancement of SC-16
SC-16.3
Cryptographic Binding
enhancement of SC-16
SC-18
Mobile Code
27/38 detectable
SC-18.1
Identify Unacceptable Code and Take Corrective Actions
enhancement of SC-18
SC-18.2
Acquisition, Development, and Use
enhancement of SC-18
SC-18.3
Prevent Downloading and Execution
enhancement of SC-18
SC-18.4
Prevent Automatic Execution
enhancement of SC-18
SC-18.5
Allow Execution Only in Confined Environments
enhancement of SC-18
SC-19
Voice Over Internet Protocol
no ATT&CK mapping
SC-2
Separation of System and User Functionality
no ATT&CK mapping
SC-2.1
Interfaces for Non-privileged Users
enhancement of SC-2
SC-2.2
Disassociability
enhancement of SC-2
SC-20
Secure Name/Address Resolution Service (Authoritative Source)
9/14 detectable
SC-20.1
Child Subspaces
enhancement of SC-20
SC-20.2
Data Origin and Integrity
enhancement of SC-20
SC-21
Secure Name/Address Resolution Service (Recursive or Caching Resolver)
5/7 detectable
SC-21.1
Data Origin and Integrity
enhancement of SC-21
SC-22
Architecture and Provisioning for Name/Address Resolution Service
5/7 detectable
SC-23
Session Authenticity
11/20 detectable
SC-23.1
Invalidate Session Identifiers at Logout
enhancement of SC-23
SC-23.2
User-initiated Logouts and Message Displays
enhancement of SC-23
SC-23.3
Unique System-generated Session Identifiers
enhancement of SC-23
SC-23.4
Unique Session Identifiers with Randomization
enhancement of SC-23
SC-23.5
Allowed Certificate Authorities
enhancement of SC-23
SC-24
Fail in Known State
no ATT&CK mapping
SC-25
Thin Nodes
no ATT&CK mapping
SC-26.1
Detection of Malicious Code
enhancement of SC-26
SC-27
Platform-independent Applications
no ATT&CK mapping
SC-28
Protection of Information at Rest
26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
SC-28.1
Cryptographic Protection
enhancement of SC-28
SC-28.2
Offline Storage
enhancement of SC-28
SC-28.3
Cryptographic Keys
enhancement of SC-28
SC-29.1
Virtualization Techniques
enhancement of SC-29
SC-3
Security Function Isolation
no ATT&CK mapping
SC-3.1
Hardware Separation
enhancement of SC-3
SC-3.2
Access and Flow Control Functions
enhancement of SC-3
SC-3.3
Minimize Nonsecurity Functionality
enhancement of SC-3
SC-3.4
Module Coupling and Cohesiveness
enhancement of SC-3
SC-3.5
Layered Structures
enhancement of SC-3
SC-30.1
Virtualization Techniques
enhancement of SC-30
SC-30.2
Randomness
enhancement of SC-30
SC-30.3
Change Processing and Storage Locations
enhancement of SC-30
SC-30.4
Misleading Information
enhancement of SC-30
SC-30.5
Concealment of System Components
enhancement of SC-30
SC-31
Covert Channel Analysis
7/11 detectable
SC-31.1
Test Covert Channels for Exploitability
enhancement of SC-31
SC-31.2
Maximum Bandwidth
enhancement of SC-31
SC-31.3
Measure Bandwidth in Operational Environments
enhancement of SC-31
SC-32
Information System Partitioning
1/1 detectable
SC-32.1
Separate Physical Domains for Privileged Functions
enhancement of SC-32
SC-33
Transmission Preparation Integrity
no ATT&CK mapping
SC-34
Non-modifiable Executable Programs
5/15 detectable
SC-34.1
No Writable Storage
enhancement of SC-34
SC-34.2
Integrity Protection on Read-only Media
enhancement of SC-34
SC-34.3
Hardware-based Protection
enhancement of SC-34
SC-36
Distributed Processing and Storage
5/7 detectable
SC-36.1
Polling Techniques
enhancement of SC-36
SC-36.2
Synchronization
enhancement of SC-36
SC-37
Out-of-band Channels
8/12 detectable
SC-37.1
Ensure Delivery and Transmission
enhancement of SC-37
SC-39
Process Isolation
19/22 detectable
SC-39.1
Hardware Separation
enhancement of SC-39
SC-39.2
Separate Execution Domain Per Thread
enhancement of SC-39
SC-4
Information in Shared System Resources
no ATT&CK mapping
SC-4.1
Security Levels
enhancement of SC-4
SC-4.2
Multilevel or Periods Processing
enhancement of SC-4
SC-40
Wireless Link Protection
0/1 detectable
SC-40.1
Electromagnetic Interference
enhancement of SC-40
SC-40.2
Reduce Detection Potential
enhancement of SC-40
SC-40.3
Imitative or Manipulative Communications Deception
enhancement of SC-40
SC-40.4
Signal Parameter Identification
enhancement of SC-40
SC-42
Sensor Capability and Data
no ATT&CK mapping
SC-42.1
Reporting to Authorized Individuals or Roles
enhancement of SC-42
SC-42.2
Authorized Use
enhancement of SC-42
SC-42.3
Prohibit Use of Devices
enhancement of SC-42
SC-42.4
Notice of Collection
enhancement of SC-42
SC-42.5
Collection Minimization
enhancement of SC-42
SC-44
Detonation Chambers
12/22 detectable
SC-45
System Time Synchronization
no ATT&CK mapping
SC-45.1
Synchronization with Authoritative Time Source
enhancement of SC-45
SC-45.2
Secondary Authoritative Time Source
enhancement of SC-45
SC-46
Cross Domain Policy Enforcement
23/27 detectable
SC-47
Alternate Communications Paths
no ATT&CK mapping
SC-48
Sensor Relocation
no ATT&CK mapping
SC-48.1
Dynamic Relocation of Sensors or Monitoring Capabilities
enhancement of SC-48
SC-49
Hardware-enforced Separation and Policy Enforcement
no ATT&CK mapping
SC-5
Denial-of-service Protection
no ATT&CK mapping
SC-5.1
Restrict Ability to Attack Other Systems
enhancement of SC-5
SC-5.2
Capacity, Bandwidth, and Redundancy
enhancement of SC-5
SC-5.3
Detection and Monitoring
enhancement of SC-5
SC-50
Software-enforced Separation and Policy Enforcement
no ATT&CK mapping
SC-51
Hardware-based Protection
no ATT&CK mapping
SC-6
Resource Availability
no ATT&CK mapping
SC-7
Boundary Protection
no ATT&CK mapping
SC-7.1
Physically Separated Subnetworks
enhancement of SC-7
SC-7.10
Prevent Exfiltration
enhancement of SC-7
SC-7.11
Restrict Incoming Communications Traffic
enhancement of SC-7
SC-7.12
Host-based Protection
enhancement of SC-7
SC-7.13
Isolation of Security Tools, Mechanisms, and Support Components
enhancement of SC-7
SC-7.14
Protect Against Unauthorized Physical Connections
enhancement of SC-7
SC-7.15
Networked Privileged Accesses
enhancement of SC-7
SC-7.16
Prevent Discovery of System Components
enhancement of SC-7
SC-7.17
Automated Enforcement of Protocol Formats
enhancement of SC-7
SC-7.18
Fail Secure
enhancement of SC-7
SC-7.19
Block Communication from Non-organizationally Configured Hosts
enhancement of SC-7
SC-7.2
Public Access
enhancement of SC-7
SC-7.20
Dynamic Isolation and Segregation
enhancement of SC-7
SC-7.21
Isolation of System Components
enhancement of SC-7
SC-7.22
Separate Subnets for Connecting to Different Security Domains
enhancement of SC-7
SC-7.23
Disable Sender Feedback on Protocol Validation Failure
enhancement of SC-7
SC-7.24
Personally Identifiable Information
enhancement of SC-7
SC-7.25
Unclassified National Security System Connections
enhancement of SC-7
SC-7.26
Classified National Security System Connections
enhancement of SC-7
SC-7.27
Unclassified Non-national Security System Connections
enhancement of SC-7
SC-7.28
Connections to Public Networks
enhancement of SC-7
SC-7.29
Separate Subnets to Isolate Functions
enhancement of SC-7
SC-7.3
Access Points
enhancement of SC-7
SC-7.4
External Telecommunications Services
enhancement of SC-7
SC-7.5
Deny by Default — Allow by Exception
enhancement of SC-7
SC-7.6
Response to Recognized Failures
enhancement of SC-7
SC-7.7
Split Tunneling for Remote Devices
enhancement of SC-7
SC-7.8
Route Traffic to Authenticated Proxy Servers
enhancement of SC-7
SC-7.9
Restrict Threatening Outgoing Communications Traffic
enhancement of SC-7
SC-8
Transmission Confidentiality and Integrity
no ATT&CK mapping
SC-8.1
Cryptographic Protection
enhancement of SC-8
SC-8.2
Pre- and Post-transmission Handling
enhancement of SC-8
SC-8.3
Cryptographic Protection for Message Externals
enhancement of SC-8
SC-8.4
Conceal or Randomize Communications
enhancement of SC-8
SC-8.5
Protected Distribution System
enhancement of SC-8
SC-9
Transmission Confidentiality
no ATT&CK mapping
SI-02
Flaw Remediation
58/84 detectable
T1027.007T1027.008T1055.002T1055.004T1055.005T1055.013T1055.014T1137.004T1137.005T1195.003T1204.003T1213.005T1542T1542.004T1542.005T1546.006T1546.016T1548.006T1553.006T1566.003T1574.002T1574.013T1601T1601.001T1601.002T1606.001T1003T1003.001T1027T1027.002T1027.009T1047T1055T1055.001T1055.003T1055.008T1055.009T1055.011T1055.012T1059T1059.001T1059.005T1059.006T1068T1072T1106T1137T1137.003T1189T1190T1195T1195.001T1195.002T1203T1204T1204.001T1210T1211T1212T1213.003T1221T1495T1525T1542.001T1542.003T1546T1546.010T1546.011T1547.006T1548T1548.002T1550.002T1552T1552.006T1553T1555T1555.005T1559T1559.002T1566T1566.001T1574T1606T1611
SI-03
Malicious Code Protection
153/226 detectable
T1001.001T1001.002T1003.007T1003.008T1011.001T1025T1027.007T1027.008T1027.012T1027.013T1027.014T1036.008T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1055.002T1055.004T1055.005T1055.013T1055.014T1055.015T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1070.010T1071.002T1071.003T1080T1092T1104T1111T1132.002T1137.001T1176T1204.003T1218.004T1218.012T1218.015T1491T1491.002T1546.006T1546.016T1547.007T1547.013T1548.004T1548.006T1558.002T1558.004T1561T1562.004T1562.011T1564.008T1564.009T1564.012T1566.003T1573.001T1573.002T1574.004T1574.013T1598T1598.001T1598.002T1598.003T1602T1602.001T1602.002T1001T1001.003T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1008T1021.003T1021.005T1027T1027.002T1027.009T1027.010T1029T1030T1036T1036.003T1036.005T1037T1037.005T1041T1046T1047T1048T1048.001T1048.003T1055T1055.001T1055.003T1055.008T1055.009T1055.011T1055.012T1056.002T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1068T1070T1070.001T1070.003T1071T1071.001T1071.004T1072T1090T1090.001T1090.002T1091T1095T1098.004T1102T1102.001T1102.002T1102.003T1105T1106T1129T1132T1132.001T1137T1185T1189T1190T1195T1201T1203T1204T1204.001T1204.002T1210T1211T1212T1218T1218.001T1218.002T1218.003T1218.005T1218.008T1218.009T1218.013T1218.014T1219T1221T1485T1486T1490T1491.001T1505.004T1525T1539T1543T1543.002T1546.002T1546.003T1546.004T1546.013T1546.014T1547.002T1547.005T1547.006T1547.008T1547.009T1548T1553.003T1554T1557T1557.001T1557.002T1557.003T1558T1558.003T1559T1559.001T1559.002T1560T1560.001T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1564.004T1566T1566.001T1566.002T1567T1568T1568.002T1569T1569.002T1570T1571T1572T1573T1574T1574.001T1574.007T1574.008T1574.009T1574.014T1611T1622
SI-04
System Monitoring
254/375 detectable
T1001.001T1001.002T1003.007T1003.008T1011T1011.001T1020.001T1021.008T1025T1027.007T1027.008T1027.011T1027.012T1036.001T1036.008T1036.010T1037.002T1037.003T1037.004T1048.002T1052T1052.001T1053.006T1055.002T1055.004T1055.005T1055.013T1055.014T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1070.010T1071.002T1071.003T1071.005T1080T1092T1098.002T1098.007T1104T1110.003T1110.004T1111T1114.002T1127.002T1132.002T1137.001T1176T1204.003T1205.002T1213.001T1213.002T1213.004T1213.005T1218.004T1218.012T1218.015T1491T1491.002T1499.002T1499.003T1530T1542.004T1542.005T1546.006T1546.016T1547.007T1547.012T1547.013T1548.004T1548.006T1552.008T1555.002T1556.001T1556.003T1556.008T1556.009T1557.004T1558.002T1558.004T1558.005T1559.003T1561T1562.003T1562.004T1562.010T1562.011T1562.012T1563T1563.001T1564.007T1564.008T1564.009T1564.010T1565.003T1566.003T1573.001T1573.002T1574.004T1574.013T1578.001T1578.002T1598T1598.001T1598.002T1598.003T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1612T1647T1648T1651T1001T1001.003T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1008T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1027T1027.002T1027.009T1027.010T1029T1030T1036T1036.003T1036.005T1036.007T1037T1037.005T1040T1041T1046T1047T1048T1048.001T1048.003T1053T1053.002T1053.003T1053.005T1055T1055.001T1055.003T1055.008T1055.009T1055.011T1055.012T1056.002T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1059.009T1068T1070T1070.001T1070.003T1071T1071.001T1071.004T1072T1078T1078.001T1078.002T1078.003T1078.004T1087T1087.001T1087.002T1090T1090.001T1090.002T1091T1095T1098T1098.001T1098.003T1098.004T1102T1102.001T1102.002T1102.003T1105T1106T1110T1110.001T1110.002T1114T1114.001T1114.003T1119T1127T1127.001T1129T1132T1132.001T1133T1135T1136T1136.001T1136.002T1136.003T1137T1185T1187T1189T1190T1195T1195.001T1197T1201T1203T1204T1204.001T1204.002T1205T1205.001T1210T1211T1212T1213T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.008T1218.009T1218.010T1218.011T1218.013T1218.014T1219T1220T1221T1222T1222.001T1222.002T1484T1485T1486T1489T1490T1491.001T1499T1499.001T1499.004T1505T1505.002T1505.003T1505.004T1505.005T1525T1528T1537T1539T1543T1543.002T1546.002T1546.003T1546.004T1546.008T1546.013T1546.014T1547.002T1547.003T1547.004T1547.005T1547.006T1547.008T1547.009T1548T1548.001T1548.002T1548.003T1550.001T1550.003T1552T1552.001T1552.002T1552.003T1552.004T1552.005T1552.006T1553T1553.001T1553.003T1553.004T1553.005T1555T1555.001T1555.004T1555.005T1556T1556.002T1556.004T1557T1557.001T1557.002T1557.003T1558T1558.003T1559T1559.002T1560T1560.001T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1563.002T1564.002T1564.004T1564.006T1565T1565.001T1565.002T1566T1566.001T1566.002T1567T1568T1568.002T1569T1569.002T1570T1571T1572T1573T1574T1574.001T1574.005T1574.007T1574.008T1574.009T1574.010T1574.014T1578T1578.003T1599.001T1610T1611T1613T1622T1653
SI-07
Software, Firmware, and Information Integrity
137/209 detectable
T1020.001T1027.007T1027.008T1036.001T1037.002T1037.003T1037.004T1053.006T1059.008T1059.010T1059.011T1070.002T1070.007T1070.008T1070.009T1070.010T1080T1098.002T1114.002T1127.002T1176T1195.003T1204.003T1213.001T1213.002T1213.004T1213.005T1216.002T1218.004T1218.012T1218.015T1485.001T1491T1491.002T1530T1542T1542.004T1542.005T1546.006T1547.013T1548.004T1548.006T1550.004T1553.006T1556.001T1556.003T1556.008T1556.009T1557.004T1558.002T1558.004T1558.005T1561T1562.004T1562.009T1562.010T1562.011T1562.012T1564.008T1564.009T1564.010T1565.003T1574.004T1574.013T1599T1601T1601.001T1601.002T1602T1602.001T1602.002T1647T1003T1003.003T1027T1027.002T1027.009T1036T1036.005T1037T1037.005T1040T1047T1056.002T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1068T1070T1070.001T1070.003T1072T1098.001T1098.003T1112T1114T1114.001T1114.003T1119T1127T1129T1133T1136T1136.001T1136.002T1136.003T1185T1189T1190T1195T1195.001T1203T1204T1204.002T1210T1211T1212T1213T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.008T1218.009T1218.010T1218.011T1218.013T1218.014T1219T1220T1221T1222T1222.001T1222.002T1485T1486T1490T1491.001T1495T1505T1505.001T1505.002T1505.004T1525T1542.001T1542.003T1543T1543.002T1546T1546.002T1546.004T1546.008T1546.009T1546.010T1546.013T1547.002T1547.003T1547.004T1547.005T1547.006T1547.008T1548T1550.001T1552T1552.004T1553T1553.001T1553.003T1553.005T1554T1556T1556.004T1557T1557.002T1558T1558.003T1561.001T1561.002T1562T1562.001T1562.002T1562.006T1564.003T1564.004T1564.006T1565T1565.001T1565.002T1569T1569.002T1574T1574.001T1574.006T1574.007T1574.008T1574.009T1574.012T1574.014T1599.001T1609T1611
SI-08
Spam Protection
11/20 detectable
SI-1
Policy and Procedures
no ATT&CK mapping
SI-10
Information Input Validation
79/101 detectable
T1036.008T1048.002T1059.008T1080T1127.002T1176T1218.004T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1546.006T1548.006T1564.009T1574.013T1599T1602T1602.001T1602.002T1021.002T1021.005T1027.010T1036T1036.005T1048T1048.001T1048.003T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1071.004T1090T1090.003T1095T1127T1129T1187T1190T1197T1204T1204.002T1216T1216.001T1218T1218.001T1218.002T1218.003T1218.005T1218.008T1218.009T1218.010T1218.011T1218.013T1218.014T1219T1220T1221T1498T1499T1499.001T1499.004T1537T1546.002T1546.008T1546.009T1546.010T1547.004T1547.006T1552T1552.005T1553T1553.001T1553.003T1553.005T1557T1557.001T1557.002T1557.003T1564.003T1564.006T1570T1572T1574T1574.001T1574.006T1574.007T1574.008T1574.009T1574.012T1574.014T1599.001T1609T1622
SI-10.1
Manual Override Capability
enhancement of SI-10
SI-10.2
Review and Resolve Errors
enhancement of SI-10
SI-10.3
Predictable Behavior
enhancement of SI-10
SI-10.4
Timing Interactions
enhancement of SI-10
SI-10.5
Restrict Inputs to Trusted Sources and Approved Formats
enhancement of SI-10
SI-10.6
Injection Prevention
enhancement of SI-10
SI-11
Error Handling
no ATT&CK mapping
SI-12
Information Management and Retention
20/34 detectable
SI-12.1
Limit Personally Identifiable Information Elements
enhancement of SI-12
SI-12.2
Minimize Personally Identifiable Information in Testing, Training, and Research
enhancement of SI-12
SI-12.3
Information Disposal
enhancement of SI-12
SI-13
Predictable Failure Prevention
no ATT&CK mapping
SI-13.1
Transferring Component Responsibilities
enhancement of SI-13
SI-13.2
Time Limit on Process Execution Without Supervision
enhancement of SI-13
SI-13.3
Manual Transfer Between Components
enhancement of SI-13
SI-13.4
Standby Component Installation and Notification
enhancement of SI-13
SI-13.5
Failover Capability
enhancement of SI-13
SI-14.1
Refresh from Trusted Sources
enhancement of SI-14
SI-14.2
Non-persistent Information
enhancement of SI-14
SI-14.3
Non-persistent Connectivity
enhancement of SI-14
SI-15
Information Output Filtering
29/42 detectable
T1048.002T1218.012T1218.015T1498.001T1498.002T1499.002T1499.003T1530T1564.009T1599T1602T1602.001T1602.002T1021.002T1021.005T1048T1048.001T1048.003T1071.004T1090T1090.003T1095T1187T1197T1205T1205.001T1219T1498T1499T1499.001T1499.004T1537T1552T1552.005T1557T1557.001T1557.002T1557.003T1570T1572T1599.001T1622
SI-16
Memory Protection
29/36 detectable
SI-17
Fail-safe Procedures
no ATT&CK mapping
SI-18
Personally Identifiable Information Quality Operations
no ATT&CK mapping
SI-18.1
Automation Support
enhancement of SI-18
SI-18.2
Data Tags
enhancement of SI-18
SI-18.3
Collection
enhancement of SI-18
SI-18.4
Individual Requests
enhancement of SI-18
SI-18.5
Notice of Correction or Deletion
enhancement of SI-18
SI-19
De-identification
no ATT&CK mapping
SI-19.1
Collection
enhancement of SI-19
SI-19.2
Archiving
enhancement of SI-19
SI-19.3
Release
enhancement of SI-19
SI-19.4
Removal, Masking, Encryption, Hashing, or Replacement of Direct Identifiers
enhancement of SI-19
SI-19.5
Statistical Disclosure Control
enhancement of SI-19
SI-19.6
Differential Privacy
enhancement of SI-19
SI-19.7
Validated Algorithms and Software
enhancement of SI-19
SI-19.8
Motivated Intruder
enhancement of SI-19
SI-2
Flaw Remediation
no ATT&CK mapping
SI-2.1
Central Management
enhancement of SI-2
SI-2.2
Automated Flaw Remediation Status
enhancement of SI-2
SI-2.3
Time to Remediate Flaws and Benchmarks for Corrective Actions
enhancement of SI-2
SI-2.4
Automated Patch Management Tools
enhancement of SI-2
SI-2.5
Automatic Software and Firmware Updates
enhancement of SI-2
SI-2.6
Removal of Previous Versions of Software and Firmware
enhancement of SI-2
SI-2.7
Root Cause Analysis
enhancement of SI-2
SI-20
Tainting
no ATT&CK mapping
SI-21
Information Refresh
no ATT&CK mapping
SI-22
Information Diversity
no ATT&CK mapping
SI-3
Malicious Code Protection
no ATT&CK mapping
SI-3.1
Central Management
enhancement of SI-3
SI-3.10
Malicious Code Analysis
enhancement of SI-3
SI-3.2
Automatic Updates
enhancement of SI-3
SI-3.3
Non-privileged Users
enhancement of SI-3
SI-3.4
Updates Only by Privileged Users
enhancement of SI-3
SI-3.5
Portable Storage Devices
enhancement of SI-3
SI-3.6
Testing and Verification
enhancement of SI-3
SI-3.7
Nonsignature-based Detection
enhancement of SI-3
SI-3.8
Detect Unauthorized Commands
enhancement of SI-3
SI-3.9
Authenticate Remote Commands
enhancement of SI-3
SI-4
System Monitoring
no ATT&CK mapping
SI-4.1
System-wide Intrusion Detection System
enhancement of SI-4
SI-4.10
Visibility of Encrypted Communications
enhancement of SI-4
SI-4.11
Analyze Communications Traffic Anomalies
enhancement of SI-4
SI-4.12
Automated Organization-generated Alerts
enhancement of SI-4
SI-4.13
Analyze Traffic and Event Patterns
enhancement of SI-4
SI-4.14
Wireless Intrusion Detection
enhancement of SI-4
SI-4.15
Wireless to Wireline Communications
enhancement of SI-4
SI-4.16
Correlate Monitoring Information
enhancement of SI-4
SI-4.17
Integrated Situational Awareness
enhancement of SI-4
SI-4.18
Analyze Traffic and Covert Exfiltration
enhancement of SI-4
SI-4.19
Risk for Individuals
enhancement of SI-4
SI-4.2
Automated Tools and Mechanisms for Real-time Analysis
enhancement of SI-4
SI-4.20
Privileged Users
enhancement of SI-4
SI-4.21
Probationary Periods
enhancement of SI-4
SI-4.22
Unauthorized Network Services
enhancement of SI-4
SI-4.23
Host-based Devices
enhancement of SI-4
SI-4.24
Indicators of Compromise
enhancement of SI-4
SI-4.25
Optimize Network Traffic Analysis
enhancement of SI-4
SI-4.3
Automated Tool and Mechanism Integration
enhancement of SI-4
SI-4.4
Inbound and Outbound Communications Traffic
enhancement of SI-4
SI-4.5
System-generated Alerts
enhancement of SI-4
SI-4.6
Restrict Non-privileged Users
enhancement of SI-4
SI-4.7
Automated Response to Suspicious Events
enhancement of SI-4
SI-4.8
Protection of Monitoring Information
enhancement of SI-4
SI-4.9
Testing of Monitoring Tools and Mechanisms
enhancement of SI-4
SI-5
Security Alerts, Advisories, and Directives
no ATT&CK mapping
SI-5.1
Automated Alerts and Advisories
enhancement of SI-5
SI-6
Security and Privacy Function Verification
no ATT&CK mapping
SI-6.1
Notification of Failed Security Tests
enhancement of SI-6
SI-6.2
Automation Support for Distributed Testing
enhancement of SI-6
SI-6.3
Report Verification Results
enhancement of SI-6
SI-7
Software, Firmware, and Information Integrity
no ATT&CK mapping
SI-7.1
Integrity Checks
enhancement of SI-7
SI-7.10
Protection of Boot Firmware
enhancement of SI-7
SI-7.11
Confined Environments with Limited Privileges
enhancement of SI-7
SI-7.12
Integrity Verification
enhancement of SI-7
SI-7.13
Code Execution in Protected Environments
enhancement of SI-7
SI-7.14
Binary or Machine Executable Code
enhancement of SI-7
SI-7.15
Code Authentication
enhancement of SI-7
SI-7.16
Time Limit on Process Execution Without Supervision
enhancement of SI-7
SI-7.17
Runtime Application Self-protection
enhancement of SI-7
SI-7.2
Automated Notifications of Integrity Violations
enhancement of SI-7
SI-7.3
Centrally Managed Integrity Tools
enhancement of SI-7
SI-7.4
Tamper-evident Packaging
enhancement of SI-7
SI-7.5
Automated Response to Integrity Violations
enhancement of SI-7
SI-7.6
Cryptographic Protection
enhancement of SI-7
SI-7.7
Integration of Detection and Response
enhancement of SI-7
SI-7.8
Auditing Capability for Significant Events
enhancement of SI-7
SI-7.9
Verify Boot Process
enhancement of SI-7
SI-8
Spam Protection
no ATT&CK mapping
SI-8.1
Central Management
enhancement of SI-8
SI-8.2
Automatic Updates
enhancement of SI-8
SI-8.3
Continuous Learning Capability
enhancement of SI-8
SI-9
Information Input Restrictions
no ATT&CK mapping
SR-04
Provenance
13/22 detectable
SR-05
Acquisition Strategies, Tools, and Methods
9/15 detectable
SR-1
Policy and Procedures
no ATT&CK mapping
SR-10
Inspection of Systems or Components
no ATT&CK mapping
SR-11
Component Authenticity
9/15 detectable
SR-11.1
Anti-counterfeit Training
enhancement of SR-11
SR-11.2
Configuration Control for Component Service and Repair
enhancement of SR-11
SR-11.3
Anti-counterfeit Scanning
enhancement of SR-11
SR-12
Component Disposal
no ATT&CK mapping
SR-2
Supply Chain Risk Management Plan
no ATT&CK mapping
SR-2.1
Establish SCRM Team
enhancement of SR-2
SR-3
Supply Chain Controls and Processes
no ATT&CK mapping
SR-3.1
Diverse Supply Base
enhancement of SR-3
SR-3.2
Limitation of Harm
enhancement of SR-3
SR-3.3
Sub-tier Flow Down
enhancement of SR-3
SR-4
Provenance
no ATT&CK mapping
SR-4.1
Identity
enhancement of SR-4
SR-4.2
Track and Trace
enhancement of SR-4
SR-4.3
Validate as Genuine and Not Altered
enhancement of SR-4
SR-4.4
Supply Chain Integrity — Pedigree
enhancement of SR-4
SR-5
Acquisition Strategies, Tools, and Methods
no ATT&CK mapping
SR-5.1
Adequate Supply
enhancement of SR-5
SR-5.2
Assessments Prior to Selection, Acceptance, Modification, or Update
enhancement of SR-5
SR-6
Supplier Assessments and Reviews
no ATT&CK mapping
SR-6.1
Testing and Analysis
enhancement of SR-6
SR-7
Supply Chain Operations Security
no ATT&CK mapping
SR-8
Notification Agreements
no ATT&CK mapping
SR-9
Tamper Resistance and Detection
no ATT&CK mapping
SR-9.1
Multiple Stages of System Development Life Cycle
enhancement of SR-9