{"framework":"pci-dss-4","framework_label":"PCI-DSS v4.0","controls":[{"control_id":"7","title":"Restrict Access to System Components and Cardholder Data by Business Need to Know","family":"Access Control","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"7.1","title":"Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood","family":"Access Control","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"7"},{"control_id":"7.2","title":"Access to system components and data is appropriately defined and assigned","family":"Access Control","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"7"},{"control_id":"7.3","title":"Access to system components and data is managed via an access control system(s)","family":"Access Control","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"7"},{"control_id":"3","title":"Protect Stored Account Data","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":false},{"control_id":"3.1","title":"Processes and mechanisms for protecting stored account data are defined and understood","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.2","title":"Storage of account data is kept to a minimum","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.3","title":"Sensitive authentication data (SAD) is not stored after authorization","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.4","title":"Access to displays of full PAN and ability to copy cardholder data are restricted","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.5","title":"Primary account number (PAN) is secured wherever it is stored","family":"Account Data Protection","techniques":[{"id":"T1003.007","name":"Proc Filesystem","detectable":false},{"id":"T1003.008","name":"/etc/passwd and /etc/shadow","detectable":false},{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1048.002","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","detectable":false},{"id":"T1052","name":"Exfiltration Over Physical Medium","detectable":false},{"id":"T1052.001","name":"Exfiltration over USB","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.004","name":"Customer Relationship Management Software","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1565.003","name":"Runtime Data Manipulation","detectable":false},{"id":"T1599","name":"Network Boundary Bridging","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1003","name":"OS Credential Dumping","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.001","name":"LSASS Memory","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.002","name":"Security Account Manager","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.003","name":"NTDS","detectable":true,"detections":"Sigma, CAR"},{"id":"T1003.004","name":"LSA Secrets","detectable":true,"detections":"Sigma"},{"id":"T1003.005","name":"Cached Domain Credentials","detectable":true,"detections":"Sigma"},{"id":"T1003.006","name":"DCSync","detectable":true,"detections":"Sigma"},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048","name":"Exfiltration Over Alternative Protocol","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.003","name":"Shell History","detectable":true,"detections":"Sigma"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1567","name":"Exfiltration Over Web Service","detectable":true,"detections":"Sigma, IDS"},{"id":"T1599.001","name":"Network Address Translation Traversal","detectable":true,"detections":"Sigma"}],"technique_count":42,"detectable_count":26,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.6","title":"Cryptographic keys used to protect stored account data are secured","family":"Account Data Protection","techniques":[{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1521.003","name":"","detectable":false},{"id":"T1557.004","name":"Evil Twin","detectable":false},{"id":"T1563.001","name":"SSH Hijacking","detectable":false},{"id":"T1573.001","name":"Symmetric Cryptography","detectable":false},{"id":"T1573.002","name":"Asymmetric Cryptography","detectable":false},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1072","name":"Software Deployment Tools","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1098.004","name":"SSH Authorized Keys","detectable":true,"detections":"Falco"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1573","name":"Encrypted Channel","detectable":true,"detections":"Sigma, IDS"}],"technique_count":16,"detectable_count":10,"coverage_pct":62,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"3.7","title":"Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented","family":"Account Data Protection","techniques":[{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1521.003","name":"","detectable":false},{"id":"T1557.004","name":"Evil Twin","detectable":false},{"id":"T1563.001","name":"SSH Hijacking","detectable":false},{"id":"T1573.001","name":"Symmetric Cryptography","detectable":false},{"id":"T1573.002","name":"Asymmetric Cryptography","detectable":false},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1072","name":"Software Deployment Tools","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1098.004","name":"SSH Authorized Keys","detectable":true,"detections":"Falco"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1573","name":"Encrypted Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1606","name":"Forge Web Credentials","detectable":true,"detections":"Sigma, CAR"}],"technique_count":17,"detectable_count":11,"coverage_pct":64,"has_mapping":true,"is_enhancement":true,"base_control_id":"3"},{"control_id":"10","title":"Log and Monitor All Access to System Components and Cardholder Data","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"10.1","title":"Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.2","title":"Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.3","title":"Audit logs are protected from destruction and unauthorized modifications","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.4","title":"Audit logs are reviewed to identify anomalies or suspicious activity","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.5","title":"Retain audit log history for at least 12 months","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.6","title":"Time-synchronization mechanisms support consistent time settings across all systems","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"10.7","title":"Failures of critical security controls are detected, reported, and responded to promptly","family":"Audit Logging","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"10"},{"control_id":"4","title":"Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks","family":"Cryptography in Transit","techniques":[{"id":"T1025","name":"Data from Removable Media","detectable":false},{"id":"T1521.003","name":"","detectable":false},{"id":"T1557.004","name":"Evil Twin","detectable":false},{"id":"T1563.001","name":"SSH Hijacking","detectable":false},{"id":"T1573.001","name":"Symmetric Cryptography","detectable":false},{"id":"T1573.002","name":"Asymmetric Cryptography","detectable":false},{"id":"T1005","name":"Data from Local System","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1041","name":"Exfiltration Over C2 Channel","detectable":true,"detections":"Sigma, IDS"},{"id":"T1048.003","name":"Exfiltration Over Unencrypted Non-C2 Protocol","detectable":true,"detections":"Sigma"},{"id":"T1072","name":"Software Deployment Tools","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1098.004","name":"SSH Authorized Keys","detectable":true,"detections":"Falco"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1573","name":"Encrypted Channel","detectable":true,"detections":"Sigma, IDS"}],"technique_count":16,"detectable_count":10,"coverage_pct":62,"has_mapping":true,"is_enhancement":false},{"control_id":"4.1","title":"Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented","family":"Cryptography in Transit","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"4"},{"control_id":"4.2","title":"PAN is protected with strong cryptography during transmission","family":"Cryptography in Transit","techniques":[{"id":"T1521.003","name":"","detectable":false},{"id":"T1563.001","name":"SSH Hijacking","detectable":false},{"id":"T1573.001","name":"Symmetric Cryptography","detectable":false},{"id":"T1573.002","name":"Asymmetric Cryptography","detectable":false},{"id":"T1072","name":"Software Deployment Tools","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1098.004","name":"SSH Authorized Keys","detectable":true,"detections":"Falco"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1573","name":"Encrypted Channel","detectable":true,"detections":"Sigma, IDS"}],"technique_count":11,"detectable_count":7,"coverage_pct":63,"has_mapping":true,"is_enhancement":true,"base_control_id":"4"},{"control_id":"8","title":"Identify Users and Authenticate Access to System Components","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"8.1","title":"Processes and mechanisms for identifying users and authenticating access to system components are defined and understood","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"8"},{"control_id":"8.2","title":"User identification and related accounts for users and administrators are strictly managed throughout an account's lifecycle","family":"Identity \u0026 Authentication","techniques":[{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.002","name":"Domain Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"}],"technique_count":4,"detectable_count":4,"coverage_pct":100,"has_mapping":true,"is_enhancement":true,"base_control_id":"8"},{"control_id":"8.3","title":"User authentication for users and administrators is established and managed","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"8"},{"control_id":"8.4","title":"Multi-factor authentication (MFA) is implemented to secure access into the CDE","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"8"},{"control_id":"8.5","title":"Multi-factor authentication (MFA) systems are configured to prevent misuse","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"8"},{"control_id":"8.6","title":"Use of application and system accounts and associated authentication factors is strictly managed","family":"Identity \u0026 Authentication","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"8"},{"control_id":"5","title":"Protect All Systems and Networks from Malicious Software","family":"Malware Protection","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"5.1","title":"Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood","family":"Malware Protection","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"5"},{"control_id":"5.2","title":"Malicious software (malware) is prevented, or detected and addressed","family":"Malware Protection","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"5"},{"control_id":"5.3","title":"Anti-malware mechanisms and processes are active, maintained, and monitored","family":"Malware Protection","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"5"},{"control_id":"5.4","title":"Anti-phishing mechanisms protect users against phishing attacks","family":"Malware Protection","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"5"},{"control_id":"1","title":"Install and Maintain Network Security Controls","family":"Network Security","techniques":[{"id":"T1590.002","name":"DNS","detectable":true,"detections":"Sigma"}],"technique_count":1,"detectable_count":1,"coverage_pct":100,"has_mapping":true,"is_enhancement":false},{"control_id":"1.1","title":"Processes and mechanisms for installing and maintaining network security controls are defined and understood","family":"Network Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"1"},{"control_id":"1.2","title":"Network security controls (NSCs) are configured and maintained","family":"Network Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"1"},{"control_id":"1.3","title":"Network access to and from the cardholder data environment is restricted","family":"Network Security","techniques":[{"id":"T1020.001","name":"Traffic Duplication","detectable":false},{"id":"T1021.008","name":"Direct Cloud VM Connections","detectable":false},{"id":"T1059.008","name":"Network Device CLI","detectable":false},{"id":"T1070.002","name":"Clear Linux or Mac System Logs","detectable":false},{"id":"T1070.008","name":"Clear Mailbox Data","detectable":false},{"id":"T1114.002","name":"Remote Email Collection","detectable":false},{"id":"T1127.002","name":"ClickOnce","detectable":false},{"id":"T1213.001","name":"Confluence","detectable":false},{"id":"T1213.002","name":"Sharepoint","detectable":false},{"id":"T1213.005","name":"Messaging Applications","detectable":false},{"id":"T1530","name":"Data from Cloud Storage","detectable":false},{"id":"T1547.012","name":"Print Processors","detectable":false},{"id":"T1547.013","name":"XDG Autostart Entries","detectable":false},{"id":"T1558.002","name":"Silver Ticket","detectable":false},{"id":"T1558.004","name":"AS-REP Roasting","detectable":false},{"id":"T1563","name":"Remote Service Session Hijacking","detectable":false},{"id":"T1563.001","name":"SSH Hijacking","detectable":false},{"id":"T1567.003","name":"Exfiltration to Text Storage Sites","detectable":false},{"id":"T1567.004","name":"Exfiltration Over Webhook","detectable":false},{"id":"T1602","name":"Data from Configuration Repository","detectable":false},{"id":"T1602.001","name":"SNMP (MIB Dump)","detectable":false},{"id":"T1602.002","name":"Network Device Configuration Dump","detectable":false},{"id":"T1612","name":"Build Image on Host","detectable":false},{"id":"T1647","name":"Plist File Modification","detectable":false},{"id":"T1651","name":"Cloud Administration Command","detectable":false},{"id":"T1659","name":"Content Injection","detectable":false},{"id":"T1021","name":"Remote Services","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1021.001","name":"Remote Desktop Protocol","detectable":true,"detections":"Sigma, CAR"},{"id":"T1021.002","name":"SMB/Windows Admin Shares","detectable":true,"detections":"Sigma, CAR"},{"id":"T1021.003","name":"Distributed Component Object Model","detectable":true,"detections":"Sigma, CAR"},{"id":"T1021.004","name":"SSH","detectable":true,"detections":"Sigma, Falco"},{"id":"T1021.005","name":"VNC","detectable":true,"detections":"Sigma"},{"id":"T1021.006","name":"Windows Remote Management","detectable":true,"detections":"Sigma, CAR"},{"id":"T1037","name":"Boot or Logon Initialization Scripts","detectable":true,"detections":"CAR, IDS"},{"id":"T1037.001","name":"Logon Script (Windows)","detectable":true,"detections":"Sigma, CAR"},{"id":"T1040","name":"Network Sniffing","detectable":true,"detections":"Sigma, CAR"},{"id":"T1047","name":"Windows Management Instrumentation","detectable":true,"detections":"Sigma, CAR"},{"id":"T1059","name":"Command and Scripting Interpreter","detectable":true,"detections":"Sigma, CAR, IDS, Falco"},{"id":"T1059.001","name":"PowerShell","detectable":true,"detections":"Sigma, CAR"},{"id":"T1059.002","name":"AppleScript","detectable":true,"detections":"Sigma"},{"id":"T1059.003","name":"Windows Command Shell","detectable":true,"detections":"Sigma, CAR"},{"id":"T1059.004","name":"Unix Shell","detectable":true,"detections":"Sigma, Falco"},{"id":"T1059.005","name":"Visual Basic","detectable":true,"detections":"Sigma, CAR"},{"id":"T1059.006","name":"Python","detectable":true,"detections":"Sigma"},{"id":"T1059.007","name":"JavaScript","detectable":true,"detections":"Sigma"},{"id":"T1070","name":"Indicator Removal","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1070.001","name":"Clear Windows Event Logs","detectable":true,"detections":"CAR"},{"id":"T1114","name":"Email Collection","detectable":true,"detections":"Sigma"},{"id":"T1114.001","name":"Local Email Collection","detectable":true,"detections":"Sigma"},{"id":"T1114.003","name":"Email Forwarding Rule","detectable":true,"detections":"Sigma"},{"id":"T1119","name":"Automated Collection","detectable":true,"detections":"Sigma"},{"id":"T1133","name":"External Remote Services","detectable":true,"detections":"Sigma"},{"id":"T1137","name":"Office Application Startup","detectable":true,"detections":"Sigma"},{"id":"T1137.002","name":"Office Test","detectable":true,"detections":"Sigma"},{"id":"T1213","name":"Data from Information Repositories","detectable":true,"detections":"Sigma"},{"id":"T1219","name":"Remote Access Tools","detectable":true,"detections":"Sigma, IDS"},{"id":"T1505.004","name":"IIS Components","detectable":true,"detections":"Sigma"},{"id":"T1505.005","name":"Terminal Services DLL","detectable":true,"detections":"Sigma"},{"id":"T1537","name":"Transfer Data to Cloud Account","detectable":true,"detections":"Sigma"},{"id":"T1543","name":"Create or Modify System Process","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1547.003","name":"Time Providers","detectable":true,"detections":"Sigma"},{"id":"T1547.004","name":"Winlogon Helper DLL","detectable":true,"detections":"Sigma, CAR"},{"id":"T1547.009","name":"Shortcut Modification","detectable":true,"detections":"Sigma"},{"id":"T1550.001","name":"Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1552.005","name":"Cloud Instance Metadata API","detectable":true,"detections":"Falco"},{"id":"T1552.007","name":"Container API","detectable":true,"detections":"Sigma"},{"id":"T1557","name":"Adversary-in-the-Middle","detectable":true,"detections":"Sigma"},{"id":"T1557.002","name":"ARP Cache Poisoning","detectable":true,"detections":"Falco"},{"id":"T1558","name":"Steal or Forge Kerberos Tickets","detectable":true,"detections":"Sigma"},{"id":"T1558.003","name":"Kerberoasting","detectable":true,"detections":"Sigma"},{"id":"T1563.002","name":"RDP Hijacking","detectable":true,"detections":"Sigma"},{"id":"T1565","name":"Data Manipulation","detectable":true,"detections":"Sigma, Falco"},{"id":"T1565.001","name":"Stored Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1565.002","name":"Transmitted Data Manipulation","detectable":true,"detections":"Sigma"},{"id":"T1609","name":"Container Administration Command","detectable":true,"detections":"Sigma"},{"id":"T1610","name":"Deploy Container","detectable":true,"detections":"Falco"},{"id":"T1613","name":"Container and Resource Discovery","detectable":true,"detections":"Sigma"},{"id":"T1619","name":"Cloud Storage Object Discovery","detectable":true,"detections":"Sigma"}],"technique_count":81,"detectable_count":55,"coverage_pct":67,"has_mapping":true,"is_enhancement":true,"base_control_id":"1"},{"control_id":"1.4","title":"Network connections between trusted and untrusted networks are controlled","family":"Network Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"1"},{"control_id":"1.5","title":"Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated","family":"Network Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"1"},{"control_id":"9","title":"Restrict Physical Access to Cardholder Data","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"9.1","title":"Processes and mechanisms for restricting physical access to cardholder data are defined and understood","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"9"},{"control_id":"9.2","title":"Physical access controls manage entry into facilities and systems containing cardholder data","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"9"},{"control_id":"9.3","title":"Physical access for personnel and visitors is authorized and managed","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"9"},{"control_id":"9.4","title":"Media with cardholder data is securely stored, accessed, distributed, and destroyed","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"9"},{"control_id":"9.5","title":"Point of interaction (POI) devices are protected from tampering and unauthorized substitution","family":"Physical Security","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"9"},{"control_id":"2","title":"Apply Secure Configurations to All System Components","family":"Secure Configurations","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"2.1","title":"Processes and mechanisms for applying secure configurations are defined and understood","family":"Secure Configurations","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"2"},{"control_id":"2.2","title":"System components are configured and managed securely","family":"Secure Configurations","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"2"},{"control_id":"2.3","title":"Wireless environments are configured and managed securely","family":"Secure Configurations","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"2"},{"control_id":"6","title":"Develop and Maintain Secure Systems and Software","family":"Secure Development","techniques":[{"id":"T1195.003","name":"Compromise Hardware Supply Chain","detectable":false},{"id":"T1542","name":"Pre-OS Boot","detectable":false},{"id":"T1542.004","name":"ROMMONkit","detectable":false},{"id":"T1542.005","name":"TFTP Boot","detectable":false},{"id":"T1553.006","name":"Code Signing Policy Modification","detectable":false},{"id":"T1558.004","name":"AS-REP Roasting","detectable":false},{"id":"T1559.003","name":"XPC Services","detectable":false},{"id":"T1574.002","name":"DLL Side-Loading","detectable":false},{"id":"T1601","name":"Modify System Image","detectable":false},{"id":"T1601.001","name":"Patch System Image","detectable":false},{"id":"T1601.002","name":"Downgrade System Image","detectable":false},{"id":"T1612","name":"Build Image on Host","detectable":false},{"id":"T1647","name":"Plist File Modification","detectable":false},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1134.005","name":"SID-History Injection","detectable":true,"detections":"Sigma"},{"id":"T1195.001","name":"Compromise Software Dependencies and Development Tools","detectable":true,"detections":"Sigma"},{"id":"T1213.003","name":"Code Repositories","detectable":true,"detections":"Sigma"},{"id":"T1495","name":"Firmware Corruption","detectable":true,"detections":"Sigma"},{"id":"T1505","name":"Server Software Component","detectable":true,"detections":"Sigma, CAR, IDS, Falco"},{"id":"T1505.001","name":"SQL Stored Procedures","detectable":true,"detections":"Sigma"},{"id":"T1505.002","name":"Transport Agent","detectable":true,"detections":"Sigma"},{"id":"T1505.004","name":"IIS Components","detectable":true,"detections":"Sigma"},{"id":"T1528","name":"Steal Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1542.001","name":"System Firmware","detectable":true,"detections":"Sigma"},{"id":"T1542.003","name":"Bootkit","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1552.006","name":"Group Policy Preferences","detectable":true,"detections":"Sigma"},{"id":"T1553","name":"Subvert Trust Controls","detectable":true,"detections":"Sigma, CAR"}],"technique_count":34,"detectable_count":21,"coverage_pct":61,"has_mapping":true,"is_enhancement":false},{"control_id":"6.1","title":"Processes and mechanisms for developing and maintaining secure systems and software are defined and understood","family":"Secure Development","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"6"},{"control_id":"6.2","title":"Bespoke and custom software are developed securely","family":"Secure Development","techniques":[{"id":"T1195.003","name":"Compromise Hardware Supply Chain","detectable":false},{"id":"T1542","name":"Pre-OS Boot","detectable":false},{"id":"T1542.004","name":"ROMMONkit","detectable":false},{"id":"T1542.005","name":"TFTP Boot","detectable":false},{"id":"T1553.006","name":"Code Signing Policy Modification","detectable":false},{"id":"T1558.004","name":"AS-REP Roasting","detectable":false},{"id":"T1559.003","name":"XPC Services","detectable":false},{"id":"T1574.002","name":"DLL Side-Loading","detectable":false},{"id":"T1601","name":"Modify System Image","detectable":false},{"id":"T1601.001","name":"Patch System Image","detectable":false},{"id":"T1601.002","name":"Downgrade System Image","detectable":false},{"id":"T1612","name":"Build Image on Host","detectable":false},{"id":"T1647","name":"Plist File Modification","detectable":false},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1134.005","name":"SID-History Injection","detectable":true,"detections":"Sigma"},{"id":"T1195.001","name":"Compromise Software Dependencies and Development Tools","detectable":true,"detections":"Sigma"},{"id":"T1213.003","name":"Code Repositories","detectable":true,"detections":"Sigma"},{"id":"T1495","name":"Firmware Corruption","detectable":true,"detections":"Sigma"},{"id":"T1505","name":"Server Software Component","detectable":true,"detections":"Sigma, CAR, IDS, Falco"},{"id":"T1505.001","name":"SQL Stored Procedures","detectable":true,"detections":"Sigma"},{"id":"T1505.002","name":"Transport Agent","detectable":true,"detections":"Sigma"},{"id":"T1505.004","name":"IIS Components","detectable":true,"detections":"Sigma"},{"id":"T1528","name":"Steal Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1542.001","name":"System Firmware","detectable":true,"detections":"Sigma"},{"id":"T1542.003","name":"Bootkit","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1552.006","name":"Group Policy Preferences","detectable":true,"detections":"Sigma"},{"id":"T1553","name":"Subvert Trust Controls","detectable":true,"detections":"Sigma, CAR"}],"technique_count":34,"detectable_count":21,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"6"},{"control_id":"6.3","title":"Security vulnerabilities are identified and addressed","family":"Secure Development","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"6"},{"control_id":"6.4","title":"Public-facing web applications are protected against attacks","family":"Secure Development","techniques":[{"id":"T1195.003","name":"Compromise Hardware Supply Chain","detectable":false},{"id":"T1542","name":"Pre-OS Boot","detectable":false},{"id":"T1542.004","name":"ROMMONkit","detectable":false},{"id":"T1542.005","name":"TFTP Boot","detectable":false},{"id":"T1553.006","name":"Code Signing Policy Modification","detectable":false},{"id":"T1558.004","name":"AS-REP Roasting","detectable":false},{"id":"T1559.003","name":"XPC Services","detectable":false},{"id":"T1574.002","name":"DLL Side-Loading","detectable":false},{"id":"T1601","name":"Modify System Image","detectable":false},{"id":"T1601.001","name":"Patch System Image","detectable":false},{"id":"T1601.002","name":"Downgrade System Image","detectable":false},{"id":"T1612","name":"Build Image on Host","detectable":false},{"id":"T1647","name":"Plist File Modification","detectable":false},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1134.005","name":"SID-History Injection","detectable":true,"detections":"Sigma"},{"id":"T1195.001","name":"Compromise Software Dependencies and Development Tools","detectable":true,"detections":"Sigma"},{"id":"T1213.003","name":"Code Repositories","detectable":true,"detections":"Sigma"},{"id":"T1495","name":"Firmware Corruption","detectable":true,"detections":"Sigma"},{"id":"T1505","name":"Server Software Component","detectable":true,"detections":"Sigma, CAR, IDS, Falco"},{"id":"T1505.001","name":"SQL Stored Procedures","detectable":true,"detections":"Sigma"},{"id":"T1505.002","name":"Transport Agent","detectable":true,"detections":"Sigma"},{"id":"T1505.004","name":"IIS Components","detectable":true,"detections":"Sigma"},{"id":"T1528","name":"Steal Application Access Token","detectable":true,"detections":"Sigma"},{"id":"T1542.001","name":"System Firmware","detectable":true,"detections":"Sigma"},{"id":"T1542.003","name":"Bootkit","detectable":true,"detections":"Sigma"},{"id":"T1552","name":"Unsecured Credentials","detectable":true,"detections":"Sigma, CAR, IDS, YARA, Falco"},{"id":"T1552.001","name":"Credentials In Files","detectable":true,"detections":"Sigma, CAR, Falco"},{"id":"T1552.002","name":"Credentials in Registry","detectable":true,"detections":"Sigma, CAR"},{"id":"T1552.004","name":"Private Keys","detectable":true,"detections":"Sigma, YARA"},{"id":"T1552.006","name":"Group Policy Preferences","detectable":true,"detections":"Sigma"},{"id":"T1553","name":"Subvert Trust Controls","detectable":true,"detections":"Sigma, CAR"}],"technique_count":34,"detectable_count":21,"coverage_pct":61,"has_mapping":true,"is_enhancement":true,"base_control_id":"6"},{"control_id":"6.5","title":"Changes to all system components are managed securely","family":"Secure Development","techniques":[{"id":"T1195.003","name":"Compromise Hardware Supply Chain","detectable":false},{"id":"T1542","name":"Pre-OS Boot","detectable":false},{"id":"T1542.004","name":"ROMMONkit","detectable":false},{"id":"T1542.005","name":"TFTP Boot","detectable":false},{"id":"T1553.006","name":"Code Signing Policy Modification","detectable":false},{"id":"T1559.003","name":"XPC Services","detectable":false},{"id":"T1564.009","name":"Resource Forking","detectable":false},{"id":"T1574.002","name":"DLL Side-Loading","detectable":false},{"id":"T1601","name":"Modify System Image","detectable":false},{"id":"T1601.001","name":"Patch System Image","detectable":false},{"id":"T1601.002","name":"Downgrade System Image","detectable":false},{"id":"T1647","name":"Plist File Modification","detectable":false},{"id":"T1072","name":"Software Deployment Tools","detectable":true,"detections":"Sigma, IDS, Falco"},{"id":"T1078","name":"Valid Accounts","detectable":true,"detections":"Sigma, CAR, IDS"},{"id":"T1078.001","name":"Default Accounts","detectable":true,"detections":"Sigma"},{"id":"T1078.003","name":"Local Accounts","detectable":true,"detections":"Sigma, CAR"},{"id":"T1078.004","name":"Cloud Accounts","detectable":true,"detections":"Sigma"},{"id":"T1195.001","name":"Compromise Software Dependencies and Development Tools","detectable":true,"detections":"Sigma"},{"id":"T1213.003","name":"Code Repositories","detectable":true,"detections":"Sigma"},{"id":"T1495","name":"Firmware Corruption","detectable":true,"detections":"Sigma"},{"id":"T1505","name":"Server Software Component","detectable":true,"detections":"Sigma, CAR, IDS, Falco"},{"id":"T1505.001","name":"SQL Stored Procedures","detectable":true,"detections":"Sigma"},{"id":"T1505.002","name":"Transport Agent","detectable":true,"detections":"Sigma"},{"id":"T1505.004","name":"IIS Components","detectable":true,"detections":"Sigma"},{"id":"T1542.001","name":"System Firmware","detectable":true,"detections":"Sigma"},{"id":"T1542.003","name":"Bootkit","detectable":true,"detections":"Sigma"},{"id":"T1553","name":"Subvert Trust Controls","detectable":true,"detections":"Sigma, CAR"}],"technique_count":27,"detectable_count":15,"coverage_pct":55,"has_mapping":true,"is_enhancement":true,"base_control_id":"6"},{"control_id":"12","title":"Support Information Security with Organizational Policies and Programs","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"12.1","title":"A comprehensive information security policy that governs and provides direction for protection of the entity's information assets is known and current","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.10","title":"Suspected and confirmed security incidents that could impact the CDE are responded to immediately","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.2","title":"Acceptable use policies for end-user technologies are defined and implemented","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.3","title":"Risks to the cardholder data environment are formally identified, evaluated, and managed","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.4","title":"PCI DSS compliance is managed throughout the year","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.5","title":"PCI DSS scope is documented and validated","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.6","title":"Security awareness education is an ongoing activity","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.7","title":"Personnel are screened to reduce risks from insider threats","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.8","title":"Risk to information assets associated with third-party service provider (TPSP) relationships is managed","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"12.9","title":"Third-party service providers (TPSPs) support their customers' PCI DSS compliance","family":"Security Policy","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"12"},{"control_id":"11","title":"Test Security of Systems and Networks Regularly","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":false},{"control_id":"11.1","title":"Processes and mechanisms for regularly testing security of systems and networks are defined and understood","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"},{"control_id":"11.2","title":"Wireless access points are identified and monitored","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"},{"control_id":"11.3","title":"External and internal vulnerabilities are regularly identified, prioritized, and addressed","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"},{"control_id":"11.4","title":"External and internal penetration testing is regularly performed","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"},{"control_id":"11.5","title":"Network intrusions and unexpected file changes are detected and responded to","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"},{"control_id":"11.6","title":"Unauthorized changes on payment pages are detected and responded to","family":"Security Testing","techniques":null,"technique_count":0,"detectable_count":0,"coverage_pct":0,"has_mapping":false,"is_enhancement":true,"base_control_id":"11"}],"families":[{"family":"Access Control","controls":4,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Account Data Protection","controls":8,"controls_with_mapping":8,"distinct_techniques":51,"detectable_techniques":30,"coverage_pct":58},{"family":"Audit Logging","controls":8,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Cryptography in Transit","controls":3,"controls_with_mapping":2,"distinct_techniques":16,"detectable_techniques":10,"coverage_pct":62},{"family":"Identity \u0026 Authentication","controls":7,"controls_with_mapping":1,"distinct_techniques":4,"detectable_techniques":4,"coverage_pct":100},{"family":"Malware Protection","controls":5,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Network Security","controls":6,"controls_with_mapping":2,"distinct_techniques":82,"detectable_techniques":56,"coverage_pct":68},{"family":"Physical Security","controls":6,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Secure Configurations","controls":4,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Secure Development","controls":6,"controls_with_mapping":4,"distinct_techniques":36,"detectable_techniques":22,"coverage_pct":61},{"family":"Security Policy","controls":11,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0},{"family":"Security Testing","controls":7,"controls_with_mapping":0,"distinct_techniques":0,"detectable_techniques":0,"coverage_pct":0}],"total_controls":75,"controls_with_mapping":17,"distinct_techniques":142,"detectable_techniques":92,"overall_coverage_pct":64,"unmapped_enhancements":50,"no_mappings_at_all":false}