NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 872 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default.
AC-02
Account Management
150/220 detectable
AC-03
Access Enforcement
190/281 detectable
AC-04
Information Flow Enforcement
110/158 detectable
AC-05
Separation of Duties
122/167 detectable
AC-06
Least Privilege
182/270 detectable
AC-07
Unsuccessful Logon Attempts
11/16 detectable
AC-08
System Use Notification
1/1 detectable
AC-1
Policy and Procedures
no ATT&CK mapping
AC-10
Concurrent Session Control
4/4 detectable
AC-11
Device Lock
2/2 detectable
AC-11.1
Pattern-hiding Displays
enhancement of AC-11
AC-12
Session Termination
5/6 detectable
AC-12.1
User-initiated Logouts
enhancement of AC-12
AC-12.2
Termination Message
enhancement of AC-12
AC-12.3
Timeout Warning Message
enhancement of AC-12
AC-13
Supervision and Review — Access Control
no ATT&CK mapping
AC-14
Permitted Actions Without Identification or Authentication
1/1 detectable
AC-14.1
Necessary Uses
enhancement of AC-14
AC-15
Automated Marking
no ATT&CK mapping
AC-16
Security and Privacy Attributes
35/57 detectable
AC-16.1
Dynamic Attribute Association
enhancement of AC-16
AC-16.10
Attribute Configuration by Authorized Individuals
enhancement of AC-16
AC-16.2
Attribute Value Changes by Authorized Individuals
enhancement of AC-16
AC-16.3
Maintenance of Attribute Associations by System
enhancement of AC-16
AC-16.4
Association of Attributes by Authorized Individuals
enhancement of AC-16
AC-16.5
Attribute Displays on Objects to Be Output
enhancement of AC-16
AC-16.6
Maintenance of Attribute Association
enhancement of AC-16
AC-16.7
Consistent Attribute Interpretation
enhancement of AC-16
AC-16.8
Association Techniques and Technologies
enhancement of AC-16
AC-16.9
Attribute Reassignment — Regrading Mechanisms
enhancement of AC-16
AC-17
Remote Access
55/81 detectable
AC-17.1
Monitoring and Control
enhancement of AC-17
AC-17.10
Authenticate Remote Commands
enhancement of AC-17
AC-17.2
Protection of Confidentiality and Integrity Using Encryption
enhancement of AC-17
AC-17.3
Managed Access Control Points
enhancement of AC-17
AC-17.4
Privileged Commands and Access
enhancement of AC-17
AC-17.5
Monitoring for Unauthorized Connections
enhancement of AC-17
AC-17.6
Protection of Mechanism Information
enhancement of AC-17
AC-17.7
Additional Protection for Security Function Access
enhancement of AC-17
AC-17.8
Disable Nonsecure Network Protocols
enhancement of AC-17
AC-17.9
Disconnect or Disable Access
enhancement of AC-17
AC-18
Wireless Access
13/25 detectable
AC-18.1
Authentication and Encryption
enhancement of AC-18
AC-18.2
Monitoring Unauthorized Connections
enhancement of AC-18
AC-18.3
Disable Wireless Networking
enhancement of AC-18
AC-18.4
Restrict Configurations by Users
enhancement of AC-18
AC-18.5
Antennas and Transmission Power Levels
enhancement of AC-18
AC-19
Access Control for Mobile Devices
16/27 detectable
AC-19.1
Use of Writable and Portable Storage Devices
enhancement of AC-19
AC-19.2
Use of Personally Owned Portable Storage Devices
enhancement of AC-19
AC-19.3
Use of Portable Storage Devices with No Identifiable Owner
enhancement of AC-19
AC-19.4
Restrictions for Classified Information
enhancement of AC-19
AC-19.5
Full Device or Container-based Encryption
enhancement of AC-19
AC-2
Account Management
no ATT&CK mapping
AC-2.1
Automated System Account Management
enhancement of AC-2
AC-2.10
Shared and Group Account Credential Change
enhancement of AC-2
AC-2.11
Usage Conditions
enhancement of AC-2
AC-2.12
Account Monitoring for Atypical Usage
enhancement of AC-2
AC-2.13
Disable Accounts for High-risk Individuals
enhancement of AC-2
AC-2.2
Automated Temporary and Emergency Account Management
enhancement of AC-2
AC-2.3
Disable Accounts
enhancement of AC-2
AC-2.4
Automated Audit Actions
enhancement of AC-2
AC-2.5
Inactivity Logout
enhancement of AC-2
AC-2.6
Dynamic Privilege Management
enhancement of AC-2
AC-2.7
Privileged User Accounts
enhancement of AC-2
AC-2.8
Dynamic Account Management
enhancement of AC-2
AC-2.9
Restrictions on Use of Shared and Group Accounts
enhancement of AC-2
AC-20
Use of External Systems
46/64 detectable
AC-20.1
Limits on Authorized Use
enhancement of AC-20
AC-20.2
Portable Storage Devices — Restricted Use
enhancement of AC-20
AC-20.3
Non-organizationally Owned Systems — Restricted Use
enhancement of AC-20
AC-20.4
Network Accessible Storage Devices — Prohibited Use
enhancement of AC-20
AC-20.5
Portable Storage Devices — Prohibited Use
enhancement of AC-20
AC-21
Information Sharing
1/5 detectable
AC-21.1
Automated Decision Support
enhancement of AC-21
AC-21.2
Information Search and Retrieval
enhancement of AC-21
AC-22
Publicly Accessible Content
no ATT&CK mapping
AC-23
Data Mining Protection
7/15 detectable
AC-24
Access Control Decisions
no ATT&CK mapping
AC-24.1
Transmit Access Authorization Information
enhancement of AC-24
AC-24.2
No User or Process Identity
enhancement of AC-24
AC-25
Reference Monitor
no ATT&CK mapping
AC-3
Access Enforcement
no ATT&CK mapping
AC-3.1
Restricted Access to Privileged Functions
enhancement of AC-3
AC-3.10
Audited Override of Access Control Mechanisms
enhancement of AC-3
AC-3.11
Restrict Access to Specific Information Types
enhancement of AC-3
AC-3.12
Assert and Enforce Application Access
enhancement of AC-3
AC-3.13
Attribute-based Access Control
enhancement of AC-3
AC-3.14
Individual Access
enhancement of AC-3
AC-3.15
Discretionary and Mandatory Access Control
enhancement of AC-3
AC-3.2
Dual Authorization
enhancement of AC-3
AC-3.3
Mandatory Access Control
enhancement of AC-3
AC-3.4
Discretionary Access Control
enhancement of AC-3
AC-3.5
Security-relevant Information
enhancement of AC-3
AC-3.6
Protection of User and System Information
enhancement of AC-3
AC-3.7
Role-based Access Control
enhancement of AC-3
AC-3.8
Revocation of Access Authorizations
enhancement of AC-3
AC-3.9
Controlled Release
enhancement of AC-3
AC-4
Information Flow Enforcement
no ATT&CK mapping
AC-4.1
Object Security and Privacy Attributes
enhancement of AC-4
AC-4.10
Enable and Disable Security or Privacy Policy Filters
enhancement of AC-4
AC-4.11
Configuration of Security or Privacy Policy Filters
enhancement of AC-4
AC-4.12
Data Type Identifiers
enhancement of AC-4
AC-4.13
Decomposition into Policy-relevant Subcomponents
enhancement of AC-4
AC-4.14
Security or Privacy Policy Filter Constraints
enhancement of AC-4
AC-4.15
Detection of Unsanctioned Information
enhancement of AC-4
AC-4.16
Information Transfers on Interconnected Systems
enhancement of AC-4
AC-4.17
Domain Authentication
enhancement of AC-4
AC-4.18
Security Attribute Binding
enhancement of AC-4
AC-4.19
Validation of Metadata
enhancement of AC-4
AC-4.2
Processing Domains
enhancement of AC-4
AC-4.20
Approved Solutions
enhancement of AC-4
AC-4.21
Physical or Logical Separation of Information Flows
enhancement of AC-4
AC-4.22
Access Only
enhancement of AC-4
AC-4.23
Modify Non-releasable Information
enhancement of AC-4
AC-4.24
Internal Normalized Format
enhancement of AC-4
AC-4.25
Data Sanitization
enhancement of AC-4
AC-4.26
Audit Filtering Actions
enhancement of AC-4
AC-4.27
Redundant/Independent Filtering Mechanisms
enhancement of AC-4
AC-4.28
Linear Filter Pipelines
enhancement of AC-4
AC-4.29
Filter Orchestration Engines
enhancement of AC-4
AC-4.3
Dynamic Information Flow Control
enhancement of AC-4
AC-4.30
Filter Mechanisms Using Multiple Processes
enhancement of AC-4
AC-4.31
Failed Content Transfer Prevention
enhancement of AC-4
AC-4.32
Process Requirements for Information Transfer
enhancement of AC-4
AC-4.4
Flow Control of Encrypted Information
enhancement of AC-4
AC-4.5
Embedded Data Types
enhancement of AC-4
AC-4.6
Metadata
enhancement of AC-4
AC-4.7
One-way Flow Mechanisms
enhancement of AC-4
AC-4.8
Security and Privacy Policy Filters
enhancement of AC-4
AC-4.9
Human Reviews
enhancement of AC-4
AC-5
Separation of Duties
no ATT&CK mapping
AC-6
Least Privilege
no ATT&CK mapping
AC-6.1
Authorize Access to Security Functions
enhancement of AC-6
AC-6.10
Prohibit Non-privileged Users from Executing Privileged Functions
enhancement of AC-6
AC-6.2
Non-privileged Access for Nonsecurity Functions
enhancement of AC-6
AC-6.3
Network Access to Privileged Commands
enhancement of AC-6
AC-6.4
Separate Processing Domains
enhancement of AC-6
AC-6.5
Privileged Accounts
enhancement of AC-6
AC-6.6
Privileged Access by Non-organizational Users
enhancement of AC-6
AC-6.7
Review of User Privileges
enhancement of AC-6
AC-6.8
Privilege Levels for Code Execution
enhancement of AC-6
AC-6.9
Log Use of Privileged Functions
enhancement of AC-6
AC-7
Unsuccessful Logon Attempts
no ATT&CK mapping
AC-7.1
Automatic Account Lock
enhancement of AC-7
AC-7.2
Purge or Wipe Mobile Device
enhancement of AC-7
AC-7.3
Biometric Attempt Limiting
enhancement of AC-7
AC-7.4
Use of Alternate Authentication Factor
enhancement of AC-7
AC-8
System Use Notification
no ATT&CK mapping
AC-9
Previous Logon Notification
no ATT&CK mapping
AC-9.1
Unsuccessful Logons
enhancement of AC-9
AC-9.2
Successful and Unsuccessful Logons
enhancement of AC-9
AC-9.3
Notification of Account Changes
enhancement of AC-9
AC-9.4
Additional Logon Information
enhancement of AC-9
AT-1
Policy and Procedures
no ATT&CK mapping
AT-2
Literacy Training and Awareness
no ATT&CK mapping
AT-2.1
Practical Exercises
enhancement of AT-2
AT-2.2
Insider Threat
enhancement of AT-2
AT-2.3
Social Engineering and Mining
enhancement of AT-2
AT-2.4
Suspicious Communications and Anomalous System Behavior
enhancement of AT-2
AT-2.5
Advanced Persistent Threat
enhancement of AT-2
AT-2.6
Cyber Threat Environment
enhancement of AT-2
AT-3
Role-based Training
no ATT&CK mapping
AT-3.1
Environmental Controls
enhancement of AT-3
AT-3.2
Physical Security Controls
enhancement of AT-3
AT-3.3
Practical Exercises
enhancement of AT-3
AT-3.4
Suspicious Communications and Anomalous System Behavior
enhancement of AT-3
AT-3.5
Processing Personally Identifiable Information
enhancement of AT-3
AT-4
Training Records
no ATT&CK mapping
AT-5
Contacts with Security Groups and Associations
no ATT&CK mapping
AT-6
Training Feedback
no ATT&CK mapping
AU-1
Policy and Procedures
no ATT&CK mapping
AU-10
Non-repudiation
no ATT&CK mapping
AU-10.1
Association of Identities
enhancement of AU-10
AU-10.2
Validate Binding of Information Producer Identity
enhancement of AU-10
AU-10.3
Chain of Custody
enhancement of AU-10
AU-10.4
Validate Binding of Information Reviewer Identity
enhancement of AU-10
AU-10.5
Digital Signatures
enhancement of AU-10
AU-11
Audit Record Retention
no ATT&CK mapping
AU-11.1
Long-term Retrieval Capability
enhancement of AU-11
AU-12
Audit Record Generation
no ATT&CK mapping
AU-12.1
System-wide and Time-correlated Audit Trail
enhancement of AU-12
AU-12.2
Standardized Formats
enhancement of AU-12
AU-12.3
Changes by Authorized Individuals
enhancement of AU-12
AU-12.4
Query Parameter Audits of Personally Identifiable Information
enhancement of AU-12
AU-13
Monitoring for Information Disclosure
no ATT&CK mapping
AU-13.1
Use of Automated Tools
enhancement of AU-13
AU-13.2
Review of Monitored Sites
enhancement of AU-13
AU-13.3
Unauthorized Replication of Information
enhancement of AU-13
AU-14
Session Audit
no ATT&CK mapping
AU-14.1
System Start-up
enhancement of AU-14
AU-14.2
Capture and Record Content
enhancement of AU-14
AU-14.3
Remote Viewing and Listening
enhancement of AU-14
AU-15
Alternate Audit Logging Capability
no ATT&CK mapping
AU-16
Cross-organizational Audit Logging
no ATT&CK mapping
AU-16.1
Identity Preservation
enhancement of AU-16
AU-16.2
Sharing of Audit Information
enhancement of AU-16
AU-16.3
Disassociability
enhancement of AU-16
AU-2
Event Logging
no ATT&CK mapping
AU-2.1
Compilation of Audit Records from Multiple Sources
enhancement of AU-2
AU-2.2
Selection of Audit Events by Component
enhancement of AU-2
AU-2.3
Reviews and Updates
enhancement of AU-2
AU-2.4
Privileged Functions
enhancement of AU-2
AU-3
Content of Audit Records
no ATT&CK mapping
AU-3.1
Additional Audit Information
enhancement of AU-3
AU-3.2
Centralized Management of Planned Audit Record Content
enhancement of AU-3
AU-3.3
Limit Personally Identifiable Information Elements
enhancement of AU-3
AU-4
Audit Log Storage Capacity
no ATT&CK mapping
AU-4.1
Transfer to Alternate Storage
enhancement of AU-4
AU-5
Response to Audit Logging Process Failures
no ATT&CK mapping
AU-5.1
Storage Capacity Warning
enhancement of AU-5
AU-5.2
Real-time Alerts
enhancement of AU-5
AU-5.3
Configurable Traffic Volume Thresholds
enhancement of AU-5
AU-5.4
Shutdown on Failure
enhancement of AU-5
AU-5.5
Alternate Audit Logging Capability
enhancement of AU-5
AU-6
Audit Record Review, Analysis, and Reporting
no ATT&CK mapping
AU-6.1
Automated Process Integration
enhancement of AU-6
AU-6.10
Audit Level Adjustment
enhancement of AU-6
AU-6.2
Automated Security Alerts
enhancement of AU-6
AU-6.3
Correlate Audit Record Repositories
enhancement of AU-6
AU-6.4
Central Review and Analysis
enhancement of AU-6
AU-6.5
Integrated Analysis of Audit Records
enhancement of AU-6
AU-6.6
Correlation with Physical Monitoring
enhancement of AU-6
AU-6.7
Permitted Actions
enhancement of AU-6
AU-6.8
Full Text Analysis of Privileged Commands
enhancement of AU-6
AU-6.9
Correlation with Information from Nontechnical Sources
enhancement of AU-6
AU-7
Audit Record Reduction and Report Generation
no ATT&CK mapping
AU-7.1
Automatic Processing
enhancement of AU-7
AU-7.2
Automatic Sort and Search
enhancement of AU-7
AU-8
Time Stamps
no ATT&CK mapping
AU-8.1
Synchronization with Authoritative Time Source
enhancement of AU-8
AU-8.2
Secondary Authoritative Time Source
enhancement of AU-8
AU-9
Protection of Audit Information
no ATT&CK mapping
AU-9.1
Hardware Write-once Media
enhancement of AU-9
AU-9.2
Store on Separate Physical Systems or Components
enhancement of AU-9
AU-9.3
Cryptographic Protection
enhancement of AU-9
AU-9.4
Access by Subset of Privileged Users
enhancement of AU-9
AU-9.5
Dual Authorization
enhancement of AU-9
AU-9.6
Read-only Access
enhancement of AU-9
AU-9.7
Store on Component with Different Operating System
enhancement of AU-9
CA-02
Control Assessments
5/5 detectable
CA-03
Information Exchange
5/7 detectable
CA-07
Continuous Monitoring
143/210 detectable
CA-1
Policy and Procedures
no ATT&CK mapping
CA-2
Control Assessments
no ATT&CK mapping
CA-2.1
Independent Assessors
enhancement of CA-2
CA-2.2
Specialized Assessments
enhancement of CA-2
CA-2.3
Leveraging Results from External Organizations
enhancement of CA-2
CA-3
Information Exchange
no ATT&CK mapping
CA-3.1
Unclassified National Security System Connections
enhancement of CA-3
CA-3.2
Classified National Security System Connections
enhancement of CA-3
CA-3.3
Unclassified Non-national Security System Connections
enhancement of CA-3
CA-3.4
Connections to Public Networks
enhancement of CA-3
CA-3.5
Restrictions on External System Connections
enhancement of CA-3
CA-3.6
Transfer Authorizations
enhancement of CA-3
CA-3.7
Transitive Information Exchanges
enhancement of CA-3
CA-4
Security Certification
no ATT&CK mapping
CA-5
Plan of Action and Milestones
no ATT&CK mapping
CA-5.1
Automation Support for Accuracy and Currency
enhancement of CA-5
CA-6
Authorization
no ATT&CK mapping
CA-6.1
Joint Authorization — Intra-organization
enhancement of CA-6
CA-6.2
Joint Authorization — Inter-organization
enhancement of CA-6
CA-7
Continuous Monitoring
no ATT&CK mapping
CA-7.1
Independent Assessment
enhancement of CA-7
CA-7.2
Types of Assessments
enhancement of CA-7
CA-7.3
Trend Analyses
enhancement of CA-7
CA-7.4
Risk Monitoring
enhancement of CA-7
CA-7.5
Consistency Analysis
enhancement of CA-7
CA-7.6
Automation Support for Monitoring
enhancement of CA-7
CA-8
Penetration Testing
no ATT&CK mapping
CA-8.1
Independent Penetration Testing Agent or Team
enhancement of CA-8
CA-8.2
Red Team Exercises
enhancement of CA-8
CA-8.3
Facility Penetration Testing
enhancement of CA-8
CA-9
Internal System Connections
no ATT&CK mapping
CA-9.1
Compliance Checks
enhancement of CA-9
CM-02
Baseline Configuration
200/287 detectable
CM-03
Configuration Change Control
14/35 detectable
CM-05
Access Restrictions for Change
111/162 detectable
CM-06
Configuration Settings
243/344 detectable
CM-07
Least Functionality
161/225 detectable
CM-08
System Component Inventory
66/101 detectable
CM-1
Policy and Procedures
no ATT&CK mapping
CM-10
Software Usage Restrictions
8/9 detectable
CM-10.1
Open-source Software
enhancement of CM-10
CM-11
User-installed Software
28/33 detectable
CM-11.1
Alerts for Unauthorized Installations
enhancement of CM-11
CM-11.2
Software Installation with Privileged Status
enhancement of CM-11
CM-11.3
Automated Enforcement and Monitoring
enhancement of CM-11
CM-12
Information Location
1/2 detectable
CM-12.1
Automated Tools to Support Information Location
enhancement of CM-12
CM-13
Data Action Mapping
no ATT&CK mapping
CM-14
Signed Components
no ATT&CK mapping
CM-2
Baseline Configuration
no ATT&CK mapping
CM-2.1
Reviews and Updates
enhancement of CM-2
CM-2.2
Automation Support for Accuracy and Currency
enhancement of CM-2
CM-2.3
Retention of Previous Configurations
enhancement of CM-2
CM-2.4
Unauthorized Software
enhancement of CM-2
CM-2.5
Authorized Software
enhancement of CM-2
CM-2.6
Development and Test Environments
enhancement of CM-2
CM-2.7
Configure Systems and Components for High-risk Areas
enhancement of CM-2
CM-3
Configuration Change Control
no ATT&CK mapping
CM-3.1
Automated Documentation, Notification, and Prohibition of Changes
enhancement of CM-3
CM-3.2
Testing, Validation, and Documentation of Changes
enhancement of CM-3
CM-3.3
Automated Change Implementation
enhancement of CM-3
CM-3.4
Security and Privacy Representatives
enhancement of CM-3
CM-3.5
Automated Security Response
enhancement of CM-3
CM-3.6
Cryptography Management
enhancement of CM-3
CM-3.7
Review System Changes
enhancement of CM-3
CM-3.8
Prevent or Restrict Configuration Changes
enhancement of CM-3
CM-4
Impact Analyses
no ATT&CK mapping
CM-4.1
Separate Test Environments
enhancement of CM-4
CM-4.2
Verification of Controls
enhancement of CM-4
CM-5
Access Restrictions for Change
no ATT&CK mapping
CM-5.1
Automated Access Enforcement and Audit Records
enhancement of CM-5
CM-5.2
Review System Changes
enhancement of CM-5
CM-5.3
Signed Components
enhancement of CM-5
CM-5.4
Dual Authorization
enhancement of CM-5
CM-5.5
Privilege Limitation for Production and Operation
enhancement of CM-5
CM-5.6
Limit Library Privileges
enhancement of CM-5
CM-5.7
Automatic Implementation of Security Safeguards
enhancement of CM-5
CM-6
Configuration Settings
no ATT&CK mapping
CM-6.1
Automated Management, Application, and Verification
enhancement of CM-6
CM-6.2
Respond to Unauthorized Changes
enhancement of CM-6
CM-6.3
Unauthorized Change Detection
enhancement of CM-6
CM-6.4
Conformance Demonstration
enhancement of CM-6
CM-7
Least Functionality
no ATT&CK mapping
CM-7.1
Periodic Review
enhancement of CM-7
CM-7.2
Prevent Program Execution
enhancement of CM-7
CM-7.3
Registration Compliance
enhancement of CM-7
CM-7.4
Unauthorized Software — Deny-by-exception
enhancement of CM-7
CM-7.5
Authorized Software — Allow-by-exception
enhancement of CM-7
CM-7.6
Confined Environments with Limited Privileges
enhancement of CM-7
CM-7.7
Code Execution in Protected Environments
enhancement of CM-7
CM-7.8
Binary or Machine Executable Code
enhancement of CM-7
CM-7.9
Prohibiting The Use of Unauthorized Hardware
enhancement of CM-7
CM-8
System Component Inventory
no ATT&CK mapping
CM-8.1
Updates During Installation and Removal
enhancement of CM-8
CM-8.2
Automated Maintenance
enhancement of CM-8
CM-8.3
Automated Unauthorized Component Detection
enhancement of CM-8
CM-8.4
Accountability Information
enhancement of CM-8
CM-8.5
No Duplicate Accounting of Components
enhancement of CM-8
CM-8.6
Assessed Configurations and Approved Deviations
enhancement of CM-8
CM-8.7
Centralized Repository
enhancement of CM-8
CM-8.8
Automated Location Tracking
enhancement of CM-8
CM-8.9
Assignment of Components to Systems
enhancement of CM-8
CM-9
Configuration Management Plan
no ATT&CK mapping
CM-9.1
Assignment of Responsibility
enhancement of CM-9
CP-02
Contingency Plan
6/9 detectable
CP-06
Alternate Storage Site
6/8 detectable
CP-07
Alternate Processing Site
11/16 detectable
CP-09
System Backup
14/22 detectable
CP-1
Policy and Procedures
no ATT&CK mapping
CP-10
System Recovery and Reconstitution
8/12 detectable
CP-10.1
Contingency Plan Testing
enhancement of CP-10
CP-10.2
Transaction Recovery
enhancement of CP-10
CP-10.3
Compensating Security Controls
enhancement of CP-10
CP-10.4
Restore Within Time Period
enhancement of CP-10
CP-10.5
Failover Capability
enhancement of CP-10
CP-10.6
Component Protection
enhancement of CP-10
CP-11
Alternate Communications Protocols
no ATT&CK mapping
CP-12
Safe Mode
no ATT&CK mapping
CP-13
Alternative Security Mechanisms
no ATT&CK mapping
CP-2
Contingency Plan
no ATT&CK mapping
CP-2.1
Coordinate with Related Plans
enhancement of CP-2
CP-2.2
Capacity Planning
enhancement of CP-2
CP-2.3
Resume Mission and Business Functions
enhancement of CP-2
CP-2.4
Resume All Mission and Business Functions
enhancement of CP-2
CP-2.5
Continue Mission and Business Functions
enhancement of CP-2
CP-2.6
Alternate Processing and Storage Sites
enhancement of CP-2
CP-2.7
Coordinate with External Service Providers
enhancement of CP-2
CP-2.8
Identify Critical Assets
enhancement of CP-2
CP-3
Contingency Training
no ATT&CK mapping
CP-3.1
Simulated Events
enhancement of CP-3
CP-3.2
Mechanisms Used in Training Environments
enhancement of CP-3
CP-4
Contingency Plan Testing
no ATT&CK mapping
CP-4.1
Coordinate with Related Plans
enhancement of CP-4
CP-4.2
Alternate Processing Site
enhancement of CP-4
CP-4.3
Automated Testing
enhancement of CP-4
CP-4.4
Full Recovery and Reconstitution
enhancement of CP-4
CP-4.5
Self-challenge
enhancement of CP-4
CP-5
Contingency Plan Update
no ATT&CK mapping
CP-6
Alternate Storage Site
no ATT&CK mapping
CP-6.1
Separation from Primary Site
enhancement of CP-6
CP-6.2
Recovery Time and Recovery Point Objectives
enhancement of CP-6
CP-6.3
Accessibility
enhancement of CP-6
CP-7
Alternate Processing Site
no ATT&CK mapping
CP-7.1
Separation from Primary Site
enhancement of CP-7
CP-7.2
Accessibility
enhancement of CP-7
CP-7.3
Priority of Service
enhancement of CP-7
CP-7.4
Preparation for Use
enhancement of CP-7
CP-7.5
Equivalent Information Security Safeguards
enhancement of CP-7
CP-7.6
Inability to Return to Primary Site
enhancement of CP-7
CP-8
Telecommunications Services
no ATT&CK mapping
CP-8.1
Priority of Service Provisions
enhancement of CP-8
CP-8.2
Single Points of Failure
enhancement of CP-8
CP-8.3
Separation of Primary and Alternate Providers
enhancement of CP-8
CP-8.4
Provider Contingency Plan
enhancement of CP-8
CP-8.5
Alternate Telecommunication Service Testing
enhancement of CP-8
CP-9
System Backup
no ATT&CK mapping
CP-9.1
Testing for Reliability and Integrity
enhancement of CP-9
CP-9.2
Test Restoration Using Sampling
enhancement of CP-9
CP-9.3
Separate Storage for Critical Information
enhancement of CP-9
CP-9.4
Protection from Unauthorized Modification
enhancement of CP-9
CP-9.5
Transfer to Alternate Storage Site
enhancement of CP-9
CP-9.6
Redundant Secondary System
enhancement of CP-9
CP-9.7
Dual Authorization for Deletion or Destruction
enhancement of CP-9
CP-9.8
Cryptographic Protection
enhancement of CP-9
IA-02
Identification and Authentication (Organizational Users)
126/173 detectable
IA-03
Device Identification and Authentication
4/8 detectable
IA-04
Identifier Management
22/36 detectable
IA-05
Authenticator Management
48/72 detectable
IA-06
Authentication Feedback
4/8 detectable
IA-07
Cryptographic Module Authentication
4/12 detectable
IA-08
Identification and Authentication (Non-Organizational Users)
12/22 detectable
IA-09
Service Identification and Authentication
16/22 detectable
IA-1
Policy and Procedures
no ATT&CK mapping
IA-10
Adaptive Authentication
no ATT&CK mapping
IA-11
Re-authentication
4/7 detectable
IA-12
Identity Proofing
4/4 detectable
IA-12.1
Supervisor Authorization
enhancement of IA-12
IA-12.2
Identity Evidence
enhancement of IA-12
IA-12.3
Identity Evidence Validation and Verification
enhancement of IA-12
IA-12.4
In-person Validation and Verification
enhancement of IA-12
IA-12.5
Address Confirmation
enhancement of IA-12
IA-12.6
Accept Externally-proofed Identities
enhancement of IA-12
IA-13
Identity Providers and Authorization Servers
14/17 detectable
IA-13.1
Protection of Cryptographic Keys
enhancement of IA-13
IA-13.2
Verification of Identity Assertions and Access Tokens
enhancement of IA-13
IA-13.3
Token Management
enhancement of IA-13
IA-2
Identification and Authentication (Organizational Users)
no ATT&CK mapping
IA-2.1
Multi-factor Authentication to Privileged Accounts
enhancement of IA-2
IA-2.10
Single Sign-on
enhancement of IA-2
IA-2.11
Remote Access — Separate Device
enhancement of IA-2
IA-2.12
Acceptance of PIV Credentials
enhancement of IA-2
IA-2.13
Out-of-band Authentication
enhancement of IA-2
IA-2.2
Multi-factor Authentication to Non-privileged Accounts
enhancement of IA-2
IA-2.3
Local Access to Privileged Accounts
enhancement of IA-2
IA-2.4
Local Access to Non-privileged Accounts
enhancement of IA-2
IA-2.5
Individual Authentication with Group Authentication
enhancement of IA-2
IA-2.6
Access to Accounts —separate Device
enhancement of IA-2
IA-2.7
Network Access to Non-privileged Accounts — Separate Device
enhancement of IA-2
IA-2.8
Access to Accounts — Replay Resistant
enhancement of IA-2
IA-2.9
Network Access to Non-privileged Accounts — Replay Resistant
enhancement of IA-2
IA-3
Device Identification and Authentication
no ATT&CK mapping
IA-3.1
Cryptographic Bidirectional Authentication
enhancement of IA-3
IA-3.2
Cryptographic Bidirectional Network Authentication
enhancement of IA-3
IA-3.3
Dynamic Address Allocation
enhancement of IA-3
IA-3.4
Device Attestation
enhancement of IA-3
IA-4
Identifier Management
no ATT&CK mapping
IA-4.1
Prohibit Account Identifiers as Public Identifiers
enhancement of IA-4
IA-4.2
Supervisor Authorization
enhancement of IA-4
IA-4.3
Multiple Forms of Certification
enhancement of IA-4
IA-4.4
Identify User Status
enhancement of IA-4
IA-4.5
Dynamic Management
enhancement of IA-4
IA-4.6
Cross-organization Management
enhancement of IA-4
IA-4.7
In-person Registration
enhancement of IA-4
IA-4.8
Pairwise Pseudonymous Identifiers
enhancement of IA-4
IA-4.9
Attribute Maintenance and Protection
enhancement of IA-4
IA-5
Authenticator Management
no ATT&CK mapping
IA-5.1
Password-based Authentication
enhancement of IA-5
IA-5.10
Dynamic Credential Binding
enhancement of IA-5
IA-5.11
Hardware Token-based Authentication
enhancement of IA-5
IA-5.12
Biometric Authentication Performance
enhancement of IA-5
IA-5.13
Expiration of Cached Authenticators
enhancement of IA-5
IA-5.14
Managing Content of PKI Trust Stores
enhancement of IA-5
IA-5.15
GSA-approved Products and Services
enhancement of IA-5
IA-5.16
In-person or Trusted External Party Authenticator Issuance
enhancement of IA-5
IA-5.17
Presentation Attack Detection for Biometric Authenticators
enhancement of IA-5
IA-5.18
Password Managers
enhancement of IA-5
IA-5.2
Public Key-based Authentication
enhancement of IA-5
IA-5.3
In-person or Trusted External Party Registration
enhancement of IA-5
IA-5.4
Automated Support for Password Strength Determination
enhancement of IA-5
IA-5.5
Change Authenticators Prior to Delivery
enhancement of IA-5
IA-5.6
Protection of Authenticators
enhancement of IA-5
IA-5.7
No Embedded Unencrypted Static Authenticators
enhancement of IA-5
IA-5.8
Multiple System Accounts
enhancement of IA-5
IA-5.9
Federated Credential Management
enhancement of IA-5
IA-6
Authentication Feedback
no ATT&CK mapping
IA-7
Cryptographic Module Authentication
no ATT&CK mapping
IA-8
Identification and Authentication (Non-organizational Users)
no ATT&CK mapping
IA-8.1
Acceptance of PIV Credentials from Other Agencies
enhancement of IA-8
IA-8.2
Acceptance of External Authenticators
enhancement of IA-8
IA-8.3
Use of FICAM-approved Products
enhancement of IA-8
IA-8.4
Use of Defined Profiles
enhancement of IA-8
IA-8.5
Acceptance of PIV-I Credentials
enhancement of IA-8
IA-8.6
Disassociability
enhancement of IA-8
IA-9
Service Identification and Authentication
no ATT&CK mapping
IA-9.1
Information Exchange
enhancement of IA-9
IA-9.2
Transmission of Decisions
enhancement of IA-9
IR-1
Policy and Procedures
no ATT&CK mapping
IR-10
Integrated Information Security Analysis Team
no ATT&CK mapping
IR-2
Incident Response Training
no ATT&CK mapping
IR-2.1
Simulated Events
enhancement of IR-2
IR-2.2
Automated Training Environments
enhancement of IR-2
IR-2.3
Breach
enhancement of IR-2
IR-3
Incident Response Testing
no ATT&CK mapping
IR-3.1
Automated Testing
enhancement of IR-3
IR-3.2
Coordination with Related Plans
enhancement of IR-3
IR-3.3
Continuous Improvement
enhancement of IR-3
IR-4
Incident Handling
no ATT&CK mapping
IR-4.1
Automated Incident Handling Processes
enhancement of IR-4
IR-4.10
Supply Chain Coordination
enhancement of IR-4
IR-4.11
Integrated Incident Response Team
enhancement of IR-4
IR-4.12
Malicious Code and Forensic Analysis
enhancement of IR-4
IR-4.13
Behavior Analysis
enhancement of IR-4
IR-4.14
Security Operations Center
enhancement of IR-4
IR-4.15
Public Relations and Reputation Repair
enhancement of IR-4
IR-4.2
Dynamic Reconfiguration
enhancement of IR-4
IR-4.3
Continuity of Operations
enhancement of IR-4
IR-4.4
Information Correlation
enhancement of IR-4
IR-4.5
Automatic Disabling of System
enhancement of IR-4
IR-4.6
Insider Threats
enhancement of IR-4
IR-4.7
Insider Threats — Intra-organization Coordination
enhancement of IR-4
IR-4.8
Correlation with External Organizations
enhancement of IR-4
IR-4.9
Dynamic Response Capability
enhancement of IR-4
IR-5
Incident Monitoring
no ATT&CK mapping
IR-5.1
Automated Tracking, Data Collection, and Analysis
enhancement of IR-5
IR-6
Incident Reporting
no ATT&CK mapping
IR-6.1
Automated Reporting
enhancement of IR-6
IR-6.2
Vulnerabilities Related to Incidents
enhancement of IR-6
IR-6.3
Supply Chain Coordination
enhancement of IR-6
IR-7
Incident Response Assistance
no ATT&CK mapping
IR-7.1
Automation Support for Availability of Information and Support
enhancement of IR-7
IR-7.2
Coordination with External Providers
enhancement of IR-7
IR-8
Incident Response Plan
no ATT&CK mapping
IR-8.1
Breaches
enhancement of IR-8
IR-9
Information Spillage Response
no ATT&CK mapping
IR-9.1
Responsible Personnel
enhancement of IR-9
IR-9.2
Training
enhancement of IR-9
IR-9.3
Post-spill Operations
enhancement of IR-9
IR-9.4
Exposure to Unauthorized Personnel
enhancement of IR-9
MA-1
Policy and Procedures
no ATT&CK mapping
MA-2
Controlled Maintenance
no ATT&CK mapping
MA-2.1
Record Content
enhancement of MA-2
MA-2.2
Automated Maintenance Activities
enhancement of MA-2
MA-3
Maintenance Tools
no ATT&CK mapping
MA-3.1
Inspect Tools
enhancement of MA-3
MA-3.2
Inspect Media
enhancement of MA-3
MA-3.3
Prevent Unauthorized Removal
enhancement of MA-3
MA-3.4
Restricted Tool Use
enhancement of MA-3
MA-3.5
Execution with Privilege
enhancement of MA-3
MA-3.6
Software Updates and Patches
enhancement of MA-3
MA-4
Nonlocal Maintenance
no ATT&CK mapping
MA-4.1
Logging and Review
enhancement of MA-4
MA-4.2
Document Nonlocal Maintenance
enhancement of MA-4
MA-4.3
Comparable Security and Sanitization
enhancement of MA-4
MA-4.4
Authentication and Separation of Maintenance Sessions
enhancement of MA-4
MA-4.5
Approvals and Notifications
enhancement of MA-4
MA-4.6
Cryptographic Protection
enhancement of MA-4
MA-4.7
Disconnect Verification
enhancement of MA-4
MA-5
Maintenance Personnel
no ATT&CK mapping
MA-5.1
Individuals Without Appropriate Access
enhancement of MA-5
MA-5.2
Security Clearances for Classified Systems
enhancement of MA-5
MA-5.3
Citizenship Requirements for Classified Systems
enhancement of MA-5
MA-5.4
Foreign Nationals
enhancement of MA-5
MA-5.5
Non-system Maintenance
enhancement of MA-5
MA-6
Timely Maintenance
no ATT&CK mapping
MA-6.1
Preventive Maintenance
enhancement of MA-6
MA-6.2
Predictive Maintenance
enhancement of MA-6
MA-6.3
Automated Support for Predictive Maintenance
enhancement of MA-6
MA-7
Field Maintenance
no ATT&CK mapping
MP-07
Media Use
2/6 detectable
MP-1
Policy and Procedures
no ATT&CK mapping
MP-2
Media Access
no ATT&CK mapping
MP-2.1
Automated Restricted Access
enhancement of MP-2
MP-2.2
Cryptographic Protection
enhancement of MP-2
MP-3
Media Marking
no ATT&CK mapping
MP-4
Media Storage
no ATT&CK mapping
MP-4.1
Cryptographic Protection
enhancement of MP-4
MP-4.2
Automated Restricted Access
enhancement of MP-4
MP-5
Media Transport
no ATT&CK mapping
MP-5.1
Protection Outside of Controlled Areas
enhancement of MP-5
MP-5.2
Documentation of Activities
enhancement of MP-5
MP-5.3
Custodians
enhancement of MP-5
MP-5.4
Cryptographic Protection
enhancement of MP-5
MP-6
Media Sanitization
no ATT&CK mapping
MP-6.1
Review, Approve, Track, Document, and Verify
enhancement of MP-6
MP-6.2
Equipment Testing
enhancement of MP-6
MP-6.3
Nondestructive Techniques
enhancement of MP-6
MP-6.4
Controlled Unclassified Information
enhancement of MP-6
MP-6.5
Classified Information
enhancement of MP-6
MP-6.6
Media Destruction
enhancement of MP-6
MP-6.7
Dual Authorization
enhancement of MP-6
MP-6.8
Remote Purging or Wiping of Information
enhancement of MP-6
MP-7
Media Use
no ATT&CK mapping
MP-7.1
Prohibit Use Without Owner
enhancement of MP-7
MP-7.2
Prohibit Use of Sanitization-resistant Media
enhancement of MP-7
MP-8
Media Downgrading
no ATT&CK mapping
MP-8.1
Documentation of Process
enhancement of MP-8
MP-8.2
Equipment Testing
enhancement of MP-8
MP-8.3
Controlled Unclassified Information
enhancement of MP-8
MP-8.4
Classified Information
enhancement of MP-8
PE-1
Policy and Procedures
no ATT&CK mapping
PE-10
Emergency Shutoff
no ATT&CK mapping
PE-10.1
Accidental and Unauthorized Activation
enhancement of PE-10
PE-11
Emergency Power
no ATT&CK mapping
PE-11.1
Alternate Power Supply — Minimal Operational Capability
enhancement of PE-11
PE-11.2
Alternate Power Supply — Self-contained
enhancement of PE-11
PE-12
Emergency Lighting
no ATT&CK mapping
PE-12.1
Essential Mission and Business Functions
enhancement of PE-12
PE-13
Fire Protection
no ATT&CK mapping
PE-13.1
Detection Systems — Automatic Activation and Notification
enhancement of PE-13
PE-13.2
Suppression Systems — Automatic Activation and Notification
enhancement of PE-13
PE-13.3
Automatic Fire Suppression
enhancement of PE-13
PE-13.4
Inspections
enhancement of PE-13
PE-14
Environmental Controls
no ATT&CK mapping
PE-14.1
Automatic Controls
enhancement of PE-14
PE-14.2
Monitoring with Alarms and Notifications
enhancement of PE-14
PE-15
Water Damage Protection
no ATT&CK mapping
PE-15.1
Automation Support
enhancement of PE-15
PE-16
Delivery and Removal
no ATT&CK mapping
PE-17
Alternate Work Site
no ATT&CK mapping
PE-18
Location of System Components
no ATT&CK mapping
PE-18.1
Facility Site
enhancement of PE-18
PE-19
Information Leakage
no ATT&CK mapping
PE-19.1
National Emissions Policies and Procedures
enhancement of PE-19
PE-2
Physical Access Authorizations
no ATT&CK mapping
PE-2.1
Access by Position or Role
enhancement of PE-2
PE-2.2
Two Forms of Identification
enhancement of PE-2
PE-2.3
Restrict Unescorted Access
enhancement of PE-2
PE-20
Asset Monitoring and Tracking
no ATT&CK mapping
PE-21
Electromagnetic Pulse Protection
no ATT&CK mapping
PE-22
Component Marking
no ATT&CK mapping
PE-23
Facility Location
no ATT&CK mapping
PE-3
Physical Access Control
no ATT&CK mapping
PE-3.1
System Access
enhancement of PE-3
PE-3.2
Facility and Systems
enhancement of PE-3
PE-3.3
Continuous Guards
enhancement of PE-3
PE-3.4
Lockable Casings
enhancement of PE-3
PE-3.5
Tamper Protection
enhancement of PE-3
PE-3.6
Facility Penetration Testing
enhancement of PE-3
PE-3.7
Physical Barriers
enhancement of PE-3
PE-3.8
Access Control Vestibules
enhancement of PE-3
PE-4
Access Control for Transmission
no ATT&CK mapping
PE-5
Access Control for Output Devices
no ATT&CK mapping
PE-5.1
Access to Output by Authorized Individuals
enhancement of PE-5
PE-5.2
Link to Individual Identity
enhancement of PE-5
PE-5.3
Marking Output Devices
enhancement of PE-5
PE-6
Monitoring Physical Access
no ATT&CK mapping
PE-6.1
Intrusion Alarms and Surveillance Equipment
enhancement of PE-6
PE-6.2
Automated Intrusion Recognition and Responses
enhancement of PE-6
PE-6.3
Video Surveillance
enhancement of PE-6
PE-6.4
Monitoring Physical Access to Systems
enhancement of PE-6
PE-7
Visitor Control
no ATT&CK mapping
PE-8
Visitor Access Records
no ATT&CK mapping
PE-8.1
Automated Records Maintenance and Review
enhancement of PE-8
PE-8.2
Physical Access Records
enhancement of PE-8
PE-8.3
Limit Personally Identifiable Information Elements
enhancement of PE-8
PE-9
Power Equipment and Cabling
no ATT&CK mapping
PE-9.1
Redundant Cabling
enhancement of PE-9
PE-9.2
Automatic Voltage Controls
enhancement of PE-9
PL-1
Policy and Procedures
no ATT&CK mapping
PL-10
Baseline Selection
no ATT&CK mapping
PL-11
Baseline Tailoring
no ATT&CK mapping
PL-2
System Security and Privacy Plans
no ATT&CK mapping
PL-2.1
Concept of Operations
enhancement of PL-2
PL-2.2
Functional Architecture
enhancement of PL-2
PL-2.3
Plan and Coordinate with Other Organizational Entities
enhancement of PL-2
PL-3
System Security Plan Update
no ATT&CK mapping
PL-4
Rules of Behavior
no ATT&CK mapping
PL-4.1
Social Media and External Site/Application Usage Restrictions
enhancement of PL-4
PL-5
Privacy Impact Assessment
no ATT&CK mapping
PL-6
Security-related Activity Planning
no ATT&CK mapping
PL-7
Concept of Operations
no ATT&CK mapping
PL-8
Security and Privacy Architectures
no ATT&CK mapping
PL-8.1
Defense in Depth
enhancement of PL-8
PL-8.2
Supplier Diversity
enhancement of PL-8
PL-9
Central Management
no ATT&CK mapping
PM-1
Information Security Program Plan
no ATT&CK mapping
PM-10
Authorization Process
no ATT&CK mapping
PM-11
Mission and Business Process Definition
no ATT&CK mapping
PM-12
Insider Threat Program
no ATT&CK mapping
PM-13
Security and Privacy Workforce
no ATT&CK mapping
PM-14
Testing, Training, and Monitoring
no ATT&CK mapping
PM-15
Security and Privacy Groups and Associations
no ATT&CK mapping
PM-16
Threat Awareness Program
no ATT&CK mapping
PM-16.1
Automated Means for Sharing Threat Intelligence
enhancement of PM-16
PM-17
Protecting Controlled Unclassified Information on External Systems
no ATT&CK mapping
PM-18
Privacy Program Plan
no ATT&CK mapping
PM-19
Privacy Program Leadership Role
no ATT&CK mapping
PM-2
Information Security Program Leadership Role
no ATT&CK mapping
PM-20
Dissemination of Privacy Program Information
no ATT&CK mapping
PM-20.1
Privacy Policies on Websites, Applications, and Digital Services
enhancement of PM-20
PM-21
Accounting of Disclosures
no ATT&CK mapping
PM-22
Personally Identifiable Information Quality Management
no ATT&CK mapping
PM-23
Data Governance Body
no ATT&CK mapping
PM-24
Data Integrity Board
no ATT&CK mapping
PM-25
Minimization of Personally Identifiable Information Used in Testing, Training, and Research
no ATT&CK mapping
PM-26
Complaint Management
no ATT&CK mapping
PM-27
Privacy Reporting
no ATT&CK mapping
PM-28
Risk Framing
no ATT&CK mapping
PM-29
Risk Management Program Leadership Roles
no ATT&CK mapping
PM-3
Information Security and Privacy Resources
no ATT&CK mapping
PM-30
Supply Chain Risk Management Strategy
no ATT&CK mapping
PM-30.1
Suppliers of Critical or Mission-essential Items
enhancement of PM-30
PM-31
Continuous Monitoring Strategy
no ATT&CK mapping
PM-32
Purposing
no ATT&CK mapping
PM-4
Plan of Action and Milestones Process
no ATT&CK mapping
PM-5
System Inventory
no ATT&CK mapping
PM-5.1
Inventory of Personally Identifiable Information
enhancement of PM-5
PM-6
Measures of Performance
no ATT&CK mapping
PM-7
Enterprise Architecture
no ATT&CK mapping
PM-7.1
Offloading
enhancement of PM-7
PM-8
Critical Infrastructure Plan
no ATT&CK mapping
PM-9
Risk Management Strategy
no ATT&CK mapping
PS-1
Policy and Procedures
no ATT&CK mapping
PS-2
Position Risk Designation
no ATT&CK mapping
PS-3
Personnel Screening
no ATT&CK mapping
PS-3.1
Classified Information
enhancement of PS-3
PS-3.2
Formal Indoctrination
enhancement of PS-3
PS-3.3
Information Requiring Special Protective Measures
enhancement of PS-3
PS-3.4
Citizenship Requirements
enhancement of PS-3
PS-4
Personnel Termination
no ATT&CK mapping
PS-4.1
Post-employment Requirements
enhancement of PS-4
PS-4.2
Automated Actions
enhancement of PS-4
PS-5
Personnel Transfer
no ATT&CK mapping
PS-6
Access Agreements
no ATT&CK mapping
PS-6.1
Information Requiring Special Protection
enhancement of PS-6
PS-6.2
Classified Information Requiring Special Protection
enhancement of PS-6
PS-6.3
Post-employment Requirements
enhancement of PS-6
PS-7
External Personnel Security
no ATT&CK mapping
PS-8
Personnel Sanctions
no ATT&CK mapping
PS-9
Position Descriptions
no ATT&CK mapping
PT-1
Policy and Procedures
no ATT&CK mapping
PT-2
Authority to Process Personally Identifiable Information
no ATT&CK mapping
PT-2.1
Data Tagging
enhancement of PT-2
PT-2.2
Automation
enhancement of PT-2
PT-3
Personally Identifiable Information Processing Purposes
no ATT&CK mapping
PT-3.1
Data Tagging
enhancement of PT-3
PT-3.2
Automation
enhancement of PT-3
PT-4
Consent
no ATT&CK mapping
PT-4.1
Tailored Consent
enhancement of PT-4
PT-4.2
Just-in-time Consent
enhancement of PT-4
PT-4.3
Revocation
enhancement of PT-4
PT-5
Privacy Notice
no ATT&CK mapping
PT-5.1
Just-in-time Notice
enhancement of PT-5
PT-5.2
Privacy Act Statements
enhancement of PT-5
PT-6
System of Records Notice
no ATT&CK mapping
PT-6.1
Routine Uses
enhancement of PT-6
PT-6.2
Exemption Rules
enhancement of PT-6
PT-7
Specific Categories of Personally Identifiable Information
no ATT&CK mapping
PT-7.1
Social Security Numbers
enhancement of PT-7
PT-7.2
First Amendment Information
enhancement of PT-7
PT-8
Computer Matching Requirements
no ATT&CK mapping
RA-05
Vulnerability Monitoring and Scanning
80/107 detectable
RA-09
Criticality Analysis
4/12 detectable
RA-1
Policy and Procedures
no ATT&CK mapping
RA-10
Threat Hunting
8/8 detectable
RA-2
Security Categorization
no ATT&CK mapping
RA-2.1
Impact-level Prioritization
enhancement of RA-2
RA-3
Risk Assessment
no ATT&CK mapping
RA-3.1
Supply Chain Risk Assessment
enhancement of RA-3
RA-3.2
Use of All-source Intelligence
enhancement of RA-3
RA-3.3
Dynamic Threat Awareness
enhancement of RA-3
RA-3.4
Predictive Cyber Analytics
enhancement of RA-3
RA-4
Risk Assessment Update
no ATT&CK mapping
RA-5
Vulnerability Monitoring and Scanning
no ATT&CK mapping
RA-5.1
Update Tool Capability
enhancement of RA-5
RA-5.10
Correlate Scanning Information
enhancement of RA-5
RA-5.11
Public Disclosure Program
enhancement of RA-5
RA-5.2
Update Vulnerabilities to Be Scanned
enhancement of RA-5
RA-5.3
Breadth and Depth of Coverage
enhancement of RA-5
RA-5.4
Discoverable Information
enhancement of RA-5
RA-5.5
Privileged Access
enhancement of RA-5
RA-5.6
Automated Trend Analyses
enhancement of RA-5
RA-5.7
Automated Detection and Notification of Unauthorized Components
enhancement of RA-5
RA-5.8
Review Historic Audit Logs
enhancement of RA-5
RA-5.9
Penetration Testing and Analyses
enhancement of RA-5
RA-6
Technical Surveillance Countermeasures Survey
no ATT&CK mapping
RA-7
Risk Response
no ATT&CK mapping
RA-8
Privacy Impact Assessments
no ATT&CK mapping
RA-9
Criticality Analysis
no ATT&CK mapping
SA-03
System Development Life Cycle
5/6 detectable
SA-04
Acquisition Process
5/6 detectable
SA-08
Security and Privacy Engineering Principles
13/20 detectable
SA-09
External System Services
5/6 detectable
SA-1
Policy and Procedures
no ATT&CK mapping
SA-10
Developer Configuration Management
15/27 detectable
SA-10.1
Software and Firmware Integrity Verification
enhancement of SA-10
SA-10.2
Alternative Configuration Management Processes
enhancement of SA-10
SA-10.3
Hardware Integrity Verification
enhancement of SA-10
SA-10.4
Trusted Generation
enhancement of SA-10
SA-10.5
Mapping Integrity for Version Control
enhancement of SA-10
SA-10.6
Trusted Distribution
enhancement of SA-10
SA-10.7
Security and Privacy Representatives
enhancement of SA-10
SA-11
Developer Testing and Evaluation
21/34 detectable
SA-11.1
Static Code Analysis
enhancement of SA-11
SA-11.2
Threat Modeling and Vulnerability Analyses
enhancement of SA-11
SA-11.3
Independent Verification of Assessment Plans and Evidence
enhancement of SA-11
SA-11.4
Manual Code Reviews
enhancement of SA-11
SA-11.5
Penetration Testing
enhancement of SA-11
SA-11.6
Attack Surface Reviews
enhancement of SA-11
SA-11.7
Verify Scope of Testing and Evaluation
enhancement of SA-11
SA-11.8
Dynamic Code Analysis
enhancement of SA-11
SA-11.9
Interactive Application Security Testing
enhancement of SA-11
SA-12
Supply Chain Protection
no ATT&CK mapping
SA-12.1
Acquisition Strategies / Tools / Methods
enhancement of SA-12
SA-12.10
Validate as Genuine and Not Altered
enhancement of SA-12
SA-12.11
Penetration Testing / Analysis of Elements, Processes, and Actors
enhancement of SA-12
SA-12.12
Inter-organizational Agreements
enhancement of SA-12
SA-12.13
Critical Information System Components
enhancement of SA-12
SA-12.14
Identity and Traceability
enhancement of SA-12
SA-12.15
Processes to Address Weaknesses or Deficiencies
enhancement of SA-12
SA-12.2
Supplier Reviews
enhancement of SA-12
SA-12.3
Trusted Shipping and Warehousing
enhancement of SA-12
SA-12.4
Diversity of Suppliers
enhancement of SA-12
SA-12.5
Limitation of Harm
enhancement of SA-12
SA-12.6
Minimizing Procurement Time
enhancement of SA-12
SA-12.7
Assessments Prior to Selection / Acceptance / Update
enhancement of SA-12
SA-12.8
Use of All-source Intelligence
enhancement of SA-12
SA-12.9
Operations Security
enhancement of SA-12
SA-13
Trustworthiness
no ATT&CK mapping
SA-14
Criticality Analysis
no ATT&CK mapping
SA-14.1
Critical Components with No Viable Alternative Sourcing
enhancement of SA-14
SA-15
Development Process, Standards, and Tools
12/14 detectable
SA-15.1
Quality Metrics
enhancement of SA-15
SA-15.10
Incident Response Plan
enhancement of SA-15
SA-15.11
Archive System or Component
enhancement of SA-15
SA-15.12
Minimize Personally Identifiable Information
enhancement of SA-15
SA-15.13
Logging Syntax
enhancement of SA-15
SA-15.2
Security and Privacy Tracking Tools
enhancement of SA-15
SA-15.3
Criticality Analysis
enhancement of SA-15
SA-15.4
Threat Modeling and Vulnerability Analysis
enhancement of SA-15
SA-15.5
Attack Surface Reduction
enhancement of SA-15
SA-15.6
Continuous Improvement
enhancement of SA-15
SA-15.7
Automated Vulnerability Analysis
enhancement of SA-15
SA-15.8
Reuse of Threat and Vulnerability Information
enhancement of SA-15
SA-15.9
Use of Live Data
enhancement of SA-15
SA-16
Developer-provided Training
2/3 detectable
SA-17
Developer Security and Privacy Architecture and Design
6/7 detectable
SA-17.1
Formal Policy Model
enhancement of SA-17
SA-17.2
Security-relevant Components
enhancement of SA-17
SA-17.3
Formal Correspondence
enhancement of SA-17
SA-17.4
Informal Correspondence
enhancement of SA-17
SA-17.5
Conceptually Simple Design
enhancement of SA-17
SA-17.6
Structure for Testing
enhancement of SA-17
SA-17.7
Structure for Least Privilege
enhancement of SA-17
SA-17.8
Orchestration
enhancement of SA-17
SA-17.9
Design Diversity
enhancement of SA-17
SA-18
Tamper Resistance and Detection
no ATT&CK mapping
SA-18.1
Multiple Phases of System Development Life Cycle
enhancement of SA-18
SA-18.2
Inspection of Systems or Components
enhancement of SA-18
SA-19
Component Authenticity
no ATT&CK mapping
SA-19.1
Anti-counterfeit Training
enhancement of SA-19
SA-19.2
Configuration Control for Component Service and Repair
enhancement of SA-19
SA-19.3
Component Disposal
enhancement of SA-19
SA-19.4
Anti-counterfeit Scanning
enhancement of SA-19
SA-2
Allocation of Resources
no ATT&CK mapping
SA-20
Customized Development of Critical Components
no ATT&CK mapping
SA-21
Developer Screening
no ATT&CK mapping
SA-21.1
Validation of Screening
enhancement of SA-21
SA-22
Unsupported System Components
6/6 detectable
SA-22.1
Alternative Sources for Continued Support
enhancement of SA-22
SA-23
Specialization
no ATT&CK mapping
SA-24
Design For Cyber Resiliency
no ATT&CK mapping
SA-3
System Development Life Cycle
no ATT&CK mapping
SA-3.1
Manage Preproduction Environment
enhancement of SA-3
SA-3.2
Use of Live or Operational Data
enhancement of SA-3
SA-3.3
Technology Refresh
enhancement of SA-3
SA-4
Acquisition Process
no ATT&CK mapping
SA-4.1
Functional Properties of Controls
enhancement of SA-4
SA-4.10
Use of Approved PIV Products
enhancement of SA-4
SA-4.11
System of Records
enhancement of SA-4
SA-4.12
Data Ownership
enhancement of SA-4
SA-4.2
Design and Implementation Information for Controls
enhancement of SA-4
SA-4.3
Development Methods, Techniques, and Practices
enhancement of SA-4
SA-4.4
Assignment of Components to Systems
enhancement of SA-4
SA-4.5
System, Component, and Service Configurations
enhancement of SA-4
SA-4.6
Use of Information Assurance Products
enhancement of SA-4
SA-4.7
NIAP-approved Protection Profiles
enhancement of SA-4
SA-4.8
Continuous Monitoring Plan for Controls
enhancement of SA-4
SA-4.9
Functions, Ports, Protocols, and Services in Use
enhancement of SA-4
SA-5
System Documentation
no ATT&CK mapping
SA-5.1
Functional Properties of Security Controls
enhancement of SA-5
SA-5.2
Security-relevant External System Interfaces
enhancement of SA-5
SA-5.3
High-level Design
enhancement of SA-5
SA-5.4
Low-level Design
enhancement of SA-5
SA-5.5
Source Code
enhancement of SA-5
SA-6
Software Usage Restrictions
no ATT&CK mapping
SA-7
User-installed Software
no ATT&CK mapping
SA-8
Security and Privacy Engineering Principles
no ATT&CK mapping
SA-8.1
Clear Abstractions
enhancement of SA-8
SA-8.10
Hierarchical Trust
enhancement of SA-8
SA-8.11
Inverse Modification Threshold
enhancement of SA-8
SA-8.12
Hierarchical Protection
enhancement of SA-8
SA-8.13
Minimized Security Elements
enhancement of SA-8
SA-8.14
Least Privilege
enhancement of SA-8
SA-8.15
Predicate Permission
enhancement of SA-8
SA-8.16
Self-reliant Trustworthiness
enhancement of SA-8
SA-8.17
Secure Distributed Composition
enhancement of SA-8
SA-8.18
Trusted Communications Channels
enhancement of SA-8
SA-8.19
Continuous Protection
enhancement of SA-8
SA-8.2
Least Common Mechanism
enhancement of SA-8
SA-8.20
Secure Metadata Management
enhancement of SA-8
SA-8.21
Self-analysis
enhancement of SA-8
SA-8.22
Accountability and Traceability
enhancement of SA-8
SA-8.23
Secure Defaults
enhancement of SA-8
SA-8.24
Secure Failure and Recovery
enhancement of SA-8
SA-8.25
Economic Security
enhancement of SA-8
SA-8.26
Performance Security
enhancement of SA-8
SA-8.27
Human Factored Security
enhancement of SA-8
SA-8.28
Acceptable Security
enhancement of SA-8
SA-8.29
Repeatable and Documented Procedures
enhancement of SA-8
SA-8.3
Modularity and Layering
enhancement of SA-8
SA-8.30
Procedural Rigor
enhancement of SA-8
SA-8.31
Secure System Modification
enhancement of SA-8
SA-8.32
Sufficient Documentation
enhancement of SA-8
SA-8.33
Minimization
enhancement of SA-8
SA-8.4
Partially Ordered Dependencies
enhancement of SA-8
SA-8.5
Efficiently Mediated Access
enhancement of SA-8
SA-8.6
Minimized Sharing
enhancement of SA-8
SA-8.7
Reduced Complexity
enhancement of SA-8
SA-8.8
Secure Evolvability
enhancement of SA-8
SA-8.9
Trusted Components
enhancement of SA-8
SA-9
External System Services
no ATT&CK mapping
SA-9.1
Risk Assessments and Organizational Approvals
enhancement of SA-9
SA-9.2
Identification of Functions, Ports, Protocols, and Services
enhancement of SA-9
SA-9.3
Establish and Maintain Trust Relationship with Providers
enhancement of SA-9
SA-9.4
Consistent Interests of Consumers and Providers
enhancement of SA-9
SA-9.5
Processing, Storage, and Service Location
enhancement of SA-9
SA-9.6
Organization-controlled Cryptographic Keys
enhancement of SA-9
SA-9.7
Organization-controlled Integrity Checking
enhancement of SA-9
SA-9.8
Processing and Storage Location — U.S. Jurisdiction
enhancement of SA-9
SC-02
Separation of System and User Functionality
8/8 detectable
SC-03
Security Function Isolation
15/18 detectable
SC-04
Information in Shared System Resources
15/29 detectable
SC-05
Denial-of-service Protection
0/1 detectable
SC-06
Resource Availability
0/1 detectable
SC-07
Boundary Protection
109/156 detectable
SC-08
Transmission Confidentiality and Integrity
11/20 detectable
SC-1
Policy and Procedures
no ATT&CK mapping
SC-10
Network Disconnect
3/5 detectable
SC-11
Trusted Path
no ATT&CK mapping
SC-11.1
Irrefutable Communications Path
enhancement of SC-11
SC-12
Cryptographic Key Establishment and Management
7/11 detectable
SC-12.1
Availability
enhancement of SC-12
SC-12.2
Symmetric Keys
enhancement of SC-12
SC-12.3
Asymmetric Keys
enhancement of SC-12
SC-12.4
PKI Certificates
enhancement of SC-12
SC-12.5
PKI Certificates / Hardware Tokens
enhancement of SC-12
SC-12.6
Physical Control of Keys
enhancement of SC-12
SC-13
Cryptographic Protection
3/5 detectable
SC-13.1
FIPS-validated Cryptography
enhancement of SC-13
SC-13.2
NSA-approved Cryptography
enhancement of SC-13
SC-13.3
Individuals Without Formal Access Approvals
enhancement of SC-13
SC-13.4
Digital Signatures
enhancement of SC-13
SC-14
Public Access Protections
no ATT&CK mapping
SC-15
Collaborative Computing Devices and Applications
no ATT&CK mapping
SC-15.1
Physical or Logical Disconnect
enhancement of SC-15
SC-15.2
Blocking Inbound and Outbound Communications Traffic
enhancement of SC-15
SC-15.3
Disabling and Removal in Secure Work Areas
enhancement of SC-15
SC-15.4
Explicitly Indicate Current Participants
enhancement of SC-15
SC-16
Transmission of Security and Privacy Attributes
3/5 detectable
SC-16.1
Integrity Verification
enhancement of SC-16
SC-16.2
Anti-spoofing Mechanisms
enhancement of SC-16
SC-16.3
Cryptographic Binding
enhancement of SC-16
SC-17
Public Key Infrastructure Certificates
2/2 detectable
SC-18
Mobile Code
27/38 detectable
SC-18.1
Identify Unacceptable Code and Take Corrective Actions
enhancement of SC-18
SC-18.2
Acquisition, Development, and Use
enhancement of SC-18
SC-18.3
Prevent Downloading and Execution
enhancement of SC-18
SC-18.4
Prevent Automatic Execution
enhancement of SC-18
SC-18.5
Allow Execution Only in Confined Environments
enhancement of SC-18
SC-19
Voice Over Internet Protocol
no ATT&CK mapping
SC-2
Separation of System and User Functionality
no ATT&CK mapping
SC-2.1
Interfaces for Non-privileged Users
enhancement of SC-2
SC-2.2
Disassociability
enhancement of SC-2
SC-20
Secure Name/Address Resolution Service (Authoritative Source)
9/14 detectable
SC-20.1
Child Subspaces
enhancement of SC-20
SC-20.2
Data Origin and Integrity
enhancement of SC-20
SC-21
Secure Name/Address Resolution Service (Recursive or Caching Resolver)
5/7 detectable
SC-21.1
Data Origin and Integrity
enhancement of SC-21
SC-22
Architecture and Provisioning for Name/Address Resolution Service
5/7 detectable
SC-23
Session Authenticity
11/20 detectable
SC-23.1
Invalidate Session Identifiers at Logout
enhancement of SC-23
SC-23.2
User-initiated Logouts and Message Displays
enhancement of SC-23
SC-23.3
Unique System-generated Session Identifiers
enhancement of SC-23
SC-23.4
Unique Session Identifiers with Randomization
enhancement of SC-23
SC-23.5
Allowed Certificate Authorities
enhancement of SC-23
SC-24
Fail in Known State
no ATT&CK mapping
SC-25
Thin Nodes
no ATT&CK mapping
SC-26
Decoys
3/3 detectable
SC-26.1
Detection of Malicious Code
enhancement of SC-26
SC-27
Platform-independent Applications
no ATT&CK mapping
SC-28
Protection of Information at Rest
26/42 detectable
SC-28.1
Cryptographic Protection
enhancement of SC-28
SC-28.2
Offline Storage
enhancement of SC-28
SC-28.3
Cryptographic Keys
enhancement of SC-28
SC-29
Heterogeneity
5/5 detectable
SC-29.1
Virtualization Techniques
enhancement of SC-29
SC-3
Security Function Isolation
no ATT&CK mapping
SC-3.1
Hardware Separation
enhancement of SC-3
SC-3.2
Access and Flow Control Functions
enhancement of SC-3
SC-3.3
Minimize Nonsecurity Functionality
enhancement of SC-3
SC-3.4
Module Coupling and Cohesiveness
enhancement of SC-3
SC-3.5
Layered Structures
enhancement of SC-3
SC-30
Concealment and Misdirection
7/7 detectable
SC-30.1
Virtualization Techniques
enhancement of SC-30
SC-30.2
Randomness
enhancement of SC-30
SC-30.3
Change Processing and Storage Locations
enhancement of SC-30
SC-30.4
Misleading Information
enhancement of SC-30
SC-30.5
Concealment of System Components
enhancement of SC-30
SC-31
Covert Channel Analysis
7/11 detectable
SC-31.1
Test Covert Channels for Exploitability
enhancement of SC-31
SC-31.2
Maximum Bandwidth
enhancement of SC-31
SC-31.3
Measure Bandwidth in Operational Environments
enhancement of SC-31
SC-32
System Partitioning
1/1 detectable
SC-32.1
Separate Physical Domains for Privileged Functions
enhancement of SC-32
SC-33
Transmission Preparation Integrity
no ATT&CK mapping
SC-34
Non-modifiable Executable Programs
5/15 detectable
SC-34.1
No Writable Storage
enhancement of SC-34
SC-34.2
Integrity Protection on Read-only Media
enhancement of SC-34
SC-34.3
Hardware-based Protection
enhancement of SC-34
SC-35
External Malicious Code Identification
3/3 detectable
SC-36
Distributed Processing and Storage
5/7 detectable
SC-36.1
Polling Techniques
enhancement of SC-36
SC-36.2
Synchronization
enhancement of SC-36
SC-37
Out-of-band Channels
8/12 detectable
SC-37.1
Ensure Delivery and Transmission
enhancement of SC-37
SC-38
Operations Security
1/2 detectable
SC-39
Process Isolation
19/22 detectable
SC-39.1
Hardware Separation
enhancement of SC-39
SC-39.2
Separate Execution Domain Per Thread
enhancement of SC-39
SC-4
Information in Shared System Resources
no ATT&CK mapping
SC-4.1
Security Levels
enhancement of SC-4
SC-4.2
Multilevel or Periods Processing
enhancement of SC-4
SC-40
Wireless Link Protection
0/1 detectable
SC-40.1
Electromagnetic Interference
enhancement of SC-40
SC-40.2
Reduce Detection Potential
enhancement of SC-40
SC-40.3
Imitative or Manipulative Communications Deception
enhancement of SC-40
SC-40.4
Signal Parameter Identification
enhancement of SC-40
SC-41
Port and I/O Device Access
2/5 detectable
SC-42
Sensor Capability and Data
no ATT&CK mapping
SC-42.1
Reporting to Authorized Individuals or Roles
enhancement of SC-42
SC-42.2
Authorized Use
enhancement of SC-42
SC-42.3
Prohibit Use of Devices
enhancement of SC-42
SC-42.4
Notice of Collection
enhancement of SC-42
SC-42.5
Collection Minimization
enhancement of SC-42
SC-43
Usage Restrictions
4/5 detectable
SC-44
Detonation Chambers
12/22 detectable
SC-45
System Time Synchronization
no ATT&CK mapping
SC-45.1
Synchronization with Authoritative Time Source
enhancement of SC-45
SC-45.2
Secondary Authoritative Time Source
enhancement of SC-45
SC-46
Cross Domain Policy Enforcement
23/27 detectable
SC-47
Alternate Communications Paths
no ATT&CK mapping
SC-48
Sensor Relocation
no ATT&CK mapping
SC-48.1
Dynamic Relocation of Sensors or Monitoring Capabilities
enhancement of SC-48
SC-49
Hardware-enforced Separation and Policy Enforcement
no ATT&CK mapping
SC-5
Denial-of-service Protection
no ATT&CK mapping
SC-5.1
Restrict Ability to Attack Other Systems
enhancement of SC-5
SC-5.2
Capacity, Bandwidth, and Redundancy
enhancement of SC-5
SC-5.3
Detection and Monitoring
enhancement of SC-5
SC-50
Software-enforced Separation and Policy Enforcement
no ATT&CK mapping
SC-51
Hardware-based Protection
no ATT&CK mapping
SC-6
Resource Availability
no ATT&CK mapping
SC-7
Boundary Protection
no ATT&CK mapping
SC-7.1
Physically Separated Subnetworks
enhancement of SC-7
SC-7.10
Prevent Exfiltration
enhancement of SC-7
SC-7.11
Restrict Incoming Communications Traffic
enhancement of SC-7
SC-7.12
Host-based Protection
enhancement of SC-7
SC-7.13
Isolation of Security Tools, Mechanisms, and Support Components
enhancement of SC-7
SC-7.14
Protect Against Unauthorized Physical Connections
enhancement of SC-7
SC-7.15
Networked Privileged Accesses
enhancement of SC-7
SC-7.16
Prevent Discovery of System Components
enhancement of SC-7
SC-7.17
Automated Enforcement of Protocol Formats
enhancement of SC-7
SC-7.18
Fail Secure
enhancement of SC-7
SC-7.19
Block Communication from Non-organizationally Configured Hosts
enhancement of SC-7
SC-7.2
Public Access
enhancement of SC-7
SC-7.20
Dynamic Isolation and Segregation
enhancement of SC-7
SC-7.21
Isolation of System Components
enhancement of SC-7
SC-7.22
Separate Subnets for Connecting to Different Security Domains
enhancement of SC-7
SC-7.23
Disable Sender Feedback on Protocol Validation Failure
enhancement of SC-7
SC-7.24
Personally Identifiable Information
enhancement of SC-7
SC-7.25
Unclassified National Security System Connections
enhancement of SC-7
SC-7.26
Classified National Security System Connections
enhancement of SC-7
SC-7.27
Unclassified Non-national Security System Connections
enhancement of SC-7
SC-7.28
Connections to Public Networks
enhancement of SC-7
SC-7.29
Separate Subnets to Isolate Functions
enhancement of SC-7
SC-7.3
Access Points
enhancement of SC-7
SC-7.4
External Telecommunications Services
enhancement of SC-7
SC-7.5
Deny by Default — Allow by Exception
enhancement of SC-7
SC-7.6
Response to Recognized Failures
enhancement of SC-7
SC-7.7
Split Tunneling for Remote Devices
enhancement of SC-7
SC-7.8
Route Traffic to Authenticated Proxy Servers
enhancement of SC-7
SC-7.9
Restrict Threatening Outgoing Communications Traffic
enhancement of SC-7
SC-8
Transmission Confidentiality and Integrity
no ATT&CK mapping
SC-8.1
Cryptographic Protection
enhancement of SC-8
SC-8.2
Pre- and Post-transmission Handling
enhancement of SC-8
SC-8.3
Cryptographic Protection for Message Externals
enhancement of SC-8
SC-8.4
Conceal or Randomize Communications
enhancement of SC-8
SC-8.5
Protected Distribution System
enhancement of SC-8
SC-9
Transmission Confidentiality
no ATT&CK mapping
SI-02
Flaw Remediation
58/84 detectable
SI-03
Malicious Code Protection
152/226 detectable
SI-04
System Monitoring
253/375 detectable
SI-05
Security Alerts, Advisories, and Directives
4/4 detectable
SI-07
Software, Firmware, and Information Integrity
136/209 detectable
SI-08
Spam Protection
11/20 detectable
SI-1
Policy and Procedures
no ATT&CK mapping
SI-10
Information Input Validation
78/101 detectable
SI-10.1
Manual Override Capability
enhancement of SI-10
SI-10.2
Review and Resolve Errors
enhancement of SI-10
SI-10.3
Predictable Behavior
enhancement of SI-10
SI-10.4
Timing Interactions
enhancement of SI-10
SI-10.5
Restrict Inputs to Trusted Sources and Approved Formats
enhancement of SI-10
SI-10.6
Injection Prevention
enhancement of SI-10
SI-11
Error Handling
no ATT&CK mapping
SI-12
Information Management and Retention
20/34 detectable
SI-12.1
Limit Personally Identifiable Information Elements
enhancement of SI-12
SI-12.2
Minimize Personally Identifiable Information in Testing, Training, and Research
enhancement of SI-12
SI-12.3
Information Disposal
enhancement of SI-12
SI-13
Predictable Failure Prevention
no ATT&CK mapping
SI-13.1
Transferring Component Responsibilities
enhancement of SI-13
SI-13.2
Time Limit on Process Execution Without Supervision
enhancement of SI-13
SI-13.3
Manual Transfer Between Components
enhancement of SI-13
SI-13.4
Standby Component Installation and Notification
enhancement of SI-13
SI-13.5
Failover Capability
enhancement of SI-13
SI-14
Non-persistence
7/7 detectable
SI-14.1
Refresh from Trusted Sources
enhancement of SI-14
SI-14.2
Non-persistent Information
enhancement of SI-14
SI-14.3
Non-persistent Connectivity
enhancement of SI-14
SI-15
Information Output Filtering
29/42 detectable
SI-16
Memory Protection
29/36 detectable
SI-17
Fail-safe Procedures
no ATT&CK mapping
SI-18
Personally Identifiable Information Quality Operations
no ATT&CK mapping
SI-18.1
Automation Support
enhancement of SI-18
SI-18.2
Data Tags
enhancement of SI-18
SI-18.3
Collection
enhancement of SI-18
SI-18.4
Individual Requests
enhancement of SI-18
SI-18.5
Notice of Correction or Deletion
enhancement of SI-18
SI-19
De-identification
no ATT&CK mapping
SI-19.1
Collection
enhancement of SI-19
SI-19.2
Archiving
enhancement of SI-19
SI-19.3
Release
enhancement of SI-19
SI-19.4
Removal, Masking, Encryption, Hashing, or Replacement of Direct Identifiers
enhancement of SI-19
SI-19.5
Statistical Disclosure Control
enhancement of SI-19
SI-19.6
Differential Privacy
enhancement of SI-19
SI-19.7
Validated Algorithms and Software
enhancement of SI-19
SI-19.8
Motivated Intruder
enhancement of SI-19
SI-2
Flaw Remediation
no ATT&CK mapping
SI-2.1
Central Management
enhancement of SI-2
SI-2.2
Automated Flaw Remediation Status
enhancement of SI-2
SI-2.3
Time to Remediate Flaws and Benchmarks for Corrective Actions
enhancement of SI-2
SI-2.4
Automated Patch Management Tools
enhancement of SI-2
SI-2.5
Automatic Software and Firmware Updates
enhancement of SI-2
SI-2.6
Removal of Previous Versions of Software and Firmware
enhancement of SI-2
SI-2.7
Root Cause Analysis
enhancement of SI-2
SI-20
Tainting
no ATT&CK mapping
SI-21
Information Refresh
no ATT&CK mapping
SI-22
Information Diversity
no ATT&CK mapping
SI-23
Information Fragmentation
6/7 detectable
SI-3
Malicious Code Protection
no ATT&CK mapping
SI-3.1
Central Management
enhancement of SI-3
SI-3.10
Malicious Code Analysis
enhancement of SI-3
SI-3.2
Automatic Updates
enhancement of SI-3
SI-3.3
Non-privileged Users
enhancement of SI-3
SI-3.4
Updates Only by Privileged Users
enhancement of SI-3
SI-3.5
Portable Storage Devices
enhancement of SI-3
SI-3.6
Testing and Verification
enhancement of SI-3
SI-3.7
Nonsignature-based Detection
enhancement of SI-3
SI-3.8
Detect Unauthorized Commands
enhancement of SI-3
SI-3.9
Authenticate Remote Commands
enhancement of SI-3
SI-4
System Monitoring
no ATT&CK mapping
SI-4.1
System-wide Intrusion Detection System
enhancement of SI-4
SI-4.10
Visibility of Encrypted Communications
enhancement of SI-4
SI-4.11
Analyze Communications Traffic Anomalies
enhancement of SI-4
SI-4.12
Automated Organization-generated Alerts
enhancement of SI-4
SI-4.13
Analyze Traffic and Event Patterns
enhancement of SI-4
SI-4.14
Wireless Intrusion Detection
enhancement of SI-4
SI-4.15
Wireless to Wireline Communications
enhancement of SI-4
SI-4.16
Correlate Monitoring Information
enhancement of SI-4
SI-4.17
Integrated Situational Awareness
enhancement of SI-4
SI-4.18
Analyze Traffic and Covert Exfiltration
enhancement of SI-4
SI-4.19
Risk for Individuals
enhancement of SI-4
SI-4.2
Automated Tools and Mechanisms for Real-time Analysis
enhancement of SI-4
SI-4.20
Privileged Users
enhancement of SI-4
SI-4.21
Probationary Periods
enhancement of SI-4
SI-4.22
Unauthorized Network Services
enhancement of SI-4
SI-4.23
Host-based Devices
enhancement of SI-4
SI-4.24
Indicators of Compromise
enhancement of SI-4
SI-4.25
Optimize Network Traffic Analysis
enhancement of SI-4
SI-4.3
Automated Tool and Mechanism Integration
enhancement of SI-4
SI-4.4
Inbound and Outbound Communications Traffic
enhancement of SI-4
SI-4.5
System-generated Alerts
enhancement of SI-4
SI-4.6
Restrict Non-privileged Users
enhancement of SI-4
SI-4.7
Automated Response to Suspicious Events
enhancement of SI-4
SI-4.8
Protection of Monitoring Information
enhancement of SI-4
SI-4.9
Testing of Monitoring Tools and Mechanisms
enhancement of SI-4
SI-5
Security Alerts, Advisories, and Directives
no ATT&CK mapping
SI-5.1
Automated Alerts and Advisories
enhancement of SI-5
SI-6
Security and Privacy Function Verification
no ATT&CK mapping
SI-6.1
Notification of Failed Security Tests
enhancement of SI-6
SI-6.2
Automation Support for Distributed Testing
enhancement of SI-6
SI-6.3
Report Verification Results
enhancement of SI-6
SI-7
Software, Firmware, and Information Integrity
no ATT&CK mapping
SI-7.1
Integrity Checks
enhancement of SI-7
SI-7.10
Protection of Boot Firmware
enhancement of SI-7
SI-7.11
Confined Environments with Limited Privileges
enhancement of SI-7
SI-7.12
Integrity Verification
enhancement of SI-7
SI-7.13
Code Execution in Protected Environments
enhancement of SI-7
SI-7.14
Binary or Machine Executable Code
enhancement of SI-7
SI-7.15
Code Authentication
enhancement of SI-7
SI-7.16
Time Limit on Process Execution Without Supervision
enhancement of SI-7
SI-7.17
Runtime Application Self-protection
enhancement of SI-7
SI-7.2
Automated Notifications of Integrity Violations
enhancement of SI-7
SI-7.3
Centrally Managed Integrity Tools
enhancement of SI-7
SI-7.4
Tamper-evident Packaging
enhancement of SI-7
SI-7.5
Automated Response to Integrity Violations
enhancement of SI-7
SI-7.6
Cryptographic Protection
enhancement of SI-7
SI-7.7
Integration of Detection and Response
enhancement of SI-7
SI-7.8
Auditing Capability for Significant Events
enhancement of SI-7
SI-7.9
Verify Boot Process
enhancement of SI-7
SI-8
Spam Protection
no ATT&CK mapping
SI-8.1
Central Management
enhancement of SI-8
SI-8.2
Automatic Updates
enhancement of SI-8
SI-8.3
Continuous Learning Capability
enhancement of SI-8
SI-9
Information Input Restrictions
no ATT&CK mapping
SR-04
Provenance
13/22 detectable
SR-05
Acquisition Strategies, Tools, and Methods
9/15 detectable
SR-1
Policy and Procedures
no ATT&CK mapping
SR-10
Inspection of Systems or Components
no ATT&CK mapping
SR-11
Component Authenticity
9/15 detectable
SR-11.1
Anti-counterfeit Training
enhancement of SR-11
SR-11.2
Configuration Control for Component Service and Repair
enhancement of SR-11
SR-11.3
Anti-counterfeit Scanning
enhancement of SR-11
SR-12
Component Disposal
no ATT&CK mapping
SR-2
Supply Chain Risk Management Plan
no ATT&CK mapping
SR-2.1
Establish SCRM Team
enhancement of SR-2
SR-3
Supply Chain Controls and Processes
no ATT&CK mapping
SR-3.1
Diverse Supply Base
enhancement of SR-3
SR-3.2
Limitation of Harm
enhancement of SR-3
SR-3.3
Sub-tier Flow Down
enhancement of SR-3
SR-4
Provenance
no ATT&CK mapping
SR-4.1
Identity
enhancement of SR-4
SR-4.2
Track and Trace
enhancement of SR-4
SR-4.3
Validate as Genuine and Not Altered
enhancement of SR-4
SR-4.4
Supply Chain Integrity — Pedigree
enhancement of SR-4
SR-5
Acquisition Strategies, Tools, and Methods
no ATT&CK mapping
SR-5.1
Adequate Supply
enhancement of SR-5
SR-5.2
Assessments Prior to Selection, Acceptance, Modification, or Update
enhancement of SR-5
SR-6
Supplier Assessments and Reviews
no ATT&CK mapping
SR-6.1
Testing and Analysis
enhancement of SR-6
SR-7
Supply Chain Operations Security
no ATT&CK mapping
SR-8
Notification Agreements
no ATT&CK mapping
SR-9
Tamper Resistance and Detection
no ATT&CK mapping
SR-9.1
Multiple Stages of System Development Life Cycle
enhancement of SR-9