CAF Outcome C2.b: Proactive Attack Discovery
From the UK NCSC's Cyber Assessment Framework (version 3.1):
You use an informed understanding of more sophisticated attack methods and of normal system behaviour to monitor proactively for malicious activity.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
C2.b: Proactive Attack Discovery to CSF mappings generated from UK Cabinet Office table.
ATT&CK Mitigations
MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Establish and document antivirus/malware management procedure (4.3.4.3.8)
ISA/IEC 62443-2-1:2009
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1059.006 | Python | Execution |
| T1221 | Template Injection | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1027.010 | Command Obfuscation | Defense Evasion |
| T1027.009 | Embedded Payloads | Defense Evasion |
| T1059 | Command and Scripting Interpreter | Execution |
| T1566 | Phishing | Initial Access |
| T1027.002 | Software Packing | Defense Evasion |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1566.003 | Spearphishing via Service | Initial Access |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1036.008 | Masquerade File Type | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1036 | Masquerading | Defense Evasion |
| T1027.012 | LNK Icon Smuggling | Defense Evasion |
| T1080 | Taint Shared Content | Lateral Movement |