NIST CSF: PR.AC-5 Subcategory

From NIST's Cyber Security Framework (version 1):

Network integrity is protected (e.g., network segregation, network segmentation)

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
SC-7: Boundary Protection
AC-4: Information Flow Enforcement
AC-10: Concurrent Session Control

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Information transfer policies and procedures (13.2.1)
ISO 27001:2013
Securing application services on public networks (14.1.2)
ISO 27001:2013
Segregation in networks (13.1.3)
ISO 27001:2013
Network controls (13.1.1)
ISO 27001:2013
Protecting application services transactions (14.1.3)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID	Title	Associated Tactics
T1499.004	Application or System Exploitation	Impact
T1498.002	Reflection Amplification	Impact
T1021.002	SMB/Windows Admin Shares	Lateral Movement
T1001.001	Junk Data	Command and Control
T1055.014	VDSO Hijacking	Defense Evasion, Privilege Escalation
T1599.001	Network Address Translation Traversal	Defense Evasion
T1552.004	Private Keys	Credential Access
T1021.003	Distributed Component Object Model	Lateral Movement
T1136.003	Cloud Account	Persistence
T1114.003	Email Forwarding Rule	Collection
T1055.011	Extra Window Memory Injection	Defense Evasion, Privilege Escalation
T1505.004	IIS Components	Persistence
T1212	Exploitation for Credential Access	Credential Access
T1566.001	Spearphishing Attachment	Initial Access
T1602.001	SNMP (MIB Dump)	Collection
T1204.003	Malicious Image	Execution
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	Collection, Credential Access
T1211	Exploitation for Defense Evasion	Defense Evasion
T1204	User Execution	Execution
T1055.012	Process Hollowing	Defense Evasion, Privilege Escalation
T1090.003	Multi-hop Proxy	Command and Control
T1102.003	One-Way Communication	Command and Control
T1552	Unsecured Credentials	Credential Access
T1499	Endpoint Denial of Service	Impact
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1055.009	Proc Memory	Defense Evasion, Privilege Escalation
T1080	Taint Shared Content	Lateral Movement
T1055.001	Dynamic-link Library Injection	Defense Evasion, Privilege Escalation
T1573.001	Symmetric Cryptography	Command and Control
T1071.003	Mail Protocols	Command and Control
T1567	Exfiltration Over Web Service	Exfiltration
T1612	Build Image on Host	Defense Evasion
T1567.002	Exfiltration to Cloud Storage	Exfiltration
T1055.004	Asynchronous Procedure Call	Defense Evasion, Privilege Escalation
T1570	Lateral Tool Transfer	Lateral Movement
T1218.012	Verclsid	Defense Evasion
T1573.002	Asymmetric Cryptography	Command and Control
T1071	Application Layer Protocol	Command and Control
T1199	Trusted Relationship	Initial Access
T1563	Remote Service Session Hijacking	Lateral Movement
T1566.002	Spearphishing Link	Initial Access
T1055	Process Injection	Defense Evasion, Privilege Escalation
T1571	Non-Standard Port	Command and Control
T1187	Forced Authentication	Credential Access
T1499.002	Service Exhaustion Flood	Impact
T1542.005	TFTP Boot	Defense Evasion, Persistence
T1530	Data from Cloud Storage	Collection
T1020.001	Traffic Duplication	Exfiltration
T1622	Debugger Evasion	Defense Evasion, Discovery
T1190	Exploit Public-Facing Application	Initial Access
T1021.001	Remote Desktop Protocol	Lateral Movement
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1055.005	Thread Local Storage	Defense Evasion, Privilege Escalation
T1602.002	Network Device Configuration Dump	Collection
T1203	Exploitation for Client Execution	Execution
T1219	Remote Access Software	Command and Control
T1559.001	Component Object Model	Execution
T1568	Dynamic Resolution	Command and Control
T1029	Scheduled Transfer	Exfiltration
T1095	Non-Application Layer Protocol	Command and Control
T1210	Exploitation of Remote Services	Lateral Movement
T1055.003	Thread Execution Hijacking	Defense Evasion, Privilege Escalation
T1489	Service Stop	Impact
T1197	BITS Jobs	Defense Evasion, Persistence
T1204.002	Malicious File	Execution
T1599	Network Boundary Bridging	Defense Evasion
T1205	Traffic Signaling	Command and Control, Defense Evasion, Persistence
T1609	Container Administration Command	Execution
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1499.003	Application Exhaustion Flood	Impact
T1055.008	Ptrace System Calls	Defense Evasion, Privilege Escalation
T1221	Template Injection	Defense Evasion
T1557.003	DHCP Spoofing	Collection, Credential Access
T1132.001	Standard Encoding	Command and Control
T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Exfiltration
T1498	Network Denial of Service	Impact
T1001.003	Protocol Impersonation	Command and Control
T1542.004	ROMMONkit	Defense Evasion, Persistence
T1046	Network Service Discovery	Discovery
T1055.013	Process Doppelgänging	Defense Evasion, Privilege Escalation
T1565.003	Runtime Data Manipulation	Impact
T1568.002	Domain Generation Algorithms	Command and Control
T1537	Transfer Data to Cloud Account	Exfiltration
T1565.001	Stored Data Manipulation	Impact
T1114	Email Collection	Collection
T1189	Drive-by Compromise	Initial Access
T1559.002	Dynamic Data Exchange	Execution
T1090.002	External Proxy	Command and Control
T1071.004	DNS	Command and Control
T1567.001	Exfiltration to Code Repository	Exfiltration
T1055.002	Portable Executable Injection	Defense Evasion, Privilege Escalation
T1176	Browser Extensions	Persistence
T1205.001	Port Knocking	Command and Control, Defense Evasion, Persistence
T1498.001	Direct Network Flood	Impact
T1041	Exfiltration Over C2 Channel	Exfiltration
T1565	Data Manipulation	Impact
T1648	Serverless Execution	Execution
T1102	Web Service	Command and Control
T1090	Proxy	Command and Control
T1021.006	Windows Remote Management	Lateral Movement
T1482	Domain Trust Discovery	Discovery
T1584.007	Serverless	Resource Development
T1132.002	Non-Standard Encoding	Command and Control
T1542	Pre-OS Boot	Defense Evasion, Persistence
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1566.003	Spearphishing via Service	Initial Access
T1008	Fallback Channels	Command and Control
T1132	Data Encoding	Command and Control
T1071.001	Web Protocols	Command and Control
T1072	Software Deployment Tools	Execution, Lateral Movement
T1102.002	Bidirectional Communication	Command and Control
T1001.002	Steganography	Command and Control
T1563.002	RDP Hijacking	Lateral Movement
T1090.001	Internal Proxy	Command and Control
T1611	Escape to Host	Privilege Escalation
T1098	Account Manipulation	Persistence, Privilege Escalation
T1552.005	Cloud Instance Metadata API	Credential Access
T1204.001	Malicious Link	Execution
T1552.007	Container API	Credential Access
T1602	Data from Configuration Repository	Collection
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1560	Archive Collected Data	Collection
T1598.002	Spearphishing Attachment	Reconnaissance
T1071.002	File Transfer Protocols	Command and Control
T1105	Ingress Tool Transfer	Command and Control
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1104	Multi-Stage Channels	Command and Control
T1583.007	Serverless	Resource Development
T1552.001	Credentials In Files	Credential Access
T1560.001	Archive via Utility	Collection
T1001	Data Obfuscation	Command and Control
T1136.002	Domain Account	Persistence
T1133	External Remote Services	Initial Access, Persistence
T1572	Protocol Tunneling	Command and Control
T1030	Data Transfer Size Limits	Exfiltration
T1499.001	OS Exhaustion Flood	Impact
T1598.001	Spearphishing Service	Reconnaissance
T1598.003	Spearphishing Link	Reconnaissance
T1610	Deploy Container	Defense Evasion, Execution
T1613	Container and Resource Discovery	Discovery
T1021.005	VNC	Lateral Movement
T1136	Create Account	Persistence
T1102.001	Dead Drop Resolver	Command and Control
T1559	Inter-Process Communication	Execution
T1573	Encrypted Channel	Command and Control
T1098.001	Additional Cloud Credentials	Persistence, Privilege Escalation
T1598	Phishing for Information	Reconnaissance
T1566	Phishing	Initial Access
T1547.003	Time Providers	Persistence, Privilege Escalation
T1574.004	Dylib Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1205.002	Socket Filters	Command and Control, Defense Evasion, Persistence
T1484	Domain Policy Modification	Defense Evasion, Privilege Escalation
T1003.005	Cached Domain Credentials	Credential Access
T1003	OS Credential Dumping	Credential Access
T1213.002	Sharepoint	Collection
T1574	Hijack Execution Flow	Defense Evasion, Persistence, Privilege Escalation
T1213	Data from Information Repositories	Collection
T1114.001	Local Email Collection	Collection
T1114.002	Remote Email Collection	Collection
T1574.007	Path Interception by PATH Environment Variable	Defense Evasion, Persistence, Privilege Escalation
T1213.001	Confluence	Collection
T1564.008	Email Hiding Rules	Defense Evasion
T1134.005	SID-History Injection	Defense Evasion, Privilege Escalation
T1003.006	DCSync	Credential Access
T1528	Steal Application Access Token	Credential Access
T1003.001	LSASS Memory	Credential Access
T1601.002	Downgrade System Image	Defense Evasion
T1601.001	Patch System Image	Defense Evasion
T1601	Modify System Image	Defense Evasion
T1574.010	Services File Permissions Weakness	Defense Evasion, Persistence, Privilege Escalation
T1574.009	Path Interception by Unquoted Path	Defense Evasion, Persistence, Privilege Escalation
T1574.008	Path Interception by Search Order Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1574.005	Executable Installer File Permissions Weakness	Defense Evasion, Persistence, Privilege Escalation
T1137	Office Application Startup	Persistence
T1185	Browser Session Hijacking	Collection
T1137.002	Office Test	Persistence

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
B4.b	Secure Configuration	You securely configure the network and information systems that support the operation of essential functions.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.
B3.b	Data in Transit	You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties.
B5.b	Design for Resilience	You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.
B4.a	Secure by Design	You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.

NIST CSF: PR.AC-5 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Information transfer policies and procedures (13.2.1)

Securing application services on public networks (14.1.2)

Segregation in networks (13.1.3)

Network controls (13.1.1)

Protecting application services transactions (14.1.3)

Related ISA/IEC 62443 Controls

Session integrity (SR 3.8)

Communication integrity (SR 3.1)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF