NIST CSF: PR.IP-3 Subcategory

From NIST's Cyber Security Framework (version 1):

Configuration change control processes are in place

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
CM-3: Configuration Change Control
CM-4: Impact Analyses
SA-10: Developer Configuration Management

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • System changes control procedures (14.2.2)
    ISO 27001:2013
  • Restrictions on changes to software packages (14.2.4)
    ISO 27001:2013
  • Technical review of applications after operating platform changes (14.2.3)
    ISO 27001:2013
  • Installation of software on operational systems (12.5.1)
    ISO 27001:2013
  • Restrictions on software installation (12.6.2)
    ISO 27001:2013
  • Change management (12.1.2)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Assess all the risks of changing the IACS (4.3.4.3.3)
    ISA/IEC 62443-2-1:2009
  • Network and security configuration settings (SR 7.6)
    ISA/IEC 62443-3-3:2013
  • Develop and implement a change management system (4.3.4.3.2)
    ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1495 Firmware Corruption Impact
T1543.002 Systemd Service Persistence, Privilege Escalation
T1176 Browser Extensions Persistence
T1601.001 Patch System Image Defense Evasion
T1553.006 Code Signing Policy Modification Defense Evasion
T1647 Plist File Modification Defense Evasion
T1542.001 System Firmware Defense Evasion, Persistence
T1564.008 Email Hiding Rules Defense Evasion
T1542.004 ROMMONkit Defense Evasion, Persistence
T1213.002 Sharepoint Collection
T1213.001 Confluence Collection
T1553 Subvert Trust Controls Defense Evasion
T1601 Modify System Image Defense Evasion
T1059.006 Python Execution
T1021.005 VNC Lateral Movement
T1547.013 XDG Autostart Entries Persistence, Privilege Escalation
T1542.005 TFTP Boot Defense Evasion, Persistence
T1543 Create or Modify System Process Persistence, Privilege Escalation
T1547.007 Re-opened Applications Persistence, Privilege Escalation
T1195.003 Compromise Hardware Supply Chain Initial Access
T1542.003 Bootkit Defense Evasion, Persistence
T1542 Pre-OS Boot Defense Evasion, Persistence
T1213 Data from Information Repositories Collection
T1601.002 Downgrade System Image Defense Evasion
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1505.004 IIS Components Persistence
T1505.002 Transport Agent Persistence
T1574.002 DLL Side-Loading Defense Evasion, Persistence, Privilege Escalation
T1213.003 Code Repositories Collection
T1078.004 Cloud Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1559.003 XPC Services Execution
T1078.003 Local Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1505 Server Software Component Persistence
T1564.009 Resource Forking Defense Evasion
T1078.001 Default Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1505.001 SQL Stored Procedures Persistence

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
B4.b Secure Configuration You securely configure the network and information systems that support the operation of essential functions.
B4.d Vulnerability Management You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.
B5.a Resilience Preparation You are prepared to restore the operation of your essential function following adverse impact.