NIST CSF: DE.DP-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Event detection information is communicated
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Reporting information security weaknesses (16.1.3)
ISO 27001:2013 -
Reporting information security events (16.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Audit log accessibility (SR 6.1)
ISA/IEC 62443-3-3:2013 -
Communicate the incident details (4.3.4.5.9)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1213 | Data from Information Repositories | Collection |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1546.002 | Screensaver | Persistence, Privilege Escalation |
| T1137.001 | Office Template Macros | Persistence |
| T1505.003 | Web Shell | Persistence |
| T1525 | Implant Internal Image | Persistence |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1505 | Server Software Component | Persistence |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1059.001 | PowerShell | Execution |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1011.001 | Exfiltration Over Bluetooth | Exfiltration |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
| T1053.003 | Cron | Execution, Persistence, Privilege Escalation |
| T1127.001 | MSBuild | Defense Evasion |
| T1552.004 | Private Keys | Credential Access |
| T1505.004 | IIS Components | Persistence |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |
| T1552.001 | Credentials In Files | Credential Access |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1213.002 | Sharepoint | Collection |
| T1574.005 | Executable Installer File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1218.014 | MMC | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1530 | Data from Cloud Storage | Collection |
| T1562 | Impair Defenses | Defense Evasion |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1578.003 | Delete Cloud Instance | Defense Evasion |
| T1218.012 | Verclsid | Defense Evasion |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1505.005 | Terminal Services DLL | Persistence |
| T1213.001 | Confluence | Collection |
| T1505.002 | Transport Agent | Persistence |
| T1176 | Browser Extensions | Persistence |
| T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
| T1547.008 | LSASS Driver | Persistence, Privilege Escalation |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1218.003 | CMSTP | Defense Evasion |
| T1059 | Command and Scripting Interpreter | Execution |
| T1562.010 | Downgrade Attack | Defense Evasion |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |
| B6.a | Cyber Security Culture | You develop and pursue a positive cyber security culture. |
| D2.a | Incident Root Cause Analysis | When an incident occurs, steps must be taken to understand its root causes and ensure appropriate remediating action is taken. |
| C1.d | Identifying Security Incidents | You contextualise alerts with knowledge of the threat and your systems, to identify those security incidents that require some form of response. |