NIST CSF: ID.AM-1 Subcategory

From NIST's Cyber Security Framework (version 1):

Physical devices and systems within the organization are inventoried

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
CM-8: System Component Inventory
PM-5: System Inventory

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Inventory of assets (8.1.1)
ISO 27001:2013
Ownership of assets (8.1.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Control system component inventory (SR 7.8)
ISA/IEC 62443-3-3:2013
Identify the industrial automation and control systems (4.2.3.4)
ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID	Title	Associated Tactics
T1221	Template Injection	Defense Evasion
T1548.004	Elevated Execution with Prompt	Defense Evasion, Privilege Escalation
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1211	Exploitation for Defense Evasion	Defense Evasion
T1020.001	Traffic Duplication	Exfiltration
T1021.005	VNC	Lateral Movement
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1495	Firmware Corruption	Impact
T1021.006	Windows Remote Management	Lateral Movement
T1601.001	Patch System Image	Defense Evasion
T1542.004	ROMMONkit	Defense Evasion, Persistence
T1564.007	VBA Stomping	Defense Evasion
T1557.003	DHCP Spoofing	Collection, Credential Access
T1137.001	Office Template Macros	Persistence
T1542.001	System Firmware	Defense Evasion, Persistence
T1505	Server Software Component	Persistence
T1072	Software Deployment Tools	Execution, Lateral Movement
T1542	Pre-OS Boot	Defense Evasion, Persistence
T1547.007	Re-opened Applications	Persistence, Privilege Escalation
T1542.005	TFTP Boot	Defense Evasion, Persistence
T1218.009	Regsvcs/Regasm	Defense Evasion
T1195.003	Compromise Hardware Supply Chain	Initial Access
T1021.003	Distributed Component Object Model	Lateral Movement
T1559.002	Dynamic Data Exchange	Execution
T1602	Data from Configuration Repository	Collection
T1119	Automated Collection	Collection
T1218.012	Verclsid	Defense Evasion
T1059.007	JavaScript	Execution
T1091	Replication Through Removable Media	Initial Access, Lateral Movement
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	Collection, Credential Access
T1218.004	InstallUtil	Defense Evasion
T1574.004	Dylib Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1203	Exploitation for Client Execution	Execution
T1190	Exploit Public-Facing Application	Initial Access
T1563.001	SSH Hijacking	Lateral Movement
T1601	Modify System Image	Defense Evasion
T1059.005	Visual Basic	Execution
T1213.001	Confluence	Collection
T1505.002	Transport Agent	Persistence
T1218.013	Mavinject	Defense Evasion
T1213.002	Sharepoint	Collection
T1210	Exploitation of Remote Services	Lateral Movement
T1602.002	Network Device Configuration Dump	Collection
T1127	Trusted Developer Utilities Proxy Execution	Defense Evasion
T1553.006	Code Signing Policy Modification	Defense Evasion
T1059.001	PowerShell	Execution
T1546.002	Screensaver	Persistence, Privilege Escalation
T1564.006	Run Virtual Instance	Defense Evasion
T1059	Command and Scripting Interpreter	Execution
T1574.007	Path Interception by PATH Environment Variable	Defense Evasion, Persistence, Privilege Escalation
T1137	Office Application Startup	Persistence
T1505.004	IIS Components	Persistence
T1189	Drive-by Compromise	Initial Access
T1553	Subvert Trust Controls	Defense Evasion
T1602.001	SNMP (MIB Dump)	Collection
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1021.004	SSH	Lateral Movement
T1548	Abuse Elevation Control Mechanism	Defense Evasion, Privilege Escalation
T1218.008	Odbcconf	Defense Evasion
T1565.001	Stored Data Manipulation	Impact
T1218.014	MMC	Defense Evasion
T1218.005	Mshta	Defense Evasion
T1212	Exploitation for Credential Access	Credential Access
T1542.003	Bootkit	Defense Evasion, Persistence
T1574.009	Path Interception by Unquoted Path	Defense Evasion, Persistence, Privilege Escalation
T1546.006	LC_LOAD_DYLIB Addition	Persistence, Privilege Escalation
T1053.002	At	Execution, Persistence, Privilege Escalation
T1565	Data Manipulation	Impact
T1052	Exfiltration Over Physical Medium	Exfiltration
T1563	Remote Service Session Hijacking	Lateral Movement
T1574	Hijack Execution Flow	Defense Evasion, Persistence, Privilege Escalation
T1133	External Remote Services	Initial Access, Persistence
T1559	Inter-Process Communication	Execution
T1574.008	Path Interception by Search Order Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1593.003	Code Repositories	Reconnaissance
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1546.014	Emond	Persistence, Privilege Escalation
T1127.001	MSBuild	Defense Evasion
T1218	System Binary Proxy Execution	Defense Evasion
T1011.001	Exfiltration Over Bluetooth	Exfiltration
T1530	Data from Cloud Storage	Collection
T1601.002	Downgrade System Image	Defense Evasion
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1565.002	Transmitted Data Manipulation	Impact
T1622	Debugger Evasion	Defense Evasion, Discovery
T1213	Data from Information Repositories	Collection
T1052.001	Exfiltration over USB	Exfiltration
T1046	Network Service Discovery	Discovery
T1563.002	RDP Hijacking	Lateral Movement
T1092	Communication Through Removable Media	Command and Control
T1021.001	Remote Desktop Protocol	Lateral Movement
T1505.001	SQL Stored Procedures	Persistence
T1218.003	CMSTP	Defense Evasion

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
A3.a	Asset Management	Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling).
B3.a	Understanding Data	You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.

NIST CSF: ID.AM-1 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Inventory of assets (8.1.1)

Ownership of assets (8.1.2)

Related ISA/IEC 62443 Controls

Control system component inventory (SR 7.8)

Identify the industrial automation and control systems (4.2.3.4)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF