NIST CSF: ID.AM-1 Subcategory
From NIST's Cyber Security Framework (version 1):
Physical devices and systems within the organization are inventoried
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Inventory of assets (8.1.1)
ISO 27001:2013 -
Ownership of assets (8.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Control system component inventory (SR 7.8)
ISA/IEC 62443-3-3:2013 -
Identify the industrial automation and control systems (4.2.3.4)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1221 | Template Injection | Defense Evasion |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1021.005 | VNC | Lateral Movement |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1495 | Firmware Corruption | Impact |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1601.001 | Patch System Image | Defense Evasion |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1564.007 | VBA Stomping | Defense Evasion |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1137.001 | Office Template Macros | Persistence |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1505 | Server Software Component | Persistence |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1547.007 | Re-opened Applications | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1602 | Data from Configuration Repository | Collection |
| T1119 | Automated Collection | Collection |
| T1218.012 | Verclsid | Defense Evasion |
| T1059.007 | JavaScript | Execution |
| T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1218.004 | InstallUtil | Defense Evasion |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1203 | Exploitation for Client Execution | Execution |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1601 | Modify System Image | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1213.001 | Confluence | Collection |
| T1505.002 | Transport Agent | Persistence |
| T1218.013 | Mavinject | Defense Evasion |
| T1213.002 | Sharepoint | Collection |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1546.002 | Screensaver | Persistence, Privilege Escalation |
| T1564.006 | Run Virtual Instance | Defense Evasion |
| T1059 | Command and Scripting Interpreter | Execution |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A3.a | Asset Management | Everything required to deliver, maintain or support networks and information systems necessary for the operation of essential functions is determined and understood. This includes data, people and systems, as well as any supporting infrastructure (such as power or cooling). |
| B3.a | Understanding Data | You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions. |