NIST CSF: ID.AM-3 Subcategory
From NIST's Cyber Security Framework (version 1):
Organizational communication and data flows are mapped
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Information transfer policies and procedures (13.2.1)
ISO 27001:2013 -
Agreements on information transfer (13.2.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Identify the industrial automation and control systems (4.2.3.4)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1090 | Proxy | Command and Control |
| T1132 | Data Encoding | Command and Control |
| T1029 | Scheduled Transfer | Exfiltration |
| T1573 | Encrypted Channel | Command and Control |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1136.002 | Domain Account | Persistence |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1071.004 | DNS | Command and Control |
| T1204.003 | Malicious Image | Execution |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1102.002 | Bidirectional Communication | Command and Control |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1566 | Phishing | Initial Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1499.004 | Application or System Exploitation | Impact |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1205.002 | Socket Filters | Command and Control, Defense Evasion, Persistence |
| T1136.003 | Cloud Account | Persistence |
| T1001.003 | Protocol Impersonation | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1609 | Container Administration Command | Execution |
| T1204.001 | Malicious Link | Execution |
| T1030 | Data Transfer Size Limits | Exfiltration |
| T1559.001 | Component Object Model | Execution |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1104 | Multi-Stage Channels | Command and Control |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1499 | Endpoint Denial of Service | Impact |
| T1114.003 | Email Forwarding Rule | Collection |
| T1090.002 | External Proxy | Command and Control |
| T1498 | Network Denial of Service | Impact |
| T1003 | OS Credential Dumping | Credential Access |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1132.002 | Non-Standard Encoding | Command and Control |
| T1189 | Drive-by Compromise | Initial Access |
| T1132.001 | Standard Encoding | Command and Control |
| T1114 | Email Collection | Collection |
| T1213.002 | Sharepoint | Collection |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1573.001 | Symmetric Cryptography | Command and Control |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B3.a | Understanding Data | You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions. |
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |