NIST CSF: DE.CM-8 Subcategory
From NIST's Cyber Security Framework (version 1):
Vulnerability scans are performed
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Management of technical vulnerabilities (12.6.1)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Select a risk assessment methodology (4.2.3.1)
ISA/IEC 62443-2-1:2009 -
Perform a detailed vulnerability assessment (4.2.3.7)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
ATT&CK ID | Title | Associated Tactics |
---|---|---|
T1213 | Data from Information Repositories | Collection |
T1133 | External Remote Services | Initial Access, Persistence |
T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
T1052 | Exfiltration Over Physical Medium | Exfiltration |
T1546.002 | Screensaver | Persistence, Privilege Escalation |
T1137.001 | Office Template Macros | Persistence |
T1505.003 | Web Shell | Persistence |
T1525 | Implant Internal Image | Persistence |
T1218.009 | Regsvcs/Regasm | Defense Evasion |
T1505 | Server Software Component | Persistence |
T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
T1059.001 | PowerShell | Execution |
T1552.006 | Group Policy Preferences | Credential Access |
T1011.001 | Exfiltration Over Bluetooth | Exfiltration |
T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
T1053.003 | Cron | Execution, Persistence, Privilege Escalation |
T1127.001 | MSBuild | Defense Evasion |
T1552.004 | Private Keys | Credential Access |
T1505.004 | IIS Components | Persistence |
T1021.006 | Windows Remote Management | Lateral Movement |
T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |
T1552.001 | Credentials In Files | Credential Access |
T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1213.002 | Sharepoint | Collection |
T1574.005 | Executable Installer File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
T1218.014 | MMC | Defense Evasion |
T1211 | Exploitation for Defense Evasion | Defense Evasion |
T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1530 | Data from Cloud Storage | Collection |
T1562 | Impair Defenses | Defense Evasion |
T1505.001 | SQL Stored Procedures | Persistence |
T1542.005 | TFTP Boot | Defense Evasion, Persistence |
T1558.004 | AS-REP Roasting | Credential Access |
T1578.003 | Delete Cloud Instance | Defense Evasion |
T1218.012 | Verclsid | Defense Evasion |
T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
T1563 | Remote Service Session Hijacking | Lateral Movement |
T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
T1505.005 | Terminal Services DLL | Persistence |
T1213.001 | Confluence | Collection |
T1505.002 | Transport Agent | Persistence |
T1176 | Browser Extensions | Persistence |
T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
T1547.008 | LSASS Driver | Persistence, Privilege Escalation |
T1212 | Exploitation for Credential Access | Credential Access |
T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
T1218.003 | CMSTP | Defense Evasion |
T1059 | Command and Scripting Interpreter | Execution |
T1562.010 | Downgrade Attack | Defense Evasion |
T1578.001 | Create Snapshot | Defense Evasion |
T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1218.004 | InstallUtil | Defense Evasion |
T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
T1092 | Communication Through Removable Media | Command and Control |
T1482 | Domain Trust Discovery | Discovery |
T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
T1559 | Inter-Process Communication | Execution |
T1563.002 | RDP Hijacking | Lateral Movement |
T1547.007 | Re-opened Applications | Persistence, Privilege Escalation |
T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
T1218.008 | Odbcconf | Defense Evasion |
T1052.001 | Exfiltration over USB | Exfiltration |
T1218 | System Binary Proxy Execution | Defense Evasion |
T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
T1195.002 | Compromise Software Supply Chain | Initial Access |
T1047 | Windows Management Instrumentation | Execution |
T1546.014 | Emond | Persistence, Privilege Escalation |
T1528 | Steal Application Access Token | Credential Access |
T1213.003 | Code Repositories | Collection |
T1059.007 | JavaScript | Execution |
T1559.002 | Dynamic Data Exchange | Execution |
T1612 | Build Image on Host | Defense Evasion |
T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1021.003 | Distributed Component Object Model | Lateral Movement |
T1221 | Template Injection | Defense Evasion |
T1021.001 | Remote Desktop Protocol | Lateral Movement |
T1552.002 | Credentials in Registry | Credential Access |
T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
T1190 | Exploit Public-Facing Application | Initial Access |
T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
T1557 | Adversary-in-the-Middle | Collection, Credential Access |
T1137 | Office Application Startup | Persistence |
T1021.005 | VNC | Lateral Movement |
T1053.002 | At | Execution, Persistence, Privilege Escalation |
T1195.001 | Compromise Software Dependencies and Development Tools | Initial Access |
T1560.001 | Archive via Utility | Collection |
T1563.001 | SSH Hijacking | Lateral Movement |
T1204.003 | Malicious Image | Execution |
T1059.005 | Visual Basic | Execution |
T1195 | Supply Chain Compromise | Initial Access |
T1218.013 | Mavinject | Defense Evasion |
T1560 | Archive Collected Data | Collection |
T1542.004 | ROMMONkit | Defense Evasion, Persistence |
T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
T1210 | Exploitation of Remote Services | Lateral Movement |
T1578.002 | Create Cloud Instance | Defense Evasion |
T1218.005 | Mshta | Defense Evasion |
T1552 | Unsecured Credentials | Credential Access |
T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
T1046 | Network Service Discovery | Discovery |
T1021.004 | SSH | Lateral Movement |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
Control ID | Name | Description |
---|---|---|
B4.d | Vulnerability Management | You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function. |