NIST CSF: DE.CM-8 Subcategory

From NIST's Cyber Security Framework (version 1):

Vulnerability scans are performed

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Management of technical vulnerabilities (12.6.1)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Select a risk assessment methodology (4.2.3.1)
    ISA/IEC 62443-2-1:2009
  • Perform a detailed vulnerability assessment (4.2.3.7)
    ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1213 Data from Information Repositories Collection
T1133 External Remote Services Initial Access, Persistence
T1098.004 SSH Authorized Keys Persistence, Privilege Escalation
T1052 Exfiltration Over Physical Medium Exfiltration
T1546.002 Screensaver Persistence, Privilege Escalation
T1137.001 Office Template Macros Persistence
T1505.003 Web Shell Persistence
T1525 Implant Internal Image Persistence
T1218.009 Regsvcs/Regasm Defense Evasion
T1505 Server Software Component Persistence
T1053 Scheduled Task/Job Execution, Persistence, Privilege Escalation
T1059.001 PowerShell Execution
T1552.006 Group Policy Preferences Credential Access
T1011.001 Exfiltration Over Bluetooth Exfiltration
T1574.010 Services File Permissions Weakness Defense Evasion, Persistence, Privilege Escalation
T1548.002 Bypass User Account Control Defense Evasion, Privilege Escalation
T1053.003 Cron Execution, Persistence, Privilege Escalation
T1127.001 MSBuild Defense Evasion
T1552.004 Private Keys Credential Access
T1505.004 IIS Components Persistence
T1021.006 Windows Remote Management Lateral Movement
T1548.003 Sudo and Sudo Caching Defense Evasion, Privilege Escalation
T1552.001 Credentials In Files Credential Access
T1574.001 DLL Search Order Hijacking Defense Evasion, Persistence, Privilege Escalation
T1213.002 Sharepoint Collection
T1574.005 Executable Installer File Permissions Weakness Defense Evasion, Persistence, Privilege Escalation
T1218.014 MMC Defense Evasion
T1211 Exploitation for Defense Evasion Defense Evasion
T1574.004 Dylib Hijacking Defense Evasion, Persistence, Privilege Escalation
T1530 Data from Cloud Storage Collection
T1562 Impair Defenses Defense Evasion
T1505.001 SQL Stored Procedures Persistence
T1542.005 TFTP Boot Defense Evasion, Persistence
T1558.004 AS-REP Roasting Credential Access
T1578.003 Delete Cloud Instance Defense Evasion
T1218.012 Verclsid Defense Evasion
T1578 Modify Cloud Compute Infrastructure Defense Evasion
T1563 Remote Service Session Hijacking Lateral Movement
T1543 Create or Modify System Process Persistence, Privilege Escalation
T1505.005 Terminal Services DLL Persistence
T1213.001 Confluence Collection
T1505.002 Transport Agent Persistence
T1176 Browser Extensions Persistence
T1091 Replication Through Removable Media Initial Access, Lateral Movement
T1547.008 LSASS Driver Persistence, Privilege Escalation
T1212 Exploitation for Credential Access Credential Access
T1484 Domain Policy Modification Defense Evasion, Privilege Escalation
T1218.003 CMSTP Defense Evasion
T1059 Command and Scripting Interpreter Execution
T1562.010 Downgrade Attack Defense Evasion
T1578.001 Create Snapshot Defense Evasion
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1218.004 InstallUtil Defense Evasion
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1092 Communication Through Removable Media Command and Control
T1482 Domain Trust Discovery Discovery
T1574.009 Path Interception by Unquoted Path Defense Evasion, Persistence, Privilege Escalation
T1559 Inter-Process Communication Execution
T1563.002 RDP Hijacking Lateral Movement
T1547.007 Re-opened Applications Persistence, Privilege Escalation
T1574 Hijack Execution Flow Defense Evasion, Persistence, Privilege Escalation
T1218.008 Odbcconf Defense Evasion
T1052.001 Exfiltration over USB Exfiltration
T1218 System Binary Proxy Execution Defense Evasion
T1574.007 Path Interception by PATH Environment Variable Defense Evasion, Persistence, Privilege Escalation
T1195.002 Compromise Software Supply Chain Initial Access
T1047 Windows Management Instrumentation Execution
T1546.014 Emond Persistence, Privilege Escalation
T1528 Steal Application Access Token Credential Access
T1213.003 Code Repositories Collection
T1059.007 JavaScript Execution
T1559.002 Dynamic Data Exchange Execution
T1612 Build Image on Host Defense Evasion
T1574.008 Path Interception by Search Order Hijacking Defense Evasion, Persistence, Privilege Escalation
T1021.003 Distributed Component Object Model Lateral Movement
T1221 Template Injection Defense Evasion
T1021.001 Remote Desktop Protocol Lateral Movement
T1552.002 Credentials in Registry Credential Access
T1547.006 Kernel Modules and Extensions Persistence, Privilege Escalation
T1190 Exploit Public-Facing Application Initial Access
T1127 Trusted Developer Utilities Proxy Execution Defense Evasion
T1557 Adversary-in-the-Middle Collection, Credential Access
T1137 Office Application Startup Persistence
T1021.005 VNC Lateral Movement
T1053.002 At Execution, Persistence, Privilege Escalation
T1195.001 Compromise Software Dependencies and Development Tools Initial Access
T1560.001 Archive via Utility Collection
T1563.001 SSH Hijacking Lateral Movement
T1204.003 Malicious Image Execution
T1059.005 Visual Basic Execution
T1195 Supply Chain Compromise Initial Access
T1218.013 Mavinject Defense Evasion
T1560 Archive Collected Data Collection
T1542.004 ROMMONkit Defense Evasion, Persistence
T1548 Abuse Elevation Control Mechanism Defense Evasion, Privilege Escalation
T1210 Exploitation of Remote Services Lateral Movement
T1578.002 Create Cloud Instance Defense Evasion
T1218.005 Mshta Defense Evasion
T1552 Unsecured Credentials Credential Access
T1053.005 Scheduled Task Execution, Persistence, Privilege Escalation
T1046 Network Service Discovery Discovery
T1021.004 SSH Lateral Movement

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
B4.d Vulnerability Management You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.