NIST CSF: PR.DS-5 Subcategory
From NIST's Cyber Security Framework (version 1):
Protections against data leaks are implemented
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Handling of assets (8.2.3)
ISO 27001:2013 -
Termination or change of employment responsibilities (7.3.1)
ISO 27001:2013 -
Network controls (13.1.1)
ISO 27001:2013 -
Electronic messaging (13.2.3)
ISO 27001:2013 -
Protecting application services transactions (14.1.3)
ISO 27001:2013 -
Securing application services on public networks (14.1.2)
ISO 27001:2013 -
Confidentiality or non-disclosure agreement (13.2.4)
ISO 27001:2013 -
Policy on the use of cryptographic controls (10.1.1)
ISO 27001:2013 -
Working in secure areas (11.1.5)
ISO 27001:2013 -
Management of privileged access rights (9.2.3)
ISO 27001:2013 -
Protecting against external and environmental threats (11.1.4)
ISO 27001:2013 -
Information access restriction (9.4.1)
ISO 27001:2013 -
Access control policy (9.1.1)
ISO 27001:2013 -
Access to networks and network services (9.1.2)
ISO 27001:2013 -
Access control to program source code (9.4.5)
ISO 27001:2013 -
Use of privileged utility programs (9.4.4)
ISO 27001:2013 -
Segregation of duties (6.1.2)
ISO 27001:2013 -
Screening (7.1.1)
ISO 27001:2013 -
Information transfer policies and procedures (13.2.1)
ISO 27001:2013 -
Terms and conditions of employment (7.1.2)
ISO 27001:2013 -
Segregation in networks (13.1.3)
ISO 27001:2013 -
Equipment siting and protection (11.2.1)
ISO 27001:2013 -
Labelling of information (8.2.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Zone boundary protection (SR 5.2)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1071.001 | Web Protocols | Command and Control |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1071 | Application Layer Protocol | Command and Control |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1071.004 | DNS | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1021 | Remote Services | Lateral Movement |
| T1136 | Create Account | Persistence |
| T1110.002 | Password Cracking | Credential Access |
| T1134.003 | Make and Impersonate Token | Defense Evasion, Privilege Escalation |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1003.007 | Proc Filesystem | Credential Access |
| T1552.007 | Container API | Credential Access |
| T1558.001 | Golden Ticket | Credential Access |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1134 | Access Token Manipulation | Defense Evasion, Privilege Escalation |
| T1543.003 | Windows Service | Persistence, Privilege Escalation |
| T1562 | Impair Defenses | Defense Evasion |
| T1559.001 | Component Object Model | Execution |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1136.003 | Cloud Account | Persistence |
| T1505.002 | Transport Agent | Persistence |
| T1059.008 | Network Device CLI | Execution |
| T1136.002 | Domain Account | Persistence |
| T1003.002 | Security Account Manager | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1110.004 | Credential Stuffing | Credential Access |
| T1003.004 | LSA Secrets | Credential Access |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1134.002 | Create Process with Token | Defense Evasion, Privilege Escalation |
| T1569.001 | Launchctl | Execution |
| T1489 | Service Stop | Impact |
| T1601 | Modify System Image | Defense Evasion |
| T1552 | Unsecured Credentials | Credential Access |
| T1087.004 | Cloud Account | Discovery |
| T1213.002 | Sharepoint | Collection |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1110.003 | Password Spraying | Credential Access |
| T1056.003 | Web Portal Capture | Collection, Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1505 | Server Software Component | Persistence |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
| B4.c | Secure Management | You manage your organisation's network and information systems that support the operation of essential functions to enable and maintain security. |
| B3.a | Understanding Data | You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions. |
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |
| B5.b | Design for Resilience | You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. |
| B3.c | Stored Data | You have protected stored data important to the operation of the essential function. |
| B2.d | Identity and Access Management (IdAM) | You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function. |
| B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |
| B2.c | Privileged User Management | You closely manage privileged user access to networks and information systems supporting the essential function. |