NIST CSF: PR.DS-8 Subcategory
From NIST's Cyber Security Framework (version 1):
Integrity checking mechanisms are used to verify hardware integrity
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Equipment maintenance (11.2.4)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Ensure appropriate records control (4.3.4.4.4)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1505.002 | Transport Agent | Persistence |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1213.003 | Code Repositories | Collection |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1559.003 | XPC Services | Execution |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1647 | Plist File Modification | Defense Evasion |
| T1495 | Firmware Corruption | Impact |
| T1505 | Server Software Component | Persistence |
| T1564.009 | Resource Forking | Defense Evasion |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1078.001 | Default Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1601 | Modify System Image | Defense Evasion |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1601.001 | Patch System Image | Defense Evasion |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1491.001 | Internal Defacement | Impact |
| T1552.004 | Private Keys | Credential Access |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1553.005 | Mark-of-the-Web Bypass | Defense Evasion |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1037.004 | RC Scripts | Persistence, Privilege Escalation |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1491 | Defacement | Impact |
| T1059.008 | Network Device CLI | Execution |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1218.014 | MMC | Defense Evasion |
| T1119 | Automated Collection | Collection |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1114.002 | Remote Email Collection | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1176 | Browser Extensions | Persistence |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1574.006 | Dynamic Linker Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1216.001 | PubPrn | Defense Evasion |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1037.002 | Login Hook | Persistence, Privilege Escalation |
| T1547.002 | Authentication Package | Persistence, Privilege Escalation |
| T1569 | System Services | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1059.007 | JavaScript | Execution |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1221 | Template Injection | Defense Evasion |
| T1136.002 | Domain Account | Persistence |
| T1218.004 | InstallUtil | Defense Evasion |
| T1491.002 | External Defacement | Impact |
| T1569.002 | Service Execution | Execution |
| T1059.006 | Python | Execution |
| T1129 | Shared Modules | Execution |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1037.003 | Network Logon Script | Persistence, Privilege Escalation |
| T1546.013 | PowerShell Profile | Persistence, Privilege Escalation |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1080 | Taint Shared Content | Lateral Movement |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1218.005 | Mshta | Defense Evasion |
| T1546.004 | Unix Shell Configuration Modification | Persistence, Privilege Escalation |
| T1036 | Masquerading | Defense Evasion |
| T1203 | Exploitation for Client Execution | Execution |
| T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
| T1056.002 | GUI Input Capture | Collection, Credential Access |
| T1059.002 | AppleScript | Execution |
| T1552 | Unsecured Credentials | Credential Access |
| T1222.001 | Windows File and Directory Permissions Modification | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1037 | Boot or Logon Initialization Scripts | Persistence, Privilege Escalation |
| T1546.002 | Screensaver | Persistence, Privilege Escalation |
| T1070 | Indicator Removal | Defense Evasion |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1027.007 | Dynamic API Resolution | Defense Evasion |
| T1547.008 | LSASS Driver | Persistence, Privilege Escalation |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1525 | Implant Internal Image | Persistence |
| T1204.003 | Malicious Image | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1114 | Email Collection | Collection |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1114.003 | Email Forwarding Rule | Collection |
| T1114.001 | Local Email Collection | Collection |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1558.002 | Silver Ticket | Credential Access |
| T1218.013 | Mavinject | Defense Evasion |
| T1490 | Inhibit System Recovery | Impact |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1609 | Container Administration Command | Execution |
| T1530 | Data from Cloud Storage | Collection |
| T1218.012 | Verclsid | Defense Evasion |
| T1565.001 | Stored Data Manipulation | Impact |
| T1220 | XSL Script Processing | Defense Evasion |
| T1550.004 | Web Session Cookie | Defense Evasion, Lateral Movement |
| T1003.003 | NTDS | Credential Access |
| T1070.003 | Clear Command History | Defense Evasion |
| T1027.008 | Stripped Payloads | Defense Evasion |
| T1213 | Data from Information Repositories | Collection |
| T1564.004 | NTFS File Attributes | Defense Evasion |
| T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
| T1218.008 | Odbcconf | Defense Evasion |
| T1059.004 | Unix Shell | Execution |
| T1036.001 | Invalid Code Signature | Defense Evasion |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1561 | Disk Wipe | Impact |
| T1059 | Command and Scripting Interpreter | Execution |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1543.002 | Systemd Service | Persistence, Privilege Escalation |
| T1185 | Browser Session Hijacking | Collection |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1222.002 | Linux and Mac File and Directory Permissions Modification | Defense Evasion |
| T1218.002 | Control Panel | Defense Evasion |
| T1611 | Escape to Host | Privilege Escalation |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1562 | Impair Defenses | Defense Evasion |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1564.010 | Process Argument Spoofing | Defense Evasion |
| T1213.002 | Sharepoint | Collection |
| T1547.005 | Security Support Provider | Persistence, Privilege Escalation |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1218.010 | Regsvr32 | Defense Evasion |
| T1189 | Drive-by Compromise | Initial Access |
| T1053.006 | Systemd Timers | Execution, Persistence, Privilege Escalation |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1556.003 | Pluggable Authentication Modules | Credential Access, Defense Evasion, Persistence |
| T1546.008 | Accessibility Features | Persistence, Privilege Escalation |
| T1136 | Create Account | Persistence |
| T1565 | Data Manipulation | Impact |
| T1218.003 | CMSTP | Defense Evasion |
| T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
| T1561.002 | Disk Structure Wipe | Impact |
| T1485 | Data Destruction | Impact |
| T1204 | User Execution | Execution |
| T1204.002 | Malicious File | Execution |
| T1553.001 | Gatekeeper Bypass | Defense Evasion |
| T1574.012 | COR_PROFILER | Defense Evasion, Persistence, Privilege Escalation |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1546.010 | AppInit DLLs | Persistence, Privilege Escalation |
| T1070.007 | Clear Network Connection History and Configurations | Defense Evasion |
| T1047 | Windows Management Instrumentation | Execution |
| T1546.009 | AppCert DLLs | Persistence, Privilege Escalation |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1561.001 | Disk Content Wipe | Impact |
| T1027.002 | Software Packing | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1003 | OS Credential Dumping | Credential Access |
| T1564.003 | Hidden Window | Defense Evasion |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1216 | System Script Proxy Execution | Defense Evasion |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1564.006 | Run Virtual Instance | Defense Evasion |
| T1546 | Event Triggered Execution | Persistence, Privilege Escalation |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1213.001 | Confluence | Collection |
| T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1070.009 | Clear Persistence | Defense Evasion |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1027.009 | Embedded Payloads | Defense Evasion |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1602 | Data from Configuration Repository | Collection |
| T1218.011 | Rundll32 | Defense Evasion |
| T1554 | Compromise Client Software Binary | Persistence |
| T1558.003 | Kerberoasting | Credential Access |
| T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
| T1564.008 | Email Hiding Rules | Defense Evasion |
| T1136.001 | Local Account | Persistence |
| T1136.003 | Cloud Account | Persistence |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |
| B4.d | Vulnerability Management | You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function. |