NIST CSF: PR.DS-6 Subcategory
From NIST's Cyber Security Framework (version 1):
Integrity checking mechanisms are used to verify software, firmware, and information integrity
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Protecting application services transactions (14.1.3)
ISO 27001:2013 -
Installation of software on operational systems (12.5.1)
ISO 27001:2013 -
Controls against malware (12.2.1)
ISO 27001:2013 -
Restrictions on changes to software packages (14.2.4)
ISO 27001:2013 -
Securing application services on public networks (14.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013 -
Software and information integrity (SR 3.4)
ISA/IEC 62443-3-3:2013 -
Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013 -
Security functionality verification (SR 3.3)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1573 | Encrypted Channel | Command and Control |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1505 | Server Software Component | Persistence |
| T1505.002 | Transport Agent | Persistence |
| T1573.001 | Symmetric Cryptography | Command and Control |
| T1491.001 | Internal Defacement | Impact |
| T1552.004 | Private Keys | Credential Access |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1553.005 | Mark-of-the-Web Bypass | Defense Evasion |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1037.004 | RC Scripts | Persistence, Privilege Escalation |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1491 | Defacement | Impact |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1059.008 | Network Device CLI | Execution |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1218.014 | MMC | Defense Evasion |
| T1119 | Automated Collection | Collection |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1114.002 | Remote Email Collection | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1176 | Browser Extensions | Persistence |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1574.006 | Dynamic Linker Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1216.001 | PubPrn | Defense Evasion |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1037.002 | Login Hook | Persistence, Privilege Escalation |
| T1495 | Firmware Corruption | Impact |
| T1547.002 | Authentication Package | Persistence, Privilege Escalation |
| T1569 | System Services | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1059.007 | JavaScript | Execution |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1221 | Template Injection | Defense Evasion |
| T1136.002 | Domain Account | Persistence |
| T1218.004 | InstallUtil | Defense Evasion |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B4.d | Vulnerability Management | You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function. |
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |
| C1.a | Monitoring Coverage | The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function. |
| B4.c | Secure Management | You manage your organisation's network and information systems that support the operation of essential functions to enable and maintain security. |