NIST CSF: ID.AM-4 Subcategory
From NIST's Cyber Security Framework (version 1):
External information systems are catalogued
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Security of equipment and assets off-premises (11.2.6)
ISO 27001:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1021.004 | SSH | Lateral Movement |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.003 | Password Spraying | Credential Access |
| T1136.002 | Domain Account | Persistence |
| T1602 | Data from Configuration Repository | Collection |
| T1114.003 | Email Forwarding Rule | Collection |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1552 | Unsecured Credentials | Credential Access |
| T1583.007 | Serverless | Resource Development |
| T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1530 | Data from Cloud Storage | Collection |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1505.005 | Terminal Services DLL | Persistence |
| T1110.002 | Password Cracking | Credential Access |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1584.007 | Serverless | Resource Development |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1110.004 | Credential Stuffing | Credential Access |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1110 | Brute Force | Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1565 | Data Manipulation | Impact |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1021 | Remote Services | Lateral Movement |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1136.003 | Cloud Account | Persistence |
| T1565.001 | Stored Data Manipulation | Impact |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.001 | Password Guessing | Credential Access |
| T1119 | Automated Collection | Collection |
| T1200 | Hardware Additions | Initial Access |
| T1114.002 | Remote Email Collection | Collection |
| T1114 | Email Collection | Collection |
| T1136.001 | Local Account | Persistence |
| T1136 | Create Account | Persistence |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1556.003 | Pluggable Authentication Modules | Credential Access, Defense Evasion, Persistence |
| T1552.004 | Private Keys | Credential Access |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1114.001 | Local Email Collection | Collection |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1602.001 | SNMP (MIB Dump) | Collection |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B3.a | Understanding Data | You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions. |
| B3.d | Mobile Data | You have protected data important to the operation of the essential function on mobile devices. |
| B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |