NIST CSF: PR.DS-7 Subcategory
From NIST's Cyber Security Framework (version 1):
The development and testing environment(s) are separate from the production environment
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Separation of development, testing, and operational environments (12.1.4)
ISO 27001:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1564.009 | Resource Forking | Defense Evasion |
| T1552.004 | Private Keys | Credential Access |
| T1047 | Windows Management Instrumentation | Execution |
| T1221 | Template Injection | Defense Evasion |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1187 | Forced Authentication | Credential Access |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1565 | Data Manipulation | Impact |
| T1562.003 | Impair Command History Logging | Defense Evasion |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1127.001 | MSBuild | Defense Evasion |
| T1562.010 | Downgrade Attack | Defense Evasion |
| T1071.003 | Mail Protocols | Command and Control |
| T1220 | XSL Script Processing | Defense Evasion |
| T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1546.004 | Unix Shell Configuration Modification | Persistence, Privilege Escalation |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1185 | Browser Session Hijacking | Collection |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1201 | Password Policy Discovery | Discovery |
| T1070.009 | Clear Persistence | Defense Evasion |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1070.003 | Clear Command History | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1565.001 | Stored Data Manipulation | Impact |
| T1566 | Phishing | Initial Access |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1558.002 | Silver Ticket | Credential Access |
| T1119 | Automated Collection | Collection |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1569 | System Services | Execution |
| T1110.002 | Password Cracking | Credential Access |
| T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
| T1218.005 | Mshta | Defense Evasion |
| T1204.002 | Malicious File | Execution |
| T1030 | Data Transfer Size Limits | Exfiltration |
| T1104 | Multi-Stage Channels | Command and Control |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1001.001 | Junk Data | Command and Control |
| T1554 | Compromise Client Software Binary | Persistence |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B5.b | Design for Resilience | You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. |
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |