NIST CSF: PR.IP-2 Subcategory
From NIST's Cyber Security Framework (version 1):
A System Development Life Cycle to manage systems is implemented
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Information security in project management (6.1.5)
ISO 27001:2013 -
Information security requirements analysis and specification (14.1.1)
ISO 27001:2013 -
Secure system engineering principles (14.2.5)
ISO 27001:2013 -
Secure development policy (14.2.1)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Assess all the risks of changing the IACS (4.3.4.3.3)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1647 | Plist File Modification | Defense Evasion |
| T1025 | Data from Removable Media | Collection |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1559.003 | XPC Services | Execution |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1005 | Data from Local System | Collection |
| T1213.003 | Code Repositories | Collection |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1078.001 | Default Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1482 | Domain Trust Discovery | Discovery |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1505.002 | Transport Agent | Persistence |
| T1505 | Server Software Component | Persistence |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1546.003 | Windows Management Instrumentation Event Subscription | Persistence, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1495 | Firmware Corruption | Impact |
| T1564.009 | Resource Forking | Defense Evasion |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1601 | Modify System Image | Defense Evasion |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1601.001 | Patch System Image | Defense Evasion |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1552 | Unsecured Credentials | Credential Access |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1552.001 | Credentials In Files | Credential Access |
| T1552.004 | Private Keys | Credential Access |
| T1612 | Build Image on Host | Defense Evasion |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1528 | Steal Application Access Token | Credential Access |
| T1552.002 | Credentials in Registry | Credential Access |
| T1114 | Email Collection | Collection |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1114.002 | Remote Email Collection | Collection |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1558.003 | Kerberoasting | Credential Access |
| T1565.001 | Stored Data Manipulation | Impact |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1003.003 | NTDS | Credential Access |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1070 | Indicator Removal | Defense Evasion |
| T1530 | Data from Cloud Storage | Collection |
| T1003 | OS Credential Dumping | Credential Access |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1114.001 | Local Email Collection | Collection |
| T1114.003 | Email Forwarding Rule | Collection |
| T1119 | Automated Collection | Collection |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1602 | Data from Configuration Repository | Collection |
| T1565 | Data Manipulation | Impact |
| T1558.002 | Silver Ticket | Credential Access |
| T1059 | Command and Scripting Interpreter | Execution |
| T1218.013 | Mavinject | Defense Evasion |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1218.004 | InstallUtil | Defense Evasion |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
| T1611 | Escape to Host | Privilege Escalation |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1059.008 | Network Device CLI | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1218.014 | MMC | Defense Evasion |
| T1059.006 | Python | Execution |
| T1003.001 | LSASS Memory | Credential Access |
| T1218.012 | Verclsid | Defense Evasion |
| T1059.004 | Unix Shell | Execution |
| T1218.005 | Mshta | Defense Evasion |
| T1218.003 | CMSTP | Defense Evasion |
| T1218.002 | Control Panel | Defense Evasion |
| T1047 | Windows Management Instrumentation | Execution |
| T1059.001 | PowerShell | Execution |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1218.008 | Odbcconf | Defense Evasion |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1059.007 | JavaScript | Execution |
| T1059.002 | AppleScript | Execution |
| T1543.002 | Systemd Service | Persistence, Privilege Escalation |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A2.a | Risk Management Process | Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities. |
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |