NIST CSF: PR.IP-12 Subcategory

From NIST's Cyber Security Framework (version 1):

A vulnerability management plan is developed and implemented

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
RA-5: Vulnerability Monitoring and Scanning
RA-3: Risk Assessment
SI-2: Flaw Remediation

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Management of technical vulnerabilities (12.6.1)
    ISO 27001:2013
  • Technical compliance review (18.2.3)
    ISO 27001:2013
  • Technical review of applications after operating platform changes (14.2.3)
    ISO 27001:2013
  • Compliance with security policies and standards (18.2.2)
    ISO 27001:2013
  • Reporting information security weaknesses (16.1.3)
    ISO 27001:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1213 Data from Information Repositories Collection
T1133 External Remote Services Initial Access, Persistence
T1098.004 SSH Authorized Keys Persistence, Privilege Escalation
T1052 Exfiltration Over Physical Medium Exfiltration
T1546.002 Screensaver Persistence, Privilege Escalation
T1137.001 Office Template Macros Persistence
T1505.003 Web Shell Persistence
T1525 Implant Internal Image Persistence
T1218.009 Regsvcs/Regasm Defense Evasion
T1505 Server Software Component Persistence
T1053 Scheduled Task/Job Execution, Persistence, Privilege Escalation
T1059.001 PowerShell Execution
T1552.006 Group Policy Preferences Credential Access
T1011.001 Exfiltration Over Bluetooth Exfiltration
T1574.010 Services File Permissions Weakness Defense Evasion, Persistence, Privilege Escalation
T1548.002 Bypass User Account Control Defense Evasion, Privilege Escalation
T1053.003 Cron Execution, Persistence, Privilege Escalation
T1127.001 MSBuild Defense Evasion
T1552.004 Private Keys Credential Access
T1505.004 IIS Components Persistence
T1021.006 Windows Remote Management Lateral Movement
T1548.003 Sudo and Sudo Caching Defense Evasion, Privilege Escalation
T1552.001 Credentials In Files Credential Access
T1574.001 DLL Search Order Hijacking Defense Evasion, Persistence, Privilege Escalation
T1213.002 Sharepoint Collection
T1574.005 Executable Installer File Permissions Weakness Defense Evasion, Persistence, Privilege Escalation
T1218.014 MMC Defense Evasion
T1211 Exploitation for Defense Evasion Defense Evasion
T1574.004 Dylib Hijacking Defense Evasion, Persistence, Privilege Escalation
T1530 Data from Cloud Storage Collection
T1562 Impair Defenses Defense Evasion
T1505.001 SQL Stored Procedures Persistence
T1542.005 TFTP Boot Defense Evasion, Persistence
T1558.004 AS-REP Roasting Credential Access
T1578.003 Delete Cloud Instance Defense Evasion
T1218.012 Verclsid Defense Evasion
T1578 Modify Cloud Compute Infrastructure Defense Evasion
T1563 Remote Service Session Hijacking Lateral Movement
T1543 Create or Modify System Process Persistence, Privilege Escalation
T1505.005 Terminal Services DLL Persistence
T1213.001 Confluence Collection
T1505.002 Transport Agent Persistence
T1176 Browser Extensions Persistence
T1091 Replication Through Removable Media Initial Access, Lateral Movement
T1547.008 LSASS Driver Persistence, Privilege Escalation
T1212 Exploitation for Credential Access Credential Access
T1484 Domain Policy Modification Defense Evasion, Privilege Escalation
T1218.003 CMSTP Defense Evasion
T1059 Command and Scripting Interpreter Execution
T1562.010 Downgrade Attack Defense Evasion
T1578.001 Create Snapshot Defense Evasion
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1218.004 InstallUtil Defense Evasion
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1092 Communication Through Removable Media Command and Control
T1482 Domain Trust Discovery Discovery
T1574.009 Path Interception by Unquoted Path Defense Evasion, Persistence, Privilege Escalation
T1559 Inter-Process Communication Execution
T1563.002 RDP Hijacking Lateral Movement
T1547.007 Re-opened Applications Persistence, Privilege Escalation
T1574 Hijack Execution Flow Defense Evasion, Persistence, Privilege Escalation
T1218.008 Odbcconf Defense Evasion
T1052.001 Exfiltration over USB Exfiltration
T1218 System Binary Proxy Execution Defense Evasion
T1574.007 Path Interception by PATH Environment Variable Defense Evasion, Persistence, Privilege Escalation
T1195.002 Compromise Software Supply Chain Initial Access
T1047 Windows Management Instrumentation Execution
T1546.014 Emond Persistence, Privilege Escalation
T1528 Steal Application Access Token Credential Access
T1213.003 Code Repositories Collection
T1059.007 JavaScript Execution
T1559.002 Dynamic Data Exchange Execution
T1612 Build Image on Host Defense Evasion
T1574.008 Path Interception by Search Order Hijacking Defense Evasion, Persistence, Privilege Escalation
T1021.003 Distributed Component Object Model Lateral Movement
T1221 Template Injection Defense Evasion
T1021.001 Remote Desktop Protocol Lateral Movement
T1552.002 Credentials in Registry Credential Access
T1547.006 Kernel Modules and Extensions Persistence, Privilege Escalation
T1190 Exploit Public-Facing Application Initial Access
T1127 Trusted Developer Utilities Proxy Execution Defense Evasion
T1557 Adversary-in-the-Middle Collection, Credential Access
T1137 Office Application Startup Persistence
T1021.005 VNC Lateral Movement
T1053.002 At Execution, Persistence, Privilege Escalation
T1195.001 Compromise Software Dependencies and Development Tools Initial Access
T1560.001 Archive via Utility Collection
T1563.001 SSH Hijacking Lateral Movement
T1204.003 Malicious Image Execution
T1059.005 Visual Basic Execution
T1195 Supply Chain Compromise Initial Access
T1218.013 Mavinject Defense Evasion
T1560 Archive Collected Data Collection
T1542.004 ROMMONkit Defense Evasion, Persistence
T1548 Abuse Elevation Control Mechanism Defense Evasion, Privilege Escalation
T1210 Exploitation of Remote Services Lateral Movement
T1578.002 Create Cloud Instance Defense Evasion
T1218.005 Mshta Defense Evasion
T1552 Unsecured Credentials Credential Access
T1053.005 Scheduled Task Execution, Persistence, Privilege Escalation
T1046 Network Service Discovery Discovery
T1021.004 SSH Lateral Movement
T1546.011 Application Shimming Persistence, Privilege Escalation
T1555.005 Password Managers Credential Access
T1055.005 Thread Local Storage Defense Evasion, Privilege Escalation
T1601.002 Downgrade System Image Defense Evasion
T1027 Obfuscated Files or Information Defense Evasion
T1550.002 Pass the Hash Defense Evasion, Lateral Movement
T1542.003 Bootkit Defense Evasion, Persistence
T1601 Modify System Image Defense Evasion
T1106 Native API Execution
T1553.006 Code Signing Policy Modification Defense Evasion
T1553 Subvert Trust Controls Defense Evasion
T1055.012 Process Hollowing Defense Evasion, Privilege Escalation
T1055.013 Process Doppelgänging Defense Evasion, Privilege Escalation
T1566.001 Spearphishing Attachment Initial Access
T1027.008 Stripped Payloads Defense Evasion
T1055.003 Thread Execution Hijacking Defense Evasion, Privilege Escalation
T1027.007 Dynamic API Resolution Defense Evasion
T1204.001 Malicious Link Execution
T1574.013 KernelCallbackTable Defense Evasion, Persistence, Privilege Escalation
T1027.002 Software Packing Defense Evasion
T1542.001 System Firmware Defense Evasion, Persistence
T1003.001 LSASS Memory Credential Access
T1611 Escape to Host Privilege Escalation
T1055.008 Ptrace System Calls Defense Evasion, Privilege Escalation
T1189 Drive-by Compromise Initial Access
T1003 OS Credential Dumping Credential Access
T1195.003 Compromise Hardware Supply Chain Initial Access
T1542 Pre-OS Boot Defense Evasion, Persistence
T1495 Firmware Corruption Impact
T1055.004 Asynchronous Procedure Call Defense Evasion, Privilege Escalation
T1546.006 LC_LOAD_DYLIB Addition Persistence, Privilege Escalation
T1606 Forge Web Credentials Credential Access
T1574.002 DLL Side-Loading Defense Evasion, Persistence, Privilege Escalation
T1055.011 Extra Window Memory Injection Defense Evasion, Privilege Escalation
T1606.001 Web Cookies Credential Access
T1055.014 VDSO Hijacking Defense Evasion, Privilege Escalation
T1059.006 Python Execution
T1072 Software Deployment Tools Execution, Lateral Movement
T1546.010 AppInit DLLs Persistence, Privilege Escalation
T1566.003 Spearphishing via Service Initial Access
T1055 Process Injection Defense Evasion, Privilege Escalation
T1546.016 Installer Packages Persistence, Privilege Escalation
T1566 Phishing Initial Access
T1137.005 Outlook Rules Persistence
T1204 User Execution Execution
T1601.001 Patch System Image Defense Evasion
T1137.004 Outlook Home Page Persistence
T1137.003 Outlook Forms Persistence
T1055.001 Dynamic-link Library Injection Defense Evasion, Privilege Escalation
T1055.009 Proc Memory Defense Evasion, Privilege Escalation
T1027.009 Embedded Payloads Defense Evasion
T1055.002 Portable Executable Injection Defense Evasion, Privilege Escalation

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
B4.d Vulnerability Management You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.
A2.b Assurance You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.
B4.b Secure Configuration You securely configure the network and information systems that support the operation of essential functions.