NIST CSF: PR.IP-8 Subcategory
From NIST's Cyber Security Framework (version 1):
Effectiveness of protection technologies is shared
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Learning from information security incidents (16.1.6)
ISO 27001:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1137.001 | Office Template Macros | Persistence |
| T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1602 | Data from Configuration Repository | Collection |
| T1036.001 | Invalid Code Signature | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1555.005 | Password Managers | Credential Access |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1003.004 | LSA Secrets | Credential Access |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1218.013 | Mavinject | Defense Evasion |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1059.006 | Python | Execution |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1056.002 | GUI Input Capture | Collection, Credential Access |
| T1110.003 | Password Spraying | Credential Access |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1029 | Scheduled Transfer | Exfiltration |
| T1055.014 | VDSO Hijacking | Defense Evasion, Privilege Escalation |
| T1059.002 | AppleScript | Execution |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1569 | System Services | Execution |
| T1552.004 | Private Keys | Credential Access |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1578.001 | Create Snapshot | Defense Evasion |
| T1565 | Data Manipulation | Impact |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1055.001 | Dynamic-link Library Injection | Defense Evasion, Privilege Escalation |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1135 | Network Share Discovery | Discovery |
| T1564.002 | Hidden Users | Defense Evasion |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1547.012 | Print Processors | Persistence, Privilege Escalation |
| T1499.003 | Application Exhaustion Flood | Impact |
| T1555 | Credentials from Password Stores | Credential Access |
| T1055.004 | Asynchronous Procedure Call | Defense Evasion, Privilege Escalation |
| T1213 | Data from Information Repositories | Collection |
| T1114.003 | Email Forwarding Rule | Collection |
| T1070 | Indicator Removal | Defense Evasion |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B1.b | Policy and Process Implementation | You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved. |
| C1.d | Identifying Security Incidents | You contextualise alerts with knowledge of the threat and your systems, to identify those security incidents that require some form of response. |
| D2.b | Using Incidents to Drive Improvements | Your organisation uses lessons learned from incidents to improve your security measures. |