NIST CSF: PR.IP-7 Subcategory
From NIST's Cyber Security Framework (version 1):
Protection processes are improved
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Learning from information security incidents (16.1.6)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Monitor and evaluate industry CSMS strategies (4.4.3.6)
ISA/IEC 62443-2-1:2009 -
Assign an organization to manage and implement changes to the CSMS (4.4.3.1)
ISA/IEC 62443-2-1:2009 -
Identify and implement corrective and preventive actions (4.4.3.4)
ISA/IEC 62443-2-1:2009 -
Monitor and evaluate applicable legislation relevant to cyber security (4.4.3.7)
ISA/IEC 62443-2-1:2009 -
Establish triggers to evaluate CSMS (4.4.3.3)
ISA/IEC 62443-2-1:2009 -
Request and report employee feedback on security suggestions (4.4.3.8)
ISA/IEC 62443-2-1:2009 -
Review risk tolerance (4.4.3.5)
ISA/IEC 62443-2-1:2009 -
Evaluate the CSMS periodically (4.4.3.2)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1561 | Disk Wipe | Impact |
| T1561.001 | Disk Content Wipe | Impact |
| T1486 | Data Encrypted for Impact | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1485 | Data Destruction | Impact |
| T1561.002 | Disk Structure Wipe | Impact |
| T1491.002 | External Defacement | Impact |
| T1491 | Defacement | Impact |
| T1195 | Supply Chain Compromise | Initial Access |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1195.001 | Compromise Software Dependencies and Development Tools | Initial Access |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1195.002 | Compromise Software Supply Chain | Initial Access |
| T1552.001 | Credentials In Files | Credential Access |
| T1090.001 | Internal Proxy | Command and Control |
| T1036.003 | Rename System Utilities | Defense Evasion |
| T1552 | Unsecured Credentials | Credential Access |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1528 | Steal Application Access Token | Credential Access |
| T1218.011 | Rundll32 | Defense Evasion |
| T1059.007 | JavaScript | Execution |
| T1071.004 | DNS | Command and Control |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1564.004 | NTFS File Attributes | Defense Evasion |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1499.001 | OS Exhaustion Flood | Impact |
| T1569 | System Services | Execution |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1189 | Drive-by Compromise | Initial Access |
| T1546.013 | PowerShell Profile | Persistence, Privilege Escalation |
| T1008 | Fallback Channels | Command and Control |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1571 | Non-Standard Port | Command and Control |
| T1001.001 | Junk Data | Command and Control |
| T1003.006 | DCSync | Credential Access |
| T1218.012 | Verclsid | Defense Evasion |
| T1201 | Password Policy Discovery | Discovery |
| T1003.002 | Security Account Manager | Credential Access |
| T1222.002 | Linux and Mac File and Directory Permissions Modification | Defense Evasion |
| T1110.003 | Password Spraying | Credential Access |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1555 | Credentials from Password Stores | Credential Access |
| T1205.001 | Port Knocking | Command and Control, Defense Evasion, Persistence |
| T1499 | Endpoint Denial of Service | Impact |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| D2.b | Using Incidents to Drive Improvements | Your organisation uses lessons learned from incidents to improve your security measures. |
| B1.a | Policy and Process Development | You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function. |