NIST CSF: PR.DS-1 Subcategory

From NIST's Cyber Security Framework (version 1):

Data-at-rest is protected

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
SC-12: Cryptographic Key Establishment and Management
MP-8: Media Downgrading
SC-28: Protection of Information at Rest

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Handling of assets (8.2.3)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Information confidentiality (SR 4.1)
ISA/IEC 62443-3-3:2013
Software and information integrity (SR 3.4)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID	Title	Associated Tactics
T1552.002	Credentials in Registry	Credential Access
T1573.002	Asymmetric Cryptography	Command and Control
T1072	Software Deployment Tools	Execution, Lateral Movement
T1552	Unsecured Credentials	Credential Access
T1563.001	SSH Hijacking	Lateral Movement
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1573.001	Symmetric Cryptography	Command and Control
T1573	Encrypted Channel	Command and Control
T1552.001	Credentials In Files	Credential Access
T1552.004	Private Keys	Credential Access
T1003.004	LSA Secrets	Credential Access
T1599.001	Network Address Translation Traversal	Defense Evasion
T1003.003	NTDS	Credential Access
T1003.001	LSASS Memory	Credential Access
T1041	Exfiltration Over C2 Channel	Exfiltration
T1052.001	Exfiltration over USB	Exfiltration
T1005	Data from Local System	Collection
T1602.001	SNMP (MIB Dump)	Collection
T1565.003	Runtime Data Manipulation	Impact
T1213.002	Sharepoint	Collection
T1602.002	Network Device Configuration Dump	Collection
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1565	Data Manipulation	Impact
T1530	Data from Cloud Storage	Collection
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1003.007	Proc Filesystem	Credential Access
T1003.005	Cached Domain Credentials	Credential Access
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1599	Network Boundary Bridging	Defense Evasion
T1003	OS Credential Dumping	Credential Access
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1567	Exfiltration Over Web Service	Exfiltration
T1052	Exfiltration Over Physical Medium	Exfiltration
T1565.001	Stored Data Manipulation	Impact
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access
T1003.006	DCSync	Credential Access
T1078.001	Default Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1213	Data from Information Repositories	Collection
T1003.008	/etc/passwd and /etc/shadow	Credential Access
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1213.001	Confluence	Collection
T1602	Data from Configuration Repository	Collection
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1025	Data from Removable Media	Collection
T1552.003	Bash History	Credential Access

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID	Name	Description
B4.a	Secure by Design	You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.
B3.c	Stored Data	You have protected stored data important to the operation of the essential function.