NIST CSF: PR.PT-3 Subcategory

From NIST's Cyber Security Framework (version 1):

The principle of least functionality is incorporated by configuring systems to provide only essential capabilities

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
CM-7: Least Functionality
AC-3: Access Enforcement

Showing 1 to 2 of 2 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Access to networks and network services (9.1.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Develop a policy for remote login and connections (4.3.3.6.6)
ISA/IEC 62443-2-1:2009
Access via untrusted networks (SR 1.13)
ISA/IEC 62443-3-3:2013
Strength of password-based authentication (SR 1.7)
ISA/IEC 62443-3-3:2013
Establish appropriate logical and physical permission methods to access IACS devices (4.3.3.7.2)
ISA/IEC 62443-2-1:2009
Public key infrastructure (PKI) certificates (SR 1.8)
ISA/IEC 62443-3-3:2013
Control access to information or systems via role-based access accounts (4.3.3.7.3)
ISA/IEC 62443-2-1:2009
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013
Require re-authentication after remote system inactivity (4.3.3.6.8)
ISA/IEC 62443-2-1:2009
Develop an authentication strategy (4.3.3.6.1)
ISA/IEC 62443-2-1:2009
Authorization enforcement (SR 2.1)
ISA/IEC 62443-3-3:2013
Strength of public key authentication (SR 1.9)
ISA/IEC 62443-3-3:2013
Account management (SR 1.3)
ISA/IEC 62443-3-3:2013
Authenticate all users before system use (4.3.3.6.2)
ISA/IEC 62443-2-1:2009
Identifier management (SR 1.4)
ISA/IEC 62443-3-3:2013
Human User Identification and Authentication (SR 1.1)
ISA/IEC 62443-3-3:2013
Remote session termination (SR 2.6)
ISA/IEC 62443-3-3:2013
Require strong authentication methods for system administration and application configuration (4.3.3.6.3)
ISA/IEC 62443-2-1:2009
Authenticator feedback (SR 1.10)
ISA/IEC 62443-3-3:2013
Session lock (SR 2.5)
ISA/IEC 62443-3-3:2013
Concurrent session control (SR 2.7)
ISA/IEC 62443-3-3:2013
Employ authentication for task-to task communication (4.3.3.6.9)
ISA/IEC 62443-2-1:2009
Use control for portable and mobile devices (SR 2.3)
ISA/IEC 62443-3-3:2013
Mobile code (SR 2.4)
ISA/IEC 62443-3-3:2013
Employ multiple authorization methods for critical IACS (4.3.3.7.4)
ISA/IEC 62443-2-1:2009
Wireless access management (SR 1.6)
ISA/IEC 62443-3-3:2013
Define an authorization security policy (4.3.3.7.1)
ISA/IEC 62443-2-1:2009
Unsuccessful login attempts (SR 1.11)
ISA/IEC 62443-3-3:2013
Change default passwords (4.3.3.5.7)
ISA/IEC 62443-2-1:2009
Review account permissions (4.3.3.5.6)
ISA/IEC 62443-2-1:2009
Identify individuals (4.3.3.5.2)
ISA/IEC 62443-2-1:2009
System use notification (SR 1.12)
ISA/IEC 62443-3-3:2013
Software process and device identification and authentication (SR 1.2)
ISA/IEC 62443-3-3:2013
Suspend or remove unneeded accounts (4.3.3.5.5)
ISA/IEC 62443-2-1:2009
Authenticate all remote users at the appropriate level (4.3.3.6.5)
ISA/IEC 62443-2-1:2009
Disable access account after failed remote login attempts (4.3.3.6.7)
ISA/IEC 62443-2-1:2009
Wireless use control (SR 2.2)
ISA/IEC 62443-3-3:2013
Audit account administration (4.3.3.5.8)
ISA/IEC 62443-2-1:2009
Log and review all access attempts to critical systems (4.3.3.6.4)
ISA/IEC 62443-2-1:2009
Authorize account access (4.3.3.5.3)
ISA/IEC 62443-2-1:2009
Access accounts implement authorization security policy (4.3.3.5.1)
ISA/IEC 62443-2-1:2009
Record access accounts (4.3.3.5.4)
ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1552.003	Bash History	Credential Access
T1071.004	DNS	Command and Control
T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Exfiltration
T1133	External Remote Services	Initial Access, Persistence
T1136.002	Domain Account	Persistence
T1213.001	Confluence	Collection
T1218.004	InstallUtil	Defense Evasion
T1498	Network Denial of Service	Impact
T1553.004	Install Root Certificate	Defense Evasion
T1036.007	Double File Extension	Defense Evasion
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1559.002	Dynamic Data Exchange	Execution
T1003.002	Security Account Manager	Credential Access
T1552.007	Container API	Credential Access
T1562.006	Indicator Blocking	Defense Evasion
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1218.008	Odbcconf	Defense Evasion
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1559	Inter-Process Communication	Execution
T1187	Forced Authentication	Credential Access
T1610	Deploy Container	Defense Evasion, Execution
T1036	Masquerading	Defense Evasion
T1011.001	Exfiltration Over Bluetooth	Exfiltration
T1047	Windows Management Instrumentation	Execution
T1574	Hijack Execution Flow	Defense Evasion, Persistence, Privilege Escalation
T1098.001	Additional Cloud Credentials	Persistence, Privilege Escalation
T1003	OS Credential Dumping	Credential Access
T1071	Application Layer Protocol	Command and Control
T1218.012	Verclsid	Defense Evasion
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1553.001	Gatekeeper Bypass	Defense Evasion
T1195	Supply Chain Compromise	Initial Access
T1197	BITS Jobs	Defense Evasion, Persistence
T1095	Non-Application Layer Protocol	Command and Control
T1482	Domain Trust Discovery	Discovery
T1059.005	Visual Basic	Execution
T1602.002	Network Device Configuration Dump	Collection
T1104	Multi-Stage Channels	Command and Control
T1098	Account Manipulation	Persistence, Privilege Escalation
T1498.002	Reflection Amplification	Impact
T1562.003	Impair Command History Logging	Defense Evasion
T1071.003	Mail Protocols	Command and Control
T1106	Native API	Execution
T1136	Create Account	Persistence
T1612	Build Image on Host	Defense Evasion
T1564.002	Hidden Users	Defense Evasion
T1563.001	SSH Hijacking	Lateral Movement
T1102.001	Dead Drop Resolver	Command and Control
T1530	Data from Cloud Storage	Collection
T1543	Create or Modify System Process	Persistence, Privilege Escalation

Showing 1 to 50 of 327 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B2.b	Device Management	You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.
B2.a	Identity Verification, Authentication and Authorisation	You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
B2.d	Identity and Access Management (IdAM)	You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.

Showing 1 to 4 of 4 entries

NIST CSF: PR.PT-3 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Access to networks and network services (9.1.2)

Related ISA/IEC 62443 Controls

Develop a policy for remote login and connections (4.3.3.6.6)

Access via untrusted networks (SR 1.13)

Strength of password-based authentication (SR 1.7)

Establish appropriate logical and physical permission methods to access IACS devices (4.3.3.7.2)

Public key infrastructure (PKI) certificates (SR 1.8)

Control access to information or systems via role-based access accounts (4.3.3.7.3)

Authenticator management (SR 1.5)

Require re-authentication after remote system inactivity (4.3.3.6.8)

Develop an authentication strategy (4.3.3.6.1)

Authorization enforcement (SR 2.1)

Strength of public key authentication (SR 1.9)

Account management (SR 1.3)

Authenticate all users before system use (4.3.3.6.2)

Identifier management (SR 1.4)

Human User Identification and Authentication (SR 1.1)

Remote session termination (SR 2.6)

Require strong authentication methods for system administration and application configuration (4.3.3.6.3)

Authenticator feedback (SR 1.10)

Session lock (SR 2.5)

Concurrent session control (SR 2.7)

Employ authentication for task-to task communication (4.3.3.6.9)

Use control for portable and mobile devices (SR 2.3)

Mobile code (SR 2.4)

Employ multiple authorization methods for critical IACS (4.3.3.7.4)

Wireless access management (SR 1.6)

Define an authorization security policy (4.3.3.7.1)

Unsuccessful login attempts (SR 1.11)

Change default passwords (4.3.3.5.7)

Review account permissions (4.3.3.5.6)

Identify individuals (4.3.3.5.2)

System use notification (SR 1.12)

Software process and device identification and authentication (SR 1.2)

Suspend or remove unneeded accounts (4.3.3.5.5)

Authenticate all remote users at the appropriate level (4.3.3.6.5)

Disable access account after failed remote login attempts (4.3.3.6.7)

Wireless use control (SR 2.2)

Audit account administration (4.3.3.5.8)

Log and review all access attempts to critical systems (4.3.3.6.4)

Authorize account access (4.3.3.5.3)

Access accounts implement authorization security policy (4.3.3.5.1)

Record access accounts (4.3.3.5.4)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF