NIST CSF: PR.PT-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Communications and control networks are protected
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Network controls (13.1.1)
ISO 27001:2013 -
Information transfer policies and procedures (13.2.1)
ISO 27001:2013 -
Protecting application services transactions (14.1.3)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Use of cryptography (SR 4.3)
ISA/IEC 62443-3-3:2013 -
Network and security configuration settings (SR 7.6)
ISA/IEC 62443-3-3:2013 -
Denial of service protection (SR 7.1)
ISA/IEC 62443-3-3:2013 -
Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013 -
Zone boundary protection (SR 5.2)
ISA/IEC 62443-3-3:2013 -
Information confidentiality (SR 4.1)
ISA/IEC 62443-3-3:2013 -
General purpose person-to-person communication restrictions (SR 5.3)
ISA/IEC 62443-3-3:2013 -
Communication integrity (SR 3.1)
ISA/IEC 62443-3-3:2013 -
Input validation (SR 3.5)
ISA/IEC 62443-3-3:2013 -
Network segmentation (SR 5.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1071.004 | DNS | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1071.001 | Web Protocols | Command and Control |
| T1071 | Application Layer Protocol | Command and Control |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1565 | Data Manipulation | Impact |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1070 | Indicator Removal | Defense Evasion |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1119 | Automated Collection | Collection |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1565.001 | Stored Data Manipulation | Impact |
| T1090 | Proxy | Command and Control |
| T1132 | Data Encoding | Command and Control |
| T1029 | Scheduled Transfer | Exfiltration |
| T1573 | Encrypted Channel | Command and Control |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1136.002 | Domain Account | Persistence |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1204.003 | Malicious Image | Execution |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1102.002 | Bidirectional Communication | Command and Control |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1566 | Phishing | Initial Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1499.004 | Application or System Exploitation | Impact |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1205.002 | Socket Filters | Command and Control, Defense Evasion, Persistence |
| T1136.003 | Cloud Account | Persistence |
| T1001.003 | Protocol Impersonation | Command and Control |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1609 | Container Administration Command | Execution |
| T1204.001 | Malicious Link | Execution |
| T1030 | Data Transfer Size Limits | Exfiltration |
| T1559.001 | Component Object Model | Execution |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1104 | Multi-Stage Channels | Command and Control |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1499 | Endpoint Denial of Service | Impact |
| T1114.003 | Email Forwarding Rule | Collection |
| T1090.002 | External Proxy | Command and Control |
| T1498 | Network Denial of Service | Impact |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |
| B4.c | Secure Management | You manage your organisation's network and information systems that support the operation of essential functions to enable and maintain security. |
| B4.d | Vulnerability Management | You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function. |
| B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
| B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |