SI-2: Flaw Remediation
From NIST's SP800-53:
a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1059.005 | Visual Basic | Execution |
| T1546.011 | Application Shimming | Persistence, Privilege Escalation |
| T1555.005 | Password Managers | Credential Access |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1221 | Template Injection | Defense Evasion |
| T1055.005 | Thread Local Storage | Defense Evasion, Privilege Escalation |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1550.002 | Pass the Hash | Defense Evasion, Lateral Movement |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1601 | Modify System Image | Defense Evasion |
| T1106 | Native API | Execution |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1055.012 | Process Hollowing | Defense Evasion, Privilege Escalation |
| T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1055.013 | Process Doppelgänging | Defense Evasion, Privilege Escalation |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1027.008 | Stripped Payloads | Defense Evasion |
| T1195 | Supply Chain Compromise | Initial Access |
| T1059.001 | PowerShell | Execution |
| T1055.003 | Thread Execution Hijacking | Defense Evasion, Privilege Escalation |
| T1027.007 | Dynamic API Resolution | Defense Evasion |
| T1204.001 | Malicious Link | Execution |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1027.002 | Software Packing | Defense Evasion |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1003.001 | LSASS Memory | Credential Access |
| T1611 | Escape to Host | Privilege Escalation |
| T1055.008 | Ptrace System Calls | Defense Evasion, Privilege Escalation |
| T1559 | Inter-Process Communication | Execution |
| T1552 | Unsecured Credentials | Credential Access |
| T1189 | Drive-by Compromise | Initial Access |
| T1003 | OS Credential Dumping | Credential Access |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1495 | Firmware Corruption | Impact |
| T1055.004 | Asynchronous Procedure Call | Defense Evasion, Privilege Escalation |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1213.003 | Code Repositories | Collection |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1204.003 | Malicious Image | Execution |
| T1606 | Forge Web Credentials | Credential Access |
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1055.011 | Extra Window Memory Injection | Defense Evasion, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1606.001 | Web Cookies | Credential Access |
| T1059 | Command and Scripting Interpreter | Execution |
| T1055.014 | VDSO Hijacking | Defense Evasion, Privilege Escalation |
| T1059.006 | Python | Execution |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1546.010 | AppInit DLLs | Persistence, Privilege Escalation |
| T1137 | Office Application Startup | Persistence |
| T1566.003 | Spearphishing via Service | Initial Access |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1195.001 | Compromise Software Dependencies and Development Tools | Initial Access |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1546.016 | Installer Packages | Persistence, Privilege Escalation |
| T1566 | Phishing | Initial Access |
| T1137.005 | Outlook Rules | Persistence |
| T1204 | User Execution | Execution |
| T1601.001 | Patch System Image | Defense Evasion |
| T1137.004 | Outlook Home Page | Persistence |
| T1137.003 | Outlook Forms | Persistence |
| T1055.001 | Dynamic-link Library Injection | Defense Evasion, Privilege Escalation |
| T1525 | Implant Internal Image | Persistence |
| T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
| T1027.009 | Embedded Payloads | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1047 | Windows Management Instrumentation | Execution |
| T1195.002 | Compromise Software Supply Chain | Initial Access |
| T1055.002 | Portable Executable Injection | Defense Evasion, Privilege Escalation |