CM-6: Configuration Settings
From NIST's SP800-53:
a. Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [Assignment: organization-defined common secure configurations]; b. Implement the configuration settings; c. Identify, document, and approve any deviations from established configuration settings for [Assignment: organization-defined system components] based on [Assignment: organization-defined operational requirements]; and d. Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1505.001 | SQL Stored Procedures | Persistence |
| T1552.004 | Private Keys | Credential Access |
| T1047 | Windows Management Instrumentation | Execution |
| T1008 | Fallback Channels | Command and Control |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1114.002 | Remote Email Collection | Collection |
| T1003.002 | Security Account Manager | Credential Access |
| T1111 | Multi-Factor Authentication Interception | Credential Access |
| T1482 | Domain Trust Discovery | Discovery |
| T1499 | Endpoint Denial of Service | Impact |
| T1498.001 | Direct Network Flood | Impact |
| T1104 | Multi-Stage Channels | Command and Control |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1059.007 | JavaScript | Execution |
| T1021 | Remote Services | Lateral Movement |
| T1132 | Data Encoding | Command and Control |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1132.001 | Standard Encoding | Command and Control |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1569 | System Services | Execution |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1558.002 | Silver Ticket | Credential Access |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1137.003 | Outlook Forms | Persistence |
| T1137 | Office Application Startup | Persistence |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1499.001 | OS Exhaustion Flood | Impact |
| T1218.007 | Msiexec | Defense Evasion |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1222.001 | Windows File and Directory Permissions Modification | Defense Evasion |
| T1137.001 | Office Template Macros | Persistence |
| T1566 | Phishing | Initial Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1132.002 | Non-Standard Encoding | Command and Control |
| T1136 | Create Account | Persistence |
| T1213.002 | Sharepoint | Collection |
| T1554 | Compromise Client Software Binary | Persistence |
| T1553.001 | Gatekeeper Bypass | Defense Evasion |
| T1550.002 | Pass the Hash | Defense Evasion, Lateral Movement |
| T1552.007 | Container API | Credential Access |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1498.002 | Reflection Amplification | Impact |