SC-46: Cross Domain Policy Enforcement
From NIST's SP800-53:
Implement a policy enforcement mechanism [Selection: physically; logically] between the physical and/or network interfaces for the connecting security domains.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1489 | Service Stop | Impact |
| T1136.002 | Domain Account | Persistence |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1199 | Trusted Relationship | Initial Access |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1565 | Data Manipulation | Impact |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1552.007 | Container API | Credential Access |
| T1482 | Domain Trust Discovery | Discovery |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1563.002 | RDP Hijacking | Lateral Movement |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1136 | Create Account | Persistence |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1098 | Account Manipulation | Persistence, Privilege Escalation |
| T1136.003 | Cloud Account | Persistence |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1046 | Network Service Discovery | Discovery |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |