SC-46: Cross Domain Policy Enforcement

From NIST's SP800-53:

Implement a policy enforcement mechanism [Selection: physically; logically] between the physical and/or network interfaces for the connecting security domains.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1021.006	Windows Remote Management	Lateral Movement
T1489	Service Stop	Impact
T1136.002	Domain Account	Persistence
T1565.003	Runtime Data Manipulation	Impact
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1199	Trusted Relationship	Initial Access
T1557.003	DHCP Spoofing	Collection, Credential Access
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1565	Data Manipulation	Impact
T1190	Exploit Public-Facing Application	Initial Access
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1622	Debugger Evasion	Defense Evasion, Discovery
T1552.007	Container API	Credential Access
T1482	Domain Trust Discovery	Discovery
T1563	Remote Service Session Hijacking	Lateral Movement
T1563.002	RDP Hijacking	Lateral Movement
T1133	External Remote Services	Initial Access, Persistence
T1136	Create Account	Persistence
T1210	Exploitation of Remote Services	Lateral Movement
T1098	Account Manipulation	Persistence, Privilege Escalation
T1136.003	Cloud Account	Persistence
T1048.001	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Exfiltration
T1021.003	Distributed Component Object Model	Lateral Movement
T1046	Network Service Discovery	Discovery
T1098.001	Additional Cloud Credentials	Persistence, Privilege Escalation
T1021.001	Remote Desktop Protocol	Lateral Movement
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	Collection, Credential Access
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1072	Software Deployment Tools	Execution, Lateral Movement