CM-8: System Component Inventory

From NIST's SP800-53:

a. Develop and document an inventory of system components that: 1. Accurately reflects the system; 2. Includes all components within the system; 3. Does not include duplicate accounting of components or components assigned to any other system; 4. Is at the level of granularity deemed necessary for tracking and reporting; and 5. Includes the following information to achieve system component accountability: [Assignment: organization-defined information deemed necessary to achieve effective system component accountability]; and b. Review and update the system component inventory [Assignment: organization-defined frequency].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
ID.AM-1	Physical devices and systems within the organization are inventoried
DE.CM-7	Monitoring for unauthorized personnel, connections, devices, and software is performed
ID.AM-2	Software platforms and applications within the organization are inventoried
PR.DS-3	Assets are formally managed throughout removal, transfers, and disposition

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1221	Template Injection	Defense Evasion
T1548.004	Elevated Execution with Prompt	Defense Evasion, Privilege Escalation
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1211	Exploitation for Defense Evasion	Defense Evasion
T1020.001	Traffic Duplication	Exfiltration
T1021.005	VNC	Lateral Movement
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1495	Firmware Corruption	Impact
T1021.006	Windows Remote Management	Lateral Movement
T1601.001	Patch System Image	Defense Evasion
T1542.004	ROMMONkit	Defense Evasion, Persistence
T1564.007	VBA Stomping	Defense Evasion
T1557.003	DHCP Spoofing	Collection, Credential Access
T1137.001	Office Template Macros	Persistence
T1542.001	System Firmware	Defense Evasion, Persistence
T1505	Server Software Component	Persistence
T1072	Software Deployment Tools	Execution, Lateral Movement
T1542	Pre-OS Boot	Defense Evasion, Persistence
T1547.007	Re-opened Applications	Persistence, Privilege Escalation
T1542.005	TFTP Boot	Defense Evasion, Persistence
T1218.009	Regsvcs/Regasm	Defense Evasion
T1195.003	Compromise Hardware Supply Chain	Initial Access
T1021.003	Distributed Component Object Model	Lateral Movement
T1559.002	Dynamic Data Exchange	Execution
T1602	Data from Configuration Repository	Collection
T1119	Automated Collection	Collection
T1218.012	Verclsid	Defense Evasion
T1059.007	JavaScript	Execution
T1091	Replication Through Removable Media	Initial Access, Lateral Movement
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1557.001	LLMNR/NBT-NS Poisoning and SMB Relay	Collection, Credential Access
T1218.004	InstallUtil	Defense Evasion
T1574.004	Dylib Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1203	Exploitation for Client Execution	Execution
T1190	Exploit Public-Facing Application	Initial Access
T1563.001	SSH Hijacking	Lateral Movement
T1601	Modify System Image	Defense Evasion
T1059.005	Visual Basic	Execution
T1213.001	Confluence	Collection
T1505.002	Transport Agent	Persistence
T1218.013	Mavinject	Defense Evasion
T1213.002	Sharepoint	Collection
T1210	Exploitation of Remote Services	Lateral Movement
T1602.002	Network Device Configuration Dump	Collection
T1127	Trusted Developer Utilities Proxy Execution	Defense Evasion
T1553.006	Code Signing Policy Modification	Defense Evasion
T1059.001	PowerShell	Execution
T1546.002	Screensaver	Persistence, Privilege Escalation
T1564.006	Run Virtual Instance	Defense Evasion
T1059	Command and Scripting Interpreter	Execution
T1574.007	Path Interception by PATH Environment Variable	Defense Evasion, Persistence, Privilege Escalation
T1137	Office Application Startup	Persistence
T1505.004	IIS Components	Persistence
T1189	Drive-by Compromise	Initial Access
T1553	Subvert Trust Controls	Defense Evasion
T1602.001	SNMP (MIB Dump)	Collection
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1021.004	SSH	Lateral Movement
T1548	Abuse Elevation Control Mechanism	Defense Evasion, Privilege Escalation
T1218.008	Odbcconf	Defense Evasion
T1565.001	Stored Data Manipulation	Impact
T1218.014	MMC	Defense Evasion
T1218.005	Mshta	Defense Evasion
T1212	Exploitation for Credential Access	Credential Access
T1542.003	Bootkit	Defense Evasion, Persistence
T1574.009	Path Interception by Unquoted Path	Defense Evasion, Persistence, Privilege Escalation
T1546.006	LC_LOAD_DYLIB Addition	Persistence, Privilege Escalation
T1053.002	At	Execution, Persistence, Privilege Escalation
T1565	Data Manipulation	Impact
T1052	Exfiltration Over Physical Medium	Exfiltration
T1563	Remote Service Session Hijacking	Lateral Movement
T1574	Hijack Execution Flow	Defense Evasion, Persistence, Privilege Escalation
T1133	External Remote Services	Initial Access, Persistence
T1559	Inter-Process Communication	Execution
T1574.008	Path Interception by Search Order Hijacking	Defense Evasion, Persistence, Privilege Escalation
T1593.003	Code Repositories	Reconnaissance
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1546.014	Emond	Persistence, Privilege Escalation
T1127.001	MSBuild	Defense Evasion
T1218	System Binary Proxy Execution	Defense Evasion
T1011.001	Exfiltration Over Bluetooth	Exfiltration
T1530	Data from Cloud Storage	Collection
T1601.002	Downgrade System Image	Defense Evasion
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1565.002	Transmitted Data Manipulation	Impact
T1622	Debugger Evasion	Defense Evasion, Discovery
T1213	Data from Information Repositories	Collection
T1052.001	Exfiltration over USB	Exfiltration
T1046	Network Service Discovery	Discovery
T1563.002	RDP Hijacking	Lateral Movement
T1092	Communication Through Removable Media	Command and Control
T1021.001	Remote Desktop Protocol	Lateral Movement
T1505.001	SQL Stored Procedures	Persistence
T1218.003	CMSTP	Defense Evasion