SR-5: Acquisition Strategies, Tools, and Methods
From NIST's SP800-53:
Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [Assignment: organization-defined acquisition strategies, contract tools, and procurement methods].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1059.002 | AppleScript | Execution |
| T1505 | Server Software Component | Persistence |
| T1554 | Compromise Client Software Binary | Persistence |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1601 | Modify System Image | Defense Evasion |
| T1204.003 | Malicious Image | Execution |
| T1505.004 | IIS Components | Persistence |
| T1601.001 | Patch System Image | Defense Evasion |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1505.002 | Transport Agent | Persistence |