AC-16: Security and Privacy Attributes

From NIST's SP800-53:

a. Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission; b. Ensure that the attribute associations are made and retained with the information; c. Establish the following permitted security and privacy attributes from the attributes defined in AC-16a for [Assignment: organization-defined systems]: [Assignment: organization-defined security and privacy attributes]; d. Determine the following permitted attribute values or ranges for each of the established attributes: [Assignment: organization-defined attribute values or ranges for established attributes]; e. Audit changes to attributes; and f. Review [Assignment: organization-defined security and privacy attributes] for applicability [Assignment: organization-defined frequency].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.AC-6	Identities are proofed and bound to credentials and asserted in interactions
PR.AC-4	Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1537	Transfer Data to Cloud Account	Exfiltration
T1070.008	Clear Mailbox Data	Defense Evasion
T1114	Email Collection	Collection
T1567	Exfiltration Over Web Service	Exfiltration
T1003.003	NTDS	Credential Access
T1558	Steal or Forge Kerberos Tickets	Credential Access
T1552	Unsecured Credentials	Credential Access
T1119	Automated Collection	Collection
T1602.002	Network Device Configuration Dump	Collection
T1558.004	AS-REP Roasting	Credential Access
T1557	Adversary-in-the-Middle	Collection, Credential Access
T1565.002	Transmitted Data Manipulation	Impact
T1505.002	Transport Agent	Persistence
T1040	Network Sniffing	Credential Access, Discovery
T1557.002	ARP Cache Poisoning	Collection, Credential Access
T1564.004	NTFS File Attributes	Defense Evasion
T1222	File and Directory Permissions Modification	Defense Evasion
T1052	Exfiltration Over Physical Medium	Exfiltration
T1530	Data from Cloud Storage	Collection
T1114.002	Remote Email Collection	Collection
T1213.002	Sharepoint	Collection
T1647	Plist File Modification	Defense Evasion
T1602.001	SNMP (MIB Dump)	Collection
T1558.002	Silver Ticket	Credential Access
T1052.001	Exfiltration over USB	Exfiltration
T1114.003	Email Forwarding Rule	Collection
T1070.001	Clear Windows Event Logs	Defense Evasion
T1552.005	Cloud Instance Metadata API	Credential Access
T1565	Data Manipulation	Impact
T1548	Abuse Elevation Control Mechanism	Defense Evasion, Privilege Escalation
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1505	Server Software Component	Persistence
T1070	Indicator Removal	Defense Evasion
T1547.007	Re-opened Applications	Persistence, Privilege Escalation
T1041	Exfiltration Over C2 Channel	Exfiltration
T1005	Data from Local System	Collection
T1558.003	Kerberoasting	Credential Access
T1222.001	Windows File and Directory Permissions Modification	Defense Evasion
T1552.004	Private Keys	Credential Access
T1602	Data from Configuration Repository	Collection
T1003	OS Credential Dumping	Credential Access
T1565.001	Stored Data Manipulation	Impact
T1070.002	Clear Linux or Mac System Logs	Defense Evasion
T1213.001	Confluence	Collection
T1222.002	Linux and Mac File and Directory Permissions Modification	Defense Evasion
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1114.001	Local Email Collection	Collection
T1548.003	Sudo and Sudo Caching	Defense Evasion, Privilege Escalation
T1020.001	Traffic Duplication	Exfiltration
T1213	Data from Information Repositories	Collection
T1025	Data from Removable Media	Collection