AC-16: Security and Privacy Attributes
From NIST's SP800-53:
a. Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission; b. Ensure that the attribute associations are made and retained with the information; c. Establish the following permitted security and privacy attributes from the attributes defined in AC-16a for [Assignment: organization-defined systems]: [Assignment: organization-defined security and privacy attributes]; d. Determine the following permitted attribute values or ranges for each of the established attributes: [Assignment: organization-defined attribute values or ranges for established attributes]; e. Audit changes to attributes; and f. Review [Assignment: organization-defined security and privacy attributes] for applicability [Assignment: organization-defined frequency].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1114 | Email Collection | Collection |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1003.003 | NTDS | Credential Access |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1552 | Unsecured Credentials | Credential Access |
| T1119 | Automated Collection | Collection |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1505.002 | Transport Agent | Persistence |
| T1040 | Network Sniffing | Credential Access, Discovery |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1564.004 | NTFS File Attributes | Defense Evasion |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1530 | Data from Cloud Storage | Collection |
| T1114.002 | Remote Email Collection | Collection |
| T1213.002 | Sharepoint | Collection |
| T1647 | Plist File Modification | Defense Evasion |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1558.002 | Silver Ticket | Credential Access |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1114.003 | Email Forwarding Rule | Collection |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1565 | Data Manipulation | Impact |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1505 | Server Software Component | Persistence |
| T1070 | Indicator Removal | Defense Evasion |
| T1547.007 | Re-opened Applications | Persistence, Privilege Escalation |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1005 | Data from Local System | Collection |
| T1558.003 | Kerberoasting | Credential Access |
| T1222.001 | Windows File and Directory Permissions Modification | Defense Evasion |
| T1552.004 | Private Keys | Credential Access |
| T1602 | Data from Configuration Repository | Collection |
| T1003 | OS Credential Dumping | Credential Access |
| T1565.001 | Stored Data Manipulation | Impact |
| T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
| T1213.001 | Confluence | Collection |
| T1222.002 | Linux and Mac File and Directory Permissions Modification | Defense Evasion |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1114.001 | Local Email Collection | Collection |
| T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |