SA-8: Security and Privacy Engineering Principles
From NIST's SP800-53:
Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: [Assignment: organization-defined systems security and privacy engineering principles].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1647 | Plist File Modification | Defense Evasion |
| T1025 | Data from Removable Media | Collection |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1559.003 | XPC Services | Execution |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1005 | Data from Local System | Collection |
| T1213.003 | Code Repositories | Collection |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1078.001 | Default Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1482 | Domain Trust Discovery | Discovery |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |