SA-8: Security and Privacy Engineering Principles

From NIST's SP800-53:

Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: [Assignment: organization-defined systems security and privacy engineering principles].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.IP-2	A System Development Life Cycle to manage systems is implemented

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1567	Exfiltration Over Web Service	Exfiltration
T1647	Plist File Modification	Defense Evasion
T1025	Data from Removable Media	Collection
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1559.003	XPC Services	Execution
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1190	Exploit Public-Facing Application	Initial Access
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1005	Data from Local System	Collection
T1213.003	Code Repositories	Collection
T1041	Exfiltration Over C2 Channel	Exfiltration
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1078.001	Default Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1052.001	Exfiltration over USB	Exfiltration
T1482	Domain Trust Discovery	Discovery
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1134.005	SID-History Injection	Defense Evasion, Privilege Escalation
T1052	Exfiltration Over Physical Medium	Exfiltration