CM-2: Baseline Configuration
From NIST's SP800-53:
a. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and b. Review and update the baseline configuration of the system: 1. [Assignment: organization-defined frequency]; 2. When required due to [Assignment: organization-defined circumstances]; and 3. When system components are installed or upgraded.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.IP-1 | A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality) |
| PR.DS-7 | The development and testing environment(s) are separate from the production environment |
| DE.AE-1 | A baseline of network operations and expected data flows for users and systems is established and managed |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1564.009 | Resource Forking | Defense Evasion |
| T1552.004 | Private Keys | Credential Access |
| T1047 | Windows Management Instrumentation | Execution |
| T1221 | Template Injection | Defense Evasion |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1187 | Forced Authentication | Credential Access |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1565 | Data Manipulation | Impact |
| T1562.003 | Impair Command History Logging | Defense Evasion |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1127.001 | MSBuild | Defense Evasion |
| T1562.010 | Downgrade Attack | Defense Evasion |
| T1071.003 | Mail Protocols | Command and Control |
| T1220 | XSL Script Processing | Defense Evasion |
| T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1546.004 | Unix Shell Configuration Modification | Persistence, Privilege Escalation |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1185 | Browser Session Hijacking | Collection |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1201 | Password Policy Discovery | Discovery |
| T1070.009 | Clear Persistence | Defense Evasion |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1070.003 | Clear Command History | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1565.001 | Stored Data Manipulation | Impact |
| T1566 | Phishing | Initial Access |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1558.002 | Silver Ticket | Credential Access |
| T1119 | Automated Collection | Collection |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1569 | System Services | Execution |
| T1110.002 | Password Cracking | Credential Access |
| T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
| T1218.005 | Mshta | Defense Evasion |
| T1204.002 | Malicious File | Execution |
| T1030 | Data Transfer Size Limits | Exfiltration |
| T1104 | Multi-Stage Channels | Command and Control |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1001.001 | Junk Data | Command and Control |
| T1554 | Compromise Client Software Binary | Persistence |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |