AC-20: Use of External Systems
From NIST's SP800-53:
a. [Selection (one or more): Establish [Assignment: organization-defined terms and conditions]; Identify [Assignment: organization-defined controls asserted to be implemented on external systems]], consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to: 1. Access the system from external systems; and 2. Process, store, or transmit organization-controlled information using external systems; or b. Prohibit the use of [Assignment: organizationally-defined types of external systems].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1021.004 | SSH | Lateral Movement |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.003 | Password Spraying | Credential Access |
| T1136.002 | Domain Account | Persistence |
| T1602 | Data from Configuration Repository | Collection |
| T1114.003 | Email Forwarding Rule | Collection |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1552 | Unsecured Credentials | Credential Access |
| T1583.007 | Serverless | Resource Development |
| T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1530 | Data from Cloud Storage | Collection |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1505.005 | Terminal Services DLL | Persistence |
| T1110.002 | Password Cracking | Credential Access |
| T1539 | Steal Web Session Cookie | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1567.001 | Exfiltration to Code Repository | Exfiltration |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1584.007 | Serverless | Resource Development |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1110.004 | Credential Stuffing | Credential Access |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1110 | Brute Force | Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1565 | Data Manipulation | Impact |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1021 | Remote Services | Lateral Movement |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1136.003 | Cloud Account | Persistence |
| T1565.001 | Stored Data Manipulation | Impact |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.001 | Password Guessing | Credential Access |
| T1119 | Automated Collection | Collection |
| T1200 | Hardware Additions | Initial Access |
| T1114.002 | Remote Email Collection | Collection |
| T1114 | Email Collection | Collection |