SC-7: Boundary Protection
From NIST's SP800-53:
a. Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system; b. Implement subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and c. Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1499.004 | Application or System Exploitation | Impact |
| T1498.002 | Reflection Amplification | Impact |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1001.001 | Junk Data | Command and Control |
| T1055.014 | VDSO Hijacking | Defense Evasion, Privilege Escalation |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1552.004 | Private Keys | Credential Access |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1136.003 | Cloud Account | Persistence |
| T1114.003 | Email Forwarding Rule | Collection |
| T1055.011 | Extra Window Memory Injection | Defense Evasion, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1204.003 | Malicious Image | Execution |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1204 | User Execution | Execution |
| T1055.012 | Process Hollowing | Defense Evasion, Privilege Escalation |
| T1090.003 | Multi-hop Proxy | Command and Control |
| T1102.003 | One-Way Communication | Command and Control |
| T1552 | Unsecured Credentials | Credential Access |
| T1499 | Endpoint Denial of Service | Impact |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
| T1080 | Taint Shared Content | Lateral Movement |
| T1055.001 | Dynamic-link Library Injection | Defense Evasion, Privilege Escalation |
| T1573.001 | Symmetric Cryptography | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1612 | Build Image on Host | Defense Evasion |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1055.004 | Asynchronous Procedure Call | Defense Evasion, Privilege Escalation |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1218.012 | Verclsid | Defense Evasion |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1071 | Application Layer Protocol | Command and Control |
| T1199 | Trusted Relationship | Initial Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1566.002 | Spearphishing Link | Initial Access |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1571 | Non-Standard Port | Command and Control |
| T1187 | Forced Authentication | Credential Access |
| T1499.002 | Service Exhaustion Flood | Impact |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1530 | Data from Cloud Storage | Collection |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1190 | Exploit Public-Facing Application | Initial Access |