SC-23: Session Authenticity
From NIST's SP800-53:
Protect the authenticity of communications sessions.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.PT-4 | Communications and control networks are protected |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1071 | Application Layer Protocol | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1071.004 | DNS | Command and Control |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1573.001 | Symmetric Cryptography | Command and Control |
| T1573 | Encrypted Channel | Command and Control |
| T1185 | Browser Session Hijacking | Collection |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1071.001 | Web Protocols | Command and Control |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1535 | Unused/Unsupported Cloud Regions | Defense Evasion |
| T1550.004 | Web Session Cookie | Defense Evasion, Lateral Movement |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |