SC-18: Mobile Code
From NIST's SP800-53:
a. Define acceptable and unacceptable mobile code and mobile code technologies; and b. Authorize, monitor, and control the use of mobile code within the system.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| DE.CM-5 | Unauthorized mobile code is detected |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1559 | Inter-Process Communication | Execution |
| T1055.013 | Process Doppelgänging | Defense Evasion, Privilege Escalation |
| T1137.005 | Outlook Rules | Persistence |
| T1055.005 | Thread Local Storage | Defense Evasion, Privilege Escalation |
| T1059 | Command and Scripting Interpreter | Execution |
| T1189 | Drive-by Compromise | Initial Access |
| T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
| T1055.012 | Process Hollowing | Defense Evasion, Privilege Escalation |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1055.004 | Asynchronous Procedure Call | Defense Evasion, Privilege Escalation |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1137.003 | Outlook Forms | Persistence |
| T1137.004 | Outlook Home Page | Persistence |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1055.002 | Portable Executable Injection | Defense Evasion, Privilege Escalation |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1055.003 | Thread Execution Hijacking | Defense Evasion, Privilege Escalation |
| T1137 | Office Application Startup | Persistence |
| T1137.001 | Office Template Macros | Persistence |
| T1137.006 | Add-ins | Persistence |
| T1559.001 | Component Object Model | Execution |
| T1059.005 | Visual Basic | Execution |
| T1059.007 | JavaScript | Execution |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1137.002 | Office Test | Persistence |
| T1055.008 | Ptrace System Calls | Defense Evasion, Privilege Escalation |
| T1055.011 | Extra Window Memory Injection | Defense Evasion, Privilege Escalation |
| T1203 | Exploitation for Client Execution | Execution |
| T1055.014 | VDSO Hijacking | Defense Evasion, Privilege Escalation |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1055.001 | Dynamic-link Library Injection | Defense Evasion, Privilege Escalation |