CA-8: Penetration Testing
From NIST's SP800-53:
Conduct penetration testing [Assignment: organization-defined frequency] on [Assignment: organization-defined systems or system components].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| ID.RA-1 | Asset vulnerabilities are identified and documented |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1612 | Build Image on Host | Defense Evasion |
| T1021.005 | VNC | Lateral Movement |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1554 | Compromise Client Software Binary | Persistence |
| T1482 | Domain Trust Discovery | Discovery |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1053.002 | At | Execution, Persistence, Privilege Escalation |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1552 | Unsecured Credentials | Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1495 | Firmware Corruption | Impact |
| T1176 | Browser Extensions | Persistence |
| T1560 | Archive Collected Data | Collection |
| T1505.004 | IIS Components | Persistence |
| T1562 | Impair Defenses | Defense Evasion |
| T1505.002 | Transport Agent | Persistence |
| T1574.005 | Executable Installer File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1528 | Steal Application Access Token | Credential Access |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1552.002 | Credentials in Registry | Credential Access |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1601.001 | Patch System Image | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1601 | Modify System Image | Defense Evasion |
| T1505 | Server Software Component | Persistence |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1578.003 | Delete Cloud Instance | Defense Evasion |
| T1578.001 | Create Snapshot | Defense Evasion |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1053.003 | Cron | Execution, Persistence, Privilege Escalation |
| T1552.001 | Credentials In Files | Credential Access |
| T1530 | Data from Cloud Storage | Collection |
| T1213 | Data from Information Repositories | Collection |
| T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1204.003 | Malicious Image | Execution |
| T1525 | Implant Internal Image | Persistence |
| T1560.001 | Archive via Utility | Collection |
| T1578.002 | Create Cloud Instance | Defense Evasion |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1213.001 | Confluence | Collection |
| T1059 | Command and Scripting Interpreter | Execution |
| T1552.004 | Private Keys | Credential Access |
| T1213.002 | Sharepoint | Collection |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |