CM-5: Access Restrictions for Change
From NIST's SP800-53:
Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1053.002 | At | Execution, Persistence, Privilege Escalation |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1505 | Server Software Component | Persistence |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1176 | Browser Extensions | Persistence |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1213 | Data from Information Repositories | Collection |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1056.003 | Web Portal Capture | Collection, Credential Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1546.003 | Windows Management Instrumentation Event Subscription | Persistence, Privilege Escalation |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1647 | Plist File Modification | Defense Evasion |
| T1134.001 | Token Impersonation/Theft | Defense Evasion, Privilege Escalation |
| T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
| T1003.006 | DCSync | Credential Access |
| T1213.001 | Confluence | Collection |
| T1213.002 | Sharepoint | Collection |
| T1550.002 | Pass the Hash | Defense Evasion, Lateral Movement |
| T1611 | Escape to Host | Privilege Escalation |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1552.007 | Container API | Credential Access |
| T1053.007 | Container Orchestration Job | Execution, Persistence, Privilege Escalation |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1578.003 | Delete Cloud Instance | Defense Evasion |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1136 | Create Account | Persistence |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1556.003 | Pluggable Authentication Modules | Credential Access, Defense Evasion, Persistence |
| T1218.007 | Msiexec | Defense Evasion |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1562.008 | Disable or Modify Cloud Logs | Defense Evasion |
| T1003.001 | LSASS Memory | Credential Access |
| T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
| T1047 | Windows Management Instrumentation | Execution |
| T1495 | Firmware Corruption | Impact |
| T1562 | Impair Defenses | Defense Evasion |
| T1053.006 | Systemd Timers | Execution, Persistence, Privilege Escalation |
| T1489 | Service Stop | Impact |
| T1552.002 | Credentials in Registry | Credential Access |
| T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |
| T1136.002 | Domain Account | Persistence |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1552 | Unsecured Credentials | Credential Access |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1621 | Multi-Factor Authentication Request Generation | Credential Access |