SI-10: Information Input Validation
From NIST's SP800-53:
Check the validity of the following information inputs: [Assignment: organization-defined information inputs to the system].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
| T1499.001 | OS Exhaustion Flood | Impact |
| T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1071.004 | DNS | Command and Control |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1572 | Protocol Tunneling | Command and Control |
| T1498.001 | Direct Network Flood | Impact |
| T1059.008 | Network Device CLI | Execution |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1204 | User Execution | Execution |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1080 | Taint Shared Content | Lateral Movement |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1090.003 | Multi-hop Proxy | Command and Control |
| T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
| T1220 | XSL Script Processing | Defense Evasion |
| T1176 | Browser Extensions | Persistence |
| T1574.012 | COR_PROFILER | Defense Evasion, Persistence, Privilege Escalation |
| T1218.013 | Mavinject | Defense Evasion |
| T1218.004 | InstallUtil | Defense Evasion |
| T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1546.002 | Screensaver | Persistence, Privilege Escalation |
| T1059 | Command and Scripting Interpreter | Execution |
| T1499 | Endpoint Denial of Service | Impact |
| T1546.009 | AppCert DLLs | Persistence, Privilege Escalation |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1059.007 | JavaScript | Execution |
| T1218.008 | Odbcconf | Defense Evasion |
| T1204.002 | Malicious File | Execution |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1129 | Shared Modules | Execution |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1553.001 | Gatekeeper Bypass | Defense Evasion |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1553.005 | Mark-of-the-Web Bypass | Defense Evasion |
| T1218.011 | Rundll32 | Defense Evasion |
| T1498 | Network Denial of Service | Impact |
| T1552 | Unsecured Credentials | Credential Access |
| T1187 | Forced Authentication | Credential Access |
| T1218.014 | MMC | Defense Evasion |
| T1221 | Template Injection | Defense Evasion |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1599 | Network Boundary Bridging | Defense Evasion |