AC-23: Data Mining Protection
From NIST's SP800-53:
Employ [Assignment: organization-defined data mining prevention and detection techniques] for [Assignment: organization-defined data storage objects] to detect and protect against unauthorized data mining.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
ATT&CK ID | Title | Associated Tactics |
---|---|---|
T1025 | Data from Removable Media | Collection |
T1213.002 | Sharepoint | Collection |
T1213 | Data from Information Repositories | Collection |
T1041 | Exfiltration Over C2 Channel | Exfiltration |
T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
T1052 | Exfiltration Over Physical Medium | Exfiltration |
T1052.001 | Exfiltration over USB | Exfiltration |
T1133 | External Remote Services | Initial Access, Persistence |
T1005 | Data from Local System | Collection |
T1567 | Exfiltration Over Web Service | Exfiltration |
T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
T1213.001 | Confluence | Collection |
T1552.007 | Container API | Credential Access |