SI-15: Information Output Filtering
From NIST's SP800-53:
Validate information output from the following software programs and/or applications to ensure that the information is consistent with the expected content: [Assignment: organization-defined software programs and/or applications].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1552 | Unsecured Credentials | Credential Access |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1499.004 | Application or System Exploitation | Impact |
| T1499.001 | OS Exhaustion Flood | Impact |
| T1205.001 | Port Knocking | Command and Control, Defense Evasion, Persistence |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1498.002 | Reflection Amplification | Impact |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1499.002 | Service Exhaustion Flood | Impact |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1090 | Proxy | Command and Control |
| T1564.009 | Resource Forking | Defense Evasion |
| T1219 | Remote Access Software | Command and Control |
| T1071.004 | DNS | Command and Control |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1218.012 | Verclsid | Defense Evasion |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1622 | Debugger Evasion | Defense Evasion, Discovery |
| T1090.003 | Multi-hop Proxy | Command and Control |
| T1530 | Data from Cloud Storage | Collection |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1498 | Network Denial of Service | Impact |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1499 | Endpoint Denial of Service | Impact |
| T1602 | Data from Configuration Repository | Collection |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1021.005 | VNC | Lateral Movement |
| T1187 | Forced Authentication | Credential Access |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1499.003 | Application Exhaustion Flood | Impact |
| T1095 | Non-Application Layer Protocol | Command and Control |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1572 | Protocol Tunneling | Command and Control |
| T1498.001 | Direct Network Flood | Impact |