SR-4: Provenance
From NIST's SP800-53:
Document, monitor, and maintain valid provenance of the following systems, system components, and associated data: [Assignment: organization-defined systems, system components, and associated data].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1554 | Compromise Client Software Binary | Persistence |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1601 | Modify System Image | Defense Evasion |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1601.001 | Patch System Image | Defense Evasion |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1204.003 | Malicious Image | Execution |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1505.004 | IIS Components | Persistence |
| T1505 | Server Software Component | Persistence |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1505.002 | Transport Agent | Persistence |
| T1059.002 | AppleScript | Execution |