SI-16: Memory Protection
From NIST's SP800-53:
Implement the following controls to protect the system memory from unauthorized code execution: [Assignment: organization-defined controls].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.IP-2 | A System Development Life Cycle to manage systems is implemented |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1059 | Command and Scripting Interpreter | Execution |
| T1565.001 | Stored Data Manipulation | Impact |
| T1218.013 | Mavinject | Defense Evasion |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1218.004 | InstallUtil | Defense Evasion |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
| T1505.004 | IIS Components | Persistence |
| T1611 | Escape to Host | Privilege Escalation |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1059.008 | Network Device CLI | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1218.014 | MMC | Defense Evasion |
| T1059.006 | Python | Execution |
| T1003.001 | LSASS Memory | Credential Access |
| T1218.012 | Verclsid | Defense Evasion |
| T1059.004 | Unix Shell | Execution |
| T1218.005 | Mshta | Defense Evasion |
| T1218.003 | CMSTP | Defense Evasion |
| T1218.002 | Control Panel | Defense Evasion |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1565 | Data Manipulation | Impact |
| T1047 | Windows Management Instrumentation | Execution |
| T1059.001 | PowerShell | Execution |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1218.008 | Odbcconf | Defense Evasion |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1059.007 | JavaScript | Execution |
| T1059.002 | AppleScript | Execution |
| T1543.002 | Systemd Service | Persistence, Privilege Escalation |