From 513359d68d840fb39644bb66161b6c993a78de14 Mon Sep 17 00:00:00 2001 From: Eva Date: Thu, 12 Oct 2023 15:44:10 -0400 Subject: [PATCH] add ability to parse to navigator layers --- src/mappings_explorer/cli/mapex/cli.py | 22 +++++ .../parsed_cve_mappings_navigator_layer.json | 1 + ...0-53-r4-10.1_mappings_navigator_layer.json | 1 + ...0-53-r5-10.1_mappings_navigator_layer.json | 1 + ...0-53-r4-12.1_mappings_navigator_layer.json | 1 + ...0-53-r5-12.1_mappings_navigator_layer.json | 1 + ...00-53-r4-8.2_mappings_navigator_layer.json | 1 + ...00-53-r5-8.2_mappings_navigator_layer.json | 1 + ...00-53-r4-9.0_mappings_navigator_layer.json | 1 + ...00-53-r5-9.0_mappings_navigator_layer.json | 1 + ...curity_stack_mappings_navigator_layer.json | 1 + ...curity_stack_mappings_navigator_layer.json | 1 + ...curity_stack_mappings_navigator_layer.json | 1 + ...parsed_veris_mappings_navigator_layer.json | 1 + ...parsed_veris_mappings_navigator_layer.json | 1 + .../cli/mapex/write_parsed_mappings.py | 82 +++++++++++++++++-- 16 files changed, 109 insertions(+), 9 deletions(-) create mode 100644 src/mappings_explorer/cli/mapex/cve_files/parsed_cve_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/10.1/r4/parsed_nist800-53-r4-10.1_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/10.1/r5/parsed_nist800-53-r5-10.1_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/12.1/r4/parsed_nist800-53-r4-12.1_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/12.1/r5/parsed_nist800-53-r5-12.1_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/8.2/r4/parsed_nist800-53-r4-8.2_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/8.2/r5/parsed_nist800-53-r5-8.2_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/9.0/r4/parsed_nist800-53-r4-9.0_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/nist_files/9.0/r5/parsed_nist800-53-r5-9.0_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/security_stack_files/AWS/parsed_security_stack_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/security_stack_files/Azure/parsed_security_stack_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/security_stack_files/GCP/parsed_security_stack_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/veris_files/1.3.5/parsed_veris_mappings_navigator_layer.json create mode 100644 src/mappings_explorer/cli/mapex/veris_files/1.3.7/parsed_veris_mappings_navigator_layer.json diff --git a/src/mappings_explorer/cli/mapex/cli.py b/src/mappings_explorer/cli/mapex/cli.py index a9c9acea..f85c0da3 100644 --- a/src/mappings_explorer/cli/mapex/cli.py +++ b/src/mappings_explorer/cli/mapex/cli.py @@ -4,6 +4,7 @@ from mappings_explorer.cli.mapex.write_parsed_mappings import ( write_parsed_mappings_csv, + write_parsed_mappings_navigator_layer, write_parsed_mappings_yaml, ) @@ -51,12 +52,18 @@ def write_parsed_cve_mappings(): parsed_mappings_filepath = f"{PARSED_MAPPINGS_DIR}/cve/parsed_cve_mappings.json" output_filepath = f"{MAPEX_DIR}/cve_files/parsed_cve_mappings" parsed_mappings = read_json_file(parsed_mappings_filepath) + + # write parsed mappings to a yaml file write_parsed_mappings_yaml(parsed_mappings, output_filepath) # key that connects the metadata csv file and the attack objects csv file metadata_key = 0 + # write parsed mappings to a csv file write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key) + # write parse mappings to navigator layer + write_parsed_mappings_navigator_layer(parsed_mappings, output_filepath, "cve") + def write_parsed_nist_mappings(): nist_parsed_mappings_dir = f"{PARSED_MAPPINGS_DIR}/nist/" @@ -97,6 +104,11 @@ def write_parsed_nist_mappings(): write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key) metadata_key += 1 + # write parsed mappings to navigator layer + write_parsed_mappings_navigator_layer( + parsed_mappings, output_filepath, "nist" + ) + def write_parsed_veris_mappings(): veris_parsed_mappings_dir = f"{PARSED_MAPPINGS_DIR}/veris" @@ -129,6 +141,11 @@ def write_parsed_veris_mappings(): write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key) metadata_key += 1 + # write parsed mappings to navigator layer + write_parsed_mappings_navigator_layer( + parsed_mappings, output_filepath, "veris" + ) + def write_parsed_security_stack_mappings(): security_stack_dir = f"{PARSED_MAPPINGS_DIR}/security_stack" @@ -162,3 +179,8 @@ def write_parsed_security_stack_mappings(): # write parsed mappings to csv write_parsed_mappings_csv(parsed_mappings, output_filepath, metadata_key) metadata_key += 1 + + # write parsed mappings to navigator layer + write_parsed_mappings_navigator_layer( + parsed_mappings, output_filepath, "security stack" + ) diff --git a/src/mappings_explorer/cli/mapex/cve_files/parsed_cve_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/cve_files/parsed_cve_mappings_navigator_layer.json new file mode 100644 index 00000000..16a5f8e4 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/cve_files/parsed_cve_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "cve overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "9.0"}, "sorting": 3, "description": "cve heatmap overview of cve mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1059", "score": 91, "comment": "Related to CVE-2019-15243, CVE-2019-15976, CVE-2019-15958, CVE-2019-1753, CVE-2019-1942, CVE-2019-15972, CVE-2019-1879, CVE-2020-3403, CVE-2020-3292, CVE-2020-3253, CVE-2019-15249, CVE-2019-1781, CVE-2019-1768, CVE-2019-1620, CVE-2020-3216, CVE-2020-3375, CVE-2019-15287, CVE-2019-15959, CVE-2019-1772, CVE-2019-1612, CVE-2019-1609, CVE-2018-15444, CVE-2019-1611, CVE-2019-1812, CVE-2020-3240, CVE-2019-1790, CVE-2018-11048, CVE-2019-3723, CVE-2018-15776, CVE-2019-3727, CVE-2019-3719, CVE-2018-15764, CVE-2019-3704, CVE-2019-18582, CVE-2020-5350, CVE-2019-18581, CVE-2020-5332, CVE-2020-15188, CVE-2020-15147, CVE-2020-15118, CVE-2020-11055, CVE-2020-5283, CVE-2020-15094, CVE-2020-15140, CVE-2020-15096, CVE-2020-15189, CVE-2020-5217, CVE-2020-15143, CVE-2020-15179, CVE-2020-15183, CVE-2020-15162, CVE-2020-11073, CVE-2020-5267, CVE-2020-5297, CVE-2020-5241, CVE-2020-5281, CVE-2020-12029, CVE-2020-6960, CVE-2020-12014, CVE-2018-19007, CVE-2019-18234, CVE-2020-6964, CVE-2020-14510, CVE-2020-14508, CVE-2020-10603, CVE-2018-17889, CVE-2020-12000, CVE-2018-18987, CVE-2020-1456, CVE-2018-8607, CVE-2019-1031, CVE-2015-2945, CVE-2014-4114, CVE-2019-1458, CVE-2010-3888, CVE-2015-7912, CVE-2012-4681, CVE-2012-0158, CVE-2020-9380, CVE-2020-10189, CVE-2019-2729, CVE-2019-2725, CVE-2018-10611, CVE-2017-18362, CVE-2016-5062, CVE-2015-6480, CVE-2014-6293, CVE-2012-6498, CVE-2013-3893, CVE-2017-14323, CVE-2020-11651"}, {"techniqueID": "T1190", "score": 195, "comment": "Related to CVE-2019-15243, CVE-2019-15976, CVE-2019-15956, CVE-2019-15958, CVE-2019-1753, CVE-2019-1863, CVE-2020-3292, CVE-2018-15397, CVE-2019-15249, CVE-2020-3312, CVE-2019-1817, CVE-2020-3306, CVE-2020-3375, CVE-2020-3133, CVE-2019-12696, CVE-2020-3387, CVE-2019-1594, CVE-2019-1876, CVE-2019-15289, CVE-2020-3407, CVE-2019-15276, CVE-2020-3126, CVE-2019-1915, CVE-2019-1746, CVE-2020-3397, CVE-2020-3198, CVE-2020-3309, CVE-2020-3177, CVE-2020-3510, CVE-2020-3409, CVE-2018-15392, CVE-2018-15462, CVE-2019-1704, CVE-2020-3244, CVE-2019-3707, CVE-2019-3723, CVE-2020-5345, CVE-2019-3732, CVE-2019-3731, CVE-2018-15776, CVE-2018-15764, CVE-2019-3799, CVE-2019-3758, CVE-2018-11051, CVE-2018-15758, CVE-2020-5366, CVE-2020-5373, CVE-2018-15780, CVE-2019-3706, CVE-2020-15211, CVE-2020-5220, CVE-2020-11021, CVE-2020-5254, CVE-2020-15096, CVE-2020-11013, CVE-2020-5252, CVE-2020-11078, CVE-2020-11050, CVE-2020-15170, CVE-2020-11054, CVE-2020-4068, CVE-2020-15109, CVE-2020-5225, CVE-2020-11010, CVE-2019-16784, CVE-2019-16760, CVE-2020-5279, CVE-2018-14781, CVE-2018-10590, CVE-2018-19010, CVE-2019-18234, CVE-2020-6964, CVE-2020-6993, CVE-2020-14508, CVE-2020-1025, CVE-2018-8431, CVE-2020-11652, CVE-2017-16651, CVE-2015-0984, CVE-2019-1458, CVE-2010-3888, CVE-2019-11219, CVE-2010-2772, CVE-2013-6129, CVE-2012-0158, CVE-2019-6703, CVE-2019-16759, CVE-2019-15107, CVE-2019-1132, CVE-2019-10973, CVE-2019-0880, CVE-2018-8611, CVE-2018-7602, CVE-2018-7600, CVE-2018-2893, CVE-2018-2628, CVE-2018-1000861, CVE-2018-0101, CVE-2017-9841, CVE-2017-8291, CVE-2017-3881, CVE-2017-3066, CVE-2017-11774, CVE-2017-0199, CVE-2017-0005, CVE-2016-9192, CVE-2015-4902, CVE-2015-0072, CVE-2014-8551, CVE-2014-6287, CVE-2014-6120, CVE-2014-5279, CVE-2014-1809, CVE-2014-0050, CVE-2013-7372, CVE-2013-7102, CVE-2013-5057, CVE-2013-1289, CVE-2013-0641, CVE-2013-0632, CVE-2013-0631, CVE-2012-2520, CVE-2012-1723, CVE-2012-1557, CVE-2012-0874, CVE-2011-2900, CVE-2011-0096, CVE-2010-3916, CVE-2010-3653, CVE-2010-0817, CVE-2009-2265, CVE-2009-1308, CVE-2019-5910, CVE-2020-6974, CVE-2020-11738, CVE-2020-9380, CVE-2020-10189, CVE-2019-2729, CVE-2019-2725, CVE-2018-10611, CVE-2017-18362, CVE-2016-5062, CVE-2015-6480, CVE-2014-6293, CVE-2012-6498, CVE-2014-0295, CVE-2016-9684, CVE-2014-7186, CVE-2014-6277, CVE-2014-6271, CVE-2012-1795, CVE-2020-9459, CVE-2011-1331, CVE-2013-0640, CVE-2017-12637, CVE-2013-1904, CVE-2019-11708, CVE-2020-13126, CVE-2017-10271, CVE-2016-6909, CVE-2014-6278, CVE-2010-5326, CVE-2009-3041, CVE-2020-11897, CVE-2020-11896, CVE-2018-7496, CVE-2017-1001000, CVE-2019-8540, CVE-2019-0604, CVE-2018-19207, CVE-2014-3413, CVE-2012-1675, CVE-2011-4862, CVE-2018-2894, CVE-2012-6081, CVE-2011-4106, CVE-2018-15961, CVE-2015-8562, CVE-2013-3900, CVE-2015-1539, CVE-2010-3765, CVE-2014-7235, CVE-2012-3015, CVE-2014-1761, CVE-2020-2883, CVE-2020-0601, CVE-2019-10149, CVE-2018-20062, CVE-2016-6366, CVE-2019-3396, CVE-2014-0751, CVE-2018-8414, CVE-2014-4148, CVE-2016-3088, CVE-2013-5576"}, {"techniqueID": "T1078", "score": 48, "comment": "Related to CVE-2019-15243, CVE-2019-15956, CVE-2019-12660, CVE-2019-1753, CVE-2019-1942, CVE-2019-15972, CVE-2019-1879, CVE-2019-1863, CVE-2020-3403, CVE-2020-3292, CVE-2020-3253, CVE-2019-15249, CVE-2019-15288, CVE-2019-1781, CVE-2019-1768, CVE-2020-3379, CVE-2020-3477, CVE-2019-1794, CVE-2019-15963, CVE-2020-3476, CVE-2019-15998, CVE-2019-1889, CVE-2019-1612, CVE-2019-1715, CVE-2019-1609, CVE-2019-1611, CVE-2020-3416, CVE-2019-1812, CVE-2020-3513, CVE-2019-1790, CVE-2019-3735, CVE-2018-11045, CVE-2018-15795, CVE-2019-3790, CVE-2019-3704, CVE-2018-15800, CVE-2018-15761, CVE-2019-3787, CVE-2020-15100, CVE-2020-11035, CVE-2020-15093, CVE-2019-6563, CVE-2017-13289, CVE-2017-11368, CVE-2016-5645, CVE-2013-0629, CVE-2013-0640, CVE-2018-14847"}, {"techniqueID": "T1068", "score": 120, "comment": "Related to CVE-2019-15976, CVE-2019-1753, CVE-2019-1879, CVE-2019-1863, CVE-2020-3403, CVE-2020-3216, CVE-2019-1889, CVE-2019-1764, CVE-2020-3387, CVE-2019-1876, CVE-2019-1612, CVE-2019-1609, CVE-2019-1611, CVE-2019-1915, CVE-2019-1790, CVE-2019-3735, CVE-2018-15782, CVE-2020-5326, CVE-2019-3727, CVE-2019-3704, CVE-2020-5358, CVE-2020-5371, CVE-2018-15761, CVE-2018-15797, CVE-2020-5362, CVE-2018-11088, CVE-2018-15758, CVE-2019-3780, CVE-2020-5369, CVE-2019-3798, CVE-2018-11060, CVE-2020-5328, CVE-2018-15774, CVE-2019-16784, CVE-2018-10636, CVE-2018-7500, CVE-2020-6964, CVE-2020-14510, CVE-2020-7004, CVE-2018-17908, CVE-2020-1111, CVE-2019-1087, CVE-2019-1086, CVE-2020-1347, CVE-2020-0758, CVE-2019-1021, CVE-2019-1423, CVE-2020-1190, CVE-2018-8575, CVE-2019-1402, CVE-2020-0981, CVE-2020-1471, CVE-2020-0636, CVE-2015-2945, CVE-2014-4114, CVE-2020-8835, CVE-2020-8467, CVE-2020-12659, CVE-2020-10751, CVE-2020-1027, CVE-2019-1215, CVE-2019-1214, CVE-2019-0859, CVE-2018-9862, CVE-2018-9488, CVE-2018-8599, CVE-2018-5463, CVE-2018-11776, CVE-2017-1274, CVE-2017-0263, CVE-2016-5195, CVE-2015-7910, CVE-2015-2387, CVE-2015-2360, CVE-2015-0016, CVE-2014-4113, CVE-2014-1807, CVE-2014-0322, CVE-2012-0181, CVE-2010-2884, CVE-2010-2743, CVE-2009-1612, CVE-2020-5539, CVE-2017-13289, CVE-2019-15821, CVE-2013-0707, CVE-2020-10817, CVE-2019-5786, CVE-2017-0213, CVE-2019-2215, CVE-2019-0808, CVE-2017-7533, CVE-2020-8649, CVE-2020-12652, CVE-2014-6324, CVE-2019-5954, CVE-2008-4996, CVE-2017-15211, CVE-2010-1592, CVE-2015-1769, CVE-2016-6367, CVE-2015-1701, CVE-2012-4681, CVE-2011-1331, CVE-2013-0640, CVE-2017-5638, CVE-2015-1494, CVE-2015-1805, CVE-2019-9081, CVE-2020-12653, CVE-2020-11608, CVE-2014-4148, CVE-2020-11651, CVE-2020-5300, CVE-2013-5065, CVE-2008-0655, CVE-2020-0688, CVE-2019-0708, CVE-2018-19831, CVE-2018-19830"}, {"techniqueID": "T1499", "score": 18, "comment": "Related to CVE-2019-15956, CVE-2020-3306, CVE-2020-3120, CVE-2018-15462, CVE-2019-1704, CVE-2018-15772, CVE-2020-6986, CVE-2019-13555, CVE-2018-19010, CVE-2020-14508, CVE-2017-7533, CVE-2020-11897, CVE-2020-11896, CVE-2014-1776, CVE-2013-3918, CVE-2019-11707, CVE-2017-14934, CVE-2009-2055"}, {"techniqueID": "T1098", "score": 8, "comment": "Related to CVE-2019-15956, CVE-2019-1915, CVE-2019-3775, CVE-2019-3787, CVE-2020-5362, CVE-2019-3782, CVE-2020-5350, CVE-2020-0758"}, {"techniqueID": "T1574", "score": 52, "comment": "Related to CVE-2019-12660, CVE-2018-15376, CVE-2020-3198, CVE-2020-3309, CVE-2019-3723, CVE-2018-11049, CVE-2020-5210, CVE-2020-15211, CVE-2020-15100, CVE-2020-5254, CVE-2020-4068, CVE-2020-15208, CVE-2020-11039, CVE-2020-15199, CVE-2020-11068, CVE-2020-5253, CVE-2018-7499, CVE-2019-10980, CVE-2019-6538, CVE-2018-14819, CVE-2018-10610, CVE-2018-14809, CVE-2018-10636, CVE-2018-7494, CVE-2019-13522, CVE-2018-17910, CVE-2018-8835, CVE-2018-10620, CVE-2018-18987, CVE-2019-0911, CVE-2018-8355, CVE-2020-0671, CVE-2020-0898, CVE-2019-1118, CVE-2020-1109, CVE-2019-0576, CVE-2020-1495, CVE-2020-1425, CVE-2018-8248, CVE-2018-8111, CVE-2020-1569, CVE-2020-16874, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2019-1106, CVE-2019-1035, CVE-2019-0926, CVE-2019-1052, CVE-2020-4100, CVE-2020-0688, CVE-2019-0708"}, {"techniqueID": "T1562", "score": 4, "comment": "Related to CVE-2019-12660, CVE-2019-18581, CVE-2018-17908, CVE-2018-17892"}, {"techniqueID": "T1557", "score": 37, "comment": "Related to CVE-2019-1860, CVE-2019-1941, CVE-2019-1838, CVE-2020-3233, CVE-2019-15280, CVE-2020-3137, CVE-2019-1943, CVE-2019-1665, CVE-2019-15994, CVE-2018-15393, CVE-2020-3121, CVE-2019-1715, CVE-2020-3356, CVE-2020-3349, CVE-2019-3754, CVE-2020-5336, CVE-2018-15784, CVE-2018-11087, CVE-2020-5269, CVE-2020-11030, CVE-2020-11023, CVE-2020-5270, CVE-2020-5264, CVE-2020-11035, CVE-2020-11082, CVE-2020-15093, CVE-2020-5266, CVE-2020-5271, CVE-2019-6538, CVE-2018-10610, CVE-2018-14809, CVE-2012-3015, CVE-2014-4077, CVE-2018-0622, CVE-2015-7931, CVE-2014-3566, CVE-2018-16179"}, {"techniqueID": "T1005", "score": 80, "comment": "Related to CVE-2019-1860, CVE-2019-1942, CVE-2019-15972, CVE-2020-3312, CVE-2020-3477, CVE-2019-15963, CVE-2018-15466, CVE-2018-15444, CVE-2020-3177, CVE-2020-3240, CVE-2020-5364, CVE-2018-11048, CVE-2018-15771, CVE-2019-3732, CVE-2019-3731, CVE-2020-5386, CVE-2019-3799, CVE-2020-5371, CVE-2018-11051, CVE-2019-3767, CVE-2020-5331, CVE-2020-5366, CVE-2020-5373, CVE-2018-15780, CVE-2019-3786, CVE-2019-16768, CVE-2020-5220, CVE-2020-11021, CVE-2020-11087, CVE-2020-5270, CVE-2020-11019, CVE-2020-15137, CVE-2020-11010, CVE-2020-11039, CVE-2020-11059, CVE-2020-5284, CVE-2020-11045, CVE-2018-17934, CVE-2019-6522, CVE-2019-6538, CVE-2018-7526, CVE-2018-5445, CVE-2019-13511, CVE-2018-18990, CVE-2018-10610, CVE-2018-14809, CVE-2018-5459, CVE-2019-18234, CVE-2020-6993, CVE-2020-16211, CVE-2020-1111, CVE-2018-8355, CVE-2020-0671, CVE-2019-1118, CVE-2020-1456, CVE-2020-1109, CVE-2020-1495, CVE-2018-8248, CVE-2020-1141, CVE-2018-8111, CVE-2018-8607, CVE-2020-1569, CVE-2020-16874, CVE-2019-1013, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2019-1031, CVE-2020-0955, CVE-2018-8160, CVE-2020-11652, CVE-2017-16651, CVE-2015-0984, CVE-2019-9670, CVE-2020-5539, CVE-2015-7935, CVE-2019-5910, CVE-2020-6974, CVE-2014-0751"}, {"techniqueID": "T1036", "score": 13, "comment": "Related to CVE-2019-1831, CVE-2019-3788, CVE-2018-11067, CVE-2019-3778, CVE-2020-5250, CVE-2020-5270, CVE-2018-17934, CVE-2018-5451, CVE-2020-16198, CVE-2020-1456, CVE-2018-8607, CVE-2019-1031, CVE-2018-0560"}, {"techniqueID": "T1566", "score": 26, "comment": "Related to CVE-2019-1831, CVE-2019-1772, CVE-2020-3440, CVE-2018-15376, CVE-2019-15276, CVE-2019-1915, CVE-2020-3322, CVE-2020-3198, CVE-2018-15782, CVE-2020-4068, CVE-2020-1495, CVE-2018-8111, CVE-2020-1569, CVE-2019-1013, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2018-8160, CVE-2017-15211, CVE-2017-14487, CVE-2020-1020, CVE-2017-8759, CVE-2017-11847, CVE-2013-3906, CVE-2012-6467"}, {"techniqueID": "T1565.001", "score": 18, "comment": "Related to CVE-2019-1942, CVE-2019-15972, CVE-2019-1863, CVE-2019-1689, CVE-2020-3476, CVE-2020-3440, CVE-2019-1836, CVE-2020-3237, CVE-2020-3309, CVE-2020-5345, CVE-2019-3786, CVE-2020-11010, CVE-2018-5459, CVE-2019-18234, CVE-2019-5954, CVE-2008-4996, CVE-2020-9819, CVE-2018-19833"}, {"techniqueID": "T1133", "score": 38, "comment": "Related to CVE-2019-1942, CVE-2019-15972, CVE-2019-15288, CVE-2019-15998, CVE-2020-3387, CVE-2019-1612, CVE-2019-1836, CVE-2018-15444, CVE-2020-3237, CVE-2020-3198, CVE-2020-3309, CVE-2020-3240, CVE-2018-11048, CVE-2020-15188, CVE-2020-15147, CVE-2020-15140, CVE-2020-5295, CVE-2020-4068, CVE-2020-15109, CVE-2020-5225, CVE-2020-11010, CVE-2020-15143, CVE-2020-12029, CVE-2018-19007, CVE-2019-18234, CVE-2020-10603, CVE-2020-12000, CVE-2019-15821, CVE-2015-7935, CVE-2014-9938, CVE-2016-6367, CVE-2010-2772, CVE-2012-5958, CVE-2016-5180, CVE-2019-11510, CVE-2018-7506, CVE-2019-11708, CVE-2014-0751"}, {"techniqueID": "T1608", "score": 27, "comment": "Related to CVE-2019-16009, CVE-2018-15401, CVE-2019-15288, CVE-2019-1781, CVE-2019-1768, CVE-2020-3379, CVE-2019-1857, CVE-2018-15466, CVE-2019-0797, CVE-2018-8453, CVE-2018-8440, CVE-2018-19320, CVE-2016-7255, CVE-2016-0728, CVE-2016-0167, CVE-2016-0165, CVE-2015-6175, CVE-2015-2546, CVE-2014-4076, CVE-2013-6282, CVE-2013-3660, CVE-2012-2319, CVE-2011-1249, CVE-2010-3081, CVE-2010-0232, CVE-2008-3431, CVE-2010-3338"}, {"techniqueID": "T1204.001", "score": 28, "comment": "Related to CVE-2019-16009, CVE-2019-1941, CVE-2019-1838, CVE-2020-3233, CVE-2018-15401, CVE-2020-3137, CVE-2019-1857, CVE-2019-1764, CVE-2019-1665, CVE-2019-15994, CVE-2018-15393, CVE-2020-3121, CVE-2020-3356, CVE-2020-3349, CVE-2019-3754, CVE-2020-5336, CVE-2019-3708, CVE-2020-5269, CVE-2020-11030, CVE-2020-11023, CVE-2020-15182, CVE-2020-5264, CVE-2020-11082, CVE-2020-5271, CVE-2019-13511, CVE-2020-12038, CVE-2016-3714, CVE-2015-0071"}, {"techniqueID": "T1059.007", "score": 34, "comment": "Related to CVE-2019-1941, CVE-2019-1838, CVE-2020-3233, CVE-2019-15280, CVE-2020-3137, CVE-2019-1665, CVE-2019-15994, CVE-2018-15393, CVE-2020-3121, CVE-2020-3356, CVE-2020-3349, CVE-2019-3754, CVE-2020-5336, CVE-2020-5339, CVE-2019-18578, CVE-2020-5340, CVE-2018-11059, CVE-2018-11075, CVE-2019-18571, CVE-2018-11073, CVE-2019-3708, CVE-2020-5269, CVE-2020-11030, CVE-2020-11036, CVE-2020-11023, CVE-2020-5270, CVE-2020-5264, CVE-2020-11082, CVE-2020-5266, CVE-2020-5271, CVE-2019-13538, CVE-2015-6475, CVE-2020-11901, CVE-2020-9459"}, {"techniqueID": "T1499.004", "score": 94, "comment": "Related to CVE-2020-3292, CVE-2019-1594, CVE-2019-15289, CVE-2020-3407, CVE-2018-15376, CVE-2019-15276, CVE-2019-1746, CVE-2020-3397, CVE-2020-3322, CVE-2020-3198, CVE-2020-3510, CVE-2020-3409, CVE-2018-15392, CVE-2018-11048, CVE-2020-5210, CVE-2020-15100, CVE-2020-11090, CVE-2020-11019, CVE-2020-15137, CVE-2020-4068, CVE-2020-15208, CVE-2020-11039, CVE-2020-15199, CVE-2020-11044, CVE-2020-11068, CVE-2020-5253, CVE-2018-7499, CVE-2019-6522, CVE-2019-10980, CVE-2019-6538, CVE-2020-12038, CVE-2018-10610, CVE-2018-14809, CVE-2018-10636, CVE-2018-7494, CVE-2018-18987, CVE-2020-10602, CVE-2019-0911, CVE-2018-8355, CVE-2020-0671, CVE-2020-0898, CVE-2019-1118, CVE-2020-1109, CVE-2019-0576, CVE-2020-1495, CVE-2020-1425, CVE-2018-8248, CVE-2018-8111, CVE-2020-1569, CVE-2020-16874, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2019-1106, CVE-2019-1035, CVE-2019-0926, CVE-2019-1052, CVE-2020-8649, CVE-2020-12652, CVE-2020-9804, CVE-2016-5180, CVE-2015-4051, CVE-2020-13125, CVE-2014-7187, CVE-2016-0034, CVE-2015-7756, CVE-2015-2426, CVE-2019-8540, CVE-2019-0604, CVE-2018-19207, CVE-2014-3413, CVE-2012-1675, CVE-2011-4862, CVE-2013-4335, CVE-2019-13510, CVE-2018-8414, CVE-2020-8648, CVE-2020-14059, CVE-2020-12888, CVE-2020-12655, CVE-2020-11884, CVE-2020-11668, CVE-2019-16302, CVE-2019-11869, CVE-2018-21091, CVE-2018-15454, CVE-2018-14679, CVE-2017-9142, CVE-2017-10910, CVE-2017-10810, CVE-2011-1752, CVE-2020-12653, CVE-2020-11608, CVE-2017-14486"}, {"techniqueID": "T1529", "score": 4, "comment": "Related to CVE-2018-15397, CVE-2019-1817, CVE-2018-18995, CVE-2015-7925"}, {"techniqueID": "T1189", "score": 97, "comment": "Related to CVE-2019-15280, CVE-2019-1943, CVE-2019-15974, CVE-2019-15276, CVE-2019-1915, CVE-2020-3198, CVE-2020-5339, CVE-2019-18578, CVE-2020-5340, CVE-2018-11059, CVE-2018-11073, CVE-2020-11036, CVE-2020-5290, CVE-2020-11054, CVE-2020-4068, CVE-2020-5266, CVE-2019-0911, CVE-2018-8355, CVE-2019-1118, CVE-2018-8248, CVE-2019-1106, CVE-2019-0926, CVE-2019-1052, CVE-2020-6820, CVE-2019-9978, CVE-2013-0707, CVE-2016-3298, CVE-2012-4681, CVE-2012-0158, CVE-2020-6418, CVE-2020-5902, CVE-2019-7286, CVE-2019-18935, CVE-2019-17026, CVE-2019-13720, CVE-2019-11886, CVE-2018-9206, CVE-2018-8174, CVE-2018-8120, CVE-2018-0798, CVE-2016-4656, CVE-2016-1409, CVE-2015-2590, CVE-2015-2425, CVE-2014-2817, CVE-2014-0324, CVE-2014-0307, CVE-2013-5211, CVE-2013-2471, CVE-2013-1493, CVE-2013-0625, CVE-2013-0422, CVE-2011-3402, CVE-2010-1423, CVE-2010-1165, CVE-2009-1862, CVE-2009-1807, CVE-2009-1151, CVE-2015-1641, CVE-2020-11901, CVE-2016-7256, CVE-2016-3714, CVE-2015-0071, CVE-2014-4123, CVE-2014-0266, CVE-2010-1885, CVE-2009-3459, CVE-2020-13125, CVE-2014-7187, CVE-2011-3544, CVE-2016-0034, CVE-2015-7756, CVE-2015-2426, CVE-2018-0802, CVE-2015-2424, CVE-2012-2539, CVE-2017-0022, CVE-2020-6819, CVE-2020-10257, CVE-2017-15919, CVE-2017-0222, CVE-2017-0149, CVE-2016-9079, CVE-2016-7189, CVE-2016-3393, CVE-2015-5123, CVE-2015-2502, CVE-2015-2419, CVE-2014-6332, CVE-2014-1815, CVE-2013-2465, CVE-2013-2423, CVE-2012-3213, CVE-2010-3971, CVE-2009-1136, CVE-2014-1776, CVE-2013-3918"}, {"techniqueID": "T1565.002", "score": 3, "comment": "Related to CVE-2020-3460, CVE-2019-1943, CVE-2019-15974"}, {"techniqueID": "T1185", "score": 23, "comment": "Related to CVE-2020-3460, CVE-2020-5339, CVE-2019-18578, CVE-2020-5340, CVE-2018-11059, CVE-2018-11075, CVE-2019-18571, CVE-2018-11073, CVE-2019-3708, CVE-2020-15118, CVE-2020-11055, CVE-2020-5283, CVE-2020-11036, CVE-2020-5217, CVE-2020-15179, CVE-2020-15183, CVE-2020-15162, CVE-2020-5267, CVE-2020-5241, CVE-2020-11083, CVE-2019-13538, CVE-2015-6475, CVE-2011-3056"}, {"techniqueID": "T1563", "score": 8, "comment": "Related to CVE-2019-1724, CVE-2019-18573, CVE-2019-3790, CVE-2019-3784, CVE-2020-5290, CVE-2019-16782, CVE-2018-8852, CVE-2019-12258"}, {"techniqueID": "T1574.008", "score": 3, "comment": "Related to CVE-2019-1794, CVE-2018-11049, CVE-2012-1854"}, {"techniqueID": "T1105", "score": 2, "comment": "Related to CVE-2019-1620, CVE-2019-1689"}, {"techniqueID": "T1489", "score": 5, "comment": "Related to CVE-2019-1886, CVE-2019-1711, CVE-2020-3134, CVE-2019-1747, CVE-2019-3728"}, {"techniqueID": "T1499.002", "score": 1, "comment": "Related to CVE-2019-1703"}, {"techniqueID": "T1531", "score": 1, "comment": "Related to CVE-2019-1689"}, {"techniqueID": "T1204.002", "score": 68, "comment": "Related to CVE-2019-15287, CVE-2019-1772, CVE-2019-12696, CVE-2020-3440, CVE-2018-15376, CVE-2020-3126, CVE-2019-1915, CVE-2020-3322, CVE-2020-3198, CVE-2018-15782, CVE-2019-3719, CVE-2018-11075, CVE-2019-18571, CVE-2020-4068, CVE-2020-11073, CVE-2019-13522, CVE-2018-8835, CVE-2020-16211, CVE-2019-0911, CVE-2018-8355, CVE-2019-1118, CVE-2019-0576, CVE-2020-1495, CVE-2018-8248, CVE-2018-8111, CVE-2020-1569, CVE-2020-16874, CVE-2019-1013, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2019-1035, CVE-2014-4123, CVE-2014-0266, CVE-2010-1885, CVE-2009-3459, CVE-2020-13125, CVE-2014-7187, CVE-2018-20250, CVE-2017-8464, CVE-2017-11882, CVE-2017-11826, CVE-2017-0261, CVE-2015-6585, CVE-2015-1642, CVE-2015-0096, CVE-2014-7247, CVE-2014-6352, CVE-2013-1331, CVE-2010-1424, CVE-2010-0840, CVE-2009-4324, CVE-2009-0556, CVE-2019-13541, CVE-2019-13527, CVE-2017-8570, CVE-2017-0262, CVE-2016-7193, CVE-2015-2509, CVE-2014-0810, CVE-2013-3644, CVE-2010-3915, CVE-2010-3333, CVE-2010-2862, CVE-2010-0028, CVE-2009-3129, CVE-2009-0927"}, {"techniqueID": "T1542.001", "score": 7, "comment": "Related to CVE-2019-1736, CVE-2020-5326, CVE-2020-5378, CVE-2020-5376, CVE-2020-5379, CVE-2016-5645, CVE-2015-7925"}, {"techniqueID": "T1477", "score": 3, "comment": "Related to CVE-2019-1747, CVE-2019-6538, CVE-2019-3568"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to CVE-2019-15959, CVE-2018-15376, CVE-2020-3198, CVE-2020-4068, CVE-2020-12024, CVE-2015-1769, CVE-2020-7456, CVE-2020-12464, CVE-2020-15393, CVE-2020-9804"}, {"techniqueID": "T1566.001", "score": 2, "comment": "Related to CVE-2020-3133, CVE-2019-6340"}, {"techniqueID": "T1040", "score": 9, "comment": "Related to CVE-2019-1715, CVE-2020-15094, CVE-2020-11035, CVE-2020-5261, CVE-2020-15093, CVE-2018-14781, CVE-2020-0884, CVE-2018-11749, CVE-2018-7259"}, {"techniqueID": "T1110", "score": 17, "comment": "Related to CVE-2019-1715, CVE-2018-11045, CVE-2018-15795, CVE-2020-5365, CVE-2018-15800, CVE-2018-11069, CVE-2020-11035, CVE-2020-15093, CVE-2019-16782, CVE-2019-6563, CVE-2019-18263, CVE-2018-8160, CVE-2020-11957, CVE-2019-19735, CVE-2018-1956, CVE-2018-12520, CVE-2019-11219"}, {"techniqueID": "T1542.004", "score": 2, "comment": "Related to CVE-2020-3416, CVE-2020-3513"}, {"techniqueID": "T1080", "score": 1, "comment": "Related to CVE-2020-3126"}, {"techniqueID": "T1548", "score": 7, "comment": "Related to CVE-2019-1812, CVE-2019-3717, CVE-2015-8562, CVE-2015-1539, CVE-2010-3765, CVE-2013-7246, CVE-2017-14486"}, {"techniqueID": "T1211", "score": 20, "comment": "Related to CVE-2020-3244, CVE-2020-11087, CVE-2020-11019, CVE-2020-1141, CVE-2014-4114, CVE-2020-10817, CVE-2019-5786, CVE-2017-0213, CVE-2017-6922, CVE-2019-11708, CVE-2018-7496, CVE-2015-1494, CVE-2014-0751, CVE-2020-8468, CVE-2018-6112, CVE-2015-7755, CVE-2018-0560, CVE-2018-8337, CVE-2013-7246, CVE-2018-16179"}, {"techniqueID": "T1505.003", "score": 12, "comment": "Related to CVE-2020-3240, CVE-2020-15189, CVE-2020-11010, CVE-2020-5297, CVE-2020-12029, CVE-2019-18234, CVE-2018-2894, CVE-2012-6081, CVE-2011-4106, CVE-2018-15961, CVE-2016-3088, CVE-2013-5576"}, {"techniqueID": "T1003.008", "score": 1, "comment": "Related to CVE-2020-3240"}, {"techniqueID": "T1552.001", "score": 7, "comment": "Related to CVE-2020-3240, CVE-2019-3782, CVE-2019-3780, CVE-2018-7520, CVE-2014-1812, CVE-2019-9670, CVE-2010-5290"}, {"techniqueID": "T1078.001", "score": 9, "comment": "Related to CVE-2020-5364, CVE-2020-5374, CVE-2018-15771, CVE-2020-5365, CVE-2018-11062, CVE-2020-5231, CVE-2018-10633, CVE-2019-10990, CVE-2020-14510"}, {"techniqueID": "T1485", "score": 24, "comment": "Related to CVE-2019-3723, CVE-2019-3750, CVE-2018-5459, CVE-2020-1111, CVE-2018-8355, CVE-2020-0671, CVE-2019-1270, CVE-2019-1118, CVE-2020-1456, CVE-2020-1109, CVE-2020-1163, CVE-2020-1495, CVE-2018-8248, CVE-2018-8111, CVE-2018-8607, CVE-2020-1569, CVE-2020-16874, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2019-1031, CVE-2020-9819, CVE-2018-8337"}, {"techniqueID": "T1200", "score": 2, "comment": "Related to CVE-2019-3717, CVE-2019-9019"}, {"techniqueID": "T1496", "score": 2, "comment": "Related to CVE-2018-11084, CVE-2020-16200"}, {"techniqueID": "T1136", "score": 23, "comment": "Related to CVE-2019-3758, CVE-2019-3798, CVE-2020-11010, CVE-2020-5231, CVE-2019-18234, CVE-2020-1111, CVE-2018-8355, CVE-2020-0671, CVE-2019-1118, CVE-2020-1109, CVE-2020-1495, CVE-2018-8248, CVE-2018-8111, CVE-2020-1569, CVE-2020-16874, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2019-15821, CVE-2013-6129, CVE-2015-4051, CVE-2014-4148"}, {"techniqueID": "T1552", "score": 17, "comment": "Related to CVE-2019-3787, CVE-2018-15797, CVE-2018-11088, CVE-2019-3763, CVE-2020-15105, CVE-2020-12008, CVE-2018-17900, CVE-2019-6549, CVE-2015-0984, CVE-2018-11749, CVE-2015-8562, CVE-2014-0751, CVE-2020-4408, CVE-2019-13922, CVE-2018-7259, CVE-2018-18641, CVE-2017-14487"}, {"techniqueID": "T1566.002", "score": 5, "comment": "Related to CVE-2019-3788, CVE-2018-11067, CVE-2019-3778, CVE-2020-5270, CVE-2020-15233"}, {"techniqueID": "T1553", "score": 2, "comment": "Related to CVE-2019-3762, CVE-2014-4077"}, {"techniqueID": "T1588.004", "score": 1, "comment": "Related to CVE-2019-3762"}, {"techniqueID": "T1550.001", "score": 1, "comment": "Related to CVE-2018-15801"}, {"techniqueID": "T1055.001", "score": 1, "comment": "Related to CVE-2018-11072"}, {"techniqueID": "T1548.003", "score": 1, "comment": "Related to CVE-2018-15767"}, {"techniqueID": "T1600", "score": 1, "comment": "Related to CVE-2018-11069"}, {"techniqueID": "T1078 ", "score": 4, "comment": "Related to CVE-2019-3763, CVE-2020-15105, CVE-2018-17900, CVE-2019-6549"}, {"techniqueID": "T1478", "score": 6, "comment": "Related to CVE-2020-5250, CVE-2019-16760, CVE-2020-5253, CVE-2020-1456, CVE-2018-8607, CVE-2019-1031"}, {"techniqueID": "T1552 ", "score": 1, "comment": "Related to CVE-2020-15095"}, {"techniqueID": "T1036 ", "score": 1, "comment": "Related to CVE-2020-15233"}, {"techniqueID": "T1068 ", "score": 1, "comment": "Related to CVE-2020-15182"}, {"techniqueID": "T1478 ", "score": 1, "comment": "Related to CVE-2020-15170"}, {"techniqueID": "T1005 ", "score": 1, "comment": "Related to CVE-2020-5295"}, {"techniqueID": "T1133 ", "score": 1, "comment": "Related to CVE-2020-15189"}, {"techniqueID": "T1190 ", "score": 2, "comment": "Related to CVE-2020-15137, CVE-2020-5261"}, {"techniqueID": "T1565", "score": 32, "comment": "Related to CVE-2020-15109, CVE-2020-5225, CVE-2020-1111, CVE-2018-8355, CVE-2020-0671, CVE-2019-1270, CVE-2019-1118, CVE-2020-1456, CVE-2020-1109, CVE-2020-1068, CVE-2020-1495, CVE-2018-8248, CVE-2018-8111, CVE-2018-8607, CVE-2020-1569, CVE-2019-1423, CVE-2020-16874, CVE-2019-0609, CVE-2018-8353, CVE-2018-8110, CVE-2018-8575, CVE-2019-1031, CVE-2018-8431, CVE-2019-15821, CVE-2012-0158, CVE-2020-6974, CVE-2020-9459, CVE-2013-4335, CVE-2018-18667, CVE-2018-17877, CVE-2018-19831, CVE-2018-19830"}, {"techniqueID": "T1059 ", "score": 1, "comment": "Related to CVE-2020-11010"}, {"techniqueID": "T1059.006", "score": 1, "comment": "Related to CVE-2019-16784"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to CVE-2020-15132"}, {"techniqueID": "T0814", "score": 1, "comment": "Related to CVE-2020-6986"}, {"techniqueID": "T1203", "score": 171, "comment": "Related to CVE-2018-17934, CVE-2018-5454, CVE-2019-1106, CVE-2019-1035, CVE-2019-0926, CVE-2019-1052, CVE-2013-0707, CVE-2020-7456, CVE-2020-12464, CVE-2012-5958, CVE-2016-5180, CVE-2020-6418, CVE-2020-5902, CVE-2019-7286, CVE-2019-18935, CVE-2019-17026, CVE-2019-13720, CVE-2019-11886, CVE-2018-9206, CVE-2018-8174, CVE-2018-8120, CVE-2018-0798, CVE-2016-4656, CVE-2016-1409, CVE-2015-2590, CVE-2015-2425, CVE-2014-2817, CVE-2014-0324, CVE-2014-0307, CVE-2013-5211, CVE-2013-2471, CVE-2013-1493, CVE-2013-0625, CVE-2013-0422, CVE-2011-3402, CVE-2010-1423, CVE-2010-1165, CVE-2009-1862, CVE-2009-1807, CVE-2009-1151, CVE-2015-1641, CVE-2020-11901, CVE-2016-7256, CVE-2016-3714, CVE-2015-0071, CVE-2014-4123, CVE-2014-0266, CVE-2010-1885, CVE-2009-3459, CVE-2020-13125, CVE-2014-7187, CVE-2011-3544, CVE-2016-0034, CVE-2015-7756, CVE-2015-2426, CVE-2020-13126, CVE-2017-10271, CVE-2016-6909, CVE-2014-6278, CVE-2010-5326, CVE-2009-3041, CVE-2020-11897, CVE-2020-11896, CVE-2019-9019, CVE-2013-3893, CVE-2020-9818, CVE-2020-1631, CVE-2020-1350, CVE-2020-0938, CVE-2019-9791, CVE-2019-1579, CVE-2019-11932, CVE-2019-0903, CVE-2019-0803, CVE-2018-8833, CVE-2018-8589, CVE-2018-7513, CVE-2018-20838, CVE-2018-18956, CVE-2018-10376, CVE-2017-5613, CVE-2017-2404, CVE-2017-12824, CVE-2016-9299, CVE-2016-2208, CVE-2015-3864, CVE-2014-7169, CVE-2014-5334, CVE-2014-0593, CVE-2013-3897, CVE-2013-3163, CVE-2012-2311, CVE-2012-1856, CVE-2011-3192, CVE-2011-2005, CVE-2010-4398, CVE-2010-2568, CVE-2010-2152, CVE-2010-1297, CVE-2010-0842, CVE-2010-0480, CVE-2009-1800, CVE-2009-1671, CVE-2009-0824, CVE-2008-2992, CVE-2017-5638, CVE-2015-1494, CVE-2020-6819, CVE-2020-10257, CVE-2017-15919, CVE-2017-0222, CVE-2017-0149, CVE-2016-9079, CVE-2016-7189, CVE-2016-3393, CVE-2015-5123, CVE-2015-2502, CVE-2015-2419, CVE-2014-6332, CVE-2014-1815, CVE-2013-2465, CVE-2013-2423, CVE-2012-3213, CVE-2010-3971, CVE-2009-1136, CVE-2014-1776, CVE-2013-3918, CVE-2020-2883, CVE-2020-0601, CVE-2019-10149, CVE-2018-20062, CVE-2016-6366, CVE-2019-3396, CVE-2018-20250, CVE-2017-8464, CVE-2017-11882, CVE-2017-11826, CVE-2017-0261, CVE-2015-6585, CVE-2015-1642, CVE-2015-0096, CVE-2014-7247, CVE-2014-6352, CVE-2013-1331, CVE-2010-1424, CVE-2010-0840, CVE-2009-4324, CVE-2009-0556, CVE-2019-13510, CVE-2019-13541, CVE-2019-13527, CVE-2017-8570, CVE-2017-0262, CVE-2016-7193, CVE-2015-2509, CVE-2014-0810, CVE-2013-3644, CVE-2010-3915, CVE-2010-3333, CVE-2010-2862, CVE-2010-0028, CVE-2009-3129, CVE-2009-0927, CVE-2019-9081, CVE-2020-1020, CVE-2017-8759, CVE-2017-11847, CVE-2013-3906, CVE-2012-6467, CVE-2019-6340, CVE-2019-10980"}, {"techniqueID": "T1202", "score": 4, "comment": "Related to CVE-2018-17934, CVE-2018-10589, CVE-2019-1270, CVE-2013-3893"}, {"techniqueID": "T0860", "score": 1, "comment": "Related to CVE-2019-6538"}, {"techniqueID": "T1539", "score": 3, "comment": "Related to CVE-2019-6563, CVE-2020-9459, CVE-2013-3900"}, {"techniqueID": "T0816", "score": 1, "comment": "Related to CVE-2018-18995"}, {"techniqueID": "T0855", "score": 3, "comment": "Related to CVE-2018-18995, CVE-2018-5459, CVE-2018-17924"}, {"techniqueID": "T0836", "score": 1, "comment": "Related to CVE-2018-18995"}, {"techniqueID": "T1213", "score": 2, "comment": "Related to CVE-2018-18995, CVE-2012-3015"}, {"techniqueID": "T0833", "score": 1, "comment": "Related to CVE-2018-5459"}, {"techniqueID": "T0826", "score": 2, "comment": "Related to CVE-2019-13555, CVE-2020-16200"}, {"techniqueID": "T0859", "score": 1, "comment": "Related to CVE-2020-12008"}, {"techniqueID": "T0842", "score": 1, "comment": "Related to CVE-2020-12008"}, {"techniqueID": "T1066", "score": 1, "comment": "Related to CVE-2019-10990"}, {"techniqueID": "T1574.001", "score": 3, "comment": "Related to CVE-2019-10971, CVE-2018-10657, CVE-2009-0238"}, {"techniqueID": "T1083", "score": 8, "comment": "Related to CVE-2018-10590, CVE-2013-0629, CVE-2016-3298, CVE-2017-6922, CVE-2019-11510, CVE-2017-12637, CVE-2013-1904, CVE-2019-3396"}, {"techniqueID": "T0875", "score": 1, "comment": "Related to CVE-2018-17924"}, {"techniqueID": "T0803", "score": 1, "comment": "Related to CVE-2018-17924"}, {"techniqueID": "T0804", "score": 1, "comment": "Related to CVE-2018-17924"}, {"techniqueID": "T1575", "score": 4, "comment": "Related to CVE-2018-17911, CVE-2018-14802, CVE-2019-10987, CVE-2019-13541"}, {"techniqueID": "T1528", "score": 6, "comment": "Related to CVE-2020-0884, CVE-2015-8562, CVE-2020-11651, CVE-2020-5300, CVE-2013-5054, CVE-2018-18641"}, {"techniqueID": "T1134", "score": 1, "comment": "Related to CVE-2020-0981"}, {"techniqueID": "T1497", "score": 7, "comment": "Related to CVE-2020-0981, CVE-2018-8489, CVE-2019-0808, CVE-2012-4681, CVE-2011-3544, CVE-2015-1494, CVE-2019-9081"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to CVE-2014-1812"}, {"techniqueID": "T1036.", "score": 1, "comment": "Related to CVE-2018-15869"}, {"techniqueID": "T1525", "score": 1, "comment": "Related to CVE-2018-15869"}, {"techniqueID": "T1036.005", "score": 1, "comment": "Related to CVE-2020-6808"}, {"techniqueID": "T1046", "score": 2, "comment": "Related to CVE-2012-6685, CVE-2017-14323"}, {"techniqueID": "T1055", "score": 6, "comment": "Related to CVE-2016-0099, CVE-2013-3336, CVE-2020-6820, CVE-2019-9978, CVE-2015-1641, CVE-2020-11738"}, {"techniqueID": " T1565.001", "score": 2, "comment": "Related to CVE-2020-5539, CVE-2015-7925"}, {"techniqueID": "T1149", "score": 1, "comment": "Related to CVE-2019-15821"}, {"techniqueID": "T1404", "score": 3, "comment": "Related to CVE-2019-2215, CVE-2019-7287, CVE-2015-1805"}, {"techniqueID": "T1558.001", "score": 1, "comment": "Related to CVE-2014-6324"}, {"techniqueID": "T1574.002", "score": 1, "comment": "Related to CVE-2010-1592"}, {"techniqueID": "T1212", "score": 7, "comment": "Related to CVE-2017-11368, CVE-2019-11510, CVE-2014-0751, CVE-2018-20753, CVE-2018-13379, CVE-2016-6415, CVE-2013-5054"}, {"techniqueID": "T1078.003.", "score": 1, "comment": "Related to CVE-2011-3172"}, {"techniqueID": "T1499.001", "score": 1, "comment": "Related to CVE-2020-15393"}, {"techniqueID": "T1110.001", "score": 1, "comment": "Related to CVE-2019-18872"}, {"techniqueID": "T1114.001", "score": 1, "comment": "Related to CVE-2020-9819"}, {"techniqueID": "T11190", "score": 1, "comment": "Related to CVE-2015-7912"}, {"techniqueID": "T1059.004", "score": 6, "comment": "Related to CVE-2014-9938, CVE-2016-9684, CVE-2014-7186, CVE-2014-6277, CVE-2014-6271, CVE-2012-1795"}, {"techniqueID": "T1480", "score": 1, "comment": "Related to CVE-2016-6367"}, {"techniqueID": "T1552.004.", "score": 1, "comment": "Related to CVE-2018-7506"}, {"techniqueID": "T1134.001.", "score": 2, "comment": "Related to CVE-2015-1701, CVE-2016-7256"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to CVE-2013-6129"}, {"techniqueID": "T1057", "score": 1, "comment": "Related to CVE-2012-4681"}, {"techniqueID": " T1480", "score": 1, "comment": "Related to CVE-2012-4681"}, {"techniqueID": "T1546", "score": 1, "comment": "Related to CVE-2012-0158"}, {"techniqueID": "T1554", "score": 1, "comment": "Related to CVE-2012-0158"}, {"techniqueID": "T1491", "score": 3, "comment": "Related to CVE-2012-0158, CVE-2020-9459, CVE-2018-15961"}, {"techniqueID": "T1518.001", "score": 1, "comment": "Related to CVE-2017-0022"}, {"techniqueID": "T1505.003.", "score": 1, "comment": "Related to CVE-2012-6498"}, {"techniqueID": "T1059.001", "score": 1, "comment": "Related to CVE-2014-0295"}, {"techniqueID": "T1491.002", "score": 1, "comment": "Related to CVE-2017-1001000"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to CVE-2014-7235"}, {"techniqueID": "T1569", "score": 1, "comment": "Related to CVE-2014-1761"}, {"techniqueID": "T1190. T1005", "score": 1, "comment": "Related to CVE-2013-4335"}, {"techniqueID": "T1204.001.", "score": 1, "comment": "Related to CVE-2015-7925"}, {"techniqueID": "T1210", "score": 8, "comment": "Related to CVE-2020-1206, CVE-2017-8543, CVE-2017-0176, CVE-2010-2729, CVE-2008-4250, CVE-2017-14323, CVE-2014-0751, CVE-2018-8414"}, {"techniqueID": "TT1565", "score": 1, "comment": "Related to CVE-2018-8337"}, {"techniqueID": "T1409", "score": 1, "comment": "Related to CVE-2017-12817"}, {"techniqueID": "T1456", "score": 1, "comment": "Related to CVE-2016-4655"}, {"techniqueID": "T1461", "score": 1, "comment": "Related to CVE-2017-0493"}, {"techniqueID": "T1533", "score": 1, "comment": "Related to CVE-2017-0493"}, {"techniqueID": "T1499.003", "score": 1, "comment": "Related to CVE-2017-16115"}, {"techniqueID": "T1499.004.", "score": 2, "comment": "Related to CVE-2020-12769, CVE-2013-4854"}, {"techniqueID": "T1505", "score": 1, "comment": "Related to CVE-2014-4148"}, {"techniqueID": "T1518", "score": 1, "comment": "Related to CVE-2016-3351"}, {"techniqueID": "T1548.002", "score": 2, "comment": "Related to CVE-2013-5065, CVE-2008-0655"}, {"techniqueID": "T1550.002", "score": 1, "comment": "Related to CVE-2010-5290"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to CVE-2017-14487"}, {"techniqueID": "T880", "score": 1, "comment": "Related to CVE-2017-14487"}, {"techniqueID": "T1553.002", "score": 1, "comment": "Related to CVE-2014-4077"}, {"techniqueID": "T1565.003", "score": 1, "comment": "Related to CVE-2018-10299"}, {"techniqueID": "T1053.005", "score": 1, "comment": "Related to CVE-2010-3338"}, {"techniqueID": "T812", "score": 1, "comment": "Related to CVE-2018-14847"}, {"techniqueID": "T828", "score": 6, "comment": "Related to CVE-2018-18665, CVE-2018-18667, CVE-2018-17877, CVE-2018-19831, CVE-2018-19830, CVE-2018-19833"}, {"techniqueID": "T855", "score": 1, "comment": "Related to CVE-2019-13533"}, {"techniqueID": "T842", "score": 1, "comment": "Related to CVE-2019-13533"}, {"techniqueID": "T873", "score": 1, "comment": "Related to CVE-2019-10980"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 195}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/10.1/r4/parsed_nist800-53-r4-10.1_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/10.1/r4/parsed_nist800-53-r4-10.1_mappings_navigator_layer.json new file mode 100644 index 00000000..0ff66626 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/10.1/r4/parsed_nist800-53-r4-10.1_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "10.1"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 12, "comment": "Related to Concurrent Session Control, Remote Access, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1137.002", "score": 9, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification Or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Mobile Code, Spam Protection"}, {"techniqueID": "T1185", "score": 14, "comment": "Related to Concurrent Session Control, Session Termination, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users), Session Authenticity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information System Monitoring"}, {"techniqueID": "T1021.001", "score": 23, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.002", "score": 17, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1072", "score": 22, "comment": "Related to Session Termination, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Key Establishment And Management, Public Key Infrastructure Certificates, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003", "score": 23, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Backup, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Security Function Isolation, Process Isolation, Information Handling And Retention, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Backup, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1005", "score": 12, "comment": "Related to Security Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information System Backup, Security Engineering Principles, Cryptographic Protection, Protection Of Information At Rest, Operations Security, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1020.001", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, System Interconnections, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1025", "score": 14, "comment": "Related to Security Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information System Backup, Media Use, Security Engineering Principles, Cryptographic Protection, Protection Of Information At Rest, Operations Security, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1041", "score": 17, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Security Engineering Principles, External Information System Services, Cryptographic Protection, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048", "score": 21, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.002", "score": 21, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.003", "score": 22, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Cryptographic Protection, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052", "score": 18, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Security Engineering Principles, Protection Of Information At Rest, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052.001", "score": 18, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Security Engineering Principles, Protection Of Information At Rest, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1070", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.001", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.002", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.003", "score": 10, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Configuration Settings, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1119", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505", "score": 22, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Transmission Of Security Attributes, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.002", "score": 22, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Transmission Of Security Attributes, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Authenticator Feedback, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security Attributes, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Identification And Authentication (Non-Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.011", "score": 15, "comment": "Related to Security Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Security Testing And Evaluation, Security Engineering Principles, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548", "score": 20, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Penetration Testing, Software Usage Restrictions, User-Installed Software, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Protection Of Information At Rest, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security Attributes, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification And Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1557", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.002", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565", "score": 24, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.001", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1567", "score": 16, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1021.003", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Security Function Isolation, Non-Modifiable Executable Programs, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.001", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.002", "score": 12, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.003", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.004", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.005", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.007", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.008", "score": 14, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1133", "score": 17, "comment": "Related to Remote Access, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.004", "score": 21, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Boundary Protection, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1543.004", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.004", "score": 12, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Non-Persistence, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Information System Monitoring"}, {"techniqueID": "T1552.007", "score": 13, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Transmission Confidentiality And Integrity"}, {"techniqueID": "T1563", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Cryptographic Key Establishment And Management, Session Authenticity, Information System Monitoring"}, {"techniqueID": "T1609", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Developer Security Testing And Evaluation, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1613", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1619", "score": 7, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Security Function Isolation, Process Isolation, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.002", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.005", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.006", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053.007", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1068", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1078", "score": 22, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1078.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.004", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1098", "score": 11, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1098.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1136", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1190", "score": 27, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Security Engineering Principles, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1210", "score": 30, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1212", "score": 23, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.003", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, System Development Life Cycle, Security Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1218", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1489", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.001", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.003", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Non-Persistence, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Information Input Validation, Non-Persistence, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1553", "score": 23, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Service Identification And Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Information Input Validation, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.006", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 21, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1559.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Session Authenticity, Transmission Confidentiality And Integrity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562.009", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.001", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.002", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1606", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Public Key Infrastructure Certificates, Flaw Remediation"}, {"techniqueID": "T1606.001", "score": 4, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Flaw Remediation"}, {"techniqueID": "T1606.002", "score": 3, "comment": "Related to Account Management, Access Enforcement, Least Privilege"}, {"techniqueID": "T1611", "score": 20, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Mobile Code, Application Partitioning, Security Function Isolation, Non-Modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Security Testing And Evaluation, Developer Security Architecture And Design, Acquisition Process, Security Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Media Use, Port And I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1048.001", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information In Shared Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Cryptographic Key Establishment And Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1199", "score": 7, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Boundary Protection"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1218.002", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.012", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Cryptographic Module Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.003", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Information System Backup, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Memory Protection, Information System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1046", "score": 10, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Unsupported System Components, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Information System Component Inventory, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Supply Chain Protection, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1211", "score": 22, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Trustworthiness, Developer Security Architecture And Design, Security Engineering Principles, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1564.008", "score": 8, "comment": "Related to Information Flow Enforcement, Configuration Change Control, Access Restrictions For Change, Least Functionality, Incident Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1106", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1137.001", "score": 9, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1137.003", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.004", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.005", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.006", "score": 5, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Spam Protection"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Vulnerability Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions For Change"}, {"techniqueID": "T1195", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1036.007", "score": 6, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions For Change, Information System Component Inventory, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.001", "score": 15, "comment": "Related to Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1554", "score": 7, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Supply Chain Protection, Component Authenticity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Information System Monitoring"}, {"techniqueID": "T1218.001", "score": 9, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.003", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.004", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.005", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.008", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.009", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.013", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.014", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.009", "score": 13, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Developer Configuration Management, Information In Shared Resources, Detonation Chambers, Resource Availability, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.006", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.010", "score": 3, "comment": "Related to Baseline Configuration, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.004", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1562.010", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality And Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/10.1/r5/parsed_nist800-53-r5-10.1_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/10.1/r5/parsed_nist800-53-r5-10.1_mappings_navigator_layer.json new file mode 100644 index 00000000..e6d54ec5 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/10.1/r5/parsed_nist800-53-r5-10.1_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "10.1"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 13, "comment": "Related to Concurrent Session Control, Remote Access, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Detonation Chambers, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1137.002", "score": 10, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Mobile Code, Detonation Chambers, Spam Protection"}, {"techniqueID": "T1185", "score": 14, "comment": "Related to Concurrent Session Control, Session Termination, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users), Session Authenticity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Monitoring"}, {"techniqueID": "T1021.001", "score": 24, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.002", "score": 18, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1072", "score": 24, "comment": "Related to Session Termination, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Key Establishment and Management, Public Key Infrastructure Certificates, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003", "score": 22, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Backup, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Backup, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1005", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information Location, System Backup, Security and Privacy Engineering Principles, Cryptographic Protection, Protection of Information at Rest, Operations Security, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1020.001", "score": 16, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Exchange, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1025", "score": 15, "comment": "Related to Security and Privacy Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information Location, System Backup, Media Use, Security and Privacy Engineering Principles, Cryptographic Protection, Protection of Information at Rest, Operations Security, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1041", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Security and Privacy Engineering Principles, External System Services, Cryptographic Protection, Protection of Information at Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048.002", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048.003", "score": 24, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Cryptographic Protection, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1052", "score": 19, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Protection of Information at Rest, Port and I/O Device Access, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1052.001", "score": 19, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Protection of Information at Rest, Port and I/O Device Access, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1070", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.001", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.002", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.003", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Configuration Settings, Usage Restrictions, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1119", "score": 17, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Transmission of Security and Privacy Attributes, Non-persistence, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1505.002", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Transmission of Security and Privacy Attributes, Non-persistence, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Authentication Feedback, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Identification and Authentication (non-organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.011", "score": 15, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Testing and Evaluation, Security and Privacy Engineering Principles, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Penetration Testing, Software Usage Restrictions, User-installed Software, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Protection of Information at Rest, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security and Privacy Attributes, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification and Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1557", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Session Authenticity, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.002", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565", "score": 26, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.001", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1567", "score": 17, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1021.003", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.006", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Security Function Isolation, Non-modifiable Executable Programs, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059", "score": 24, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.001", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1059.003", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.004", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.005", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.007", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.008", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1133", "score": 18, "comment": "Related to Remote Access, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.004", "score": 24, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Boundary Protection, Non-persistence, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.004", "score": 13, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Non-persistence, Memory Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, System Monitoring"}, {"techniqueID": "T1552.007", "score": 14, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity"}, {"techniqueID": "T1563", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Session Authenticity, System Monitoring"}, {"techniqueID": "T1609", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Boundary Protection, System Monitoring"}, {"techniqueID": "T1613", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Usage Restrictions, Boundary Protection, System Monitoring"}, {"techniqueID": "T1619", "score": 7, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.001", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Security Function Isolation, Process Isolation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.002", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.005", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.006", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053.007", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1068", "score": 25, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1078", "score": 23, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring, Supplier Assessments and Reviews"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.002", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1078.003", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.004", "score": 22, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1098", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1098.001", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1136", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.002", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.003", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1190", "score": 29, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1210", "score": 32, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1212", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.003", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Development Life Cycle, Security and Privacy Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1218", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1489", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.001", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1543.004", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1546.003", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Non-persistence, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.006", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Non-persistence, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1559.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Session Authenticity, Transmission Confidentiality and Integrity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1562.009", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1601", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.001", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.002", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1606", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Public Key Infrastructure Certificates, Flaw Remediation"}, {"techniqueID": "T1606.001", "score": 4, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Flaw Remediation"}, {"techniqueID": "T1606.002", "score": 3, "comment": "Related to Account Management, Access Enforcement, Least Privilege"}, {"techniqueID": "T1611", "score": 20, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Mobile Code, Separation of System and User Functionality, Security Function Isolation, Non-modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Testing and Evaluation, Developer Security and Privacy Architecture and Design, Acquisition Process, Security and Privacy Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Media Use, Port and I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1048.001", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information in Shared System Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1199", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1218.002", "score": 11, "comment": "Related to Access Enforcement, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.012", "score": 16, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, System Backup, Protection of Information at Rest, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Memory Protection, System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1046", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Unsupported System Components, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1203", "score": 15, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, System Component Inventory, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.003", "score": 18, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1211", "score": 23, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Security and Privacy Architecture and Design, Security and Privacy Engineering Principles, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1564.008", "score": 8, "comment": "Related to Information Flow Enforcement, Configuration Change Control, Access Restrictions for Change, Least Functionality, Incident Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1106", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1137.001", "score": 10, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Detonation Chambers, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1137.003", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.004", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.005", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.006", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Spam Protection"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1553", "score": 19, "comment": "Related to Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Service Identification and Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Information Input Validation, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.006", "score": 13, "comment": "Related to Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions for Change"}, {"techniqueID": "T1195", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1036.007", "score": 6, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions for Change, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.001", "score": 14, "comment": "Related to Penetration Testing, User-installed Software, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Non-persistence, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1554", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), System Monitoring"}, {"techniqueID": "T1218.001", "score": 10, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.003", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.004", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.005", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.008", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.009", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.013", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.014", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.009", "score": 13, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Developer Configuration Management, Information in Shared System Resources, Detonation Chambers, Resource Availability, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1027", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.006", "score": 14, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Service Identification and Authentication, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1546.010", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1562.010", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality and Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/12.1/r4/parsed_nist800-53-r4-12.1_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/12.1/r4/parsed_nist800-53-r4-12.1_mappings_navigator_layer.json new file mode 100644 index 00000000..84c89629 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/12.1/r4/parsed_nist800-53-r4-12.1_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "12.1"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1556.006", "score": 8, "comment": "Related to Policy and Procedures, Account Management, Access Enforcement, Least Privilege, Policy and Procedures, Event Logging, Re-authentication, Identification and Authentication (Organizational Users)"}, {"techniqueID": "T1556.007", "score": 8, "comment": "Related to Policy and Procedures, Account Management, Access Enforcement, Least Privilege, Policy and Procedures, Event Logging, Re-authentication, Identification and Authentication (Organizational Users)"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information System Monitoring"}, {"techniqueID": "T1137", "score": 12, "comment": "Related to Concurrent Session Control, Remote Access, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1137.002", "score": 9, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification Or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Mobile Code, Spam Protection"}, {"techniqueID": "T1185", "score": 14, "comment": "Related to Concurrent Session Control, Session Termination, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users), Session Authenticity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1021.001", "score": 23, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.002", "score": 17, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1505.005", "score": 11, "comment": "Related to Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1072", "score": 22, "comment": "Related to Session Termination, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Key Establishment And Management, Public Key Infrastructure Certificates, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.008", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1647", "score": 15, "comment": "Related to Security Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Security Testing And Evaluation, Security Engineering Principles, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.001", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security Attributes, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Identification And Authentication (Non-Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1567", "score": 16, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Backup, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1005", "score": 12, "comment": "Related to Security Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information System Backup, Security Engineering Principles, Cryptographic Protection, Protection Of Information At Rest, Operations Security, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1119", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Authenticator Feedback, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1020.001", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, System Interconnections, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505", "score": 22, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Transmission Of Security Attributes, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Penetration Testing, Software Usage Restrictions, User-Installed Software, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Protection Of Information At Rest, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security Attributes, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification And Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565", "score": 24, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.001", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003", "score": 23, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Backup, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Security Function Isolation, Process Isolation, Information Handling And Retention, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1025", "score": 14, "comment": "Related to Security Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information System Backup, Media Use, Security Engineering Principles, Cryptographic Protection, Protection Of Information At Rest, Operations Security, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1041", "score": 17, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Security Engineering Principles, External Information System Services, Cryptographic Protection, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048", "score": 21, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.002", "score": 21, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.003", "score": 22, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, System Interconnections, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security Engineering Principles, External Information System Services, Cryptographic Protection, Protection Of Information At Rest, Covert Channel Analysis, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052", "score": 18, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Security Engineering Principles, Protection Of Information At Rest, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052.001", "score": 18, "comment": "Related to Security Attributes, Account Management, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Security Engineering Principles, Protection Of Information At Rest, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1070.002", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.003", "score": 10, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Configuration Settings, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.002", "score": 22, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Transmission Of Security Attributes, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548", "score": 20, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.002", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.007", "score": 13, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Transmission Confidentiality And Integrity"}, {"techniqueID": "T1609", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1133", "score": 17, "comment": "Related to Remote Access, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1047", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Security Function Isolation, Non-Modifiable Executable Programs, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.001", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.002", "score": 12, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.005", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.008", "score": 14, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.004", "score": 12, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Non-Persistence, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1021.003", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1059.003", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.004", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.007", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.004", "score": 21, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Boundary Protection, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.004", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Information System Monitoring"}, {"techniqueID": "T1563", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Cryptographic Key Establishment And Management, Session Authenticity, Information System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Developer Security Testing And Evaluation, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1613", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1619", "score": 7, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1556.005", "score": 4, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Authenticator Management"}, {"techniqueID": "T1585.003", "score": 2, "comment": "Related to Account Management, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1586.003", "score": 2, "comment": "Related to Account Management, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1621", "score": 6, "comment": "Related to Account Management, Least Privilege, Access Restriction for Change, Identification and Authentication (Organizational Users) , Device Identification and Authentication , Authenticator Management"}, {"techniqueID": "T1070.007", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.009", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.005", "score": 7, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings"}, {"techniqueID": "T1648", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, System Monitoring"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.001", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1068", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1212", "score": 23, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Security Function Isolation, Process Isolation, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1078", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1218", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1611", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Application Partitioning, Security Function Isolation, Non-Modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.002", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.005", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1078.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1078.004", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1098", "score": 11, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1098.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1190", "score": 27, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Security Engineering Principles, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1210", "score": 30, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.003", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, System Development Life Cycle, Security Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.003", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Non-Persistence, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Information Input Validation, Non-Persistence, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1559", "score": 21, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Session Authenticity, Transmission Confidentiality And Integrity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053.006", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053.007", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1136", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1489", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1553", "score": 23, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Service Identification And Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Information Input Validation, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.006", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management"}, {"techniqueID": "T1559.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562.009", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.001", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.002", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1606", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Public Key Infrastructure Certificates, Flaw Remediation"}, {"techniqueID": "T1606.001", "score": 4, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Flaw Remediation"}, {"techniqueID": "T1606.002", "score": 3, "comment": "Related to Account Management, Access Enforcement, Least Privilege"}, {"techniqueID": "T1583.007", "score": 2, "comment": "Related to Use of External Information Systems, Boundary Protection"}, {"techniqueID": "T1584.007", "score": 2, "comment": "Related to Use of External Information Systems, Boundary Protection "}, {"techniqueID": "T1098.004", "score": 15, "comment": "Related to Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Cryptographic Key Establishment And Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Media Use, Port And I/O Device Access"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Security Testing And Evaluation, Developer Security Architecture And Design, Acquisition Process, Security Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1557.003", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1622", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1199", "score": 7, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Boundary Protection"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1218.012", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1565.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Information System Backup, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Memory Protection, Information System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1048.001", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information In Shared Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1218.002", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Cryptographic Module Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1205.002", "score": 2, "comment": "Related to Information Flow Enforncement, Information System Monitoring"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Trustworthiness, Developer Security Architecture And Design, Security Engineering Principles, Boundary Protection"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Information System Component Inventory, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1211", "score": 22, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1046", "score": 10, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Unsupported System Components, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1204.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Supply Chain Protection, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1564.008", "score": 8, "comment": "Related to Information Flow Enforcement, Configuration Change Control, Access Restrictions For Change, Least Functionality, Incident Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1546.016", "score": 7, "comment": "Related to Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions For Change"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1106", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Vulnerability Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1137.001", "score": 9, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1137.003", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.004", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.005", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.006", "score": 5, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Spam Protection"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1593.003", "score": 3, "comment": "Related to Response to Audit Processing Failure, Audit Review, Analysis, & Reporting, Information System Component Inventory"}, {"techniqueID": "T1649", "score": 3, "comment": "Related to Audit Review, Analysis, and Reporting , Identification and Authentication (Organizational Users) , Authenticator Management"}, {"techniqueID": "T1195", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1564.010", "score": 3, "comment": "Related to Continuous Monitoring, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.013", "score": 6, "comment": "Related to Continuous Monitoring, Penetration Testing, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1036.007", "score": 6, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions For Change, Information System Component Inventory, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1505.001", "score": 15, "comment": "Related to Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Non-Persistence, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1554", "score": 7, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Supply Chain Protection, Component Authenticity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Information System Monitoring"}, {"techniqueID": "T1218.003", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.004", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.008", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.009", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.013", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.014", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.001", "score": 9, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.005", "score": 10, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.009", "score": 13, "comment": "Related to User-Installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Developer Configuration Management, Information In Shared Resources, Detonation Chambers, Resource Availability, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1027", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.006", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1562.010", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.010", "score": 3, "comment": "Related to Baseline Configuration, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1548.004", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Monitoring"}, {"techniqueID": "T1559.003", "score": 7, "comment": "Related to Access Restrictions for Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Security Testing And Evaluation, Security Engineering Principles, Information System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1595.003", "score": 1, "comment": "Related to Information in Shared Resources"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality And Integrity"}, {"techniqueID": "T1027.007", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.008", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.009", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1055.015", "score": 1, "comment": "Related to Malicious Code Protection"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/12.1/r5/parsed_nist800-53-r5-12.1_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/12.1/r5/parsed_nist800-53-r5-12.1_mappings_navigator_layer.json new file mode 100644 index 00000000..b7e91ff3 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/12.1/r5/parsed_nist800-53-r5-12.1_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "12.1"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1556.006", "score": 8, "comment": "Related to Policy and Procedures, Account Management, Access Enforcement, Least Privilege, Policy and Procedures, Event Logging, Re-authentication, Identification and Authentication (Organizational Users)"}, {"techniqueID": "T1556.007", "score": 8, "comment": "Related to Policy and Procedures, Account Management, Access Enforcement, Least Privilege, Policy and Procedures, Event Logging, Re-authentication, Identification and Authentication (Organizational Users)"}, {"techniqueID": "T1137", "score": 13, "comment": "Related to Concurrent Session Control, Remote Access, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Detonation Chambers, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1137.002", "score": 10, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Mobile Code, Detonation Chambers, Spam Protection"}, {"techniqueID": "T1185", "score": 14, "comment": "Related to Concurrent Session Control, Session Termination, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users), Session Authenticity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Monitoring"}, {"techniqueID": "T1021.001", "score": 24, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.002", "score": 18, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1072", "score": 24, "comment": "Related to Session Termination, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Key Establishment and Management, Public Key Infrastructure Certificates, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.005", "score": 11, "comment": "Related to Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1020.001", "score": 16, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Exchange, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.001", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Transmission of Security and Privacy Attributes, Non-persistence, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Identification and Authentication (non-organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Penetration Testing, Software Usage Restrictions, User-installed Software, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Protection of Information at Rest, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security and Privacy Attributes, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification and Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565", "score": 26, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.001", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1567", "score": 17, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003", "score": 22, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Backup, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1025", "score": 15, "comment": "Related to Security and Privacy Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information Location, System Backup, Media Use, Security and Privacy Engineering Principles, Cryptographic Protection, Protection of Information at Rest, Operations Security, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1041", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Security and Privacy Engineering Principles, External System Services, Cryptographic Protection, Protection of Information at Rest, Covert Channel Analysis, Boundary Protection, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048.002", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1048.003", "score": 24, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Information Exchange, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Security and Privacy Engineering Principles, External System Services, Cryptographic Protection, Protection of Information at Rest, Covert Channel Analysis, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1052", "score": 19, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Protection of Information at Rest, Port and I/O Device Access, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1052.001", "score": 19, "comment": "Related to Security and Privacy Attributes, Account Management, Use of External Systems, Data Mining Protection, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Protection of Information at Rest, Port and I/O Device Access, Malicious Code Protection, System Monitoring, Provenance"}, {"techniqueID": "T1070.002", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.003", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Configuration Settings, Usage Restrictions, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.002", "score": 23, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Transmission of Security and Privacy Attributes, Non-persistence, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.002", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Backup, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1005", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Data Mining Protection, Access Enforcement, Least Privilege, Information Location, System Backup, Security and Privacy Engineering Principles, Cryptographic Protection, Protection of Information at Rest, Operations Security, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1119", "score": 17, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Authentication Feedback, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Session Authenticity, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.008", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1647", "score": 15, "comment": "Related to Security Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Security Testing And Evaluation, Security Engineering Principles, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1047", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Security Function Isolation, Non-modifiable Executable Programs, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059", "score": 24, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.001", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1059.005", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.008", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.004", "score": 13, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Non-persistence, Memory Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1609", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, System Monitoring"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1021.003", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.006", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1059.003", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.004", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Information Input Validation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.007", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.004", "score": 24, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Boundary Protection, Non-persistence, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, System Monitoring"}, {"techniqueID": "T1563", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Session Authenticity, System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Boundary Protection, System Monitoring"}, {"techniqueID": "T1613", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Usage Restrictions, Boundary Protection, System Monitoring"}, {"techniqueID": "T1619", "score": 7, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1133", "score": 18, "comment": "Related to Remote Access, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.007", "score": 14, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1053", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.002", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.005", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1078.002", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1078.004", "score": 22, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1098", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1098.001", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1190", "score": 29, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1210", "score": 32, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.003", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Development Life Cycle, Security and Privacy Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.001", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1543.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1546.003", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Non-persistence, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.006", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Non-persistence, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1559", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.006", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Session Authenticity, Transmission Confidentiality and Integrity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053.006", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053.007", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.003", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1136", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.002", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.003", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1489", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.004", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management"}, {"techniqueID": "T1559.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1562.009", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1601", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.001", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.002", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1606", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Public Key Infrastructure Certificates, Flaw Remediation"}, {"techniqueID": "T1606.001", "score": 4, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Flaw Remediation"}, {"techniqueID": "T1606.002", "score": 3, "comment": "Related to Account Management, Access Enforcement, Least Privilege"}, {"techniqueID": "T1003.001", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Security Function Isolation, Process Isolation, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1068", "score": 25, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1078", "score": 22, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring, Supplier Assessments and Reviews"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1212", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1611", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Separation of System and User Functionality, Security Function Isolation, Non-modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.007", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.009", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.005", "score": 7, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings"}, {"techniqueID": "T1648", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, System Monitoring"}, {"techniqueID": "T1556.005", "score": 4, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Authenticator Management"}, {"techniqueID": "T1585.003", "score": 2, "comment": "Related to Account Management, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1586.003", "score": 2, "comment": "Related to Account Management, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1621", "score": 6, "comment": "Related to Account Management, Least Privilege, Access Restriction for Change, Identification and Authentication (Organizational Users) , Device Identification and Authentication , Authenticator Management"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Testing and Evaluation, Developer Security and Privacy Architecture and Design, Acquisition Process, Security and Privacy Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Media Use, Port and I/O Device Access"}, {"techniqueID": "T1098.004", "score": 15, "comment": "Related to Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1583.007", "score": 2, "comment": "Related to Use of External Information Systems, Boundary Protection"}, {"techniqueID": "T1584.007", "score": 2, "comment": "Related to Use of External Information Systems, Boundary Protection "}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1218.012", "score": 16, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1565.003", "score": 13, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, System Backup, Protection of Information at Rest, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Memory Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1048.001", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information in Shared System Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1218.002", "score": 11, "comment": "Related to Access Enforcement, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1199", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1557.003", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1622", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Unsupported System Components, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1203", "score": 15, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, System Component Inventory, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1211", "score": 23, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1204.003", "score": 18, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1564.008", "score": 8, "comment": "Related to Information Flow Enforcement, Configuration Change Control, Access Restrictions for Change, Least Functionality, Incident Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1046", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Security and Privacy Architecture and Design, Security and Privacy Engineering Principles, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1205.002", "score": 2, "comment": "Related to Information Flow Enforncement, Information System Monitoring"}, {"techniqueID": "T1106", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions for Change"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1137.001", "score": 10, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Detonation Chambers, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1137.003", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.004", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.005", "score": 7, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Flaw Remediation, Spam Protection"}, {"techniqueID": "T1137.006", "score": 6, "comment": "Related to Least Privilege, Baseline Configuration, Configuration Settings, Mobile Code, Detonation Chambers, Spam Protection"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1553", "score": 19, "comment": "Related to Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Service Identification and Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Information Input Validation, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.006", "score": 13, "comment": "Related to Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1546.016", "score": 7, "comment": "Related to Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1593.003", "score": 3, "comment": "Related to Response to Audit Processing Failure, Audit Review, Analysis, & Reporting, Information System Component Inventory"}, {"techniqueID": "T1649", "score": 3, "comment": "Related to Audit Review, Analysis, and Reporting , Identification and Authentication (Organizational Users) , Authenticator Management"}, {"techniqueID": "T1195", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1036.007", "score": 6, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1564.010", "score": 3, "comment": "Related to Continuous Monitoring, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.013", "score": 7, "comment": "Related to Continuous Monitoring, Penetration Testing, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.001", "score": 14, "comment": "Related to Penetration Testing, User-installed Software, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Non-persistence, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1554", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions for Change, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), System Monitoring"}, {"techniqueID": "T1218.003", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.004", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.008", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.009", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.013", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.014", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.001", "score": 10, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.005", "score": 11, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.009", "score": 13, "comment": "Related to User-installed Software, Baseline Configuration, Configuration Settings, Least Functionality, Developer Configuration Management, Information in Shared System Resources, Detonation Chambers, Resource Availability, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1027", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.006", "score": 14, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Service Identification and Authentication, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1562.010", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.010", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, System Monitoring"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, System Monitoring"}, {"techniqueID": "T1559.003", "score": 7, "comment": "Related to Access Restrictions for Change, Configuration Settings, Least Functionality, Developer Configuration Management, Developer Security Testing And Evaluation, Security Engineering Principles, Information System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1595.003", "score": 1, "comment": "Related to Information in Shared System Resources"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality and Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1027.007", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.008", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.009", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1055.015", "score": 1, "comment": "Related to Malicious Code Protection"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/8.2/r4/parsed_nist800-53-r4-8.2_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/8.2/r4/parsed_nist800-53-r4-8.2_mappings_navigator_layer.json new file mode 100644 index 00000000..63f40ceb --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/8.2/r4/parsed_nist800-53-r4-8.2_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "8.2"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 9, "comment": "Related to Concurrent Session Control, Remote Access, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1137.002", "score": 6, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification Or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions For Change"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information System Monitoring"}, {"techniqueID": "T1021.001", "score": 23, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.002", "score": 17, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1072", "score": 22, "comment": "Related to Session Termination, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Key Establishment And Management, Public Key Infrastructure Certificates, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003", "score": 21, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Backup, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Backup, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1020.001", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.001", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.002", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.003", "score": 9, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1119", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Authenticator Feedback, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security Attributes, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Identification And Authentication (Non-Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.011", "score": 10, "comment": "Related to Security Attributes, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1550.001", "score": 13, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Software Usage Restrictions, User-Installed Software, Baseline Configuration, Configuration Settings, Protection Of Information At Rest, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security Attributes, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification And Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1557", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.002", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565", "score": 24, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.001", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1021.003", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1133", "score": 17, "comment": "Related to Remote Access, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1563", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Cryptographic Key Establishment And Management, Session Authenticity, Information System Monitoring"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.002", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.005", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.006", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1059", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.008", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1068", "score": 23, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1078", "score": 23, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information Security Architecture, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1078.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.004", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1098", "score": 11, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1098.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1136", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1185", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1190", "score": 27, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Security Engineering Principles, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1210", "score": 30, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1212", "score": 23, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.007", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1489", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.002", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.004", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1546.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1547.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.009", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1547.012", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1550", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information System Monitoring"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1552.002", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Information System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1556", "score": 15, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 21, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1559.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Transmission Confidentiality And Integrity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.001", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.002", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Security Testing And Evaluation, Developer Security Architecture And Design, Acquisition Process, Security Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Media Use, Port And I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1567", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1048", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.001", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.002", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.003", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information In Shared Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Cryptographic Key Establishment And Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1199", "score": 7, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Boundary Protection"}, {"techniqueID": "T1205", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1218.002", "score": 9, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.012", "score": 13, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Cryptographic Module Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.003", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Information System Backup, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Memory Protection, Information System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1041", "score": 5, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1046", "score": 10, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Unsupported System Components, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Information System Component Inventory, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1211", "score": 22, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1482", "score": 10, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Information Security Architecture, Vulnerability Scanning, Trustworthiness, Developer Security Architecture And Design, Security Engineering Principles, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1566", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1598", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1059.006", "score": 10, "comment": "Related to Least Privilege, User-Installed Software, Configuration Change Control, Access Restrictions For Change, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Vulnerability Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1553", "score": 9, "comment": "Related to Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions For Change"}, {"techniqueID": "T1195", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions For Change, Information System Component Inventory, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1554", "score": 7, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Supply Chain Protection, Component Authenticity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Information System Monitoring"}, {"techniqueID": "T1036.001", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.002", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.005", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.007", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1137.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.001", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.003", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.004", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.005", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.008", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.009", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.006", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.010", "score": 3, "comment": "Related to Baseline Configuration, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1059.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.004", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Least Functionality"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.006", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality And Integrity"}, {"techniqueID": "T1027", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1137.003", "score": 1, "comment": "Related to Flaw Remediation"}, {"techniqueID": "T1137.004", "score": 1, "comment": "Related to Flaw Remediation"}, {"techniqueID": "T1137.005", "score": 1, "comment": "Related to Flaw Remediation"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/8.2/r5/parsed_nist800-53-r5-8.2_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/8.2/r5/parsed_nist800-53-r5-8.2_mappings_navigator_layer.json new file mode 100644 index 00000000..26de3990 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/8.2/r5/parsed_nist800-53-r5-8.2_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "8.2"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 9, "comment": "Related to Concurrent Session Control, Remote Access, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1137.002", "score": 6, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions for Change"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Monitoring"}, {"techniqueID": "T1021.001", "score": 24, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.002", "score": 18, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1072", "score": 24, "comment": "Related to Session Termination, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Key Establishment and Management, Public Key Infrastructure Certificates, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Backup, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Backup, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1020.001", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.001", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.002", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.003", "score": 9, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1119", "score": 17, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1204", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Protection of Information at Rest, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Protection of Information at Rest, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.002", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Protection of Information at Rest, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Authentication Feedback, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Identification and Authentication (non-organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.011", "score": 10, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1550.001", "score": 13, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Software Usage Restrictions, User-installed Software, Baseline Configuration, Configuration Settings, Protection of Information at Rest, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security and Privacy Attributes, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification and Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1557", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Session Authenticity, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.002", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565", "score": 26, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.001", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1021.003", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.006", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1133", "score": 18, "comment": "Related to Remote Access, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1563", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Session Authenticity, System Monitoring"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.002", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.005", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.006", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1059", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.008", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1068", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1078", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Security and Privacy Architectures, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Supply Chain Protection, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.002", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1078.003", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.004", "score": 22, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1098", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1098.001", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1136", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.002", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.003", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1185", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1190", "score": 29, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1210", "score": 32, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1212", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1213.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1213.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1218", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.007", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1489", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1505.001", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1505.002", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.004", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1546.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1547.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.009", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1547.012", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1550", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Monitoring"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, System Monitoring"}, {"techniqueID": "T1552.002", "score": 17, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1556", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1559.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Transmission Confidentiality and Integrity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1601", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.001", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.002", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Testing and Evaluation, Developer Security and Privacy Architecture and Design, Acquisition Process, Security and Privacy Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Media Use, Port and I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1567", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1048", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.001", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.002", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1052", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1052.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information in Shared System Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1199", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1205", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1218.002", "score": 9, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.012", "score": 13, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, System Backup, Protection of Information at Rest, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Memory Protection, System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1041", "score": 5, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1046", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Unsupported System Components, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, System Component Inventory, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1211", "score": 23, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1482", "score": 10, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Security and Privacy Architectures, Vulnerability Monitoring and Scanning, Developer Security and Privacy Architecture and Design, Security and Privacy Engineering Principles, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1566", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1598", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1059.006", "score": 10, "comment": "Related to Least Privilege, User-installed Software, Configuration Change Control, Access Restrictions for Change, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1553", "score": 9, "comment": "Related to Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions for Change"}, {"techniqueID": "T1195", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions for Change, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1554", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), System Monitoring"}, {"techniqueID": "T1036.001", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.002", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1059.005", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.007", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1137.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1137.003", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1137.004", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1137.005", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.001", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.003", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.004", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.005", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.008", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.009", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.006", "score": 14, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Service Identification and Authentication, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1546.010", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1059.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.004", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Least Functionality"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.006", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality and Integrity"}, {"techniqueID": "T1027", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/9.0/r4/parsed_nist800-53-r4-9.0_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/9.0/r4/parsed_nist800-53-r4-9.0_mappings_navigator_layer.json new file mode 100644 index 00000000..83363fc3 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/9.0/r4/parsed_nist800-53-r4-9.0_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "9.0"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 9, "comment": "Related to Concurrent Session Control, Remote Access, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1137.002", "score": 6, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification Or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions For Change"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information System Monitoring"}, {"techniqueID": "T1021.001", "score": 23, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.002", "score": 17, "comment": "Related to Session Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1072", "score": 22, "comment": "Related to Session Termination, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Key Establishment And Management, Public Key Infrastructure Certificates, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003", "score": 21, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Backup, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Backup, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1020.001", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.001", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.002", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1114.003", "score": 9, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Information Flow Enforcement, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1119", "score": 16, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Alternate Storage Site, Alternate Processing Site, Information System Backup, Distributed Processing And Storage, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Authenticator Feedback, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security Attributes, Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Identification And Authentication (Non-Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.011", "score": 12, "comment": "Related to Security Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security Attributes, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security Attributes, Remote Access, Access Control For Mobile Devices, Use Of External Information Systems, Penetration Testing, Software Usage Restrictions, User-Installed Software, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Protection Of Information At Rest, Transmission Confidentiality And Integrity, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Device Identification And Authentication, Identifier Management, Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Input Validation, Information Handling And Retention, Information Output Filtering, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Use Of External Information Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security Attributes, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification And Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1557", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.002", "score": 23, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Information In Shared Resources, Information Handling And Retention, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565", "score": 24, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.001", "score": 22, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Recovery And Reconstitution, Alternate Storage Site, Alternate Processing Site, Information System Backup, Protection Of Information At Rest, Distributed Processing And Storage, Information In Shared Resources, Boundary Protection, Information Handling And Retention, Memory Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Baseline Configuration, Configuration Settings, Information System Component Inventory, Information In Shared Resources, Information Handling And Retention, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security Attributes, Remote Access, Wireless Access, Access Control For Mobile Devices, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Device Identification And Authentication, Identifier Management, Protection Of Information At Rest, Security Function Isolation, Information In Shared Resources, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Handling And Retention, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1021.003", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1021.006", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1133", "score": 17, "comment": "Related to Remote Access, Use Of External Information Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.004", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users), Information System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Information System Monitoring"}, {"techniqueID": "T1552.007", "score": 13, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Transmission Confidentiality And Integrity"}, {"techniqueID": "T1563", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Cryptographic Key Establishment And Management, Session Authenticity, Information System Monitoring"}, {"techniqueID": "T1609", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Developer Security Testing And Evaluation, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1613", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Process Isolation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.002", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.005", "score": 20, "comment": "Related to Account Management, Use Of External Information Systems, Information Sharing, Publicly Accessible Content, Data Mining Protection, Access Control Decisions, Reference Monitor, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1053.006", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1053.007", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1059", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.008", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1068", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1078", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1078.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1078.004", "score": 21, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1098", "score": 11, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1098.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-Authentication, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1136", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.002", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1136.003", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Boundary Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1185", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1190", "score": 27, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Security Engineering Principles, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1210", "score": 30, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Security Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1212", "score": 23, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1489", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1505.002", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Service Identification And Authentication, Vulnerability Scanning, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users), Identification And Authentication (Non-Organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Identification And Authentication (Non-Organizational Users), Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1543.004", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1546.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1547.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Cryptographic Key Establishment And Management, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Information System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1553", "score": 23, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Service Identification And Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Information Input Validation, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.006", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Process Isolation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use Of External Information Systems, Access Enforcement, Separation Of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 21, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1559.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Identifier Management, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Transmission Confidentiality And Integrity, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, User-Installed Software, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, User-Installed Software, Access Restrictions For Change, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Identification And Authentication (Organizational Users), Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Least Functionality, Identification And Authentication (Organizational Users), Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Access Restrictions For Change, Identification And Authentication (Organizational Users), Identifier Management, Authenticator Feedback, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation Of Duties, Least Privilege, Identification And Authentication (Organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Authenticator Management, Protection Of Information At Rest, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.001", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1601.002", "score": 23, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Identification And Authentication (Organizational Users), Authenticator Management, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Supply Chain Protection, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1611", "score": 20, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Access Restrictions For Change, Configuration Settings, Least Functionality, Identification And Authentication (Organizational Users), Mobile Code, Application Partitioning, Security Function Isolation, Non-Modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use Of External Information Systems, Access Enforcement, Information Flow Enforcement, Separation Of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Security Testing And Evaluation, Developer Security Architecture And Design, Acquisition Process, Security Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Media Use, Port And I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use Of External Information Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1567", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use Of External Information Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1048", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.001", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.002", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1048.003", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1052.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information In Shared Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Information System Component Inventory, Media Use, Vulnerability Scanning, Port And I/O Device Access, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Cryptographic Key Establishment And Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1199", "score": 7, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Boundary Protection"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1218.002", "score": 9, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.012", "score": 13, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Information System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Information System Component Inventory, Cryptographic Module Authentication, Vulnerability Scanning, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Boundary Protection, Flaw Remediation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Session Authenticity, Boundary Protection, Transmission Confidentiality And Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Information System Recovery And Reconstitution, Contingency Plan, Alternate Processing Site, Information System Backup, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1565.003", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Information System Backup, Protection Of Information At Rest, Information In Shared Resources, Boundary Protection, Memory Protection, Information System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1041", "score": 5, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1046", "score": 10, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-Of-Band Channels, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Information System Component Inventory, Unsupported System Components, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Information System Component Inventory, Mobile Code, Application Partitioning, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1204.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Supply Chain Protection, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1211", "score": 22, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Application Partitioning, Honeypots, Heterogeneity, Security Function Isolation, Concealment And Misdirection, Honeyclients, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Security Alerts, Advisories, And Directives, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Scanning, Trustworthiness, Developer Security Architecture And Design, Security Engineering Principles, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name / Address Resolution Service (Authoritative Source), Secure Name / Address Resolution Service (Recursive Or Caching Resolver), Architecture And Provisioning For Name / Address Resolution Service, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment And Management, Transmission Of Security Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, Information System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1059.006", "score": 10, "comment": "Related to Least Privilege, User-Installed Software, Configuration Change Control, Access Restrictions For Change, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-Installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions For Change, Configuration Settings, Least Functionality, Vulnerability Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions For Change"}, {"techniqueID": "T1195", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 7, "comment": "Related to Security Assessments, Continuous Monitoring, User-Installed Software, Least Functionality, Vulnerability Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions For Change, Information System Component Inventory, Cryptographic Module Authentication, Developer Configuration Management, Developer Security Testing And Evaluation, Criticality Analysis, Non-Modifiable Executable Programs, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1554", "score": 7, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification And Authentication, Supply Chain Protection, Component Authenticity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Scanning, Boundary Protection, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification And Authentication, Secure Name / Address Resolution Service (Authoritative Source), Information System Monitoring"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.002", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.005", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.007", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Media Use, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Information System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1137.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.001", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.003", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.004", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.005", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.008", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1218.009", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification And Authentication, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Vulnerability Scanning, Information Input Validation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.006", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Service Identification And Authentication, Supply Chain Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.010", "score": 3, "comment": "Related to Baseline Configuration, Flaw Remediation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Vulnerability Scanning, Malicious Code Protection, Information System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Scanning, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Mobile Code, Non-Modifiable Executable Programs, Information Handling And Retention, Memory Protection, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, Information System Monitoring"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification And Authentication (Organizational Users), Authenticator Management, Flaw Remediation, Information System Monitoring"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information System Component Inventory, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Information System Component Inventory, Information System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection Of Information At Rest, Information System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, Information System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.003", "score": 4, "comment": "Related to Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1059.004", "score": 4, "comment": "Related to Least Functionality, Information Input Validation, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Least Functionality"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Security Testing And Evaluation, Development Process, Standards, And Tools, Developer-Provided Training, Developer Security Architecture And Design, System Development Life Cycle, Acquisition Process, Security Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality And Integrity, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality And Integrity"}, {"techniqueID": "T1027", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, Information System Monitoring, Software, Firmware, And Information Integrity"}, {"techniqueID": "T1137.003", "score": 1, "comment": "Related to Flaw Remediation"}, {"techniqueID": "T1137.004", "score": 1, "comment": "Related to Flaw Remediation"}, {"techniqueID": "T1137.005", "score": 1, "comment": "Related to Flaw Remediation"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/nist_files/9.0/r5/parsed_nist800-53-r5-9.0_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/nist_files/9.0/r5/parsed_nist800-53-r5-9.0_mappings_navigator_layer.json new file mode 100644 index 00000000..0c3804bd --- /dev/null +++ b/src/mappings_explorer/cli/mapex/nist_files/9.0/r5/parsed_nist800-53-r5-9.0_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "nist overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "9.0"}, "sorting": 3, "description": "nist heatmap overview of nist mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1137", "score": 9, "comment": "Related to Concurrent Session Control, Remote Access, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1137.002", "score": 6, "comment": "Related to Concurrent Session Control, Permitted Actions Without Identification or Authentication, Remote Access, Least Privilege, Baseline Configuration, Access Restrictions for Change"}, {"techniqueID": "T1528", "score": 19, "comment": "Related to Concurrent Session Control, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, System Monitoring"}, {"techniqueID": "T1021.001", "score": 24, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.002", "score": 18, "comment": "Related to Device Lock, Session Termination, Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1072", "score": 24, "comment": "Related to Session Termination, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Key Establishment and Management, Public Key Infrastructure Certificates, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Backup, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1003.003", "score": 18, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Backup, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1020.001", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1040", "score": 11, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.001", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.002", "score": 21, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114", "score": 14, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.001", "score": 8, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.002", "score": 13, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1114.003", "score": 9, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Information Flow Enforcement, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1119", "score": 17, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Alternate Storage Site, Alternate Processing Site, System Backup, Distributed Processing and Storage, Information in Shared System Resources, Information Management and Retention, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.001", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1213.002", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Information Sharing, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.001", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1222.002", "score": 11, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1530", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Authentication Feedback, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1537", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Identification and Authentication (non-organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1547.007", "score": 11, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.011", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548", "score": 21, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.003", "score": 13, "comment": "Related to Security and Privacy Attributes, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1550.001", "score": 16, "comment": "Related to Security and Privacy Attributes, Remote Access, Access Control for Mobile Devices, Use of External Systems, Penetration Testing, Software Usage Restrictions, User-installed Software, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Protection of Information at Rest, Transmission Confidentiality and Integrity, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552", "score": 33, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Device Identification and Authentication, Identifier Management, Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Input Validation, Information Management and Retention, Information Output Filtering, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.004", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Use of External Systems, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.005", "score": 13, "comment": "Related to Security and Privacy Attributes, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Device Identification and Authentication, Identifier Management, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1557", "score": 24, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Session Authenticity, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.002", "score": 22, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.002", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.003", "score": 19, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.004", "score": 20, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Account Management, Access Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Information in Shared System Resources, Information Management and Retention, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.004", "score": 6, "comment": "Related to Security and Privacy Attributes, Access Enforcement, Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565", "score": 26, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.001", "score": 23, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, System Recovery and Reconstitution, Alternate Storage Site, Alternate Processing Site, System Backup, Protection of Information at Rest, Distributed Processing and Storage, Information in Shared System Resources, Boundary Protection, Information Management and Retention, Memory Protection, Information Fragmentation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.002", "score": 12, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Baseline Configuration, Configuration Settings, System Component Inventory, Information in Shared System Resources, Information Management and Retention, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.001", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1602.002", "score": 25, "comment": "Related to Security and Privacy Attributes, Remote Access, Wireless Access, Access Control for Mobile Devices, Use of External Systems, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Device Identification and Authentication, Identifier Management, Protection of Information at Rest, Security Function Isolation, Information in Shared System Resources, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Management and Retention, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1021", "score": 12, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1021.002", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1021.003", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.004", "score": 15, "comment": "Related to Remote Access, Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1021.005", "score": 23, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1021.006", "score": 16, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1037", "score": 9, "comment": "Related to Remote Access, Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.001", "score": 2, "comment": "Related to Remote Access, Least Functionality"}, {"techniqueID": "T1047", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1133", "score": 18, "comment": "Related to Remote Access, Use of External Systems, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1219", "score": 13, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543", "score": 21, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.003", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1547.003", "score": 10, "comment": "Related to Remote Access, Access Enforcement, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.004", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.009", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1547.012", "score": 8, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring"}, {"techniqueID": "T1547.013", "score": 15, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1552.002", "score": 18, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, System Monitoring"}, {"techniqueID": "T1552.007", "score": 14, "comment": "Related to Remote Access, Account Management, Data Mining Protection, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity"}, {"techniqueID": "T1563", "score": 19, "comment": "Related to Remote Access, Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1563.001", "score": 17, "comment": "Related to Remote Access, Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Session Authenticity, System Monitoring"}, {"techniqueID": "T1609", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1610", "score": 9, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, System Monitoring"}, {"techniqueID": "T1612", "score": 11, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Boundary Protection, System Monitoring"}, {"techniqueID": "T1613", "score": 10, "comment": "Related to Remote Access, Account Management, Access Enforcement, Least Privilege, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Usage Restrictions, Boundary Protection, System Monitoring"}, {"techniqueID": "T1011", "score": 4, "comment": "Related to Wireless Access, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1011.001", "score": 8, "comment": "Related to Wireless Access, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.002", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.004", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.005", "score": 17, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.006", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.007", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1003.008", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Process Isolation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1036.003", "score": 8, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1036.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.002", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.003", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.004", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.005", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1053.006", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Identification and Authentication (organizational Users), System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1053.007", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1055", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.008", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1056.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1059", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.001", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.008", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1068", "score": 25, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1070.003", "score": 10, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1078", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Security and Privacy Architectures, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, Supply Chain Protection, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.001", "score": 14, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Continuous Monitoring, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.002", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1078.003", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1078.004", "score": 22, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identity Proofing, Identification and Authentication (organizational Users), Authenticator Management, Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1098", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1098.001", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.002", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1098.003", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1110", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.002", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.003", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1110.004", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Configuration Settings, Re-authentication, Identification and Authentication (organizational Users), Identifier Management, Authenticator Management, System Monitoring"}, {"techniqueID": "T1134", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.002", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1134.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1136", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.001", "score": 11, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.002", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1136.003", "score": 15, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Cross Domain Policy Enforcement, Boundary Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1185", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1190", "score": 29, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Security and Privacy Engineering Principles, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1197", "score": 14, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1210", "score": 32, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Control Assessments, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users), Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Cross Domain Policy Enforcement, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1212", "score": 24, "comment": "Related to Account Management, Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218", "score": 15, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.007", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1484", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1489", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Cross Domain Policy Enforcement, Boundary Protection, System Monitoring"}, {"techniqueID": "T1495", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1505", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1505.001", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1505.002", "score": 21, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Developer Configuration Management, Developer Testing and Evaluation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1525", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Service Identification and Authentication, Vulnerability Monitoring and Scanning, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1538", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users), Identification and Authentication (non-organizational Users)"}, {"techniqueID": "T1542", "score": 19, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.003", "score": 18, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Configuration Settings, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1542.005", "score": 24, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Cryptographic Module Authentication, Identification and Authentication (non-organizational Users), Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1543.002", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Unsupported System Components, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1543.004", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1546.003", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1547.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.002", "score": 12, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1550", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1550.002", "score": 8, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Flaw Remediation"}, {"techniqueID": "T1550.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring"}, {"techniqueID": "T1552.001", "score": 18, "comment": "Related to Account Management, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Cryptographic Key Establishment and Management, Protection of Information at Rest, Information in Shared System Resources, Boundary Protection, System Monitoring"}, {"techniqueID": "T1552.006", "score": 13, "comment": "Related to Account Management, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Vulnerability Monitoring and Scanning, Developer Testing and Evaluation, Development Process, Standards, and Tools, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1556", "score": 16, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.001", "score": 14, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Continuous Monitoring, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Process Isolation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.003", "score": 12, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1556.004", "score": 13, "comment": "Related to Account Management, Use of External Systems, Access Enforcement, Separation of Duties, Least Privilege, Unsuccessful Logon Attempts, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1558.001", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management"}, {"techniqueID": "T1559", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Software Usage Restrictions, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1559.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Mobile Code, Security Function Isolation, Boundary Protection, Malicious Code Protection"}, {"techniqueID": "T1562", "score": 16, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Identifier Management, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.001", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.006", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Transmission Confidentiality and Integrity, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1562.007", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1562.008", "score": 6, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569", "score": 14, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, User-installed Software, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1569.001", "score": 7, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, User-installed Software, Access Restrictions for Change, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1569.002", "score": 13, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574", "score": 19, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.004", "score": 13, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.005", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.007", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.008", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.009", "score": 16, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.010", "score": 12, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Identification and Authentication (organizational Users), Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1574.012", "score": 9, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Least Functionality, Identification and Authentication (organizational Users), Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1578", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.001", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.002", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1578.003", "score": 11, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Access Restrictions for Change, Identification and Authentication (organizational Users), Identifier Management, Authentication Feedback, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Account Management, Access Enforcement, Separation of Duties, Least Privilege, Identification and Authentication (organizational Users)"}, {"techniqueID": "T1599", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1599.001", "score": 18, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Continuous Monitoring, Baseline Configuration, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Authenticator Management, Protection of Information at Rest, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1601", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.001", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1601.002", "score": 26, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Identification and Authentication (organizational Users), Authenticator Management, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1611", "score": 20, "comment": "Related to Account Management, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Access Restrictions for Change, Configuration Settings, Least Functionality, Identification and Authentication (organizational Users), Mobile Code, Separation of System and User Functionality, Security Function Isolation, Non-modifiable Executable Programs, Process Isolation, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1134.005", "score": 12, "comment": "Related to Use of External Systems, Access Enforcement, Information Flow Enforcement, Separation of Duties, Least Privilege, Baseline Configuration, Configuration Settings, Developer Testing and Evaluation, Developer Security and Privacy Architecture and Design, Acquisition Process, Security and Privacy Engineering Principles, Security Function Isolation"}, {"techniqueID": "T1200", "score": 5, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Media Use, Port and I/O Device Access"}, {"techniqueID": "T1539", "score": 10, "comment": "Related to Use of External Systems, Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1567", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.001", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1567.002", "score": 3, "comment": "Related to Use of External Systems, Information Flow Enforcement, Boundary Protection"}, {"techniqueID": "T1037.002", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.003", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.004", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1037.005", "score": 7, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1048", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.001", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.002", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1048.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1052", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1052.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.009", "score": 9, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Mobile Code, Boundary Protection, Memory Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.004", "score": 18, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1080", "score": 10, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Least Functionality, Information in Shared System Resources, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.003", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1091", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Port and I/O Device Access, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1095", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1098.004", "score": 9, "comment": "Related to Access Enforcement, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cryptographic Key Establishment and Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1187", "score": 10, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1199", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Least Privilege, System Use Notification, Configuration Settings, Least Functionality, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1205", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1205.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1218.002", "score": 9, "comment": "Related to Access Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.012", "score": 13, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1485", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1486", "score": 11, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Storage Site, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1490", "score": 12, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, Configuration Settings, Least Functionality, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1491.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1498", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.001", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1498.002", "score": 8, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering"}, {"techniqueID": "T1499", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.001", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.002", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.003", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1499.004", "score": 9, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, System Monitoring"}, {"techniqueID": "T1542.004", "score": 20, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Vulnerability Monitoring and Scanning, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Boundary Protection, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.004", "score": 8, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.013", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.003", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1557.001", "score": 15, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Session Authenticity, Cross Domain Policy Enforcement, Boundary Protection, Transmission Confidentiality and Integrity, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1561", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.001", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1561.002", "score": 10, "comment": "Related to Access Enforcement, Least Privilege, Baseline Configuration, System Recovery and Reconstitution, Contingency Plan, Alternate Processing Site, System Backup, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1565.003", "score": 12, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Configuration Settings, Least Functionality, System Backup, Protection of Information at Rest, Information in Shared System Resources, Cross Domain Policy Enforcement, Boundary Protection, Memory Protection, System Monitoring"}, {"techniqueID": "T1570", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1572", "score": 11, "comment": "Related to Access Enforcement, Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Information Input Validation, Information Output Filtering, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1001.003", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1008", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1029", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1030", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1041", "score": 5, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1046", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Cross Domain Policy Enforcement, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.001", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.002", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1071.003", "score": 15, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Network Disconnect, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Session Authenticity, Covert Channel Analysis, Out-of-band Channels, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1090.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.001", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1102.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1104", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1105", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1132.002", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1189", "score": 18, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Baseline Configuration, Configuration Settings, System Component Inventory, Unsupported System Components, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1203", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, System Component Inventory, Mobile Code, Separation of System and User Functionality, Heterogeneity, Security Function Isolation, Concealment and Misdirection, Process Isolation, Boundary Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1204", "score": 13, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1204.002", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Detonation Chambers, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1204.003", "score": 18, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1211", "score": 23, "comment": "Related to Information Flow Enforcement, Least Privilege, Continuous Monitoring, Penetration Testing, Baseline Configuration, Configuration Settings, System Component Inventory, Threat Hunting, Vulnerability Monitoring and Scanning, Mobile Code, Separation of System and User Functionality, Decoys, Heterogeneity, Security Function Isolation, Concealment and Misdirection, External Malicious Code Identification, Process Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Security Alerts, Advisories, and Directives, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1482", "score": 9, "comment": "Related to Information Flow Enforcement, Penetration Testing, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Developer Security and Privacy Architecture and Design, Security and Privacy Engineering Principles, Cross Domain Policy Enforcement, Boundary Protection"}, {"techniqueID": "T1559.002", "score": 14, "comment": "Related to Information Flow Enforcement, Least Privilege, Software Usage Restrictions, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Security Function Isolation, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1566", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.001", "score": 12, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1566.003", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1568", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1568.002", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Secure Name/address Resolution Service (authoritative Source), Secure Name/address Resolution Service (recursive or Caching Resolver), Architecture and Provisioning for Name/address Resolution Service, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1571", "score": 8, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.001", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1573.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, Cryptographic Key Establishment and Management, Transmission of Security and Privacy Attributes, Session Authenticity, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1598", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.001", "score": 7, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.002", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1598.003", "score": 11, "comment": "Related to Information Flow Enforcement, Continuous Monitoring, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), Detonation Chambers, Boundary Protection, Malicious Code Protection, System Monitoring, Spam Protection"}, {"techniqueID": "T1055.001", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.002", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.003", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.004", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.005", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.011", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.012", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.013", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1055.014", "score": 6, "comment": "Related to Least Privilege, Mobile Code, Boundary Protection, Flaw Remediation, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1059.006", "score": 10, "comment": "Related to Least Privilege, User-installed Software, Configuration Change Control, Access Restrictions for Change, Least Functionality, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Least Privilege, Least Functionality"}, {"techniqueID": "T1176", "score": 15, "comment": "Related to Least Privilege, Continuous Monitoring, Penetration Testing, User-installed Software, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Boundary Protection, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.011", "score": 2, "comment": "Related to Least Privilege, Flaw Remediation"}, {"techniqueID": "T1553", "score": 19, "comment": "Related to Least Privilege, Penetration Testing, Software Usage Restrictions, Baseline Configuration, Configuration Change Control, Access Restrictions for Change, Configuration Settings, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Service Identification and Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Information Input Validation, Flaw Remediation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.006", "score": 13, "comment": "Related to Least Privilege, Penetration Testing, Configuration Change Control, Access Restrictions for Change, Least Functionality, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.011", "score": 2, "comment": "Related to Least Privilege, Access Restrictions for Change"}, {"techniqueID": "T1195", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.001", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1195.002", "score": 8, "comment": "Related to Control Assessments, Continuous Monitoring, User-installed Software, Least Functionality, Threat Hunting, Vulnerability Monitoring and Scanning, Unsupported System Components, Flaw Remediation"}, {"techniqueID": "T1056.002", "score": 4, "comment": "Related to Continuous Monitoring, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1111", "score": 7, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1201", "score": 5, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1218.010", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.011", "score": 4, "comment": "Related to Continuous Monitoring, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1221", "score": 14, "comment": "Related to Continuous Monitoring, Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Detonation Chambers, Boundary Protection, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Spam Protection"}, {"techniqueID": "T1555", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.001", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to Continuous Monitoring, Authenticator Management, System Monitoring"}, {"techniqueID": "T1195.003", "score": 11, "comment": "Related to Penetration Testing, Configuration Change Control, Access Restrictions for Change, System Component Inventory, Cryptographic Module Authentication, Criticality Analysis, Developer Configuration Management, Developer Testing and Evaluation, Non-modifiable Executable Programs, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1554", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1560", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1560.001", "score": 5, "comment": "Related to Penetration Testing, Vulnerability Monitoring and Scanning, Boundary Protection, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1574.001", "score": 9, "comment": "Related to Penetration Testing, Baseline Configuration, Configuration Settings, Least Functionality, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.008", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.004", "score": 6, "comment": "Related to Software Usage Restrictions, Configuration Settings, Least Functionality, Service Identification and Authentication, Secure Name/address Resolution Service (authoritative Source), System Monitoring"}, {"techniqueID": "T1036.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.002", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Service Identification and Authentication, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1059.005", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.007", "score": 10, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Mobile Code, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1092", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Media Use, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1127", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1127.001", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, System Monitoring"}, {"techniqueID": "T1129", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1137.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1137.003", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1137.004", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1137.005", "score": 2, "comment": "Related to Baseline Configuration, Flaw Remediation"}, {"techniqueID": "T1216", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1216.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.001", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Mobile Code, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.003", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.004", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.005", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.008", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1218.009", "score": 8, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1220", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Service Identification and Authentication, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.002", "score": 9, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Vulnerability Monitoring and Scanning, Information Input Validation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.006", "score": 14, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Service Identification and Authentication, Information Input Validation, Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity, Component Authenticity, Provenance, Acquisition Strategies, Tools, and Methods, Supplier Assessments and Reviews"}, {"techniqueID": "T1546.010", "score": 5, "comment": "Related to Baseline Configuration, Least Functionality, Information Input Validation, Flaw Remediation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1546.014", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, Vulnerability Monitoring and Scanning, Malicious Code Protection, System Monitoring"}, {"techniqueID": "T1547.008", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Vulnerability Monitoring and Scanning, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.004", "score": 11, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Mobile Code, Non-modifiable Executable Programs, Information Management and Retention, Memory Protection, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.001", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1553.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1555.004", "score": 5, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, Authenticator Management, System Monitoring"}, {"techniqueID": "T1555.005", "score": 6, "comment": "Related to Baseline Configuration, Configuration Settings, Identification and Authentication (organizational Users), Authenticator Management, Flaw Remediation, System Monitoring"}, {"techniqueID": "T1562.003", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1564.006", "score": 7, "comment": "Related to Baseline Configuration, Configuration Settings, Least Functionality, System Component Inventory, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.007", "score": 4, "comment": "Related to Baseline Configuration, Configuration Settings, System Component Inventory, System Monitoring"}, {"techniqueID": "T1087", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1087.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1135", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1547.002", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1547.005", "score": 5, "comment": "Related to Configuration Settings, Process Isolation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1548.001", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1552.003", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Protection of Information at Rest, System Monitoring"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1564.002", "score": 3, "comment": "Related to Configuration Settings, Least Functionality, System Monitoring"}, {"techniqueID": "T1574.006", "score": 4, "comment": "Related to Configuration Settings, Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.003", "score": 4, "comment": "Related to Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1059.004", "score": 4, "comment": "Related to Least Functionality, Information Input Validation, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Least Functionality"}, {"techniqueID": "T1546.009", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1564.003", "score": 3, "comment": "Related to Least Functionality, Information Input Validation, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1574.002", "score": 9, "comment": "Related to Developer Configuration Management, Developer Testing and Evaluation, Development Process, Standards, and Tools, Developer-provided Training, Developer Security and Privacy Architecture and Design, System Development Life Cycle, Acquisition Process, Security and Privacy Engineering Principles, Flaw Remediation"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to Session Authenticity"}, {"techniqueID": "T1550.004", "score": 3, "comment": "Related to Session Authenticity, Transmission Confidentiality and Integrity, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to Transmission Confidentiality and Integrity"}, {"techniqueID": "T1027", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}, {"techniqueID": "T1027.002", "score": 4, "comment": "Related to Flaw Remediation, Malicious Code Protection, System Monitoring, Software, Firmware, and Information Integrity"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 33}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/security_stack_files/AWS/parsed_security_stack_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/security_stack_files/AWS/parsed_security_stack_mappings_navigator_layer.json new file mode 100644 index 00000000..5eb39a58 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/security_stack_files/AWS/parsed_security_stack_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 9}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1040", "score": 5, "comment": "Related to AWS RDS, AWS Config, AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS CloudWatch"}, {"techniqueID": "T1565", "score": 5, "comment": "Related to AWS RDS, AWS RDS, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, Amazon Virtual Private Cloud"}, {"techniqueID": "T1557", "score": 4, "comment": "Related to AWS RDS, AWS Config, AWS IoT Device Defender, Amazon Virtual Private Cloud"}, {"techniqueID": "T1190", "score": 8, "comment": "Related to AWS RDS, AWS RDS, AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, Amazon Inspector, AWS Web Application Firewall, AWS Security Hub"}, {"techniqueID": "T1210", "score": 6, "comment": "Related to AWS RDS, AWS RDS, AWS Config, Amazon Inspector, Amazon Virtual Private Cloud, AWS Security Hub"}, {"techniqueID": "T1485", "score": 8, "comment": "Related to AWS RDS, AWS RDS, AWS RDS, AWS Config, AWS S3, Amazon GuardDuty, AWS CloudEndure Disaster Recovery, AWS Security Hub"}, {"techniqueID": "T1486", "score": 4, "comment": "Related to AWS RDS, AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1490", "score": 3, "comment": "Related to AWS RDS, AWS RDS, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1561", "score": 2, "comment": "Related to AWS RDS, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1530", "score": 7, "comment": "Related to AWS RDS, AWS Config, AWS S3, Amazon GuardDuty, AWS IoT Device Defender, AWS Security Hub, AWS Network Firewall"}, {"techniqueID": "T1529", "score": 2, "comment": "Related to AWS RDS, Amazon Inspector"}, {"techniqueID": "T1489", "score": 2, "comment": "Related to AWS RDS, Amazon Inspector"}, {"techniqueID": "T1020", "score": 3, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender"}, {"techniqueID": "T1053", "score": 2, "comment": "Related to AWS Config, Amazon Inspector"}, {"techniqueID": "T1068", "score": 3, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1078", "score": 10, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS IoT Device Defender, AWS Organizations, Amazon Cognito, AWS Security Hub, AWS Identity and Access Management, AWS Identity and Access Management, AWS Single Sign-On"}, {"techniqueID": "T1098", "score": 4, "comment": "Related to AWS Config, Amazon GuardDuty, AWS Security Hub, AWS Identity and Access Management"}, {"techniqueID": "T1110", "score": 7, "comment": "Related to AWS Config, Amazon GuardDuty, Amazon Inspector, Amazon Cognito, AWS Security Hub, AWS Identity and Access Management, AWS Single Sign-On"}, {"techniqueID": "T1119", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1136", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1203", "score": 4, "comment": "Related to AWS Config, Amazon Inspector, AWS Web Application Firewall, AWS Security Hub"}, {"techniqueID": "T1211", "score": 3, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1212", "score": 4, "comment": "Related to AWS Config, Amazon Inspector, AWS Security Hub, AWS Secrets Manager"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1491", "score": 3, "comment": "Related to AWS Config, Amazon GuardDuty, AWS CloudEndure Disaster Recovery"}, {"techniqueID": "T1496", "score": 4, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS CloudWatch"}, {"techniqueID": "T1498", "score": 5, "comment": "Related to AWS Config, Amazon GuardDuty, AWS Shield, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1499", "score": 4, "comment": "Related to AWS Config, AWS Shield, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1525", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1538", "score": 2, "comment": "Related to AWS Config, AWS Organizations"}, {"techniqueID": "T1552", "score": 6, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS Key Management Service, AWS Secrets Manager, AWS CloudHSM"}, {"techniqueID": "T1562", "score": 6, "comment": "Related to AWS Config, Amazon GuardDuty, AWS IoT Device Defender, AWS IoT Device Defender, Amazon Inspector, AWS Security Hub"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1610", "score": 2, "comment": "Related to AWS Config, AWS CloudWatch"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to AWS Config"}, {"techniqueID": "T1595", "score": 5, "comment": "Related to Amazon GuardDuty, Amazon Inspector, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1189", "score": 3, "comment": "Related to Amazon GuardDuty, Amazon Inspector, AWS Web Application Firewall"}, {"techniqueID": "T1566", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1580", "score": 3, "comment": "Related to Amazon GuardDuty, AWS Organizations, AWS Security Hub"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1046", "score": 6, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, Amazon Inspector, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1071", "score": 4, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1568", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to Amazon GuardDuty, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to Amazon GuardDuty, Amazon Virtual Private Cloud, AWS Web Application Firewall, AWS Network Firewall"}, {"techniqueID": "T1029", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1041", "score": 3, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, AWS Network Firewall"}, {"techniqueID": "T1048", "score": 4, "comment": "Related to Amazon GuardDuty, AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1567", "score": 1, "comment": "Related to Amazon GuardDuty"}, {"techniqueID": "T1531", "score": 2, "comment": "Related to Amazon GuardDuty, AWS Security Hub"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to AWS IoT Device Defender, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to AWS Organizations"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to AWS Key Management Service, AWS CloudHSM"}, {"techniqueID": "T1133", "score": 4, "comment": "Related to Amazon Inspector, Amazon Virtual Private Cloud, AWS Network Firewall, AWS Single Sign-On"}, {"techniqueID": "T1021", "score": 3, "comment": "Related to Amazon Inspector, Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1543", "score": 1, "comment": "Related to Amazon Inspector"}, {"techniqueID": "T1590", "score": 3, "comment": "Related to Amazon Virtual Private Cloud, AWS Security Hub, AWS Network Firewall"}, {"techniqueID": "T1205", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1008", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1199", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1602", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1542", "score": 2, "comment": "Related to Amazon Virtual Private Cloud, AWS Network Firewall"}, {"techniqueID": "T1072", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Amazon Virtual Private Cloud"}, {"techniqueID": "T1059", "score": 1, "comment": "Related to AWS Web Application Firewall"}, {"techniqueID": "T1592", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1591", "score": 1, "comment": "Related to AWS Security Hub"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to AWS Identity and Access Management"}, {"techniqueID": "T1528", "score": 2, "comment": "Related to AWS Identity and Access Management, AWS Secrets Manager"}, {"techniqueID": "T1555", "score": 1, "comment": "Related to AWS Secrets Manager"}, {"techniqueID": "T1187", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1104", "score": 1, "comment": "Related to AWS Network Firewall"}, {"techniqueID": "T1553", "score": 1, "comment": "Related to AWS CloudHSM"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 10}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/security_stack_files/Azure/parsed_security_stack_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/security_stack_files/Azure/parsed_security_stack_mappings_navigator_layer.json new file mode 100644 index 00000000..80fc09e6 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/security_stack_files/Azure/parsed_security_stack_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 8.2}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1078", "score": 18, "comment": "Related to Azure AD Identity Protection, Azure AD Identity Protection, Alerts for Windows Machines, Azure Security Center Recommendations, Azure Defender for Storage, Azure Sentinel, Azure AD Multi-Factor Authentication, Role Based Access Control, Alerts for Azure Cosmos DB, Azure Policy, Azure AD Privileged Identity Management, Advanced Threat Protection for Azure SQL Database, Conditional Access, Cloud App Security Policies, Azure AD Identity Secure Score, Azure AD Identity Secure Score, SQL Vulnerability Assessment, Continuous Access Evaluation"}, {"techniqueID": "T1606", "score": 3, "comment": "Related to Azure AD Identity Protection, Azure AD Identity Protection, Azure AD Identity Secure Score"}, {"techniqueID": "T1110", "score": 18, "comment": "Related to Azure AD Identity Protection, Azure AD Identity Protection, Alerts for Windows Machines, Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Azure AD Password Policy, Microsoft Defender for Identity, Azure AD Multi-Factor Authentication, Azure Policy, Azure Alerts for Network Layer, Advanced Threat Protection for Azure SQL Database, Conditional Access, Cloud App Security Policies, Azure AD Identity Secure Score, Azure Active Directory Password Protection, Just-in-Time VM Access, Passwordless Authentication"}, {"techniqueID": "T1059", "score": 5, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Microsoft Defender for Identity, Azure Defender for App Service"}, {"techniqueID": "T1204", "score": 4, "comment": "Related to Alerts for Windows Machines, Adaptive Application Controls, Azure Defender for App Service, Microsoft Antimalware for Azure"}, {"techniqueID": "T1547", "score": 5, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, File Integrity Monitoring, Azure Defender for App Service"}, {"techniqueID": "T1136", "score": 6, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Role Based Access Control, Azure AD Privileged Identity Management"}, {"techniqueID": "T1543", "score": 6, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Azure Sentinel, Microsoft Defender for Identity, File Integrity Monitoring, Azure Defender for App Service"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Azure Sentinel, File Integrity Monitoring"}, {"techniqueID": "T1548", "score": 4, "comment": "Related to Alerts for Windows Machines, Azure Sentinel, File Integrity Monitoring, Docker Host Hardening"}, {"techniqueID": "T1055", "score": 3, "comment": "Related to Alerts for Windows Machines, Azure Sentinel, Azure Defender for App Service"}, {"techniqueID": "T1203", "score": 5, "comment": "Related to Alerts for Windows Machines, Azure Automation Update Management, Azure Policy, Azure Defender for App Service, Integrated Vulnerability Scanner Powered by Qualys"}, {"techniqueID": "T1212", "score": 5, "comment": "Related to Alerts for Windows Machines, Azure Automation Update Management, Azure Policy, Azure Defender for App Service, Integrated Vulnerability Scanner Powered by Qualys"}, {"techniqueID": "T1211", "score": 5, "comment": "Related to Alerts for Windows Machines, Azure Automation Update Management, Azure Policy, Azure Defender for App Service, Integrated Vulnerability Scanner Powered by Qualys"}, {"techniqueID": "T1068", "score": 13, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Defender for Resource Manager, Azure Sentinel, Azure Defender for Kubernetes, Azure Automation Update Management, Azure Policy, Azure Defender for App Service, Azure Defender for Container Registries, SQL Vulnerability Assessment, Integrated Vulnerability Scanner Powered by Qualys, Docker Host Hardening"}, {"techniqueID": "T1210", "score": 8, "comment": "Related to Alerts for Windows Machines, Network Security Groups, Azure Sentinel, Microsoft Defender for Identity, Azure Automation Update Management, Azure Policy, Azure Defender for App Service, Integrated Vulnerability Scanner Powered by Qualys"}, {"techniqueID": "T1190", "score": 15, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Azure Sentinel, Azure Defender for Kubernetes, Azure Automation Update Management, Azure Policy, Advanced Threat Protection for Azure SQL Database, Azure Defender for App Service, Azure Defender for Container Registries, Azure Web Application Firewall, Azure Web Application Firewall, Just-in-Time VM Access, SQL Vulnerability Assessment, Integrated Vulnerability Scanner Powered by Qualys, Azure Network Traffic Analytics"}, {"techniqueID": "T1189", "score": 5, "comment": "Related to Alerts for Windows Machines, Azure Automation Update Management, Azure Defender for App Service, Cloud App Security Policies, Integrated Vulnerability Scanner Powered by Qualys"}, {"techniqueID": "T1140", "score": 3, "comment": "Related to Alerts for Windows Machines, Azure Sentinel, Azure Defender for App Service"}, {"techniqueID": "T1222", "score": 3, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, File Integrity Monitoring"}, {"techniqueID": "T1564", "score": 3, "comment": "Related to Alerts for Windows Machines, Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration"}, {"techniqueID": "T1562", "score": 5, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Defender for Resource Manager, Azure Sentinel, File Integrity Monitoring"}, {"techniqueID": "T1070", "score": 4, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Azure Defender for Kubernetes"}, {"techniqueID": "T1112", "score": 2, "comment": "Related to Alerts for Windows Machines, SQL Vulnerability Assessment"}, {"techniqueID": "T1027", "score": 6, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Azure Defender for App Service, Microsoft Antimalware for Azure, Microsoft Antimalware for Azure"}, {"techniqueID": "T1218", "score": 1, "comment": "Related to Alerts for Windows Machines"}, {"techniqueID": "T1003", "score": 6, "comment": "Related to Alerts for Windows Machines, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Microsoft Defender for Identity, File Integrity Monitoring, Azure Defender for App Service"}, {"techniqueID": "T1558", "score": 5, "comment": "Related to Alerts for Windows Machines, Azure Sentinel, Microsoft Defender for Identity, Azure Defender for App Service, Azure AD Identity Secure Score"}, {"techniqueID": "T1087", "score": 6, "comment": "Related to Alerts for Windows Machines, Azure Defender for Resource Manager, Azure Sentinel, Microsoft Defender for Identity, Role Based Access Control, Azure Defender for App Service"}, {"techniqueID": "T1082", "score": 2, "comment": "Related to Alerts for Windows Machines, Azure Sentinel"}, {"techniqueID": "T1563", "score": 2, "comment": "Related to Alerts for Windows Machines, Azure Network Traffic Analytics"}, {"techniqueID": "T1105", "score": 7, "comment": "Related to Alerts for Windows Machines, Azure Defender for Storage, Azure Defender for Storage, Azure Sentinel, Azure Defender for App Service, Microsoft Antimalware for Azure, Microsoft Antimalware for Azure"}, {"techniqueID": "T1048", "score": 8, "comment": "Related to Alerts for Windows Machines, Network Security Groups, Azure Sentinel, Microsoft Defender for Identity, Azure DNS Analytics, Azure Firewall, Alerts for DNS, Azure Network Traffic Analytics"}, {"techniqueID": "T1489", "score": 1, "comment": "Related to Alerts for Windows Machines"}, {"techniqueID": "T1202", "score": 1, "comment": "Related to Alerts for Windows Machines"}, {"techniqueID": "T1040", "score": 8, "comment": "Related to Azure Security Center Recommendations, Azure Sentinel, Azure Private Link, Azure Policy, Azure VPN Gateway, Azure AD Identity Secure Score, Azure Key Vault, Docker Host Hardening"}, {"techniqueID": "T1542", "score": 3, "comment": "Related to Azure Security Center Recommendations, Network Security Groups, Azure Network Traffic Analytics"}, {"techniqueID": "T1499", "score": 6, "comment": "Related to Azure Security Center Recommendations, Network Security Groups, Azure Private Link, Azure Automation Update Management, Azure DDOS Protection Standard, Azure Network Traffic Analytics"}, {"techniqueID": "T1525", "score": 7, "comment": "Related to Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Defender for Kubernetes, Azure Policy, Azure Defender for Container Registries, Azure Defender for Container Registries, Docker Host Hardening"}, {"techniqueID": "T1098", "score": 10, "comment": "Related to Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Microsoft Defender for Identity, Role Based Access Control, File Integrity Monitoring, Azure Policy, Azure AD Privileged Identity Management, Azure AD Privileged Identity Management, Cloud App Security Policies"}, {"techniqueID": "T1554", "score": 3, "comment": "Related to Azure Security Center Recommendations, Adaptive Application Controls, Azure Automation Update Management"}, {"techniqueID": "T1505", "score": 5, "comment": "Related to Azure Security Center Recommendations, Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Azure Policy, SQL Vulnerability Assessment"}, {"techniqueID": "T1053", "score": 4, "comment": "Related to Azure Security Center Recommendations, Azure Sentinel, File Integrity Monitoring, Azure Defender for App Service"}, {"techniqueID": "T1556", "score": 4, "comment": "Related to Azure Security Center Recommendations, Azure Sentinel, Microsoft Defender for Identity, File Integrity Monitoring"}, {"techniqueID": "T1080", "score": 4, "comment": "Related to Azure Security Center Recommendations, Azure Defender for Storage, Azure Defender for Storage, Azure Sentinel"}, {"techniqueID": "T1074", "score": 3, "comment": "Related to Azure Security Center Recommendations, Azure Sentinel, Conditional Access"}, {"techniqueID": "T1485", "score": 6, "comment": "Related to Azure Security Center Recommendations, Azure Defender for Storage, Azure Sentinel, Azure Backup, Azure Policy, Cloud App Security Policies"}, {"techniqueID": "T1486", "score": 4, "comment": "Related to Azure Security Center Recommendations, Azure Sentinel, Azure Backup, Cloud App Security Policies"}, {"techniqueID": "T1565", "score": 4, "comment": "Related to Azure Security Center Recommendations, Azure Private Link, Azure VPN Gateway, Cloud App Security Policies"}, {"techniqueID": "T1133", "score": 11, "comment": "Related to Azure Security Center Recommendations, Network Security Groups, Microsoft Defender for Identity, Azure Policy, Azure Alerts for Network Layer, Cloud App Security Policies, Cloud App Security Policies, Azure AD Identity Secure Score, Just-in-Time VM Access, Azure Firewall, Azure Network Traffic Analytics"}, {"techniqueID": "T1530", "score": 6, "comment": "Related to Azure Defender for Storage, Azure Sentinel, Role Based Access Control, Azure Policy, Conditional Access, Cloud App Security Policies"}, {"techniqueID": "T1537", "score": 2, "comment": "Related to Azure Defender for Storage, Azure Policy"}, {"techniqueID": "T1021", "score": 7, "comment": "Related to Linux auditd alerts and Log Analytics agent integration, Network Security Groups, Azure Sentinel, Microsoft Defender for Identity, Azure Policy, Azure Network Traffic Analytics, Docker Host Hardening"}, {"techniqueID": "T1113", "score": 3, "comment": "Related to Linux auditd alerts and Log Analytics agent integration, Azure Sentinel, Azure Defender for App Service"}, {"techniqueID": "T1580", "score": 5, "comment": "Related to Azure Defender for Resource Manager, Azure Sentinel, Azure Defender for Key Vault, Role Based Access Control, Azure Policy"}, {"techniqueID": "T1538", "score": 3, "comment": "Related to Azure Defender for Resource Manager, Role Based Access Control, Azure Policy"}, {"techniqueID": "T1526", "score": 3, "comment": "Related to Azure Defender for Resource Manager, Azure Policy, Cloud App Security Policies"}, {"techniqueID": "T1069", "score": 3, "comment": "Related to Azure Defender for Resource Manager, Azure Sentinel, Microsoft Defender for Identity"}, {"techniqueID": "T1555", "score": 7, "comment": "Related to Azure Defender for Resource Manager, Azure Sentinel, Microsoft Defender for Identity, Azure Defender for Key Vault, Azure Policy, Azure Defender for App Service, Azure Key Vault"}, {"techniqueID": "T1199", "score": 2, "comment": "Related to Network Security Groups, Azure Network Traffic Analytics"}, {"techniqueID": "T1557", "score": 5, "comment": "Related to Network Security Groups, Azure Sentinel, Microsoft Defender for Identity, Azure Private Link, Azure VPN Gateway"}, {"techniqueID": "T1602", "score": 2, "comment": "Related to Network Security Groups, Azure Network Traffic Analytics"}, {"techniqueID": "T1072", "score": 3, "comment": "Related to Network Security Groups, Azure Automation Update Management, Azure Network Traffic Analytics"}, {"techniqueID": "T1482", "score": 4, "comment": "Related to Network Security Groups, Azure Sentinel, Microsoft Defender for Identity, Azure Defender for App Service"}, {"techniqueID": "T1046", "score": 6, "comment": "Related to Network Security Groups, Azure Sentinel, Azure Web Application Firewall, Azure Web Application Firewall, Azure Firewall, Azure Network Traffic Analytics"}, {"techniqueID": "T1095", "score": 2, "comment": "Related to Network Security Groups, Azure Firewall"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to Network Security Groups, Azure Firewall, Azure Network Traffic Analytics"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Network Security Groups"}, {"techniqueID": "T1498", "score": 3, "comment": "Related to Network Security Groups, Azure Private Link, Azure DDOS Protection Standard"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to Network Security Groups, Azure Sentinel, Alerts for DNS, Azure Network Traffic Analytics"}, {"techniqueID": "T1219", "score": 4, "comment": "Related to Network Security Groups, Cloud App Security Policies, Cloud App Security Policies, Azure Firewall"}, {"techniqueID": "T1205", "score": 2, "comment": "Related to Network Security Groups, Azure Firewall"}, {"techniqueID": "T1195", "score": 2, "comment": "Related to Azure Sentinel, Azure Automation Update Management"}, {"techniqueID": "T1071", "score": 10, "comment": "Related to Azure Sentinel, Microsoft Defender for Identity, Azure Policy, Azure Alerts for Network Layer, Cloud App Security Policies, Azure Web Application Firewall, Azure Web Application Firewall, Azure DNS Analytics, Alerts for DNS, Azure Network Traffic Analytics"}, {"techniqueID": "T1567", "score": 3, "comment": "Related to Azure Sentinel, Cloud App Security Policies, Cloud App Security Policies"}, {"techniqueID": "T1595", "score": 4, "comment": "Related to Azure Sentinel, Azure Defender for App Service, Azure Web Application Firewall, Azure Firewall"}, {"techniqueID": "T1496", "score": 3, "comment": "Related to Azure Sentinel, Azure Defender for App Service, Cloud App Security Policies"}, {"techniqueID": "T1213", "score": 6, "comment": "Related to Azure Sentinel, Alerts for Azure Cosmos DB, Advanced Threat Protection for Azure SQL Database, Conditional Access, Cloud App Security Policies, Cloud App Security Policies"}, {"techniqueID": "T1531", "score": 3, "comment": "Related to Azure Sentinel, Cloud App Security Policies, Azure AD Identity Secure Score"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to Azure Sentinel, Azure Firewall"}, {"techniqueID": "T1114", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1573", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1119", "score": 3, "comment": "Related to Azure Sentinel, Cloud App Security Policies, Cloud App Security Policies"}, {"techniqueID": "T1568", "score": 3, "comment": "Related to Azure Sentinel, Azure DNS Analytics, Alerts for DNS"}, {"techniqueID": "T1137", "score": 2, "comment": "Related to Azure Sentinel, File Integrity Monitoring"}, {"techniqueID": "T1047", "score": 3, "comment": "Related to Azure Sentinel, Microsoft Defender for Identity, Azure Defender for App Service"}, {"techniqueID": "T1552", "score": 7, "comment": "Related to Azure Sentinel, Azure Sentinel, Azure Dedicated HSM, Managed identities for Azure resources, Azure Defender for App Service, Azure AD Identity Secure Score, Azure Key Vault"}, {"techniqueID": "T1590", "score": 3, "comment": "Related to Azure Sentinel, Azure Policy, Azure Firewall"}, {"techniqueID": "T1134", "score": 3, "comment": "Related to Azure Sentinel, Azure Defender for App Service, Azure AD Identity Secure Score"}, {"techniqueID": "T1560", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1217", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1115", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1484", "score": 2, "comment": "Related to Azure Sentinel, Cloud App Security Policies"}, {"techniqueID": "T1041", "score": 2, "comment": "Related to Azure Sentinel, Azure DNS Analytics"}, {"techniqueID": "T1083", "score": 2, "comment": "Related to Azure Sentinel, Docker Host Hardening"}, {"techniqueID": "T1574", "score": 3, "comment": "Related to Azure Sentinel, File Integrity Monitoring, Azure Defender for App Service"}, {"techniqueID": "T1056", "score": 2, "comment": "Related to Azure Sentinel, Azure Defender for App Service"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1135", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1057", "score": 2, "comment": "Related to Azure Sentinel, Azure Defender for App Service"}, {"techniqueID": "T1518", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1016", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1049", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1569", "score": 2, "comment": "Related to Azure Sentinel, Microsoft Defender for Identity"}, {"techniqueID": "T1127", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1550", "score": 3, "comment": "Related to Azure Sentinel, Microsoft Defender for Identity, Azure AD Identity Secure Score"}, {"techniqueID": "T1125", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1102", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1490", "score": 1, "comment": "Related to Azure Sentinel"}, {"techniqueID": "T1535", "score": 3, "comment": "Related to Azure Sentinel, Azure Policy, Cloud App Security Policies"}, {"techniqueID": "T1036", "score": 3, "comment": "Related to Azure Sentinel, Adaptive Application Controls, Azure Defender for App Service"}, {"techniqueID": "T1578", "score": 3, "comment": "Related to Azure Sentinel, Role Based Access Control, Cloud App Security Policies"}, {"techniqueID": "T1528", "score": 6, "comment": "Related to Azure Sentinel, Role Based Access Control, Cloud App Security Policies, Cloud App Security Policies, Azure AD Identity Secure Score, Azure Key Vault"}, {"techniqueID": "T1201", "score": 1, "comment": "Related to Microsoft Defender for Identity"}, {"techniqueID": "T1207", "score": 1, "comment": "Related to Microsoft Defender for Identity"}, {"techniqueID": "T1553", "score": 3, "comment": "Related to Adaptive Application Controls, Azure Dedicated HSM, File Integrity Monitoring"}, {"techniqueID": "T1588", "score": 1, "comment": "Related to Azure Dedicated HSM"}, {"techniqueID": "T1584", "score": 2, "comment": "Related to Azure DNS Alias Records, Azure Defender for App Service"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to File Integrity Monitoring"}, {"techniqueID": "T1491", "score": 1, "comment": "Related to Azure Backup"}, {"techniqueID": "T1561", "score": 1, "comment": "Related to Azure Backup"}, {"techniqueID": "T1566", "score": 4, "comment": "Related to Azure Defender for App Service, Microsoft Antimalware for Azure, Microsoft Antimalware for Azure, Azure DNS Analytics"}, {"techniqueID": "T1594", "score": 1, "comment": "Related to Azure Defender for App Service"}, {"techniqueID": "T1559", "score": 1, "comment": "Related to Azure Defender for App Service"}, {"techniqueID": "T1123", "score": 1, "comment": "Related to Azure Defender for App Service"}, {"techniqueID": "T1005", "score": 2, "comment": "Related to Azure Defender for App Service, Docker Host Hardening"}, {"techniqueID": "T1012", "score": 1, "comment": "Related to Azure Defender for App Service"}, {"techniqueID": "T1187", "score": 2, "comment": "Related to Cloud App Security Policies, Cloud App Security Policies"}, {"techniqueID": "T1534", "score": 1, "comment": "Related to Cloud App Security Policies"}, {"techniqueID": "T1008", "score": 1, "comment": "Related to Azure Firewall"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to Alerts for DNS"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 18}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/security_stack_files/GCP/parsed_security_stack_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/security_stack_files/GCP/parsed_security_stack_mappings_navigator_layer.json new file mode 100644 index 00000000..9a707700 --- /dev/null +++ b/src/mappings_explorer/cli/mapex/security_stack_files/GCP/parsed_security_stack_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "security stack overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": 10}, "sorting": 3, "description": "security stack heatmap overview of security stack mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1566", "score": 5, "comment": "Related to Virus Total, Web Risk, BeyondCorp Enterprise, BeyondCorp Enterprise, Titan Security Key"}, {"techniqueID": "T1566.001", "score": 2, "comment": "Related to Virus Total, BeyondCorp Enterprise"}, {"techniqueID": "T1059", "score": 2, "comment": "Related to Virus Total, Chronicle"}, {"techniqueID": "T1598.003", "score": 2, "comment": "Related to Virus Total, Web Risk"}, {"techniqueID": "T1566.002", "score": 2, "comment": "Related to Virus Total, Cloud IDS"}, {"techniqueID": "T1565.003", "score": 1, "comment": "Related to Confidential VM and Compute Engine"}, {"techniqueID": "T1552", "score": 5, "comment": "Related to Cloud Hardware Security Module (HSM), Actifio Go, Cloud Key Management, Chronicle, Secret Manager"}, {"techniqueID": "T1553", "score": 2, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management"}, {"techniqueID": "T1588.003", "score": 3, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management, Cloud Storage"}, {"techniqueID": "T1588.004", "score": 3, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management, Cloud Storage"}, {"techniqueID": "T1552.004", "score": 2, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management"}, {"techniqueID": "T1552.001", "score": 2, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management"}, {"techniqueID": "T1588", "score": 3, "comment": "Related to Cloud Hardware Security Module (HSM), Cloud Key Management, Chronicle"}, {"techniqueID": "T1040", "score": 5, "comment": "Related to Certificate Authority Service, Actifio Go, CloudVPN, Security Command Center, Secret Manager"}, {"techniqueID": "T1098", "score": 8, "comment": "Related to Cloud Asset Inventory, ResourceManager, IdentityPlatform, Chronicle, AdvancedProtectionProgram, Virtual Private Cloud, Policy Intelligence, Identity and Access Management"}, {"techniqueID": "T1098.001", "score": 9, "comment": "Related to Cloud Asset Inventory, Identity Aware Proxy, ResourceManager, IdentityPlatform, Chronicle, Security Command Center, Virtual Private Cloud, Policy Intelligence, Identity and Access Management"}, {"techniqueID": "T1078", "score": 13, "comment": "Related to Cloud Asset Inventory, Identity Aware Proxy, ResourceManager, IdentityPlatform, AnthosConfigManagement, Cloud Identity, Endpoint Management, Chronicle, Policy Intelligence, VPC Service Controls, Identity and Access Management, Identity and Access Management, Container Registry"}, {"techniqueID": "T1078.004", "score": 12, "comment": "Related to Cloud Asset Inventory, Identity Aware Proxy, ResourceManager, IdentityPlatform, AnthosConfigManagement, Cloud Identity, Security Command Center, AdvancedProtectionProgram, Policy Intelligence, Policy Intelligence, ReCAPTCHA Enterprise, Identity and Access Management"}, {"techniqueID": "T1550.001", "score": 2, "comment": "Related to Identity Aware Proxy, IdentityPlatform"}, {"techniqueID": "T1528", "score": 5, "comment": "Related to Identity Aware Proxy, Identity Aware Proxy, IdentityPlatform, Cloud Key Management, Secret Manager"}, {"techniqueID": "T1190", "score": 8, "comment": "Related to Identity Aware Proxy, Artifact Registry, Cloud IDS, Cloud Armor, Chronicle, Security Command Center, Virtual Private Cloud, VMManager"}, {"techniqueID": "T1068", "score": 5, "comment": "Related to Artifact Registry, Chronicle, Policy Intelligence, VMManager, Container Registry"}, {"techniqueID": "T1203", "score": 3, "comment": "Related to Artifact Registry, Chronicle, VMManager"}, {"techniqueID": "T1210", "score": 3, "comment": "Related to Artifact Registry, Chronicle, VMManager"}, {"techniqueID": "T1525", "score": 7, "comment": "Related to Artifact Registry, Google Kubernetes Engine, AnthosConfigManagement, AnthosConfigManagement, Security Command Center, Binary Authorization, Container Registry"}, {"techniqueID": "T1610", "score": 5, "comment": "Related to Artifact Registry, Google Kubernetes Engine, AnthosConfigManagement, Binary Authorization, Container Registry"}, {"techniqueID": "T1072", "score": 3, "comment": "Related to Artifact Registry, Chronicle, VMManager"}, {"techniqueID": "T1211", "score": 2, "comment": "Related to Artifact Registry, VMManager"}, {"techniqueID": "T1212", "score": 5, "comment": "Related to Artifact Registry, Chronicle, Policy Intelligence, VMManager, Container Registry"}, {"techniqueID": "T1613", "score": 4, "comment": "Related to Google Kubernetes Engine, ResourceManager, AnthosConfigManagement, Identity and Access Management"}, {"techniqueID": "T1611", "score": 3, "comment": "Related to Google Kubernetes Engine, Google Kubernetes Engine, AnthosConfigManagement"}, {"techniqueID": "T1053.007", "score": 2, "comment": "Related to Google Kubernetes Engine, Binary Authorization"}, {"techniqueID": "T1609", "score": 2, "comment": "Related to Google Kubernetes Engine, AnthosConfigManagement"}, {"techniqueID": "T1137", "score": 2, "comment": "Related to Cloud IDS, Chronicle"}, {"techniqueID": "T1546.006", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1204.002", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1055.002", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1221", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1505.003", "score": 3, "comment": "Related to Cloud IDS, Chronicle, Security Command Center"}, {"techniqueID": "T1204.003", "score": 3, "comment": "Related to Cloud IDS, Security Command Center, Binary Authorization"}, {"techniqueID": "T1048", "score": 4, "comment": "Related to Cloud IDS, BeyondCorp Enterprise, Chronicle, Firewalls"}, {"techniqueID": "T1041", "score": 3, "comment": "Related to Cloud IDS, Chronicle, Firewalls"}, {"techniqueID": "T1567", "score": 4, "comment": "Related to Cloud IDS, BeyondCorp Enterprise, Security Command Center, VPC Service Controls"}, {"techniqueID": "T1567.002", "score": 4, "comment": "Related to Cloud IDS, BeyondCorp Enterprise, Endpoint Management, Security Command Center"}, {"techniqueID": "T1020", "score": 2, "comment": "Related to Cloud IDS, Chronicle"}, {"techniqueID": "T1110", "score": 7, "comment": "Related to Cloud IDS, Actifio Go, IdentityPlatform, Cloud Identity, Endpoint Management, Security Command Center, AdvancedProtectionProgram"}, {"techniqueID": "T1499", "score": 3, "comment": "Related to Cloud IDS, Cloud Armor, Firewalls"}, {"techniqueID": "T1499.003", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1137.006", "score": 1, "comment": "Related to Cloud IDS"}, {"techniqueID": "T1137.001", "score": 2, "comment": "Related to Cloud IDS, Chronicle"}, {"techniqueID": "T1580", "score": 4, "comment": "Related to ResourceManager, ResourceManager, IdentityPlatform, Policy Intelligence"}, {"techniqueID": "T1562", "score": 4, "comment": "Related to ResourceManager, IdentityPlatform, Security Command Center, Policy Intelligence"}, {"techniqueID": "T1562.007", "score": 3, "comment": "Related to ResourceManager, ResourceManager, Security Command Center"}, {"techniqueID": "T1562.008", "score": 4, "comment": "Related to ResourceManager, IdentityPlatform, Security Command Center, Policy Intelligence"}, {"techniqueID": "T1087", "score": 5, "comment": "Related to ResourceManager, IdentityPlatform, Chronicle, Policy Intelligence, Identity and Access Management"}, {"techniqueID": "T1087.004", "score": 6, "comment": "Related to ResourceManager, ResourceManager, IdentityPlatform, Chronicle, Policy Intelligence, Identity and Access Management"}, {"techniqueID": "T1552.007", "score": 3, "comment": "Related to ResourceManager, AnthosConfigManagement, Virtual Private Cloud"}, {"techniqueID": "T1562.001", "score": 1, "comment": "Related to ResourceManager"}, {"techniqueID": "T1562.002", "score": 1, "comment": "Related to ResourceManager"}, {"techniqueID": "T1565", "score": 2, "comment": "Related to Actifio Go, CloudVPN"}, {"techniqueID": "T1485", "score": 1, "comment": "Related to Actifio Go"}, {"techniqueID": "T1486", "score": 2, "comment": "Related to Actifio Go, Chronicle"}, {"techniqueID": "T1491", "score": 1, "comment": "Related to Actifio Go"}, {"techniqueID": "T1561", "score": 1, "comment": "Related to Actifio Go"}, {"techniqueID": "T1490", "score": 1, "comment": "Related to Actifio Go"}, {"techniqueID": "T1110.001", "score": 3, "comment": "Related to IdentityPlatform, Cloud Identity, AdvancedProtectionProgram"}, {"techniqueID": "T1110.002", "score": 3, "comment": "Related to IdentityPlatform, Cloud Identity, AdvancedProtectionProgram"}, {"techniqueID": "T1078.003", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1110.003", "score": 3, "comment": "Related to IdentityPlatform, Cloud Identity, AdvancedProtectionProgram"}, {"techniqueID": "T1136", "score": 3, "comment": "Related to IdentityPlatform, Chronicle, AdvancedProtectionProgram"}, {"techniqueID": "T1136.003", "score": 3, "comment": "Related to IdentityPlatform, Security Command Center, ReCAPTCHA Enterprise"}, {"techniqueID": "T1550", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1556", "score": 2, "comment": "Related to IdentityPlatform, AdvancedProtectionProgram"}, {"techniqueID": "T1087.002", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1098.002", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1098.003", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1098.004", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1136.001", "score": 2, "comment": "Related to IdentityPlatform, Chronicle"}, {"techniqueID": "T1136.002", "score": 1, "comment": "Related to IdentityPlatform"}, {"techniqueID": "T1078.001", "score": 2, "comment": "Related to AnthosConfigManagement, Security Command Center"}, {"techniqueID": "T1598", "score": 1, "comment": "Related to Web Risk"}, {"techniqueID": "T1204.001", "score": 1, "comment": "Related to Web Risk"}, {"techniqueID": "T1498", "score": 3, "comment": "Related to Cloud CDN, Cloud Armor, Firewalls"}, {"techniqueID": "T1133", "score": 6, "comment": "Related to BeyondCorp Enterprise, Cloud Identity, CloudVPN, Firewalls, Security Command Center, AdvancedProtectionProgram"}, {"techniqueID": "T1189", "score": 1, "comment": "Related to BeyondCorp Enterprise"}, {"techniqueID": "T1071.001", "score": 2, "comment": "Related to BeyondCorp Enterprise, Chronicle"}, {"techniqueID": "T1530", "score": 11, "comment": "Related to BeyondCorp Enterprise, Chronicle, Access Transparency, Firewalls, Security Command Center, Cloud Storage, Cloud Data Loss Prevention, AdvancedProtectionProgram, Policy Intelligence, Policy Intelligence, VPC Service Controls"}, {"techniqueID": "T1110.004", "score": 3, "comment": "Related to Cloud Identity, AdvancedProtectionProgram, ReCAPTCHA Enterprise"}, {"techniqueID": "T1078.002", "score": 2, "comment": "Related to Cloud Identity, AdvancedProtectionProgram"}, {"techniqueID": "T1021.004", "score": 2, "comment": "Related to Cloud Identity, Chronicle"}, {"techniqueID": "T1213.003", "score": 2, "comment": "Related to Cloud Identity, Security Command Center"}, {"techniqueID": "T1213", "score": 1, "comment": "Related to Cloud Identity"}, {"techniqueID": "T1090", "score": 2, "comment": "Related to Cloud Armor, Firewalls"}, {"techniqueID": "T1018", "score": 4, "comment": "Related to Cloud Armor, Chronicle, Firewalls, Virtual Private Cloud"}, {"techniqueID": "T1046", "score": 3, "comment": "Related to Cloud Armor, Firewalls, Virtual Private Cloud"}, {"techniqueID": "T1052.001", "score": 2, "comment": "Related to Endpoint Management, Chronicle"}, {"techniqueID": "T1557", "score": 2, "comment": "Related to CloudVPN, Virtual Private Cloud"}, {"techniqueID": "T1565.002", "score": 1, "comment": "Related to CloudVPN"}, {"techniqueID": "T1557.002", "score": 1, "comment": "Related to CloudVPN"}, {"techniqueID": "T1552.005", "score": 1, "comment": "Related to Cloud Key Management"}, {"techniqueID": "T1555", "score": 2, "comment": "Related to Cloud Key Management, Secret Manager"}, {"techniqueID": "T1021.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1037", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1053.005", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1218.005", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1543.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1543.004", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1546.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1547.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1547", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1546", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1543", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1548.002", "score": 2, "comment": "Related to Chronicle, Policy Intelligence"}, {"techniqueID": "T1564.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1564", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1003.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1134.005", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1584.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1562.004", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1070.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1578", "score": 3, "comment": "Related to Chronicle, Security Command Center, Policy Intelligence"}, {"techniqueID": "T1112", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1021", "score": 3, "comment": "Related to Chronicle, Firewalls, AdvancedProtectionProgram"}, {"techniqueID": "T1052", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1053", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1070", "score": 2, "comment": "Related to Chronicle, Security Command Center"}, {"techniqueID": "T1134", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1218", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1584", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1056", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1056.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1056.004", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1071", "score": 2, "comment": "Related to Chronicle, Firewalls"}, {"techniqueID": "T1218.010", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1059.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1082", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1218.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1204", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1036.005", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1027.004", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1127.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1127", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1036", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1055", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1037.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1059.007", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1560", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1132", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1132.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1195.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1195", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1546.007", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1505", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1574.007", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1574", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1070.004", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1011", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1027", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1484", "score": 2, "comment": "Related to Chronicle, Security Command Center"}, {"techniqueID": "T1543.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1070.006", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1003.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1057", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1016", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1049", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1033", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1588.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1070.001", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1569.002", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1569", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1546.008", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1105", "score": 2, "comment": "Related to Chronicle, Security Command Center"}, {"techniqueID": "T1495", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1497", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1202", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1546.003", "score": 1, "comment": "Related to Chronicle"}, {"techniqueID": "T1199", "score": 1, "comment": "Related to Access Transparency"}, {"techniqueID": "T1542", "score": 3, "comment": "Related to Shielded VM, Firewalls, Security Command Center"}, {"techniqueID": "T1014", "score": 2, "comment": "Related to Shielded VM, Security Command Center"}, {"techniqueID": "T1008", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1095", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1104", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1187", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1205", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1219", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1571", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1572", "score": 1, "comment": "Related to Firewalls"}, {"techniqueID": "T1590", "score": 2, "comment": "Related to Firewalls, Virtual Private Cloud"}, {"techniqueID": "T1595", "score": 2, "comment": "Related to Firewalls, Virtual Private Cloud"}, {"techniqueID": "T1059.004", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1071.004", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1505.001", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1589.001", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1496", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1542.003", "score": 1, "comment": "Related to Security Command Center"}, {"techniqueID": "T1565.001", "score": 1, "comment": "Related to Cloud Storage"}, {"techniqueID": "T1612", "score": 1, "comment": "Related to Binary Authorization"}, {"techniqueID": "T1554", "score": 1, "comment": "Related to Binary Authorization"}, {"techniqueID": "T1036.001", "score": 1, "comment": "Related to Binary Authorization"}, {"techniqueID": "T1601", "score": 1, "comment": "Related to Binary Authorization"}, {"techniqueID": "T1114", "score": 1, "comment": "Related to AdvancedProtectionProgram"}, {"techniqueID": "T1590.004", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1590.005", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1135", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1595.001", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1602", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to Virtual Private Cloud"}, {"techniqueID": "T1538", "score": 1, "comment": "Related to Policy Intelligence"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to Policy Intelligence"}, {"techniqueID": "T1537", "score": 1, "comment": "Related to VPC Service Controls"}, {"techniqueID": "T1619", "score": 1, "comment": "Related to VPC Service Controls"}, {"techniqueID": "T1069", "score": 1, "comment": "Related to Identity and Access Management"}, {"techniqueID": "T1069.003", "score": 1, "comment": "Related to Identity and Access Management"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 13}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/veris_files/1.3.5/parsed_veris_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/veris_files/1.3.5/parsed_veris_mappings_navigator_layer.json new file mode 100644 index 00000000..0e283e6b --- /dev/null +++ b/src/mappings_explorer/cli/mapex/veris_files/1.3.5/parsed_veris_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "veris overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "9.0"}, "sorting": 3, "description": "veris heatmap overview of veris mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1047", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Direct install"}, {"techniqueID": "T1053", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Backdoor or C2"}, {"techniqueID": "T1053.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.006", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.007", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1059", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.002", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.003", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.004", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.005", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Email attachment"}, {"techniqueID": "T1059.006", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.007", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Email attachment"}, {"techniqueID": "T1059.008", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1072", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.Adminware, action.malware.vector.Software update"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1112", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1127", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Unknown"}, {"techniqueID": "T1127.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Unknown"}, {"techniqueID": "T1129", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Backdoor or C2"}, {"techniqueID": "T1137.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1187", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.MitM"}, {"techniqueID": "T1202", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1216", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1216.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.007", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.008", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.009", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.010", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.011", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.012", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1220", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1505.001", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor"}, {"techniqueID": "T1505.002", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor"}, {"techniqueID": "T1529", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1543", "score": 5, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, action.malware.variety.Rootkit"}, {"techniqueID": "T1543.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1543.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1543.003", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.RAT"}, {"techniqueID": "T1543.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1547", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1548.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1548.002", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1548.003", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig, action.malware.variety.Client-side attack"}, {"techniqueID": "T1548.004", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1559", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1559.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1559.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1563", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.vector.Network propagation"}, {"techniqueID": "T1563.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.vector.Network propagation"}, {"techniqueID": "T1563.002", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.vector.Network propagation"}, {"techniqueID": "T1564", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.006", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1564.007", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.Trojan"}, {"techniqueID": "T1569", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1569.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1569.002", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.vector.Direct install"}, {"techniqueID": "T1578", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Hypervisor, action.hacking.vector.Inter-tenant"}, {"techniqueID": "T1578.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1110", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.001", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.002", "score": 3, "comment": "Related to action.hacking.variety.Brute force, action.hacking.variety.Offline cracking, action.malware.variety.Brute force"}, {"techniqueID": "T1110.003", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.004", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1203", "score": 7, "comment": "Related to action.hacking.variety.Buffer overflow, action.hacking.variety.HTTP Response Splitting, action.hacking.variety.HTTP request smuggling, action.hacking.variety.HTTP request splitting, action.hacking.variety.HTTP response smuggling, action.malware.variety.Client-side attack, action.malware.vector.Email attachment"}, {"techniqueID": "T1600", "score": 2, "comment": "Related to action.hacking.variety.Cryptanalysis, action.malware.variety.Disable controls"}, {"techniqueID": "T1498", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1498.001", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1498.002", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1499", "score": 6, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Soap array abuse, action.hacking.variety.XML attribute blowup, action.hacking.variety.XML entity expansion, action.hacking.variety.XML external entities, action.malware.variety.DoS"}, {"techniqueID": "T1499.001", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1499.002", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1499.003", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1499.004", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS"}, {"techniqueID": "T1583.005", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Unknown, value_chain.development.variety.Bot, value_chain.distribution.variety.Botnet"}, {"techniqueID": "T1584.005", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Unknown, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1068", "score": 8, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Format string attack, action.hacking.variety.Fuzz testing, action.hacking.variety.Insecure deserialization, action.hacking.variety.Integer overflows, action.hacking.variety.LDAP injection, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1190", "score": 2, "comment": "Related to action.hacking.variety.Exploit misconfig, action.malware.variety.Exploit vuln"}, {"techniqueID": "T1210", "score": 2, "comment": "Related to action.hacking.variety.Exploit misconfig, action.malware.variety.Exploit vuln"}, {"techniqueID": "T1212", "score": 7, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Session fixation, action.malware.variety.Disable controls, action.malware.variety.Exploit vuln, action.malware.variety.Password dumper, action.malware.vector.Web application - drive-by"}, {"techniqueID": "T1558.004", "score": 3, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Use of stolen creds, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1574.001", "score": 3, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.002", "score": 3, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.005", "score": 2, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.010", "score": 1, "comment": "Related to action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1574.011", "score": 1, "comment": "Related to action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1574.004", "score": 2, "comment": "Related to action.hacking.variety.Exploit vuln, action.hacking.variety.Unknown"}, {"techniqueID": "T1595.002", "score": 4, "comment": "Related to action.hacking.variety.Exploit vuln, action.malware.variety.Exploit vuln, action.malware.variety.Scan network, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1007", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1012", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1057", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1069", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1069.001", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1069.002", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1069.003", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1082", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1087.001", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1087.002", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1087.003", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1087.004", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1119", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, action.malware.variety.Capture stored data"}, {"techniqueID": "T1120", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1124", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1201", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1480", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1480.001", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1518", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1518.001", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1538", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1580", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1589", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Personal Information"}, {"techniqueID": "T1589.001", "score": 3, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Lost or stolen credentials, value_chain.targeting.variety.Personal Information"}, {"techniqueID": "T1589.002", "score": 3, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Email addresses, value_chain.targeting.variety.Personal Information"}, {"techniqueID": "T1589.003", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Personal Information"}, {"techniqueID": "T1590", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.003", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.004", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.005", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1590.006", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1591", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1591.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1591.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1591.003", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1591.004", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1592", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1592.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1592.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1592.003", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1592.004", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1593", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1593.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1593.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1594", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596.003", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596.004", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1596.005", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1597", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1597.001", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1597.002", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1602", "score": 2, "comment": "Related to action.hacking.variety.Footprinting, action.malware.variety.Capture stored data"}, {"techniqueID": "T1602.001", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1602.002", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1614", "score": 1, "comment": "Related to action.hacking.variety.Footprinting"}, {"techniqueID": "T1539", "score": 3, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.MitM, action.malware.variety.Capture app data"}, {"techniqueID": "T1583.003", "score": 4, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1583.004", "score": 4, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1583.006", "score": 6, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown, action.malware.variety.C2, value_chain.development.variety.Website, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1185", "score": 7, "comment": "Related to action.hacking.variety.HTTP Response Splitting, action.hacking.variety.HTTP request smuggling, action.hacking.variety.HTTP request splitting, action.hacking.variety.HTTP response smuggling, action.hacking.variety.MitM, action.hacking.variety.Session fixation, action.malware.variety.Capture app data"}, {"techniqueID": "T1557", "score": 2, "comment": "Related to action.hacking.variety.MitM, action.hacking.variety.Routing detour"}, {"techniqueID": "T1557.001", "score": 1, "comment": "Related to action.hacking.variety.MitM"}, {"techniqueID": "T1557.002", "score": 1, "comment": "Related to action.hacking.variety.MitM"}, {"techniqueID": "T1550.002", "score": 3, "comment": "Related to action.hacking.variety.Pass-the-hash, action.hacking.variety.Use of stolen creds, action.malware.variety.Password dumper"}, {"techniqueID": "T1001", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Unknown"}, {"techniqueID": "T1008", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1071", "score": 4, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1078", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.variety.Use of stolen creds, action.hacking.vector.Backdoor or C2"}, {"techniqueID": "T1090", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1102", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1104", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1105", "score": 3, "comment": "Related to action.hacking.variety.Unknown, action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2"}, {"techniqueID": "T1132", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1133", "score": 9, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.variety.Use of stolen creds, action.hacking.vector.3rd party desktop, action.hacking.vector.Backdoor or C2, action.hacking.vector.Desktop sharing software, action.malware.variety.Backdoor, action.malware.variety.Exploit vuln, action.malware.vector.Remote injection, action.malware.vector.Web application"}, {"techniqueID": "T1205", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1505", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor"}, {"techniqueID": "T1505.003", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor"}, {"techniqueID": "T1525", "score": 5, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, action.malware.variety.RAT, action.malware.variety.Unknown"}, {"techniqueID": "T1568", "score": 4, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2, action.malware.vector.Download by malware"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1572", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573", "score": 3, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.hacking.vector.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573.001", "score": 2, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573.002", "score": 2, "comment": "Related to action.hacking.variety.Use of backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1021", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.malware.vector.Network propagation"}, {"techniqueID": "T1021.001", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Desktop sharing software"}, {"techniqueID": "T1021.002", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.003", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.004", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.005", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Desktop sharing software"}, {"techniqueID": "T1021.006", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1078.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.004", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.004", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.005", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1550", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.malware.vector.Network propagation"}, {"techniqueID": "T1550.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1550.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1550.004", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1586", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1586.001", "score": 3, "comment": "Related to action.hacking.variety.Use of stolen creds, action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1586.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to action.hacking.variety.Virtual machine escape"}, {"techniqueID": "T1213", "score": 2, "comment": "Related to action.hacking.variety.XML external entities, action.malware.variety.Capture stored data"}, {"techniqueID": "T1546", "score": 4, "comment": "Related to action.hacking.variety.XML injection, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1574", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.hacking.variety.XML injection, action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor"}, {"techniqueID": "T1010", "score": 2, "comment": "Related to action.hacking.variety.XPath injection, action.malware.variety.Capture stored data"}, {"techniqueID": "T1111", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1583", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.malware.vector.Web application - download"}, {"techniqueID": "T1583.001", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.C2, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1583.002", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.C2, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.vector.Web application - download, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584.001", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.social.variety.Pretexting, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584.002", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.C2, value_chain.distribution.variety.Compromised server, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584.003", "score": 3, "comment": "Related to action.hacking.variety.Unknown, value_chain.distribution.variety.Compromised server, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584.004", "score": 3, "comment": "Related to action.hacking.variety.Unknown, value_chain.distribution.variety.Compromised server, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1584.006", "score": 3, "comment": "Related to action.hacking.variety.Unknown, value_chain.distribution.variety.Other, value_chain.non-distribution services.variety.Other"}, {"techniqueID": "T1587", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Unknown"}, {"techniqueID": "T1587.001", "score": 6, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Bot, value_chain.development.variety.Payload, value_chain.development.variety.Ransomware, value_chain.development.variety.Trojan"}, {"techniqueID": "T1587.002", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1587.003", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1587.004", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Exploit, value_chain.development.variety.Exploit Kits"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Unknown"}, {"techniqueID": "T1588.001", "score": 6, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Bot, value_chain.development.variety.Payload, value_chain.development.variety.Ransomware, value_chain.development.variety.Trojan"}, {"techniqueID": "T1588.002", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1588.003", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1588.004", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1588.005", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Exploit, value_chain.development.variety.Exploit Kits"}, {"techniqueID": "T1588.006", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1599.001", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1606", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1606.001", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1606.002", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1531", "score": 2, "comment": "Related to action.hacking.variety.Unknown, attribute.integrity.variety.Unknown"}, {"techniqueID": "T1037", "score": 3, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1098", "score": 3, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Backdoor, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1136", "score": 3, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Modify data, attribute.integrity.variety.Created account"}, {"techniqueID": "T1197", "score": 2, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Export data"}, {"techniqueID": "T1542", "score": 2, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Rootkit"}, {"techniqueID": "T1554", "score": 4, "comment": "Related to action.hacking.vector.Backdoor or C2, action.malware.variety.Adminware, action.malware.variety.Backdoor, action.malware.variety.Trojan"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to action.hacking.vector.Desktop sharing software, action.malware.variety.Adminware"}, {"techniqueID": "T1497", "score": 3, "comment": "Related to action.hacking.vector.Hypervisor, action.hacking.vector.Inter-tenant, action.malware.variety.Disable controls"}, {"techniqueID": "T1199", "score": 2, "comment": "Related to action.hacking.vector.Partner, action.malware.variety.Adware"}, {"techniqueID": "T1195", "score": 2, "comment": "Related to action.hacking.vector.Partner, action.malware.vector.Software update"}, {"techniqueID": "T1195.001", "score": 1, "comment": "Related to action.hacking.vector.Partner"}, {"techniqueID": "T1195.002", "score": 1, "comment": "Related to action.hacking.vector.Partner"}, {"techniqueID": "T1195.003", "score": 1, "comment": "Related to action.hacking.vector.Partner"}, {"techniqueID": "T1200", "score": 1, "comment": "Related to action.hacking.vector.Physical access"}, {"techniqueID": "T1205.001", "score": 2, "comment": "Related to action.malware.variety.Backdoor, action.malware.variety.C2"}, {"techniqueID": "T1001.001", "score": 2, "comment": "Related to action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.001", "score": 2, "comment": "Related to action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.002", "score": 2, "comment": "Related to action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.003", "score": 2, "comment": "Related to action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.004", "score": 2, "comment": "Related to action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1090.001", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1090.002", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1090.003", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1090.004", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1102.001", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1102.002", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1102.003", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1132.001", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1132.002", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1568.001", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1568.002", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1568.003", "score": 1, "comment": "Related to action.malware.variety.C2"}, {"techniqueID": "T1056", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1056.001", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1056.002", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1056.003", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1056.004", "score": 3, "comment": "Related to action.malware.variety.Capture app data, action.malware.variety.Password dumper, action.malware.variety.Spyware/Keylogger"}, {"techniqueID": "T1113", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1114", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1114.001", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1114.002", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1114.003", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1123", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1125", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1176", "score": 2, "comment": "Related to action.malware.variety.Capture app data, action.malware.vector.Web application - drive-by"}, {"techniqueID": "T1207", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1217", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1528", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1003.002", "score": 3, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper, action.malware.variety.RAM scraper"}, {"techniqueID": "T1003.003", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper"}, {"techniqueID": "T1003.006", "score": 3, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Export data, action.malware.variety.Password dumper"}, {"techniqueID": "T1003.008", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper"}, {"techniqueID": "T1005", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1025", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1033", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1039", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1083", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1213.001", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1213.002", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1530", "score": 1, "comment": "Related to action.malware.variety.Capture stored data"}, {"techniqueID": "T1496", "score": 3, "comment": "Related to action.malware.variety.Click fraud, action.malware.variety.Click fraud and cryptocurrency mining, action.malware.variety.Cryptocurrency mining"}, {"techniqueID": "T1221", "score": 1, "comment": "Related to action.malware.variety.Client-side attack"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.001", "score": 2, "comment": "Related to action.malware.variety.Destroy data, attribute.integrity.variety.Log tampering"}, {"techniqueID": "T1070.002", "score": 2, "comment": "Related to action.malware.variety.Destroy data, attribute.integrity.variety.Log tampering"}, {"techniqueID": "T1070.003", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.004", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.005", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.006", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1485", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1495", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1561", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1561.001", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1561.002", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036", "score": 2, "comment": "Related to action.malware.variety.Disable controls, action.malware.vector.Email attachment"}, {"techniqueID": "T1036.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.002", "score": 3, "comment": "Related to action.malware.variety.Disable controls, action.social.variety.Forgery, action.social.variety.Phishing"}, {"techniqueID": "T1036.003", "score": 2, "comment": "Related to action.malware.variety.Disable controls, action.malware.variety.Rootkit"}, {"techniqueID": "T1036.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1490", "score": 2, "comment": "Related to action.malware.variety.Disable controls, action.malware.variety.Ransomware"}, {"techniqueID": "T1497.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1497.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1497.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562", "score": 2, "comment": "Related to action.malware.variety.Disable controls, action.malware.variety.Modify data"}, {"techniqueID": "T1562.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.007", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.008", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1574.012", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1600.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1600.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1601", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1601.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1601.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1489", "score": 1, "comment": "Related to action.malware.variety.DoS"}, {"techniqueID": "T1211", "score": 1, "comment": "Related to action.malware.variety.Exploit vuln"}, {"techniqueID": "T1011", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1011.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1020", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1020.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1029", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1030", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1041", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1048", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1048.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1048.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1048.003", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1052", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1052.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1074", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1074.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1074.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1537", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.003", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1567", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1567.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1567.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1003.007", "score": 2, "comment": "Related to action.malware.variety.In-memory, action.malware.variety.Password dumper"}, {"techniqueID": "T1055", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.001", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.002", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.003", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.004", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.005", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.008", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.009", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.011", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.012", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.013", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.014", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1115", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1040", "score": 2, "comment": "Related to action.malware.variety.Packet sniffer, action.malware.variety.Scan network"}, {"techniqueID": "T1003", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1003.001", "score": 2, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper"}, {"techniqueID": "T1003.004", "score": 2, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper"}, {"techniqueID": "T1003.005", "score": 3, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper, action.malware.vector.Email link"}, {"techniqueID": "T1552.001", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1552.002", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1552.003", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1552.004", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1552.005", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1552.006", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1555", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1555.001", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1555.002", "score": 2, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper"}, {"techniqueID": "T1555.003", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1555.004", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1555.005", "score": 1, "comment": "Related to action.malware.variety.Password dumper"}, {"techniqueID": "T1486", "score": 1, "comment": "Related to action.malware.variety.Ransomware"}, {"techniqueID": "T1014", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.001", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.002", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.003", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.004", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.005", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1016", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1016.001", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1018", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1046", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1049", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1135", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1595", "score": 2, "comment": "Related to action.malware.variety.Scan network, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1595.001", "score": 2, "comment": "Related to action.malware.variety.Scan network, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1204.003", "score": 4, "comment": "Related to action.malware.variety.Trojan, action.malware.variety.Unknown, action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1080", "score": 2, "comment": "Related to action.malware.variety.Unknown, action.malware.variety.Worm"}, {"techniqueID": "T1091", "score": 2, "comment": "Related to action.malware.variety.Worm, action.malware.vector.Removable media"}, {"techniqueID": "T1001.002", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1001.003", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1140", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1204", "score": 2, "comment": "Related to action.malware.variety.Unknown, action.social.variety.Phishing"}, {"techniqueID": "T1204.001", "score": 3, "comment": "Related to action.malware.variety.Unknown, action.malware.vector.Email link, action.social.variety.Phishing"}, {"techniqueID": "T1204.002", "score": 3, "comment": "Related to action.malware.variety.Unknown, action.malware.vector.Email attachment, action.social.variety.Phishing"}, {"techniqueID": "T1608", "score": 2, "comment": "Related to action.malware.variety.Unknown, value_chain.distribution.variety.Unknown"}, {"techniqueID": "T1608.001", "score": 2, "comment": "Related to action.malware.variety.Unknown, value_chain.distribution.variety.Website"}, {"techniqueID": "T1608.002", "score": 2, "comment": "Related to action.malware.variety.Unknown, value_chain.distribution.variety.Website"}, {"techniqueID": "T1608.003", "score": 2, "comment": "Related to action.malware.variety.Unknown, value_chain.distribution.variety.Other"}, {"techniqueID": "T1608.004", "score": 2, "comment": "Related to action.malware.variety.Unknown, value_chain.distribution.variety.Website"}, {"techniqueID": "T1608.005", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1610", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1612", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1566.001", "score": 3, "comment": "Related to action.malware.vector.Email attachment, action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1598.002", "score": 4, "comment": "Related to action.malware.vector.Email attachment, action.social.variety.Phishing, action.social.variety.Pretexting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to action.malware.vector.Email link, attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1598.003", "score": 4, "comment": "Related to action.malware.vector.Email link, action.social.variety.Phishing, action.social.variety.Pretexting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1566", "score": 2, "comment": "Related to action.malware.vector.Instant messaging, action.social.variety.Phishing"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to action.malware.vector.Network propagation"}, {"techniqueID": "T1092", "score": 1, "comment": "Related to action.malware.vector.Removable media"}, {"techniqueID": "T1189", "score": 1, "comment": "Related to action.malware.vector.Web application - drive-by"}, {"techniqueID": "T1566.002", "score": 2, "comment": "Related to action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1566.003", "score": 2, "comment": "Related to action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1598", "score": 3, "comment": "Related to action.social.variety.Phishing, action.social.variety.Pretexting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1598.001", "score": 3, "comment": "Related to action.social.variety.Phishing, action.social.variety.Pretexting, value_chain.targeting.variety.Organizational Information"}, {"techniqueID": "T1534", "score": 2, "comment": "Related to action.social.variety.Pretexting, attribute.integrity.variety.Misrepresentation"}, {"techniqueID": "T1585", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1585.001", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1585.002", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1546.001", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.002", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.003", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.004", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.005", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.006", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.007", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.008", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.009", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.010", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.011", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.012", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.013", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.014", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.015", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1136.001", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1136.002", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1136.003", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1491", "score": 1, "comment": "Related to attribute.integrity.variety.Defacement"}, {"techniqueID": "T1491.001", "score": 1, "comment": "Related to attribute.integrity.variety.Defacement"}, {"techniqueID": "T1491.002", "score": 1, "comment": "Related to attribute.integrity.variety.Defacement"}, {"techniqueID": "T1037.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.005", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.005", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.006", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.007", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.008", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.009", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.010", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.011", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.012", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.013", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1556", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1556.001", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1556.003", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1556.004", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1565", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1098.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1547.014", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to attribute.integrity.variety.Repurpose"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 9}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/veris_files/1.3.7/parsed_veris_mappings_navigator_layer.json b/src/mappings_explorer/cli/mapex/veris_files/1.3.7/parsed_veris_mappings_navigator_layer.json new file mode 100644 index 00000000..a92bdd0c --- /dev/null +++ b/src/mappings_explorer/cli/mapex/veris_files/1.3.7/parsed_veris_mappings_navigator_layer.json @@ -0,0 +1 @@ +{"name": "veris overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "12.1"}, "sorting": 3, "description": "veris heatmap overview of veris mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1047", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Direct install"}, {"techniqueID": "T1053", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Backdoor, action.hacking.vector.Backdoor"}, {"techniqueID": "T1053.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.006", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1053.007", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1059", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.OS commanding, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.002", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.OS commanding, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.003", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.OS commanding, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.004", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.OS commanding, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.005", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Email attachment"}, {"techniqueID": "T1059.006", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1059.007", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell, action.malware.vector.Email attachment"}, {"techniqueID": "T1059.008", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Command shell"}, {"techniqueID": "T1072", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.Adminware, action.malware.vector.Software update, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1106", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1112", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1127", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Unknown"}, {"techniqueID": "T1127.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Unknown"}, {"techniqueID": "T1129", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1137.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1187", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.MitM, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1202", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1216", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1216.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.005", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.007", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.008", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.009", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.010", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.011", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.012", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.013", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1218.014", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1220", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1505.001", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2"}, {"techniqueID": "T1505.002", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2"}, {"techniqueID": "T1529", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, attribute.availability.variety.Interruption"}, {"techniqueID": "T1543", "score": 7, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, action.malware.variety.Rootkit, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1543.001", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1543.002", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1543.003", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.variety.RAT, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1543.004", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1547", "score": 6, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1548", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1548.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1548.002", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1548.003", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig, action.malware.variety.Client-side attack"}, {"techniqueID": "T1548.004", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1559", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1559.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1559.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1563", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Hijack, action.malware.vector.Network propagation"}, {"techniqueID": "T1563.001", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Hijack, action.malware.vector.Network propagation"}, {"techniqueID": "T1563.002", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Hijack, action.malware.vector.Network propagation"}, {"techniqueID": "T1564", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.001", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.002", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.003", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.004", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.005", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.006", "score": 4, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1564.007", "score": 5, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.malware.variety.Trojan, action.social.variety.Evade Defenses"}, {"techniqueID": "T1569", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1569.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1569.002", "score": 2, "comment": "Related to action.hacking.variety.Abuse of functionality, action.malware.vector.Direct install"}, {"techniqueID": "T1578", "score": 3, "comment": "Related to action.hacking.variety.Abuse of functionality, action.hacking.vector.Hypervisor, action.hacking.vector.Inter-tenant"}, {"techniqueID": "T1578.001", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.002", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.003", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1578.004", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1609", "score": 1, "comment": "Related to action.hacking.variety.Abuse of functionality"}, {"techniqueID": "T1098", "score": 5, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1037", "score": 5, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1554", "score": 6, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Adminware, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, action.malware.variety.Trojan"}, {"techniqueID": "T1136", "score": 4, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Modify data, attribute.integrity.variety.Created account"}, {"techniqueID": "T1546", "score": 6, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.variety.XML injection, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1133", "score": 10, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.variety.Use of stolen creds, action.hacking.vector.3rd party desktop, action.hacking.vector.Backdoor, action.hacking.vector.Desktop sharing software, action.hacking.vector.VPN, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, action.malware.vector.Remote injection, action.malware.vector.Web application"}, {"techniqueID": "T1525", "score": 6, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, action.malware.variety.RAT, action.malware.variety.Unknown"}, {"techniqueID": "T1556", "score": 4, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.vector.Backdoor, attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1078", "score": 3, "comment": "Related to action.hacking.variety.Backdoor, action.hacking.variety.Use of stolen creds, action.hacking.vector.Backdoor"}, {"techniqueID": "T1110", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.001", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.002", "score": 3, "comment": "Related to action.hacking.variety.Brute force, action.hacking.variety.Offline cracking, action.malware.variety.Brute force"}, {"techniqueID": "T1110.003", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1110.004", "score": 2, "comment": "Related to action.hacking.variety.Brute force, action.malware.variety.Brute force"}, {"techniqueID": "T1203", "score": 7, "comment": "Related to action.hacking.variety.Buffer overflow, action.hacking.variety.HTTP request smuggling, action.hacking.variety.HTTP request splitting, action.hacking.variety.HTTP response smuggling, action.hacking.variety.HTTP response splitting, action.malware.variety.Client-side attack, action.malware.vector.Email attachment"}, {"techniqueID": "T1557.002", "score": 3, "comment": "Related to action.hacking.variety.Cache poisoning, action.hacking.variety.MitM, action.malware.variety.MitM"}, {"techniqueID": "T1600", "score": 2, "comment": "Related to action.hacking.variety.Cryptanalysis, action.malware.variety.Disable controls"}, {"techniqueID": "T1562", "score": 6, "comment": "Related to action.hacking.variety.Disable controls, action.hacking.variety.Evade Defenses, action.malware.variety.Disable controls, action.malware.variety.Evade Defenses, action.malware.variety.Modify data, action.social.variety.Evade Defenses"}, {"techniqueID": "T1562.001", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1562.002", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1562.003", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1562.004", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1562.007", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1562.008", "score": 2, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.Disable controls"}, {"techniqueID": "T1489", "score": 3, "comment": "Related to action.hacking.variety.Disable controls, action.malware.variety.DoS, attribute.availability.variety.Interruption"}, {"techniqueID": "T1498", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1498.001", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1498.002", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1499", "score": 6, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Soap array abuse, action.hacking.variety.XML external entities, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1499.001", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1499.002", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1499.003", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1499.004", "score": 4, "comment": "Related to action.hacking.variety.DoS, action.malware.variety.DoS, attribute.availability.variety.Degradation, attribute.availability.variety.Loss"}, {"techniqueID": "T1583.005", "score": 3, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Unknown, value_chain.development.variety.Bot"}, {"techniqueID": "T1584.005", "score": 2, "comment": "Related to action.hacking.variety.DoS, action.hacking.variety.Unknown"}, {"techniqueID": "T1622", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1211", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1036", "score": 5, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Disable controls, action.malware.variety.Evade Defenses, action.malware.vector.Email attachment, action.social.variety.Evade Defenses"}, {"techniqueID": "T1014", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Evade Defenses, action.malware.variety.Rootkit, action.social.variety.Evade Defenses"}, {"techniqueID": "T1553", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Disable controls, action.malware.variety.Evade Defenses, action.social.variety.Evade Defenses"}, {"techniqueID": "T1001", "score": 2, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Unknown"}, {"techniqueID": "T1001.001", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1001.002", "score": 2, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Unknown"}, {"techniqueID": "T1001.003", "score": 2, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Unknown"}, {"techniqueID": "T1071", "score": 5, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1132", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1132.001", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1132.002", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1568", "score": 5, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.vector.Download by malware"}, {"techniqueID": "T1568.001", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1568.002", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1568.003", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573.002", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1573.001", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1008", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1104", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1572", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1090", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1205", "score": 3, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1205.001", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1205.002", "score": 1, "comment": "Related to action.hacking.variety.Evade Defenses"}, {"techniqueID": "T1102", "score": 4, "comment": "Related to action.hacking.variety.Evade Defenses, action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1068", "score": 8, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Format string attack, action.hacking.variety.Fuzz testing, action.hacking.variety.Insecure deserialization, action.hacking.variety.Integer overflows, action.hacking.variety.LDAP injection, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1190", "score": 2, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.SQLi"}, {"techniqueID": "T1212", "score": 7, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Session fixation, action.malware.variety.Disable controls, action.malware.variety.Password dumper, action.malware.vector.Web application - drive-by, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1558.004", "score": 3, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Use of stolen creds, action.malware.variety.Exploit misconfig"}, {"techniqueID": "T1574.001", "score": 4, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Hijack, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.002", "score": 4, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Exploit vuln, action.hacking.variety.Hijack, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.005", "score": 3, "comment": "Related to action.hacking.variety.Exploit misconfig, action.hacking.variety.Hijack, action.hacking.variety.Unknown"}, {"techniqueID": "T1574.010", "score": 1, "comment": "Related to action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1574.011", "score": 1, "comment": "Related to action.hacking.variety.Exploit misconfig"}, {"techniqueID": "T1574.004", "score": 3, "comment": "Related to action.hacking.variety.Exploit vuln, action.hacking.variety.Hijack, action.hacking.variety.Unknown"}, {"techniqueID": "T1595.002", "score": 2, "comment": "Related to action.hacking.variety.Exploit vuln, action.malware.variety.Scan network"}, {"techniqueID": "T1539", "score": 4, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.MitM, action.hacking.variety.Session replay, action.malware.variety.Capture app data"}, {"techniqueID": "T1583.003", "score": 2, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown"}, {"techniqueID": "T1583.004", "score": 2, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown"}, {"techniqueID": "T1583.006", "score": 5, "comment": "Related to action.hacking.variety.Forced browsing, action.hacking.variety.Unknown, action.malware.variety.Backdoor or C2, action.malware.variety.C2, value_chain.development.variety.Website"}, {"techniqueID": "T1185", "score": 8, "comment": "Related to action.hacking.variety.HTTP request smuggling, action.hacking.variety.HTTP request splitting, action.hacking.variety.HTTP response smuggling, action.hacking.variety.HTTP response splitting, action.hacking.variety.Hijack, action.hacking.variety.MitM, action.hacking.variety.Session fixation, action.malware.variety.Capture app data"}, {"techniqueID": "T1496", "score": 5, "comment": "Related to action.hacking.variety.Hijack, action.malware.variety.Click fraud, action.malware.variety.Click fraud and cryptocurrency mining, action.malware.variety.Cryptocurrency mining, attribute.availability.variety.Degradation"}, {"techniqueID": "T1574", "score": 3, "comment": "Related to action.hacking.variety.Hijack, action.hacking.variety.Unknown, action.hacking.variety.XML injection"}, {"techniqueID": "T1557", "score": 4, "comment": "Related to action.hacking.variety.MitM, action.hacking.variety.Routing detour, action.malware.variety.MitM, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1557.001", "score": 2, "comment": "Related to action.hacking.variety.MitM, action.malware.variety.MitM"}, {"techniqueID": "T1027", "score": 2, "comment": "Related to action.hacking.variety.Null byte injection, action.malware.variety.Disable controls"}, {"techniqueID": "T1550.002", "score": 4, "comment": "Related to action.hacking.variety.Pass-the-hash, action.hacking.variety.Use of stolen creds, action.malware.variety.Pass-the-hash, action.malware.variety.Password dumper"}, {"techniqueID": "T1082", "score": 2, "comment": "Related to action.hacking.variety.Profile host, action.malware.variety.Profile host"}, {"techniqueID": "T1033", "score": 3, "comment": "Related to action.hacking.variety.Profile host, action.malware.variety.Capture stored data, action.malware.variety.Profile host"}, {"techniqueID": "T1007", "score": 2, "comment": "Related to action.hacking.variety.Profile host, action.malware.variety.Profile host"}, {"techniqueID": "T1012", "score": 2, "comment": "Related to action.hacking.variety.Profile host, action.malware.variety.Profile host"}, {"techniqueID": "T1083", "score": 3, "comment": "Related to action.hacking.variety.Profile host, action.malware.variety.Capture stored data, action.malware.variety.Profile host"}, {"techniqueID": "T1057", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1120", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1124", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1201", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1119", "score": 4, "comment": "Related to action.hacking.variety.Profile host, action.hacking.variety.Scan network, action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1480", "score": 2, "comment": "Related to action.hacking.variety.Profile host, action.hacking.variety.Scan network"}, {"techniqueID": "T1480.001", "score": 2, "comment": "Related to action.hacking.variety.Profile host, action.hacking.variety.Scan network"}, {"techniqueID": "T1518", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1518.001", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1087", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1087.001", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1069", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1069.001", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1614", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1614.001", "score": 1, "comment": "Related to action.hacking.variety.Profile host"}, {"techniqueID": "T1046", "score": 2, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Scan network"}, {"techniqueID": "T1135", "score": 2, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Scan network"}, {"techniqueID": "T1040", "score": 4, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Packet sniffer, action.malware.variety.Scan network, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1018", "score": 2, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Scan network"}, {"techniqueID": "T1049", "score": 2, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Scan network"}, {"techniqueID": "T1589", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1589.001", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1589.002", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1589.003", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.001", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.002", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.003", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.004", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.005", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1590.006", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1592", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1592.001", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1592.002", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1592.003", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1592.004", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1613", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1602", "score": 3, "comment": "Related to action.hacking.variety.Scan network, action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1602.001", "score": 2, "comment": "Related to action.hacking.variety.Scan network, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1602.002", "score": 2, "comment": "Related to action.hacking.variety.Scan network, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1526", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1580", "score": 1, "comment": "Related to action.hacking.variety.Scan network"}, {"techniqueID": "T1606", "score": 2, "comment": "Related to action.hacking.variety.Session prediction, action.hacking.variety.Unknown"}, {"techniqueID": "T1606.001", "score": 2, "comment": "Related to action.hacking.variety.Session prediction, action.hacking.variety.Unknown"}, {"techniqueID": "T1550.004", "score": 2, "comment": "Related to action.hacking.variety.Session replay, action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1021", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.malware.vector.Network propagation"}, {"techniqueID": "T1021.001", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Desktop sharing software"}, {"techniqueID": "T1021.002", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.003", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.004", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1021.005", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Desktop sharing software"}, {"techniqueID": "T1021.006", "score": 2, "comment": "Related to action.hacking.variety.Use of stolen creds, action.hacking.vector.Command shell"}, {"techniqueID": "T1078.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1078.004", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.004", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1134.005", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1550", "score": 3, "comment": "Related to action.hacking.variety.Use of stolen creds, action.malware.variety.Pass-the-hash, action.malware.vector.Network propagation"}, {"techniqueID": "T1550.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1550.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.001", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1558.003", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1586", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1586.001", "score": 3, "comment": "Related to action.hacking.variety.Use of stolen creds, action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1586.002", "score": 1, "comment": "Related to action.hacking.variety.Use of stolen creds"}, {"techniqueID": "T1611", "score": 1, "comment": "Related to action.hacking.variety.Virtual machine escape"}, {"techniqueID": "T1213", "score": 3, "comment": "Related to action.hacking.variety.XML external entities, action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1010", "score": 2, "comment": "Related to action.hacking.variety.XPath injection, action.malware.variety.Capture stored data"}, {"techniqueID": "T1105", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.hacking.vector.Other network service"}, {"techniqueID": "T1111", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1583", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.malware.vector.Web application - download"}, {"techniqueID": "T1583.001", "score": 3, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1583.002", "score": 3, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1584", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.malware.vector.Web application - download"}, {"techniqueID": "T1584.001", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.social.variety.Pretexting"}, {"techniqueID": "T1584.002", "score": 3, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1584.003", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1584.004", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1584.006", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1587", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Unknown"}, {"techniqueID": "T1587.001", "score": 6, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Bot, value_chain.development.variety.Payload, value_chain.development.variety.Ransomware, value_chain.development.variety.Trojan"}, {"techniqueID": "T1587.002", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1587.003", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1587.004", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Exploit, value_chain.development.variety.Exploit Kits"}, {"techniqueID": "T1588", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Unknown"}, {"techniqueID": "T1588.001", "score": 6, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Bot, value_chain.development.variety.Payload, value_chain.development.variety.Ransomware, value_chain.development.variety.Trojan"}, {"techniqueID": "T1588.002", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1588.003", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1588.004", "score": 2, "comment": "Related to action.hacking.variety.Unknown, value_chain.development.variety.Other"}, {"techniqueID": "T1588.005", "score": 4, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown, value_chain.development.variety.Exploit, value_chain.development.variety.Exploit Kits"}, {"techniqueID": "T1588.006", "score": 2, "comment": "Related to action.hacking.variety.Unknown, action.malware.variety.Unknown"}, {"techniqueID": "T1599", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1599.001", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1606.002", "score": 1, "comment": "Related to action.hacking.variety.Unknown"}, {"techniqueID": "T1531", "score": 4, "comment": "Related to action.hacking.variety.Unknown, attribute.availability.variety.Destruction, attribute.availability.variety.Interruption, attribute.integrity.variety.Unknown"}, {"techniqueID": "T1219", "score": 2, "comment": "Related to action.hacking.vector.Desktop sharing software, action.malware.variety.Adminware"}, {"techniqueID": "T1497", "score": 3, "comment": "Related to action.hacking.vector.Hypervisor, action.hacking.vector.Inter-tenant, action.malware.variety.Disable controls"}, {"techniqueID": "T1199", "score": 4, "comment": "Related to action.hacking.vector.Partner, action.malware.variety.Adware, action.malware.vector.Partner, action.social.vector.Partner"}, {"techniqueID": "T1195", "score": 3, "comment": "Related to action.hacking.vector.Partner, action.malware.vector.Partner, action.malware.vector.Software update"}, {"techniqueID": "T1195.001", "score": 2, "comment": "Related to action.hacking.vector.Partner, action.social.vector.Software"}, {"techniqueID": "T1195.002", "score": 2, "comment": "Related to action.hacking.vector.Partner, action.social.vector.Software"}, {"techniqueID": "T1195.003", "score": 2, "comment": "Related to action.hacking.vector.Partner, action.social.vector.Partner"}, {"techniqueID": "T1200", "score": 1, "comment": "Related to action.hacking.vector.Physical access"}, {"techniqueID": "T1056.003", "score": 3, "comment": "Related to action.hacking.vector.Web application, action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1095", "score": 3, "comment": "Related to action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1571", "score": 3, "comment": "Related to action.hacking.vector.Other network service, action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1505", "score": 2, "comment": "Related to action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2"}, {"techniqueID": "T1505.003", "score": 2, "comment": "Related to action.malware.variety.Backdoor, action.malware.variety.Backdoor or C2"}, {"techniqueID": "T1071.001", "score": 3, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.002", "score": 3, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.003", "score": 3, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1071.004", "score": 3, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2, action.malware.variety.Unknown"}, {"techniqueID": "T1090.001", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1090.002", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1090.003", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1090.004", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1102.001", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1102.002", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1102.003", "score": 2, "comment": "Related to action.malware.variety.Backdoor or C2, action.malware.variety.C2"}, {"techniqueID": "T1056", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1056.001", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1056.002", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1056.004", "score": 4, "comment": "Related to action.malware.variety.Capture app data, action.malware.variety.Password dumper, action.malware.variety.Spyware/Keylogger, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1113", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1114", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1114.001", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1114.002", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1114.003", "score": 3, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure, attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1123", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1125", "score": 2, "comment": "Related to action.malware.variety.Capture app data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1176", "score": 2, "comment": "Related to action.malware.variety.Capture app data, action.malware.vector.Web application - drive-by"}, {"techniqueID": "T1207", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1217", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1528", "score": 1, "comment": "Related to action.malware.variety.Capture app data"}, {"techniqueID": "T1003.002", "score": 4, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper, action.malware.variety.RAM scraper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.003", "score": 3, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.006", "score": 4, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Export data, action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.008", "score": 3, "comment": "Related to action.malware.variety.Capture stored data, action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1005", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1025", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1039", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1213.001", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1213.002", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1530", "score": 2, "comment": "Related to action.malware.variety.Capture stored data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1221", "score": 1, "comment": "Related to action.malware.variety.Client-side attack"}, {"techniqueID": "T1070", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.001", "score": 2, "comment": "Related to action.malware.variety.Destroy data, attribute.integrity.variety.Log tampering"}, {"techniqueID": "T1070.002", "score": 2, "comment": "Related to action.malware.variety.Destroy data, attribute.integrity.variety.Log tampering"}, {"techniqueID": "T1070.003", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.004", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.005", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1070.006", "score": 1, "comment": "Related to action.malware.variety.Destroy data"}, {"techniqueID": "T1485", "score": 3, "comment": "Related to action.malware.variety.Destroy data, attribute.availability.variety.Destruction, attribute.availability.variety.Interruption"}, {"techniqueID": "T1495", "score": 4, "comment": "Related to action.malware.variety.Destroy data, attribute.availability.variety.Destruction, attribute.availability.variety.Interruption, attribute.availability.variety.Loss"}, {"techniqueID": "T1561", "score": 4, "comment": "Related to action.malware.variety.Destroy data, attribute.availability.variety.Destruction, attribute.availability.variety.Interruption, attribute.availability.variety.Loss"}, {"techniqueID": "T1561.001", "score": 3, "comment": "Related to action.malware.variety.Destroy data, attribute.availability.variety.Destruction, attribute.availability.variety.Loss"}, {"techniqueID": "T1561.002", "score": 4, "comment": "Related to action.malware.variety.Destroy data, attribute.availability.variety.Destruction, attribute.availability.variety.Interruption, attribute.availability.variety.Loss"}, {"techniqueID": "T1006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1027.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.002", "score": 3, "comment": "Related to action.malware.variety.Disable controls, action.social.variety.Forgery, action.social.variety.Phishing"}, {"techniqueID": "T1036.003", "score": 2, "comment": "Related to action.malware.variety.Disable controls, action.malware.variety.Rootkit"}, {"techniqueID": "T1036.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1036.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1222.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1490", "score": 3, "comment": "Related to action.malware.variety.Disable controls, action.malware.variety.Ransomware, attribute.availability.variety.Loss"}, {"techniqueID": "T1497.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1497.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1497.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.003", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.004", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.005", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1553.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1562.006", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1574.012", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1600.001", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1600.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1601", "score": 2, "comment": "Related to action.malware.variety.Disable controls, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1601.001", "score": 2, "comment": "Related to action.malware.variety.Disable controls, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1601.002", "score": 1, "comment": "Related to action.malware.variety.Disable controls"}, {"techniqueID": "T1610", "score": 2, "comment": "Related to action.malware.variety.Downloader, action.malware.variety.Unknown"}, {"techniqueID": "T1204", "score": 5, "comment": "Related to action.malware.variety.Downloader, action.malware.variety.Unknown, action.social.variety.Phishing, action.social.vector.Email, action.social.vector.Social media"}, {"techniqueID": "T1204.001", "score": 6, "comment": "Related to action.malware.variety.Downloader, action.malware.variety.Unknown, action.malware.vector.Email link, action.social.variety.Phishing, action.social.vector.Email, action.social.vector.Social media"}, {"techniqueID": "T1204.002", "score": 6, "comment": "Related to action.malware.variety.Downloader, action.malware.variety.Unknown, action.malware.vector.Email attachment, action.social.variety.Phishing, action.social.vector.Email, action.social.vector.Social media"}, {"techniqueID": "T1204.003", "score": 7, "comment": "Related to action.malware.variety.Downloader, action.malware.variety.Trojan, action.malware.variety.Unknown, action.social.variety.Phishing, action.social.variety.Pretexting, action.social.vector.Email, action.social.vector.Social media"}, {"techniqueID": "T1011", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1011.001", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1020", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1020.001", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1029", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1030", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1041", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1048", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1048.001", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1048.002", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1048.003", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1052", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1052.001", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1074", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1074.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1074.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1197", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1537", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1560", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.001", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.002", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1560.003", "score": 1, "comment": "Related to action.malware.variety.Export data"}, {"techniqueID": "T1567", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1567.001", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1567.002", "score": 2, "comment": "Related to action.malware.variety.Export data, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.007", "score": 3, "comment": "Related to action.malware.variety.In-memory, action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1055", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.001", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.002", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.003", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.004", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.005", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.008", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.009", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.011", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.012", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.013", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1055.014", "score": 1, "comment": "Related to action.malware.variety.In-memory"}, {"techniqueID": "T1115", "score": 2, "comment": "Related to action.malware.variety.In-memory, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1557.003", "score": 1, "comment": "Related to action.malware.variety.MitM"}, {"techniqueID": "T1003", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.001", "score": 3, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.004", "score": 3, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1003.005", "score": 4, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper, action.malware.vector.Email link, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.001", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.002", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.003", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.004", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.005", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.006", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555.001", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555.002", "score": 3, "comment": "Related to action.malware.variety.Password dumper, action.malware.variety.RAM scraper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555.003", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555.004", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1555.005", "score": 2, "comment": "Related to action.malware.variety.Password dumper, attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1486", "score": 3, "comment": "Related to action.malware.variety.Ransomware, attribute.availability.variety.Interruption, attribute.availability.variety.Obscuration"}, {"techniqueID": "T1542", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.001", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.002", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.003", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.004", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1542.005", "score": 1, "comment": "Related to action.malware.variety.Rootkit"}, {"techniqueID": "T1016", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1016.001", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1482", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1595", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1595.001", "score": 1, "comment": "Related to action.malware.variety.Scan network"}, {"techniqueID": "T1080", "score": 3, "comment": "Related to action.malware.variety.Unknown, action.malware.variety.Worm, attribute.integrity.variety.Software installation"}, {"techniqueID": "T1091", "score": 3, "comment": "Related to action.malware.variety.Worm, action.malware.vector.Removable media, action.social.vector.Removable media"}, {"techniqueID": "T1140", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608.001", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608.002", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608.003", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608.004", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1608.005", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1612", "score": 1, "comment": "Related to action.malware.variety.Unknown"}, {"techniqueID": "T1566.001", "score": 4, "comment": "Related to action.malware.vector.Email, action.malware.vector.Email attachment, action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1598.002", "score": 3, "comment": "Related to action.malware.vector.Email attachment, action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1556.002", "score": 3, "comment": "Related to action.malware.vector.Email link, attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1598.003", "score": 3, "comment": "Related to action.malware.vector.Email link, action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1566", "score": 3, "comment": "Related to action.malware.vector.Instant messaging, action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1570", "score": 1, "comment": "Related to action.malware.vector.Network propagation"}, {"techniqueID": "T1092", "score": 1, "comment": "Related to action.malware.vector.Removable media"}, {"techniqueID": "T1189", "score": 2, "comment": "Related to action.malware.vector.Web application - drive-by, action.social.vector.Web application"}, {"techniqueID": "T1566.002", "score": 3, "comment": "Related to action.social.variety.Phishing, action.social.vector.Email, action.social.vector.Web application"}, {"techniqueID": "T1566.003", "score": 2, "comment": "Related to action.social.variety.Phishing, action.social.vector.Email"}, {"techniqueID": "T1598", "score": 2, "comment": "Related to action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1598.001", "score": 2, "comment": "Related to action.social.variety.Phishing, action.social.variety.Pretexting"}, {"techniqueID": "T1534", "score": 2, "comment": "Related to action.social.variety.Pretexting, attribute.integrity.variety.Misrepresentation"}, {"techniqueID": "T1585", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1585.001", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1585.002", "score": 2, "comment": "Related to action.social.variety.Pretexting, value_chain.development.variety.Persona"}, {"techniqueID": "T1546.001", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.002", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.003", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.004", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.005", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.006", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.007", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.008", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.009", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.010", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.011", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.012", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.013", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.014", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1546.015", "score": 1, "comment": "Related to attribute.integrity.variety.Alter behavior"}, {"techniqueID": "T1136.001", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1136.002", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1136.003", "score": 1, "comment": "Related to attribute.integrity.variety.Created account"}, {"techniqueID": "T1491", "score": 2, "comment": "Related to attribute.availability.variety.Obscuration, attribute.integrity.variety.Defacement"}, {"techniqueID": "T1491.001", "score": 2, "comment": "Related to attribute.availability.variety.Obscuration, attribute.integrity.variety.Defacement"}, {"techniqueID": "T1491.002", "score": 2, "comment": "Related to attribute.availability.variety.Obscuration, attribute.integrity.variety.Defacement"}, {"techniqueID": "T1037.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1037.005", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1484.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.005", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.006", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.007", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.008", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.009", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.010", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.012", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1547.013", "score": 1, "comment": "Related to attribute.integrity.variety.Modify configuration"}, {"techniqueID": "T1556.001", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1556.003", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1556.004", "score": 2, "comment": "Related to attribute.integrity.variety.Modify configuration, attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1565", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1565.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify data"}, {"techniqueID": "T1098.001", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.002", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.003", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1098.004", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1547.014", "score": 1, "comment": "Related to attribute.integrity.variety.Modify privileges"}, {"techniqueID": "T1535", "score": 1, "comment": "Related to attribute.integrity.variety.Repurpose"}, {"techniqueID": "T1546.016", "score": 1, "comment": "Related to attribute.integrity.variety.Software installation"}, {"techniqueID": "T1213.003", "score": 1, "comment": "Related to attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552", "score": 1, "comment": "Related to attribute.confidentiality.\"\".data_disclosure"}, {"techniqueID": "T1552.007", "score": 1, "comment": "Related to attribute.confidentiality.\"\".data_disclosure"}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 10}} \ No newline at end of file diff --git a/src/mappings_explorer/cli/mapex/write_parsed_mappings.py b/src/mappings_explorer/cli/mapex/write_parsed_mappings.py index bb7a089c..23c4429f 100644 --- a/src/mappings_explorer/cli/mapex/write_parsed_mappings.py +++ b/src/mappings_explorer/cli/mapex/write_parsed_mappings.py @@ -14,15 +14,6 @@ def write_parsed_mappings_yaml(parsed_mappings, filepath): result_yaml_file.write(parsed_mappings_yaml) -def write_parsed_mappings_json(parsed_mappings, filepath): - result_json_file = open( - f"{filepath}.json", - "w", - encoding="UTF-8", - ) - json.dump(parsed_mappings, fp=result_json_file) - - def write_parsed_mappings_csv(parsed_mappings, filepath, metadata_key): # create csv with metadata metadata_object = parsed_mappings["metadata"] @@ -37,3 +28,76 @@ def write_parsed_mappings_csv(parsed_mappings, filepath, metadata_key): attack_object_df = pd.DataFrame(attack_objects) attack_object_df.to_csv(f"{filepath}_attack-objects.csv") + + +def write_parsed_mappings_navigator_layer(parsed_mappings, filepath, mapping_type): + techniques_dict = get_techniques_dict(parsed_mappings) + layer = create_layer(techniques_dict, parsed_mappings, mapping_type) + navigator_layer = open( + f"{filepath}_navigator_layer.json", + "w", + encoding="UTF-8", + ) + json.dump(layer, fp=navigator_layer) + + +def get_techniques_dict(parsed_mappings): + techniques_dict = {} + for mapping in parsed_mappings["attack-objects"]: + tehchnique_id = mapping["attack-object-id"] + capability_id = mapping["capability-id"] + if techniques_dict.get(tehchnique_id): + techniques_dict[tehchnique_id].append(capability_id) + else: + techniques_dict[tehchnique_id] = [capability_id] + return techniques_dict + + +def create_layer(techniques_dict, parsed_mappings, mapping_type): + description = ( + f"{mapping_type} heatmap overview of {mapping_type} " + "mappings, scores are the number of associated entries" + ) + + # this will change when there is only one metadata object per project + mappings_metadata = parsed_mappings["metadata"] + + gradient = ["#ffe766", "#ffaf66"] + layer = { + "name": f"{mapping_type} overview", + "versions": { + "navigator": "4.8.0", + "layer": "4.4", + "attack": mappings_metadata["attack-version"], + }, + "sorting": 3, + "description": description, + "domain": f"{mappings_metadata['technology-domain']}-attack", + "techniques": [], + "gradient": { + "colors": gradient, + }, + } + for technique in techniques_dict: + related_controls_string = ", ".join(techniques_dict[technique]) + layer["techniques"].append( + { + "techniqueID": technique, + "score": len(techniques_dict[technique]), + "comment": f"Related to {related_controls_string}", + } + ) + + layer["gradient"]["minValue"] = ( + min(map(lambda t: t["score"], layer["techniques"])) + if len(layer["techniques"]) > 0 + else 0 + ) + + layer["gradient"]["maxValue"] = ( + max(map(lambda t: t["score"], layer["techniques"])) + if len(layer["techniques"]) > 0 + else 100 + ) + + return layer