← Controls / SI

SI-15 Information Output Filtering

System and Information Integrity

Description

Validate information output from the following software programs and/or applications to ensure that the information is consistent with the expected content: [Assignment: organization-defined parameters].

Supplemental Guidance

Certain types of attacks, including SQL injections, produce output results that are unexpected or inconsistent with the output results that would be expected from software programs or applications. Information output filtering focuses on detecting extraneous content, preventing such extraneous content from being displayed, and then alerting monitoring tools that anomalous behavior has been discovered.

Changes from Rev 4

No significant title changes from Rev 4.

MITRE ATT&CK Techniques (42)

Techniques mitigated by this control, mapped via CTID.

Persistence 3 Defense Evasion 9 Credential Access 7 Discovery 1 Lateral Movement 3 Collection 8 Command & Control 8 Exfiltration 5 Impact 8

Show all 42 techniques grouped by tactic

Persistence

T1197 BITS Jobs T1205 Traffic Signaling T1205.001 Port Knocking

Defense Evasion

T1197 BITS Jobs T1205 Traffic Signaling T1599 Network Boundary Bridging T1622 Debugger Evasion T1205.001 Port Knocking T1218.012 Verclsid T1218.015 Electron Applications T1564.009 Resource Forking T1599.001 Network Address Translation Traversal

Credential Access

T1187 Forced Authentication T1552 Unsecured Credentials T1557 Adversary-in-the-Middle T1552.005 Cloud Instance Metadata API T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay T1557.002 ARP Cache Poisoning T1557.003 DHCP Spoofing

Discovery

T1622 Debugger Evasion

Lateral Movement

T1570 Lateral Tool Transfer T1021.002 SMB/Windows Admin Shares T1021.005 VNC

Collection

T1530 Data from Cloud Storage T1557 Adversary-in-the-Middle T1602 Data from Configuration Repository T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay T1557.002 ARP Cache Poisoning T1557.003 DHCP Spoofing T1602.001 SNMP (MIB Dump) T1602.002 Network Device Configuration Dump

Command & Control

T1090 Proxy T1095 Non-Application Layer Protocol T1205 Traffic Signaling T1219 Remote Access Software T1572 Protocol Tunneling T1071.004 DNS T1090.003 Multi-hop Proxy T1205.001 Port Knocking

Exfiltration

T1048 Exfiltration Over Alternative Protocol T1537 Transfer Data to Cloud Account T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol

Impact

T1498 Network Denial of Service T1499 Endpoint Denial of Service T1498.001 Direct Network Flood T1498.002 Reflection Amplification T1499.001 OS Exhaustion Flood T1499.002 Service Exhaustion Flood T1499.003 Application Exhaustion Flood T1499.004 Application or System Exploitation

Compliance Mappings

COBIT 2019

DSS06

RBI CSF

Annex1.6

CBUAE

CR-6

CBE CSF

CTO-4

SA JS2

JS2-SA

BoG CISD

CISD-SDLC

BCBS 239

Principle 3Principle 7Principle 9

PRA SS1/23

P3.2

HITRUST CSF v11

10.b

Basel SCO60

SCO60.70SCO60.72