Description
Changes from Rev 4
New control family introduced in Rev 5
MITRE ATT&CK Techniques (22)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 4 Execution 2 Persistence 6 Privilege Escalation 1 Defense Evasion 3 Exfiltration 7
Initial Access
Persistence
Privilege Escalation
Defense Evasion
Exfiltration
T1041 Exfiltration Over C2 Channel T1048 Exfiltration Over Alternative Protocol T1052 Exfiltration Over Physical Medium T1567 Exfiltration Over Web Service T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol T1052.001 Exfiltration over USB
Compliance Mappings
CIS Controls v8
CIS 16.11CIS 16.4CIS 16.5
NIST CSF 2.0
ID.RA-09
CSA CCM v4
TVM-05
CSA AICM v1
TVM-05
ISO 42001:2023
A.7.5
ANSSI
Hygiene.42SecNumCloud.16.1
FINMA Circular 2023/1
V(109)V(110)
OSFI B-13
B-13.4.1
EU GDPR
Art.28(3)(a)Art.28(3)(h)
EU DORA
Art.28(5)Art.30(2)(a)
EU CRA
CRA.II.1
UAE IA
T10
CBB TM
TM-15
Qatar NIA
SD
IOSCO Cyber Resilience
PROT-7
FFIEC IS
II.C.14
SEBI CSCRF
PR.AS
BOT Cyber Resilience
Ch5.1
Solvency II
DR.272EIOPA-Cloud-GL3
Lloyd's Minimum Standards
MS8.8
FCA SYSC 13
SYSC 13.9.2
HITRUST CSF v11
05.b
FDA Cybersecurity Guidance
524B-1SBOM-1SBOM-2SBOM-3ST-4
NHS DSPT
NDG-10.1NDG-10.4
MiCA
Art.66(3)
Basel SCO60
SCO60.54
BSSC Standards
NOS-02