mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
2587 lines
75 KiB
JSON
2587 lines
75 KiB
JSON
|
{
|
||
|
"authors": [
|
||
|
"MITRE"
|
||
|
],
|
||
|
"category": "mitigation",
|
||
|
"description": "MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.",
|
||
|
"name": "MITRE FiGHT Mitigations",
|
||
|
"source": "https://fight.mitre.org/",
|
||
|
"type": "mitre-fight",
|
||
|
"uuid": "fe20707f-2dfb-4436-8520-8fedb8c79668",
|
||
|
"values": [
|
||
|
{
|
||
|
"description": "Increase RACH resources on the gNB (bandwith, time slots)",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5021",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5021"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "053c159a-7cd4-54d3-b4fd-4b644abe25e2",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "31078df7-f6c6-52fd-a08b-773a09160d4d",
|
||
|
"value": "Increase RACH (Random Access CHannel resources)"
|
||
|
},
|
||
|
{
|
||
|
"description": "When the subscriber affiliation is reflected in the home network identifier (part of subscriber identifier), and would benefit from not being sent in the clear, the subscriber's provider (home network) should be a proxy mobile network operator - whose identifier does not reveal the true affiliation of the subscriber.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5022",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5022"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "81928f19-4fcf-5b24-9387-b03f3c19ba64",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "381fd134-4653-5c81-aeb3-8987d97be831",
|
||
|
"value": "Proxy home network"
|
||
|
},
|
||
|
{
|
||
|
"description": "Perform periodic authentication and authorization of consumer NFs by NRF",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5023",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5023"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "223ee7bf-9652-51e1-a73b-62beaf017d28",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "125c7700-bd59-5af8-848f-8d4de790a967",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c1cb90f5-0769-5e16-bcad-458b68448290",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b7d97abb-011a-5c34-b1e6-fb52dad3c728",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "afb4b3e2-3b27-558f-8b93-cc7d52847880",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "315f5d98-1aa8-5d25-9d57-4b6a0ea9958a",
|
||
|
"value": "Periodic Authentication & Authorization of NFs"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use strong data integrity protection algorithms.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5024",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5024"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "050010f3-0741-517b-a44b-e5c0384cd652",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "694a6379-8c2a-5a60-8239-4004509d2069",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c2153691-d8a1-5d60-a5dd-456337ca872a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d1feaf56-ae8c-5726-b17b-0149ce7a91f7",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8d6964fb-fab4-525a-93ce-f5a1d436d8eb",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "4041250a-4a28-5877-9817-e4846ec78c5e",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "cccb021c-dd96-5d72-904f-c55ad24598de",
|
||
|
"value": "Integrity protection of data communication"
|
||
|
},
|
||
|
{
|
||
|
"description": "Disable or remove an RF transmitter",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5001",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5001"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a197ad7f-265d-5d5f-afe3-da6a33bedbc9",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "916de5dd-cb01-57ab-9e11-1cd147a840b4",
|
||
|
"value": "Disable malicious transmitter"
|
||
|
},
|
||
|
{
|
||
|
"description": "User Equipment (UE) can reject e.g. RRC signaling such as RRC Release with Redirect info, if not integrity protected.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5002",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5002"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "f496a628-bfe9-51ec-8ebf-d78cfe752c7c",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "4d506842-0cd5-5dfc-9bab-dd0800817238",
|
||
|
"value": "Discard RAN signaling received without integrity protection"
|
||
|
},
|
||
|
{
|
||
|
"description": "NFs such as NRF should cross check with TLS layer before issuing token to an NF",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5003",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5003"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "193a90c2-215e-5340-9628-fade3b0d88a6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1369b34e-f6b7-5549-bf07-560e65641726",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6fb09d9b-f462-5aff-857d-1ef31a4d4036",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "c1144b6f-994d-5a18-9c38-f40e89a4d19f",
|
||
|
"value": "Cross check between application layer and transport layer"
|
||
|
},
|
||
|
{
|
||
|
"description": "Employ a SMS Router that intercepts incoming location queries (from other operators), configured so that it can't be subverted.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5004",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5004"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "31dbb269-1244-5113-a82e-15d3503c6c9a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "42ff8bbd-7d2d-5e77-991d-62e9f7e16500",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b703c8f8-28b1-5fb3-8cbd-a1b154fddc68",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1f38842c-f33b-559a-b8d1-a122444b3a7e",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9493634f-2d0d-5f25-9c3e-be342453bd6d",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "b6db0fd1-7f3d-5873-bce6-6a2c56b2af9c",
|
||
|
"value": "Correctly configure SMS firewall"
|
||
|
},
|
||
|
{
|
||
|
"description": "Physical protection of: communications centers, Telecommunications equipment room, Physically isolated operation areas, Equipment sited in other carrier's or partner's premises, cable/fibers, junction boxes,",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5005",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5005"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "e68305ff-66cd-561c-ad2a-ec52af816e49",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9b4ab0a5-6569-5ce5-ac35-4f632ad26368",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "01ff78f1-27a8-553e-bc67-299a1a9203d1",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "43f379c1-07a7-5d2d-beac-368ceedf469a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "82950003-cd95-54ed-8988-4ad75642e467",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "a22ac7a1-fb1e-57f9-988c-8205b22cc619",
|
||
|
"value": "Physical and environmental protection"
|
||
|
},
|
||
|
{
|
||
|
"description": "This profile does not allow bidding down to 4G",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5006",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5006"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "339962a1-33fa-57b3-be62-29fee78e33ce",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9c0ebe3d-6a66-5914-83a1-0adcdbbe878b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "cce626f3-b774-5f29-b1d2-5fb96a5befef",
|
||
|
"value": "Restrictive user profile"
|
||
|
},
|
||
|
{
|
||
|
"description": "Subscription that includes unlimited data can prevent DoS due to exhausion of data plan limits",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5007",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5007"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "e1f9e40f-2345-5140-bf1f-4d53e69451f8",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "4ccdd7b7-9def-5930-99ed-d397e1d5b4c5",
|
||
|
"value": "Unlimited data plan"
|
||
|
},
|
||
|
{
|
||
|
"description": "On the UE, monitor installed applications for data usage and perform throttling if necessary",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5008",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5008"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "e1f9e40f-2345-5140-bf1f-4d53e69451f8",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "1a002036-92d8-5319-bfd7-248f2e6434f9",
|
||
|
"value": "Monitor installed applications for data usage"
|
||
|
},
|
||
|
{
|
||
|
"description": "Services are refreshed periodically and/or terminated after completion of a request.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5010",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5010"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "79bf7c2f-c083-52b6-b18d-c2eea6dfceb2",
|
||
|
"value": "Non-Persistent Services"
|
||
|
},
|
||
|
{
|
||
|
"description": "Check if IMSI is served by the slice ID (NSSAI)",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5012",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5012"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "05e1f2ce-b171-541f-9dea-0356fa9eeb3b",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "464d43cf-45ad-5f06-9619-b6648a37d239",
|
||
|
"value": "Slice ID check"
|
||
|
},
|
||
|
{
|
||
|
"description": "UDM/UDR should correctly implement UE authentication/registration status updates.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5013",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5013"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "125c7700-bd59-5af8-848f-8d4de790a967",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "94fbd6a2-caec-5a7e-9698-569d2a3d4c70",
|
||
|
"value": "Timely updates to UE status"
|
||
|
},
|
||
|
{
|
||
|
"description": "UDM can check whether a requesting AMF is likely to be the one serving that UE.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5014",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5014"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "125c7700-bd59-5af8-848f-8d4de790a967",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "9878da52-42e3-59bb-b16b-30024a0a4771",
|
||
|
"value": "UE location plausibility"
|
||
|
},
|
||
|
{
|
||
|
"description": "NEF should authorize API calls especially from external AFs for service accesses",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5019",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5019"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "da7624f2-39c0-5684-a81b-d33b571811e8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1369b34e-f6b7-5549-bf07-560e65641726",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c1cb90f5-0769-5e16-bcad-458b68448290",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c91889e3-0989-54bc-9344-6d5c0841ff94",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "8b7ba061-2465-5f09-a034-431bd7ca577c",
|
||
|
"value": "Authorize external API calls"
|
||
|
},
|
||
|
{
|
||
|
"description": "Including EIR Equipment Identity Register",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5020",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5020"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "c495a257-7155-54b2-abf8-86d87cf5693e",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e09e20a-1d87-5aed-95e4-bf7042bb29bd",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "87b2315f-db71-566b-878f-9e579fb242af",
|
||
|
"value": "Secure subscriber repositories"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use zero trust principles for application/NF protection",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5033",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5033"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "27021503-2167-5be1-bb17-1c83a0f4dcc6",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "7d0e6026-b9d9-5aa3-84d5-b6e689615605",
|
||
|
"value": "Zero Trust"
|
||
|
},
|
||
|
{
|
||
|
"description": "Separate repositositories must be maintained for development and production software to avoid access and image slipovers",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5088",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5088"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "6aadfd3f-9f22-55a1-965f-559845f7c3c4",
|
||
|
"value": "Separate repositories for development and production"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use image name and hash to verify image during deployment",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5089",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5089"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "51c9dce1-3901-5469-8840-ea8bc24e1703",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "f5161722-ba76-5111-b4e1-5be22d958b75",
|
||
|
"value": "Verify image in deployment"
|
||
|
},
|
||
|
{
|
||
|
"description": "Correlate logs between SDN controllers and network elements",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5090",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5090"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e72f4c00-8cb5-5e2e-b2ef-24a4c5609efe",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "22139148-14ef-5a59-a345-d4fcd502a317",
|
||
|
"value": "Log correlation"
|
||
|
},
|
||
|
{
|
||
|
"description": "Enforce mutual authentication between SDN controller, network elements, SDN controller and SDN application",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5091",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5091"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "fcdd534a-5b3d-5d5c-a394-c25bba4c3eda",
|
||
|
"value": "Mutual authentication"
|
||
|
},
|
||
|
{
|
||
|
"description": "UE warn user of lower security network.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5092",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5092"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "f496a628-bfe9-51ec-8ebf-d78cfe752c7c",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "b188a8b7-ce54-5130-bb62-4de2bea50671",
|
||
|
"value": "Warn user"
|
||
|
},
|
||
|
{
|
||
|
"description": "UDM/SIDF checks if SUCI freshness parameter from the same UE (with same SUPI) is identical during SUCI deconcealment within a short period of time",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5093",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5093"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bd995aff-6175-5cef-a78a-652632ab62f8",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "5eb89efa-6c06-510d-8925-36acf823336c",
|
||
|
"value": "SUCI freshness parameter"
|
||
|
},
|
||
|
{
|
||
|
"description": "Network (AMF) should allocate new 5G-GUTI whenever possible; UPF and gNB should allocate unique Tunnel IDs. SMF should check newly allocated charging IDs.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5094",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5094"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "55a7ea1f-64ed-586b-a433-fe7cb0a9cf34",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "7204f27e-130a-5f8e-a146-be299759a0b1",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "afb4b3e2-3b27-558f-8b93-cc7d52847880",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "ea7e5e52-dd1d-5756-8311-fe6705bdb083",
|
||
|
"value": "Allocate new 5G identifiers judiciously"
|
||
|
},
|
||
|
{
|
||
|
"description": "Verify if the TLS certificate is valid for the endpoint",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5095",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5095"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "694a6379-8c2a-5a60-8239-4004509d2069",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "a0a6a559-19a1-55fc-8718-a15728e46c34",
|
||
|
"value": "TLS certificate check"
|
||
|
},
|
||
|
{
|
||
|
"description": "Disable usage of location on UE device",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5096",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5096"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "eac71fab-a7af-5480-a48f-310ebb01fd07",
|
||
|
"value": "Disable UE location use"
|
||
|
},
|
||
|
{
|
||
|
"description": "Restrict UE to bid down (from 5G) or use of less secure system",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5097",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5097"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "f496a628-bfe9-51ec-8ebf-d78cfe752c7c",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "7897a6c7-460b-5e0c-95d7-1185ff5b1a45",
|
||
|
"value": "Disable acceptance of a less secure system"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use UE only when needed. Turn power off when not in use.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5098",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5098"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "aba33a6e-1a01-557c-9523-dea3f568ca8b",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "6902c7fa-b716-5673-b870-1e48e576845b",
|
||
|
"value": "Reduce UE usage"
|
||
|
},
|
||
|
{
|
||
|
"description": "Move UE close to gNB or indoors to make geo-location harder",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5099",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5099"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a197ad7f-265d-5d5f-afe3-da6a33bedbc9",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "aba33a6e-1a01-557c-9523-dea3f568ca8b",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "f6943911-4cc0-5825-ab1c-b889d3b3c989",
|
||
|
"value": "Move UE close to gNB"
|
||
|
},
|
||
|
{
|
||
|
"description": "Raising the height of the UE may move it outside another RF source, e.g. jammer",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5100",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5100"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a197ad7f-265d-5d5f-afe3-da6a33bedbc9",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "bd198272-946a-59c7-b50c-f7812fadf5b2",
|
||
|
"value": "Raise height of UE"
|
||
|
},
|
||
|
{
|
||
|
"description": "Isolate CDR databases from the rest of the IT systems/NOC resources",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5101",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5101"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "b0a12688-1f2a-5883-bbab-935ae07db395",
|
||
|
"value": "Isolate CDR database"
|
||
|
},
|
||
|
{
|
||
|
"description": "Run at the UE side an application/tool to detect and not respond to silent SMS messages",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5102",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5102"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "1f38842c-f33b-559a-b8d1-a122444b3a7e",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9493634f-2d0d-5f25-9c3e-be342453bd6d",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "036a0bde-15dd-5661-aaa2-2c03488d9198",
|
||
|
"value": "Silent SMS blocker"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use a firewall or other rate limiter for signaling and user plane traffic coming into 5G network",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5498",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5498"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "db54d004-c3b2-50ed-a591-314aa64c3cfe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1bb0f047-9620-5b17-9600-67fde122add6",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "d5c6ff64-176e-5935-9d33-7d7b78fd2b14",
|
||
|
"value": "Limit incoming signaling and user plane traffic"
|
||
|
},
|
||
|
{
|
||
|
"description": "Producer NF e.g. AUSF can rate limit authentication requests from the same SUCI/SUPI too many times in a short period. Or NRF not respond to requests after a given number of failed NSSAI lookups",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5499",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5499"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "053c159a-7cd4-54d3-b4fd-4b644abe25e2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e337b468-e4b9-52d0-91d9-988f7ed2d446",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "8a908176-33cc-5fbc-900d-f496f04c5344",
|
||
|
"value": "Rate limiting by producer NF"
|
||
|
},
|
||
|
{
|
||
|
"description": "E.g. restrict access to IR.21 database",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5500",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5500"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a52fef9e-78f3-525a-93ed-21281dfc9165",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "a20446d7-5ae8-55fb-b427-321d58ec1c7f",
|
||
|
"value": "Restrict access to operator OA&M resources"
|
||
|
},
|
||
|
{
|
||
|
"description": "Operator should deploy TLS proxies or firewalls on the SBA that can inspect packets to detect anomalies",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5501",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5501"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "193a90c2-215e-5340-9628-fade3b0d88a6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "baac2363-a121-57f7-85e0-5fa2b3e91b5d",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "39a823fe-072a-54a2-90cb-522e0a8c149c",
|
||
|
"value": "TLS proxy/firewalls with DPI on the SBA"
|
||
|
},
|
||
|
{
|
||
|
"description": "Examples: employ home routing vs. local bypass.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5503",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5503"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "77711215-9211-570f-90bf-4e441126c231",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "002cc4aa-4570-500f-bcca-55e38a713ab8",
|
||
|
"value": "Increase control of home network for user plane"
|
||
|
},
|
||
|
{
|
||
|
"description": "Cloud compute, cloud storage and any serverless activity should be isolated from other tenants",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5504",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5504"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "0d34588f-990e-5b8a-800a-f5ab55389ddc",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "22b865fb-9dda-5314-b8a9-81b5436c44a6",
|
||
|
"value": "Resource Isolation in virtualization environment"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hardware mediated execution environment",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5505",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5505"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d34588f-990e-5b8a-800a-f5ab55389ddc",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "f3a29b91-8b44-53ed-8fe3-1c417f3ff8b9",
|
||
|
"value": "Hardware mediated execution environment"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use of Network Slice Templates -Use of templates for network slicing can enforce baseline security and isolation requirements. These templates can be created for networks, compute and 5G slice functions deployments.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5506",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5506"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3fc82d7f-294b-59fd-9885-ec3c24d4259b",
|
||
|
"value": "network slice templates"
|
||
|
},
|
||
|
{
|
||
|
"description": "Continuity of power supplies to equipment deployed in the field.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5540",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5540"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "9b4ab0a5-6569-5ce5-ac35-4f632ad26368",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "9b7c8176-c017-5f3c-96f3-bb3072df525e",
|
||
|
"value": "Power supplies"
|
||
|
},
|
||
|
{
|
||
|
"description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.",
|
||
|
"meta": {
|
||
|
"external_id": "M1016",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1016"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "6d098b34-48eb-5f31-88ac-0a1f8028541c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "3ba77568-0469-540a-bce9-8cde815d5d86",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c412d167-075e-5ecf-84f5-624c4b44b253",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "182337e0-b8d6-55da-9e9b-141029f9eb9b",
|
||
|
"value": "Vulnerability Scanning"
|
||
|
},
|
||
|
{
|
||
|
"description": "Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.",
|
||
|
"meta": {
|
||
|
"external_id": "M1017",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1017"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "546fe007-3842-55ef-a805-98bcd7f3ad8d",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c2153691-d8a1-5d60-a5dd-456337ca872a",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "aa26e841-b71e-59d1-840b-15d8fec5e032",
|
||
|
"value": "User Training"
|
||
|
},
|
||
|
{
|
||
|
"description": "Manage the creation, modification, use, and permissions associated to user accounts.",
|
||
|
"meta": {
|
||
|
"external_id": "M1018",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1018"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "223ee7bf-9652-51e1-a73b-62beaf017d28",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5070a116-df07-5ad9-a3d5-fc5c9f9cb198",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5da5a574-4e9e-595f-abd1-b23a3aa71fbe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "686a3700-8ee3-52d3-954f-d2ec4abf14aa",
|
||
|
"value": "User Account Management"
|
||
|
},
|
||
|
{
|
||
|
"description": "Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.",
|
||
|
"meta": {
|
||
|
"external_id": "M1020",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1020"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6fb09d9b-f462-5aff-857d-1ef31a4d4036",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "31f00f97-157f-529c-96aa-e94a74f3a271",
|
||
|
"value": "SSL/TLS Inspection"
|
||
|
},
|
||
|
{
|
||
|
"description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.",
|
||
|
"meta": {
|
||
|
"external_id": "M1022",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1022"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c2153691-d8a1-5d60-a5dd-456337ca872a",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "98e2c930-af98-58ec-9c07-acea1cf2b6a2",
|
||
|
"value": "Restrict File and Directory Permissions"
|
||
|
},
|
||
|
{
|
||
|
"description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.",
|
||
|
"meta": {
|
||
|
"external_id": "M1026",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1026"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "2e9b67f3-da8f-5680-b4e1-092cb9fba4a9",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5da5a574-4e9e-595f-abd1-b23a3aa71fbe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "69f88409-9eb0-522a-be97-8fd230c68ab5",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "177506f3-cd8d-5035-b807-6528e3a75c5f",
|
||
|
"value": "Privileged Account Management"
|
||
|
},
|
||
|
{
|
||
|
"description": "Set and enforce secure password policies for accounts.",
|
||
|
"meta": {
|
||
|
"external_id": "M1027",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1027"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "2e9b67f3-da8f-5680-b4e1-092cb9fba4a9",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "69dd1793-f0d3-51dc-974d-a43031c0b343",
|
||
|
"value": "Password Policies"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use remote security log and sensitive file storage where access can be controlled better to prevent exposure of intrusion detection log data or sensitive information.",
|
||
|
"meta": {
|
||
|
"external_id": "M1029",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1029"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "17ed120e-33c6-5992-a6f6-dad8dbb2e1aa",
|
||
|
"value": "Remote Data Storage"
|
||
|
},
|
||
|
{
|
||
|
"description": "Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.",
|
||
|
"meta": {
|
||
|
"external_id": "M1030",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1030"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "223ee7bf-9652-51e1-a73b-62beaf017d28",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "37523488-caf0-501a-8932-3a5e0792babf",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "324d139b-10ba-5228-9da1-61464a09a63a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c7db9e6c-f847-5493-9906-ea167f5817f6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b7d97abb-011a-5c34-b1e6-fb52dad3c728",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c2153691-d8a1-5d60-a5dd-456337ca872a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d34588f-990e-5b8a-800a-f5ab55389ddc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "69f88409-9eb0-522a-be97-8fd230c68ab5",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "9c376223-8d89-5179-8a56-51de20697bd2",
|
||
|
"value": "Network Segmentation"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use intrusion detection signatures to block traffic at network boundaries.",
|
||
|
"meta": {
|
||
|
"external_id": "M1031",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1031"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "37523488-caf0-501a-8932-3a5e0792babf",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "324d139b-10ba-5228-9da1-61464a09a63a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d1feaf56-ae8c-5726-b17b-0149ce7a91f7",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1bb0f047-9620-5b17-9600-67fde122add6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "4041250a-4a28-5877-9817-e4846ec78c5e",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "519ee587-bcda-5021-997d-9fc257c4720a",
|
||
|
"value": "Network Intrusion Prevention"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.",
|
||
|
"meta": {
|
||
|
"external_id": "M1032",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1032"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "5070a116-df07-5ad9-a3d5-fc5c9f9cb198",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "83f7cc44-00e0-5ca0-99a0-51de9c080ce0",
|
||
|
"value": "Multi-factor Authentication"
|
||
|
},
|
||
|
{
|
||
|
"description": "Block users or groups from installing unapproved software.",
|
||
|
"meta": {
|
||
|
"external_id": "M1033",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1033"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e72f4c00-8cb5-5e2e-b2ef-24a4c5609efe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "d77cd76e-6cf8-5345-ba70-cd17b9215573",
|
||
|
"value": "Limit Software Installation"
|
||
|
},
|
||
|
{
|
||
|
"description": "Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.",
|
||
|
"meta": {
|
||
|
"external_id": "M1035",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1035"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "7204f27e-130a-5f8e-a146-be299759a0b1",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5da5a574-4e9e-595f-abd1-b23a3aa71fbe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c7db9e6c-f847-5493-9906-ea167f5817f6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "79119bb4-e146-5c99-ab3f-7ed4ed1e975a",
|
||
|
"value": "Limit Access to Resource Over Network"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.",
|
||
|
"meta": {
|
||
|
"external_id": "M1037",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1037"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c1cb90f5-0769-5e16-bcad-458b68448290",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c7db9e6c-f847-5493-9906-ea167f5817f6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d1feaf56-ae8c-5726-b17b-0149ce7a91f7",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "38a0f42d-caf7-50cc-b32f-7513019a8491",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c6b2b946-0822-5890-9092-c08dcc7f3487",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0a3439d9-ff83-51cb-9661-65c311c87723",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "ed391833-59f3-5049-9017-66427a8d8a17",
|
||
|
"value": "Filter Network Traffic"
|
||
|
},
|
||
|
{
|
||
|
"description": "Block execution of code on a system through application control, and/or script blocking.",
|
||
|
"meta": {
|
||
|
"external_id": "M1038",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1038"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5da5a574-4e9e-595f-abd1-b23a3aa71fbe",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "9a269951-76a2-5c22-9f28-a2be9ba89a7f",
|
||
|
"value": "Execution Prevention"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.",
|
||
|
"meta": {
|
||
|
"external_id": "M1040",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1040"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "da7624f2-39c0-5684-a81b-d33b571811e8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1369b34e-f6b7-5549-bf07-560e65641726",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "ebbb02f1-0909-5282-8684-a188557e45c6",
|
||
|
"value": "Behavior Prevention on Endpoint"
|
||
|
},
|
||
|
{
|
||
|
"description": "Protect sensitive information with strong encryption.",
|
||
|
"meta": {
|
||
|
"external_id": "M1041",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1041"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "08f36eb6-949f-5c5b-a21c-89632af4992e",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "9c0ebe3d-6a66-5914-83a1-0adcdbbe878b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "050010f3-0741-517b-a44b-e5c0384cd652",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "694a6379-8c2a-5a60-8239-4004509d2069",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c2153691-d8a1-5d60-a5dd-456337ca872a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0d34588f-990e-5b8a-800a-f5ab55389ddc",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0fb6c06a-2c2e-5d38-85c3-bf0646f73e7d",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "1bb0f047-9620-5b17-9600-67fde122add6",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "71801a06-41bd-5336-a539-e8bea9d647f7",
|
||
|
"value": "Encrypt Sensitive Information"
|
||
|
},
|
||
|
{
|
||
|
"description": "Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.",
|
||
|
"meta": {
|
||
|
"external_id": "M1042",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1042"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "37523488-caf0-501a-8932-3a5e0792babf",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "324d139b-10ba-5228-9da1-61464a09a63a",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3dddab8a-adb1-5340-a0a0-6101660290de",
|
||
|
"value": "Disable or Remove Feature or Program"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.",
|
||
|
"meta": {
|
||
|
"external_id": "M1043",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1043"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "4d882eab-1588-508e-b3fc-f7221cad2db8",
|
||
|
"value": "Credential Access Protection"
|
||
|
},
|
||
|
{
|
||
|
"description": "Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing.",
|
||
|
"meta": {
|
||
|
"external_id": "M1045",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1045"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "ef3488c0-caca-5662-afbf-c906cbadb660",
|
||
|
"value": "Code Signing"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.",
|
||
|
"meta": {
|
||
|
"external_id": "M1046",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1046"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3ea67e5f-f46e-5b5d-a987-0008b66fddfc",
|
||
|
"value": "Boot Integrity"
|
||
|
},
|
||
|
{
|
||
|
"description": "Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.",
|
||
|
"meta": {
|
||
|
"external_id": "M1047",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1047"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e72f4c00-8cb5-5e2e-b2ef-24a4c5609efe",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "da7624f2-39c0-5684-a81b-d33b571811e8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "7204f27e-130a-5f8e-a146-be299759a0b1",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "694a6379-8c2a-5a60-8239-4004509d2069",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "4d8acf53-2350-5390-af4d-7ba1f5f9dc13",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "69f88409-9eb0-522a-be97-8fd230c68ab5",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "a30b7d01-b740-5538-b28d-d87befd5fd29",
|
||
|
"value": "Audit"
|
||
|
},
|
||
|
{
|
||
|
"description": "Restrict execution of code to a virtual environment on or in transit to an endpoint system.",
|
||
|
"meta": {
|
||
|
"external_id": "M1048",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1048"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "125376f1-4b4e-51b5-9bc4-78f78acd3f91",
|
||
|
"value": "Application Isolation and Sandboxing"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use signatures or heuristics to detect malicious software.",
|
||
|
"meta": {
|
||
|
"external_id": "M1049",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1049"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "13af63d4-19a4-5b48-939e-a65054abb690",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "b30b0bba-d220-5835-9ab8-5e0308f55979",
|
||
|
"value": "Anti-virus & Anti-malware"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.",
|
||
|
"meta": {
|
||
|
"external_id": "M1050",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1050"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "3ba77568-0469-540a-bce9-8cde815d5d86",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3338eab7-16f1-5ba8-8e82-5faf0ed9b31a",
|
||
|
"value": "Exploit Protection"
|
||
|
},
|
||
|
{
|
||
|
"description": "Perform regular software updates to mitigate exploitation risk.",
|
||
|
"meta": {
|
||
|
"external_id": "M1051",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1051"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6d098b34-48eb-5f31-88ac-0a1f8028541c",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "c412d167-075e-5ecf-84f5-624c4b44b253",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "f54f2c17-0cf6-536a-b52e-a886652815d6",
|
||
|
"value": "Update Software"
|
||
|
},
|
||
|
{
|
||
|
"description": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.",
|
||
|
"meta": {
|
||
|
"external_id": "M1053",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1053"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "1f4b61bd-9209-5d04-8a90-bc3e4fe84226",
|
||
|
"value": "Data Backup"
|
||
|
},
|
||
|
{
|
||
|
"description": "Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.",
|
||
|
"meta": {
|
||
|
"external_id": "M1054",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1054"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "08f36eb6-949f-5c5b-a21c-89632af4992e",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "dd78a499-3b11-5095-9db9-58cef55bef9e",
|
||
|
"value": "Software Configuration"
|
||
|
},
|
||
|
{
|
||
|
"description": "This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.",
|
||
|
"meta": {
|
||
|
"external_id": "M1056",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1056"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "08f36eb6-949f-5c5b-a21c-89632af4992e",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98509c8f-fa9a-5306-90fe-eb2d2050f2b9",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "2e25feaa-6036-5833-ae25-2c5687ef3041",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "6c6aaa20-ac32-52e3-9849-c97e292cf9e0",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "3c50055f-d371-54f1-b729-2109c06914fb",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "27c6473f-503d-5380-8105-46b493ea9786",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "2c489bc7-ef36-5b43-b353-79c11b82f42a",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "7d8b78b4-09f2-516d-b81e-1b3dc8336d08",
|
||
|
"value": "Pre-compromise"
|
||
|
},
|
||
|
{
|
||
|
"description": "Randomize TEID allocations.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5507",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5507"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3ccf3180-9e3b-56e1-b135-aa7815d11d2f",
|
||
|
"value": "TEID allocation"
|
||
|
},
|
||
|
{
|
||
|
"description": "Refresh TEID allocations frequently.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5508",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5508"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "77b802ef-08b6-5cfa-bc8e-408493d6d502",
|
||
|
"value": "Refresh TEIDs"
|
||
|
},
|
||
|
{
|
||
|
"description": "Filter encapsulated GTP-U packets received from UE.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5509",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5509"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "49c63d05-3a82-52ba-b041-f917b1663e92",
|
||
|
"value": "Filter GTP-U packets"
|
||
|
},
|
||
|
{
|
||
|
"description": "Filter user plane packets received from UE which have destination address set core NF's IP address.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5510",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5510"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "c7b888fb-5cff-5e2f-bb9a-1812b325f935",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "cb938ec5-708c-5292-acaa-41f8d3c33fbb",
|
||
|
"value": "Filter packets to core NF sent by UE"
|
||
|
},
|
||
|
{
|
||
|
"description": "Monitor NAS messages from UE for incorrect or very large header length.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5511",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5511"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "8bb2a143-8c23-5de4-8c85-4b8df958ddc3",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "3ba69d47-68a4-50dc-b186-1f95d00879e0",
|
||
|
"value": "Verify NAS messages from UE"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use high availability feature for all core network functions.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5512",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5512"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "8bb2a143-8c23-5de4-8c85-4b8df958ddc3",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "6ec79399-e952-5232-a6f3-9570dd2b328e",
|
||
|
"value": "Use high availability"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use Diameter End-to-end Signaling Security (DESS)",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5513",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5513"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "42ff8bbd-7d2d-5e77-991d-62e9f7e16500",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "b703c8f8-28b1-5fb3-8cbd-a1b154fddc68",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "4b4e1865-22c1-5a4e-a816-5285c94a126b",
|
||
|
"value": "Use DESS security"
|
||
|
},
|
||
|
{
|
||
|
"description": "Minimize number of connections to eNB in NSA mode.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5514",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5514"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "0fb6c06a-2c2e-5d38-85c3-bf0646f73e7d",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "91e3d6a4-6ced-5f66-8c05-65e2f4c6602d",
|
||
|
"value": "Minmize eNB connections"
|
||
|
},
|
||
|
{
|
||
|
"description": "Move mIAB node to another location to avoid RF jamming.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5515",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5515"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "9ab2ef09-66e5-5f94-9e95-0a46be5d2642",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "a577fa35-33d5-5de9-863c-c06e92f35bef",
|
||
|
"value": "Move mIAB node"
|
||
|
},
|
||
|
{
|
||
|
"description": "Allow tokens with short lifetime to prevent AiTM attacks by replaying stolen tokens.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5516",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5516"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "c356214c-fc72-5b71-b434-15459f40251f",
|
||
|
"value": "Make xApp sessions short lived"
|
||
|
},
|
||
|
{
|
||
|
"description": "Use application layer data obfuscation technique for example use of Orbot as Tor proxy to send all traffic through Tor circuit.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5517",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5517"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "9c0ebe3d-6a66-5914-83a1-0adcdbbe878b",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "aff10ded-e6c1-5ee9-aa82-1eb71c8b2709",
|
||
|
"value": "Use obfuscation at application layer"
|
||
|
},
|
||
|
{
|
||
|
"description": "APIs in the system should use secure access and data transport using TLS 1.3 or latest.",
|
||
|
"meta": {
|
||
|
"external_id": "M1009",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1009"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "1399a928-070b-55cf-856a-b2adb9005ccd",
|
||
|
"value": "Encrypt Network Traffic"
|
||
|
},
|
||
|
{
|
||
|
"description": "Create and enforce resource policy; policy can include SLA, quotas, QOS etc.",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5518",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5518"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "862ae052-4fdb-5c58-8b5a-7925b4442500",
|
||
|
"value": "Resource Policy enforcement"
|
||
|
},
|
||
|
{
|
||
|
"description": "5G Operators should evaluate suppliers of services for their technical and administrative controls to ensure that it meets minimum standards for assured services. These evaluations may include SW, HD supply chain, personnel and process used for service creation.",
|
||
|
"meta": {
|
||
|
"external_id": "M0817",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M0817"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "24e1a9d7-75fb-58e1-b9c9-560a91d17886",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "7d8ed7d5-df88-584a-93b7-7fa6d691418c",
|
||
|
"value": "Supply chain management"
|
||
|
},
|
||
|
{
|
||
|
"description": "5G operators should integrate performance and change management from their suppliers into their own OA&M tools to have complete visibility into service",
|
||
|
"meta": {
|
||
|
"external_id": "FGM5519",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/FGM5519"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "24e1a9d7-75fb-58e1-b9c9-560a91d17886",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "008f43dc-d9df-5a55-ad70-8cd9fa35bc9b",
|
||
|
"value": "Integrate Performance and Change Management"
|
||
|
},
|
||
|
{
|
||
|
"description": "Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures.",
|
||
|
"meta": {
|
||
|
"external_id": "M1025",
|
||
|
"kill_chain": [],
|
||
|
"refs": [
|
||
|
"https://fight.mitre.org/mitigations/M1025"
|
||
|
]
|
||
|
},
|
||
|
"related": [
|
||
|
{
|
||
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
||
|
"type": "mitigates"
|
||
|
},
|
||
|
{
|
||
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
||
|
"type": "mitigates"
|
||
|
}
|
||
|
],
|
||
|
"uuid": "b191eeac-862e-55c6-95f3-62e3257cdaf6",
|
||
|
"value": "Privileged Process Integrity"
|
||
|
}
|
||
|
],
|
||
|
"version": 1
|
||
|
}
|