Exploitation of default or guessable credentials
- M1.3.7 - P2 - ADDRESSING SECURITY IN THIRD PARTY AGREEMENTS
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T4.4.7;
- T4.5.4 - P2 - SECURITY OF WIRELESS NETWORKS
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.1.1 - P2 - ACCESS CONTROL POLICY
- T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
- T6.2.1 - P2 - SERVICE DELIVERY
- T6.2.2 - P2 -MONITORING AND REVIEW OF THIRD PARTY SERVICES
Use of Stolen Login Credentials
- M4.4.3 - P1 - REMOVAL OF ACCES RIGHTS
- T3.6.2 - P2 - AUDIT LOGGING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.5 - P2 - ADMINISTRATOR AND OPERATOR LOGS
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.2 - P2 - SECURITY OF NETWORK SERVICES
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T5.1.1 - P2 - ACCESS CONTROL POLICY
- T5.2.1 - P1 - USER REGISTRATION
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.3.1 - P1 - USE OF SECURITY CREDENTIALS
- T5.4.1 - P2 - POLICY ON USE OF NETWORK SERVICES
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T5.4.5 - P1- NETWORK CONNECTION CONTROL
- T5.5.1 - P1 - SECURE LOG-ON PROCEDURES
- T5.5.2 - P1 - USER IDENTIFICATION AND AUTHENTICATION
- T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
- T5.6.1 - P1 - INFORMATION ACCESS RESTRICTION
Brute Force and Dictionary Attacks
- T5.1.1 - P2 - ACCESS CONTROL POLICY
- T5.2.1 - P1 - USER REGISTRATION
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.3.1 - P1 - USE OF SECURITY CREDENTIALS
- T5.4.2 - P1 -USER AUTHENTICATION FOR EXTERNAL CONNECTIONS
- T5.5.1 - P1 - SECURE LOG-ON PROCEDURES
- T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
Exploitation of backdoor or command and control channels
- M4.4.3 - P1 - REMOVAL OF ACCES RIGHTS
- T1.4.1 - P1 - MANAGEMENT OF REMOVABLE MEDIA
- T1.4.2 - P2 - DISPOSAL OF MEDIA
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T3.4.2;
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.2 - P2 - AUDIT LOGGING
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.4 - P2 - PROTECTION OF LOG INFORMATION
- T3.6.5 - P2 - ADMINISTRATOR AND OPERATOR LOGS
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.2 - P2 - SECURITY OF NETWORK SERVICES
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T5.2.1 - P1 - USER REGISTRATION
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.3.1 - P1 - USE OF SECURITY CREDENTIALS
- T5.4.2 - P1 -USER AUTHENTICATION FOR EXTERNAL CONNECTIONS
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T5.4.5 - P1- NETWORK CONNECTION CONTROL
- T5.5.1 - P1 - SECURE LOG-ON PROCEDURES
- T5.5.2 - P1 - USER IDENTIFICATION AND AUTHENTICATION
- T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
- T5.6.1 - P1 - INFORMATION ACCESS RESTRICTION
- T5.6.2 - P2 - SENSITIVE SYSTEM ISOLATION
- T7.1.1 - P4 - INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENENCE POLICY
Authentication Bypass
- T5.4.1 - P2 - POLICY ON USE OF NETWORK SERVICES
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.4 - P2 - PROTECTION OF LOG INFORMATION
- T3.6.5 - P2 - ADMINISTRATOR AND OPERATOR LOGS
- T4.5.1 - P1 - NETWORK CONTROLS
- T5.2.1 - P1 - USER REGISTRATION
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T5.4.5 - P1- NETWORK CONNECTION CONTROL
- T5.4.6 - P3 - NETWORK ROUTING CONTROL
- T5.5.3 - P1 - USER CREDENTIALS MANAGEMENT SYSTEM
- T5.6.1 - P1 - INFORMATION ACCESS RESTRICTION
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
- T7.8.6 - P3 - PROCESSES TO ADDRESS WEAKNESSES OR DEFICIENCIES
SQL Injection
- M5.4.1 - P2 - TECHNICAL COMPLIANCE CHECKING
- T1.4.1 - P1 - MANAGEMENT OF REMOVABLE MEDIA
- T3.2.5 - P2 - SEPARATION OF DEVELOPMENT, TEST AND OPERATIONAL FACILITIES
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T3.4.2;
- T3.5.1 - P1 - INFORMATION BACKUP
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.4 - P2 - PROTECTION OF LOG INFORMATION
- T4.5.1 - P1 - NETWORK CONTROLS
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.5.2 - P1 - USER IDENTIFICATION AND AUTHENTICATION
- T6.3.1 - P2 - INFORMATION SECURITY REQUIREMENTS FOR CLOUD ENVIRONMENTS
- T7.3.1 - P2 - INPUT DATA VALIDATION
- T7.3.2 - P2 - CONTROL OF INTERNAL PROCESSING
- T7.3.3 - P2 - MESSAGE INTEGRITY
- T7.3.4 - P2 - OUTPUT DATA VALIDATION
- T7.5.2 - P3 - PROTECTION OF SYSTEM TEST DATA
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
- T7.8.6 - P3 - PROCESSES TO ADDRESS WEAKNESSES OR DEFICIENCIES
Denial of Service (DOS) or DDOS
- T3.2.1 - P2 - COMMON SYSTEMS CONFIGURATION GUIDELINES
- T4.5.2 - P2 - SECURITY OF NETWORK SERVICES
- T4.5.4 - P2 - SECURITY OF WIRELESS NETWORKS
- T5.4.7 - P2 - WIRELESS ACCESS
- T4.5.3 - P1 - SEGREGATION IN NETWORK
Remote File Inclusion
- T3.2.1 - P2 - COMMON SYSTEMS CONFIGURATION GUIDELINES
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T3.4.2;
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.2 - P2 - SECURITY OF NETWORK SERVICES
- T7.4.1 - P2 - POLICY ON THE USE OF CRYPTOGRAPHIC CONTROLS
- T7.4.2 - P2 - KEY MANAGEMENT
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
Abuse of Functionality
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
- T5.2.4 - P1- REVIEW OF USER ACCESS RIGHTS
- T5.3.1 - P1 - USE OF SECURITY CREDENTIALS
- T5.5.4 - P4 - USE OF SYSTEM UTILITIES
- T5.4.5 - P1- NETWORK CONNECTION CONTROL
- T5.5.1 - P1 - SECURE LOG-ON PROCEDURES
- T5.7.1 - P4 - ACCESS CONTROL FOR MOBILE DEVICES
- T7.3.4 - P2 - OUTPUT DATA VALIDATION
- T7.4.1 - P2 - POLICY ON THE USE OF CRYPTOGRAPHIC CONTROLS
- T7.4.2 - P2 - KEY MANAGEMENT
- T7.6.3 - P2 - RESTRICTIONS ON CHANGES TO SOFTWARE PACKAGES
- T7.8.3 - P4 - LIMITATION OF HARM
Remote Spying
- M4.4.2 - P1- RETURN OF ASSETS
- M5.2.3 - P2 - PROTECTION OF ORGANIZATIONAL RECORDS
- M5.2.4 - P3 -DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION
- T3.4.1 - P1 - CONTROLS AGAINST MALWARE
- T3.4.2
- T3.6.1 - P3 - MONITORING POLICY AND PROCEDURES
- T3.6.3 - P1 - MONITORING SYSTEM USE
- T3.6.4 - P2 - PROTECTION OF LOG INFORMATION
- T3.6.5 - P2 - ADMINISTRATOR AND OPERATOR LOGS
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T5.1.1 - P2 - ACCESS CONTROL POLICY
- T5.2.1 - P1 - USER REGISTRATION
- T5.2.2 - P1 - PRIVILEGE MANAGEMENT
- T5.3.1 - P1 - USE OF SECURITY CREDENTIALS
- T5.4.2 - P1 -USER AUTHENTICATION FOR EXTERNAL CONNECTIONS
- T5.4.3 - P1 - EQUIPMENT INDENTIFICATION NETWORKS
- T5.4.5 - P1- NETWORK CONNECTION CONTROL
- T5.5.1 - P1 - SECURE LOG-ON PROCEDURES
- T5.5.2 - P1 - USER IDENTIFICATION AND AUTHENTICATION
- T5.6.1 - P1 - INFORMATION ACCESS RESTRICTION
- T5.6.2 - P2 - SENSITIVE SYSTEM ISOLATION
- T7.4.1 - P2 - POLICY ON THE USE OF CRYPTOGRAPHIC CONTROLS
- T7.4.2 - P2 - KEY MANAGEMENT
- T7.7.1 - P1 - CONTROL OF TECHNICAL VULNERABILITIES
- T7.8.5 - P4 - RELIABLE DELIVERY
Eavesdropping / Packet Sniffing
- T2.2.1 - P2 - PHYSICAL SECURITY PERIMETER
- T2.2.2 - P2 - PHYSICAL ENTRY CONTROLS
- T4.1.1 - P3 - COMMMUNICATIONS POLICY
- T4.2.1 - P2 - INFORMATION TRANSFER PROCEDURES
- T4.2.2 - P3 - AGREEMENTS ON INFORMATION TRANSFER
- T4.2.3 - P3 - PHYSICAL MEDIA IN TRANSIT
- T4.2.4 - P3 - ELETRONIC MESSAGING
- T4.3.1 - P2 - ELETRONIC COMMERCE
- T4.3.2 - P3 - ON-LINE TRANSACTIONS
- T4.5.1 - P1 - NETWORK CONTROLS
- T4.5.3 - P1 - SEGREGATION IN NETWORK
- T5.4.6 - P3 - NETWORK ROUTING CONTROL
- T7.4.1 - P2 - POLICY ON THE USE OF CRYPTOGRAPHIC CONTROLS
