IDNameImplementation GroupsThreats
    IG1IG2IG3
    1Inventory and Control of Hardware Assets   STRIDE-LM
    1.1Utilize an Active Discovery Tool STRIDE-LM
    1.2Use a Passive Asset Discovery Tool  STRIDE-LM
    1.3Use DHCP Logging to Update Asset Inventory STRIDE-LM
    1.4Maintain Detailed Asset InventorySTRIDE-LM
    1.5Maintain Asset Inventory Information STRIDE-LM
    1.6Address Unauthorized AssetsSTRIDE-LM
    1.7Deploy Port Level Access Control STRIDE-LM
    1.8Utilize Client Certificates to Authenticate Hardware Assets  STRIDE-LM
    2Inventory and Control of Software Assets   STRIDE-LM
    2.1Maintain Inventory of Authorized SoftwareSTRIDE-LM
    2.2Ensure Software is Supported by VendorSTRIDE-LM
    2.3Utilize Software Inventory Tools STRIDE-LM
    2.4Track Software Inventory Information STRIDE-LM
    2.5Integrate Software and Hardware Asset Inventories  STRIDE-LM
    2.6Address unapproved softwareSTRIDE-LM
    2.7Utilize Application Whitelisting  STRIDE-LM
    2.8Implement Application Whitelisting of Libraries  STRIDE-LM
    2.9Implement Application Whitelisting of Scripts  STRIDE-LM
    2.10Physically or Logically Segregate High Risk Applications  STRIDE-LM
    3Continuous Vulnerability Management   STRIDE-LM
    3.1Run Automated Vulnerability Scanning Tools STRIDE-LM
    3.2Perform Authenticated Vulnerability Scanning STRIDE-LM
    3.3Protect Dedicated Assessment Accounts STRIDE-LM
    3.4Deploy Automated Operating System Patch Management ToolsSTRIDE-LM
    3.5Deploy Automated Software Patch Management ToolsSTRIDE-LM
    3.6Compare Back-to-Back Vulnerability Scans STRIDE-LM
    3.7Utilize a Risk-Rating Process STRIDE-LM
    4Controlled Use of Administrative Privileges   STRIDE-LM
    4.1Maintain Inventory of Administrative Accounts STRIDE-LM
    4.2Change Default PasswordsSTRIDE-LM
    4.3Ensure the Use of Dedicated Administrative AccountsSTRIDE-LM
    4.4Use Unique Passwords STRIDE-LM
    4.5Use Multi-Factor Authentication for All Administrative Access STRIDE-LM
    4.6Use Dedicated Workstations For All Administrative Tasks  STRIDE-LM
    4.7Limit Access to Script Tools STRIDE-LM
    4.8Log and Alert on Changes to Administrative Group Membership STRIDE-LM
    4.9Log and Alert on Unsuccessful Administrative Account Login STRIDE-LM
    5Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers   STRIDE-LM
    5.1Establish Secure ConfigurationsSTRIDE-LM
    5.2Maintain Secure Images STRIDE-LM
    5.3Securely Store Master Images STRIDE-LM
    5.4Deploy System Configuration Management Tools STRIDE-LM
    5.5Implement Automated Configuration Monitoring Systems STRIDE-LM
    6Maintenance, Monitoring and Analysis of Audit Logs   STRIDE-LM
    6.1Utilize Three Synchronized Time Sources STRIDE-LM
    6.2Activate Audit LoggingSTRIDE-LM
    6.3Enable Detailed Logging STRIDE-LM
    6.4Ensure Adequate Storage for Logs STRIDE-LM
    6.5Central Log Management STRIDE-LM