• xImplementation Group: IG1
IDNameImplementation GroupsThreats
1.4Maintain Detailed Asset InventorySTRIDE-LM
1.6Address Unauthorized AssetsSTRIDE-LM
2.1Maintain Inventory of Authorized SoftwareSTRIDE-LM
2.2Ensure Software is Supported by VendorSTRIDE-LM
2.6Address unapproved softwareSTRIDE-LM
3.4Deploy Automated Operating System Patch Management ToolsSTRIDE-LM
3.5Deploy Automated Software Patch Management ToolsSTRIDE-LM
4.2Change Default PasswordsSTRIDE-LM
4.3Ensure the Use of Dedicated Administrative AccountsSTRIDE-LM
5.1Establish Secure ConfigurationsSTRIDE-LM
6.2Activate Audit LoggingSTRIDE-LM
7.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
7.7Use of DNS Filtering ServicesSTRIDE-LM
8.2Ensure Anti-Malware Software and Signatures Are UpdatedSTRIDE-LM
8.4Configure Anti-Malware Scanning of Removable DevicesSTRIDE-LM
8.5Configure Devices to Not Auto-Run ContentSTRIDE-LM
9.4Apply Host-Based Firewalls or Port-FilteringSTRIDE-LM
10.1Ensure Regular Automated BackUpsSTRIDE-LM
10.2Perform Complete System BackupsSTRIDE-LM
10.4Protect BackupsSTRIDE-LM
10.5Ensure All Backups Have at Least One Offline Backup DestinationSTRIDE-LM
11.4Install the Latest Stable Version of Any Security-Related Updates on All Network DevicesSTRIDE-LM
12.1Maintain an Inventory of Network BoundariesSTRIDE-LM
12.4Deny Communication Over Unauthorized PortsSTRIDE-LM
13.1Maintain an Inventory of Sensitive InformationSTRIDE-LM
13.2Remove Sensitive Data or Systems Not Regularly Accessed by OrganizationSTRIDE-LM
13.6Encrypt Mobile Device DataSTRIDE-LM
14.6Protect Information Through Access Control ListsSTRIDE-LM
15.7Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless DataSTRIDE-LM
15.10Create Separate Wireless Network for Personal and Untrusted DevicesSTRIDE-LM
16.8Disable Any Unassociated AccountsSTRIDE-LM
16.9Disable Dormant AccountsSTRIDE-LM
16.11Lock Workstation Sessions After InactivitySTRIDE-LM
17.3Implement a Security Awareness ProgramSTRIDE-LM
17.5Train Workforce on Secure AuthenticationSTRIDE-LM
17.6Train Workforce on Identifying Social Engineering AttacksSTRIDE-LM
17.7Train Workforce on Sensitive Data HandlingSTRIDE-LM
17.8Train Workforce on Causes of Unintentional Data ExposureSTRIDE-LM
17.9Train Workforce Members on Identifying and Reporting IncidentsSTRIDE-LM
19.1Document Incident Response ProceduresSTRIDE-LM
19.3Designate Management Personnel to Support Incident HandlingSTRIDE-LM
19.5Maintain Contact Information For Reporting Security IncidentsSTRIDE-LM
19.6Publish Information Regarding Reporting Computer Anomalies and IncidentsSTRIDE-LM