• xThreat Vector: Elevation of Privilege
IDNameImplementation GroupsThreats
2Inventory and Control of Software Assets   STRIDE-LM
2.7Utilize Application Whitelisting  STRIDE-LM
2.8Implement Application Whitelisting of Libraries  STRIDE-LM
2.9Implement Application Whitelisting of Scripts  STRIDE-LM
3Continuous Vulnerability Management   STRIDE-LM
3.3Protect Dedicated Assessment Accounts STRIDE-LM
4Controlled Use of Administrative Privileges   STRIDE-LM
4.2Change Default PasswordsSTRIDE-LM
4.3Ensure the Use of Dedicated Administrative AccountsSTRIDE-LM
4.7Limit Access to Script Tools STRIDE-LM
4.8Log and Alert on Changes to Administrative Group Membership STRIDE-LM
7Email and Web Browser Protections   STRIDE-LM
7.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
7.2Disable Unnecessary or Unauthorized Browser or Email Client Plugins STRIDE-LM
7.3Limit Use of Scripting Languages in Web Browsers and Email Clients STRIDE-LM
7.9Block Unnecessary File Types STRIDE-LM
7.10Sandbox All Email Attachments  STRIDE-LM
8Malware Defenses   STRIDE-LM
8.3Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies STRIDE-LM
8.4Configure Anti-Malware Scanning of Removable DevicesSTRIDE-LM
9Limitation and Control of Network Ports, Protocols, and Services   STRIDE-LM
9.5Implement Application Firewalls  STRIDE-LM
11Secure Configuration for Network Devices, such as Firewalls, Routers and Switches   STRIDE-LM
11.4Install the Latest Stable Version of Any Security-Related Updates on All Network DevicesSTRIDE-LM
11.6Use Dedicated Machines For All Network Administrative Tasks STRIDE-LM
18Application Software Security   STRIDE-LM
18.2Ensure That Explicit Error Checking is Performed for All In-House Developed Software STRIDE-LM
18.7Apply Static and Dynamic Code Analysis Tools STRIDE-LM
18.8Establish a Process to Accept and Address Reports of Software Vulnerabilities STRIDE-LM
18.10Deploy Web Application Firewalls STRIDE-LM
18.11Use Standard Hardening Configuration Templates for Databases STRIDE-LM