• xThreat Vector: Tampering
IDNameImplementation GroupsThreats
5Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers   STRIDE-LM
5.1Establish Secure ConfigurationsSTRIDE-LM
5.2Maintain Secure Images STRIDE-LM
5.3Securely Store Master Images STRIDE-LM
5.4Deploy System Configuration Management Tools STRIDE-LM
5.5Implement Automated Configuration Monitoring Systems STRIDE-LM
6Maintenance, Monitoring and Analysis of Audit Logs   STRIDE-LM
6.1Utilize Three Synchronized Time Sources STRIDE-LM
6.2Activate Audit LoggingSTRIDE-LM
6.3Enable Detailed Logging STRIDE-LM
10Data Recovery Capabilities   STRIDE-LM
10.4Protect BackupsSTRIDE-LM
10.5Ensure All Backups Have at Least One Offline Backup DestinationSTRIDE-LM
11Secure Configuration for Network Devices, such as Firewalls, Routers and Switches   STRIDE-LM
11.1Maintain Standard Security Configurations for Network Devices STRIDE-LM
11.3Use Automated Tools to Verify Standard Device Configurations and Detect Changes STRIDE-LM
13Data Protection   STRIDE-LM
13.4Only Allow Access to Authorized Cloud Storage or Email Providers STRIDE-LM
13.6Encrypt Mobile Device DataSTRIDE-LM
13.9Encrypt Data on USB Storage Devices  STRIDE-LM
14Controlled Access Based on the Need to Know   STRIDE-LM
14.6Protect Information Through Access Control ListsSTRIDE-LM
14.7Enforce Access Control to Data Through Automated Tools  STRIDE-LM
14.8Encrypt Sensitive Information at Rest  STRIDE-LM
15Wireless Access Control   STRIDE-LM
15.7Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless DataSTRIDE-LM
15.8Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication  STRIDE-LM
18Application Software Security   STRIDE-LM
18.2Ensure That Explicit Error Checking is Performed for All In-House Developed Software STRIDE-LM
18.5Use Only Standardized and Extensively Reviewed Encryption Algorithms STRIDE-LM
18.11Use Standard Hardening Configuration Templates for Databases STRIDE-LM