IDNameImplementation GroupsThreats
    IG1IG2IG3
    6.6Deploy SIEM or Log Analytic Tools STRIDE-LM
    6.7Regularly Review Logs STRIDE-LM
    6.8Regularly Tune SIEM  STRIDE-LM
    7Email and Web Browser Protections   STRIDE-LM
    7.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
    7.2Disable Unnecessary or Unauthorized Browser or Email Client Plugins STRIDE-LM
    7.3Limit Use of Scripting Languages in Web Browsers and Email Clients STRIDE-LM
    7.4Maintain and Enforce Network-Based URL Filters STRIDE-LM
    7.5Subscribe to URL-Categorization Service STRIDE-LM
    7.6Log All URL requester STRIDE-LM
    7.7Use of DNS Filtering ServicesSTRIDE-LM
    7.8Implement DMARC and Enable Receiver-Side Verification STRIDE-LM
    7.9Block Unnecessary File Types STRIDE-LM
    7.10Sandbox All Email Attachments  STRIDE-LM
    8Malware Defenses   STRIDE-LM
    8.1Utilize Centrally Managed Anti-malware Software STRIDE-LM
    8.2Ensure Anti-Malware Software and Signatures Are UpdatedSTRIDE-LM
    8.3Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies STRIDE-LM
    8.4Configure Anti-Malware Scanning of Removable DevicesSTRIDE-LM
    8.5Configure Devices to Not Auto-Run ContentSTRIDE-LM
    8.6Centralize Anti-Malware Logging STRIDE-LM
    8.7Enable DNS Query Logging STRIDE-LM
    8.8Enable Command-Line Audit Logging STRIDE-LM
    9Limitation and Control of Network Ports, Protocols, and Services   STRIDE-LM
    9.1Associate Active Ports, Services, and Protocols to Asset Inventory STRIDE-LM
    9.2Ensure Only Approved Ports, Protocols, and Services Are Running STRIDE-LM
    9.3Perform Regular Automated Port Scans STRIDE-LM
    9.4Apply Host-Based Firewalls or Port-FilteringSTRIDE-LM
    9.5Implement Application Firewalls  STRIDE-LM
    10Data Recovery Capabilities   STRIDE-LM
    10.1Ensure Regular Automated BackUpsSTRIDE-LM
    10.2Perform Complete System BackupsSTRIDE-LM
    10.3Test Data on Backup Media STRIDE-LM
    10.4Protect BackupsSTRIDE-LM
    10.5Ensure All Backups Have at Least One Offline Backup DestinationSTRIDE-LM
    11Secure Configuration for Network Devices, such as Firewalls, Routers and Switches   STRIDE-LM
    11.1Maintain Standard Security Configurations for Network Devices STRIDE-LM
    11.2Document Traffic Configuration Rules STRIDE-LM
    11.3Use Automated Tools to Verify Standard Device Configurations and Detect Changes STRIDE-LM
    11.4Install the Latest Stable Version of Any Security-Related Updates on All Network DevicesSTRIDE-LM
    11.5Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions STRIDE-LM
    11.6Use Dedicated Machines For All Network Administrative Tasks STRIDE-LM
    11.7Manage Network Infrastructure Through a Dedicated Network STRIDE-LM
    12Boundary Defense   STRIDE-LM
    12.1Maintain an Inventory of Network BoundariesSTRIDE-LM
    12.2Scan for Unauthorized Connections Across Trusted Network Boundaries STRIDE-LM
    12.3Deny Communications With Known Malicious IP Addresses STRIDE-LM
    12.4Deny Communication Over Unauthorized PortsSTRIDE-LM
    12.5Configure Monitoring Systems to Record Network Packets STRIDE-LM
    12.6Deploy Network-Based IDS Sensors STRIDE-LM