IDNameImplementation GroupsThreats
    IG1IG2IG3
    1Inventory and Control of Enterprise Assets   STRIDE-LM
    1.1Establish and Maintain Detailed Enterprise Asset InventorySTRIDE-LM
    1.2Address Unauthorized AssetsSTRIDE-LM
    1.3Utilize an Active Discovery Tool STRIDE-LM
    1.4Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory STRIDE-LM
    1.5Use a Passive Asset Discovery Tool  STRIDE-LM
    2Inventory and Control of Software Assets   STRIDE-LM
    2.1Establish and Maintain a Software InventorySTRIDE-LM
    2.2Ensure Authorized Software is Currently SupportedSTRIDE-LM
    2.3Address Unauthorized SoftwareSTRIDE-LM
    2.4Utilize Automated Software Inventory Tools STRIDE-LM
    2.5Allowlist Authorized Software STRIDE-LM
    2.6Allowlist Authorized Libraries STRIDE-LM
    2.7Allowlist Authorized Scripts  STRIDE-LM
    3Data Protection   STRIDE-LM
    3.1Establish and Maintain a Data Management ProcessSTRIDE-LM
    3.2Establish and Maintain a Data InventorySTRIDE-LM
    3.3Configure Data Access Control ListsSTRIDE-LM
    3.4Enforce Data RetentionSTRIDE-LM
    3.5Securely Dispose of DataSTRIDE-LM
    3.6Encrypt Data on End-User DevicesSTRIDE-LM
    3.7Establish and Maintain a Data Classification Scheme STRIDE-LM
    3.8Document Data Flows STRIDE-LM
    3.9Encrypt Data on Removable Media STRIDE-LM
    3.10Encrypt Sensitive Data in Transit STRIDE-LM
    3.11Encrypt Sensitive Data at Rest STRIDE-LM
    3.12Segment Data Processing and Storage Based on Sensitivity STRIDE-LM
    3.13Deploy a Data Loss Prevention Solution  STRIDE-LM
    3.14Log Sensitive Data Access  STRIDE-LM
    4Secure Configuration of Enterprise Assets and Software   STRIDE-LM
    4.1Establish and Maintain a Secure Configuration ProcessSTRIDE-LM
    4.2Establish and Maintain a Secure Configuration Process for Network InfrastructureSTRIDE-LM
    4.3Configure Automatic Session Locking on Enterprise AssetsSTRIDE-LM
    4.4Implement and Manage a Firewall on ServersSTRIDE-LM
    4.5Implement and Manage a Firewall on End-User DevicesSTRIDE-LM
    4.6Securely Manage Enterprise Assets and SoftwareSTRIDE-LM
    4.7Manage Default Accounts on Enterprise Assets and SoftwareSTRIDE-LM
    4.8Uninstall or Disable Unnecessary Services on Enterprise Assets and Software STRIDE-LM
    4.9Configure Trusted DNS Servers on Enterprise Assets STRIDE-LM
    4.10Enforce Automatic Device Lockout on Portable End-User Devices STRIDE-LM
    4.11Enforce Remote Wipe Capability on Portable End-User Devices STRIDE-LM
    4.12Separate Enterprise Workspaces on Mobile End-User Devices  STRIDE-LM
    5Account Management   STRIDE-LM
    5.1Establish and Maintain an Inventory of AccountsSTRIDE-LM
    5.2Use Unique PasswordsSTRIDE-LM
    5.3Disable Dormant AccountsSTRIDE-LM
    5.4Restrict Administrator Privileges to Dedicated Administrator AccountsSTRIDE-LM
    5.5Establish and Maintain an Inventory of Service Accounts STRIDE-LM
    5.6Centralize Account Management STRIDE-LM
    6Access Control Management   STRIDE-LM