• xImplementation Group: IG1
IDNameImplementation GroupsThreats
1.1Establish and Maintain Detailed Enterprise Asset InventorySTRIDE-LM
1.2Address Unauthorized AssetsSTRIDE-LM
2.1Establish and Maintain a Software InventorySTRIDE-LM
2.2Ensure Authorized Software is Currently SupportedSTRIDE-LM
2.3Address Unauthorized SoftwareSTRIDE-LM
3.1Establish and Maintain a Data Management ProcessSTRIDE-LM
3.2Establish and Maintain a Data InventorySTRIDE-LM
3.3Configure Data Access Control ListsSTRIDE-LM
3.4Enforce Data RetentionSTRIDE-LM
3.5Securely Dispose of DataSTRIDE-LM
3.6Encrypt Data on End-User DevicesSTRIDE-LM
4.1Establish and Maintain a Secure Configuration ProcessSTRIDE-LM
4.2Establish and Maintain a Secure Configuration Process for Network InfrastructureSTRIDE-LM
4.3Configure Automatic Session Locking on Enterprise AssetsSTRIDE-LM
4.4Implement and Manage a Firewall on ServersSTRIDE-LM
4.5Implement and Manage a Firewall on End-User DevicesSTRIDE-LM
4.6Securely Manage Enterprise Assets and SoftwareSTRIDE-LM
4.7Manage Default Accounts on Enterprise Assets and SoftwareSTRIDE-LM
5.1Establish and Maintain an Inventory of AccountsSTRIDE-LM
5.2Use Unique PasswordsSTRIDE-LM
5.3Disable Dormant AccountsSTRIDE-LM
5.4Restrict Administrator Privileges to Dedicated Administrator AccountsSTRIDE-LM
6.1Establish an Access Granting ProcessSTRIDE-LM
6.2Establish an Access Revoking ProcessSTRIDE-LM
6.3Require MFA for Externally-Exposed ApplicationsSTRIDE-LM
6.4Require MFA for Remote Network AccessSTRIDE-LM
6.5Require MFA for Administrative AccessSTRIDE-LM
7.1Establish and Maintain a Vulnerability Management ProcessSTRIDE-LM
7.2Establish and Maintain a Remediation ProcessSTRIDE-LM
7.3Perform Automated Operating System Patch ManagementSTRIDE-LM
7.4Perform Automated Application Patch ManagementSTRIDE-LM
8.1Establish and Maintain an Audit Log Management ProcessSTRIDE-LM
8.2Collect Audit LogsSTRIDE-LM
8.3Ensure Adequate Audit Log StorageSTRIDE-LM
9.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
9.2Use DNS Filtering ServicesSTRIDE-LM
10.1Deploy and Maintain Anti-Malware SoftwareSTRIDE-LM
10.2Configure Automatic Anti-Malware Signature UpdatesSTRIDE-LM
10.3Disable Autorun and Autoplay for Removable MediaSTRIDE-LM
11.1Establish and Maintain a Data Recovery ProcessSTRIDE-LM
11.2Perform Automated BackupsSTRIDE-LM
11.3Protect Recovery DataSTRIDE-LM
11.4Establish and Maintain an Isolated Instance of Recovery DataSTRIDE-LM
12.1Ensure Network Infrastructure is Up-to-DateSTRIDE-LM
14.1Establish and Maintain a Security Awareness ProgramSTRIDE-LM
14.2Train Workforce Members to Recognize Social Engineering AttacksSTRIDE-LM
14.3Train Workforce Members on Authentication Best PracticesSTRIDE-LM
14.4Train Workforce on Data Handling Best PracticesSTRIDE-LM
14.5Train Workforce Members on Causes of Unintentional Data ExposureSTRIDE-LM
14.6Train Workforce Members on Recognizing and Reporting Security IncidentsSTRIDE-LM