• xThreat Vector: Elevation of Privilege
IDNameImplementation GroupsThreats
IG1IG2IG3
2Inventory and Control of Software Assets   STRIDE-LM
2.5Allowlist Authorized Software STRIDE-LM
2.6Allowlist Authorized Libraries STRIDE-LM
2.7Allowlist Authorized Scripts  STRIDE-LM
4Secure Configuration of Enterprise Assets and Software   STRIDE-LM
4.7Manage Default Accounts on Enterprise Assets and SoftwareSTRIDE-LM
4.8Uninstall or Disable Unnecessary Services on Enterprise Assets and Software STRIDE-LM
5Account Management   STRIDE-LM
5.4Restrict Administrator Privileges to Dedicated Administrator AccountsSTRIDE-LM
6Access Control Management   STRIDE-LM
6.5Require MFA for Administrative AccessSTRIDE-LM
7Continuous Vulnerability Management   STRIDE-LM
7.4Perform Automated Application Patch ManagementSTRIDE-LM
7.5Perform Automated Vulnerability Scans of Internal Enterprise Assets STRIDE-LM
7.6Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets STRIDE-LM
7.7Remediate Detected Vulnerabilities STRIDE-LM
9Email and Web Browser Protections   STRIDE-LM
9.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
9.4Restrict Unnecessary or Unauthorized Browser and Email Client Extensions STRIDE-LM
9.6Block Unnecessary File Types STRIDE-LM
9.7Deploy and Maintain Email Server Anti-Malware Protections  STRIDE-LM
10Malware Defenses   STRIDE-LM
10.1Deploy and Maintain Anti-Malware SoftwareSTRIDE-LM
10.2Configure Automatic Anti-Malware Signature UpdatesSTRIDE-LM
10.5Enable Anti-Exploitation Features STRIDE-LM
12Network Infrastructure Management   STRIDE-LM
12.1Ensure Network Infrastructure is Up-to-DateSTRIDE-LM
12.8Establish and Maintain Dedicated Computing Resources for All Administrative Work  STRIDE-LM
13Network Monitoring and Defense   STRIDE-LM
13.10Perform Application Layer Filtering  STRIDE-LM
16Application Software Security   STRIDE-LM
16.2Establish and Maintain a Process to Accept and Address Software Vulnerabilities STRIDE-LM
16.12Implement Code-Level Security Checks  STRIDE-LM