• xThreat Vector: Tampering
IDNameBaselinesPriorityThreats
LowModerateHigh
AC-3Access Enforcement
  • P1
STRIDE-LM
(5)Security-Relevant Information   
  • P1
STRIDE-LM
(9)Controlled Release   
  • P1
STRIDE-LM
AC-17(2)Protection Of Confidentiality / Integrity Using Encryption 
  • P1
STRIDE-LM
AC-19(5)Full Device / Container-Based Encryption 
  • P1
STRIDE-LM
AC-25Reference Monitor   
  • P0
STRIDE-LM
AU-6Audit Review, Analysis, And Reporting
  • P1
STRIDE-LM
(3)Correlate Audit Repositories 
  • P1
STRIDE-LM
(5)Integration / Scanning And Monitoring Capabilities  
  • P1
STRIDE-LM
(6)Correlation With Physical Monitoring  
  • P1
STRIDE-LM
(8)Full Text Analysis Of Privileged Commands   
  • P1
STRIDE-LM
(9)Correlation With Information From Nontechnical Sources   
  • P1
STRIDE-LM
AU-9Protection Of Audit Information
  • P1
STRIDE-LM
(1)Hardware Write-Once Media   
  • P1
STRIDE-LM
(2)Audit Backup On Separate Physical Systems / Components  
  • P1
STRIDE-LM
(3)Cryptographic Protection  
  • P1
STRIDE-LM
(4)Access By Subset Of Privileged Users 
  • P1
STRIDE-LM
(5)Dual Authorization   
  • P1
STRIDE-LM
(6)Read Only Access   
  • P1
STRIDE-LM
CM-3Configuration Change Control 
  • P1
STRIDE-LM
(1)Automated Document / Notification / Prohibition Of Changes  
  • P1
STRIDE-LM
(2)Test / Validate / Document Changes 
  • P1
STRIDE-LM
(3)Automated Change Implementation   
  • P1
STRIDE-LM
(4)Security Representative   
  • P1
STRIDE-LM
(5)Automated Security Response   
  • P1
STRIDE-LM
(6)Cryptography Management   
  • P1
STRIDE-LM
CM-5Access Restrictions For Change 
  • P1
STRIDE-LM
(1)Automated Access Enforcement / Auditing  
  • P1
STRIDE-LM
(2)Review System Changes  
  • P1
STRIDE-LM
(3)Signed Components  
  • P1
STRIDE-LM
(4)Dual Authorization   
  • P1
STRIDE-LM
(5)Limit Production / Operational Privileges   
  • P1
STRIDE-LM
(6)Limit Library Privileges   
  • P1
STRIDE-LM
CM-11(1)Alerts For Unauthorized Installations   
  • P1
STRIDE-LM
(2)Prohibit Installation Without Privileged Status   
  • P1
STRIDE-LM
MA-2Controlled Maintenance
  • P2
STRIDE-LM
(2)Automated Maintenance Activities  
  • P2
STRIDE-LM
MA-3Maintenance Tools 
  • P3
STRIDE-LM
(1)Inspect Tools 
  • P3
STRIDE-LM
(2)Inspect Media 
  • P3
STRIDE-LM
(3)Prevent Unauthorized Removal  
  • P3
STRIDE-LM
(4)Restricted Tool Use   
  • P3
STRIDE-LM
MA-4Nonlocal Maintenance
  • P2
STRIDE-LM
(1)Auditing And Review   
  • P2
STRIDE-LM
(2)Document Nonlocal Maintenance 
  • P2
STRIDE-LM
(3)Comparable Security / Sanitization  
  • P2
STRIDE-LM
(4)Authentication / Separation Of Maintenance Sessions   
  • P2
STRIDE-LM
(5)Approvals And Notifications   
  • P2
STRIDE-LM
(6)Cryptographic Protection   
  • P2
STRIDE-LM
(7)Remote Disconnect Verification   
  • P2
STRIDE-LM