• xThreat Vector: Elevation of Privilege
AC-2(6)Dynamic Privilege Management    STRIDE-LM
(7)Privileged User Accounts    STRIDE-LM
(9)Restrictions on Use of Shared and Group Accounts    STRIDE-LM
(11)Usage Conditions   STRIDE-LM
AC-3Access Enforcement STRIDE-LM
(2)Dual Authorization    STRIDE-LM
(7)Role-based Access Control    STRIDE-LM
(8)Revocation of Access Authorizations    STRIDE-LM
(10)Audited Override of Access Control Mechanisms    STRIDE-LM
(11)Restrict Access to Specific Information Types    STRIDE-LM
(12)Assert and Enforce Application Access    STRIDE-LM
(13)Attribute-based Access Control    STRIDE-LM
(14)Individual Access   STRIDE-LM
(15)Discretionary and Mandatory Access Control    STRIDE-LM
AC-6Least Privilege  STRIDE-LM
(1)Authorize Access to Security Functions  STRIDE-LM
(2)Non-privileged Access for Nonsecurity Functions  STRIDE-LM
(3)Network Access to Privileged Commands   STRIDE-LM
(4)Separate Processing Domains    STRIDE-LM
(5)Privileged Accounts  STRIDE-LM
(6)Privileged Access by Non-organizational Users    STRIDE-LM
(7)Review of User Privileges  STRIDE-LM
(8)Privilege Levels for Code Execution    STRIDE-LM
(9)Log Use of Privileged Functions  STRIDE-LM
(10)Prohibit Non-privileged Users from Executing Privileged Functions  STRIDE-LM
AC-17(4)Privileged Commands and Access  STRIDE-LM
AC-24Access Control Decisions    STRIDE-LM
(1)Transmit Access Authorization Information    STRIDE-LM
(2)No User or Process Identity    STRIDE-LM
AU-6Audit Record Review, Analysis, and Reporting STRIDE-LM
(3)Correlate Audit Record Repositories  STRIDE-LM
(5)Integrated Analysis of Audit Records   STRIDE-LM
(6)Correlation with Physical Monitoring   STRIDE-LM
(7)Permitted Actions    STRIDE-LM
(8)Full Text Analysis of Privileged Commands    STRIDE-LM
(9)Correlation with Information from Nontechnical Sources    STRIDE-LM
CM-3Configuration Change Control  STRIDE-LM
(1)Automated Documentation, Notification, and Prohibition of Changes   STRIDE-LM
(2)Testing, Validation, and Documentation of Changes  STRIDE-LM
(3)Automated Change Implementation    STRIDE-LM
(4)Security and Privacy Representatives  STRIDE-LM
(5)Automated Security Response    STRIDE-LM
(6)Cryptography Management   STRIDE-LM
CM-5(4)Dual Authorization    STRIDE-LM
(5)Privilege Limitation for Production and Operation    STRIDE-LM
CM-7Least Functionality STRIDE-LM
(1)Periodic Review  STRIDE-LM
(2)Prevent Program Execution  STRIDE-LM
(3)Registration Compliance    STRIDE-LM
(4)Unauthorized Software    STRIDE-LM