• xThreat Vector: Lateral Movement
IDNameBaselinesThreats
LowModerateHighPrivacy
AC-2Account Management STRIDE-LM
(6)Dynamic Privilege Management    STRIDE-LM
(7)Privileged User Accounts    STRIDE-LM
(12)Account Monitoring for Atypical Usage   STRIDE-LM
AC-3(11)Restrict Access to Specific Information Types    STRIDE-LM
(12)Assert and Enforce Application Access    STRIDE-LM
(13)Attribute-based Access Control    STRIDE-LM
(14)Individual Access   STRIDE-LM
(15)Discretionary and Mandatory Access Control    STRIDE-LM
AC-10Concurrent Session Control   STRIDE-LM
AC-17Remote Access STRIDE-LM
(1)Monitoring and Control  STRIDE-LM
(3)Managed Access Control Points  STRIDE-LM
(4)Privileged Commands and Access  STRIDE-LM
(9)Disconnect or Disable Access    STRIDE-LM
(10)Authenticate Remote Commands    STRIDE-LM
AC-18Wireless Access STRIDE-LM
(1)Authentication and Encryption  STRIDE-LM
(3)Disable Wireless Networking  STRIDE-LM
(5)Antennas and Transmission Power Levels   STRIDE-LM
AU-6Audit Record Review, Analysis, and Reporting STRIDE-LM
(3)Correlate Audit Record Repositories  STRIDE-LM
(5)Integrated Analysis of Audit Records   STRIDE-LM
(6)Correlation with Physical Monitoring   STRIDE-LM
(9)Correlation with Information from Nontechnical Sources    STRIDE-LM
IA-5(8)Multiple System Accounts    STRIDE-LM
IA-12(1)Supervisor Authorization    STRIDE-LM
(2)Identity Evidence  STRIDE-LM
(3)Identity Evidence Validation and Verification  STRIDE-LM
(4)In-person Validation and Verification   STRIDE-LM
(5)Address Confirmation  STRIDE-LM
(6)Accept Externally-proofed Identities    STRIDE-LM
MA-4Nonlocal Maintenance STRIDE-LM
(1)Logging and Review    STRIDE-LM
(3)Comparable Security and Sanitization   STRIDE-LM
(4)Authentication and Separation of Maintenance Sessions    STRIDE-LM
(5)Approvals and Notifications    STRIDE-LM
(6)Cryptographic Protection    STRIDE-LM
(7)Disconnect Verification    STRIDE-LM
PS-3(4)Citizenship Requirements    STRIDE-LM
SC-7Boundary Protection STRIDE-LM
(3)Access Points  STRIDE-LM
(4)External Telecommunications Services  STRIDE-LM
(5)Deny by Default - Allow by Exception  STRIDE-LM
(7)Split Tunneling for Remote Devices  STRIDE-LM
(8)Route Traffic to Authenticated Proxy Servers  STRIDE-LM
(9)Restrict Threatening Outgoing Communications Traffic    STRIDE-LM
(10)Prevent Exfiltration    STRIDE-LM
(11)Restrict Incoming Communications Traffic    STRIDE-LM
(12)Host-based Protection    STRIDE-LM