From 51b1e0e0cfe8edd2edf9084e5a05d50c5bd65669 Mon Sep 17 00:00:00 2001 From: jkaufman-mitre Date: Tue, 12 Dec 2023 12:18:11 -0500 Subject: [PATCH 1/2] Added ATT&CK TTP Mappings for COMMONCONTROLS 17.1 and 18.1 --- ...imum Viable Secure Configuration Baseline v0.1.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/baselines/Common Controls Minimum Viable Secure Configuration Baseline v0.1.md b/baselines/Common Controls Minimum Viable Secure Configuration Baseline v0.1.md index 40e4f4b4..98218f34 100644 --- a/baselines/Common Controls Minimum Viable Secure Configuration Baseline v0.1.md +++ b/baselines/Common Controls Minimum Viable Secure Configuration Baseline v0.1.md @@ -1272,6 +1272,12 @@ The data storage region SHALL be set to be the United States for all users in th - FCEB agencies may need to meet specific regulations for various data classifications including data governance, security controls, privacy, and data residency. Being able to establish data sovereignty and identify residency regions can aid in these efforts. - Last Modified: October 30, 2023 +- MITRE ATT&CK TTP Mapping + - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/) + - [T1591:001 Gather Victim Organization Information: Determine Physical Location](https://attack.mitre.org/techniques/T1591/001/) + - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) + - [T1537: Transfer Data to Cloud Account](https://attack.mitre.org/techniques/T1537/) + ### Resources - [GWS Admin Help \| Data regions: Choose a geographic location for your data](https://support.google.com/a/answer/7630496) - [GWS Admin Help \| What data is covered by a data region policy?](https://support.google.com/a/answer/9223653) @@ -1306,6 +1312,12 @@ The supplemental data storage region SHALL NOT be set to 'Russian Federation'. - This policy is aligned with the concept of data sovereignty. Ensuring that data is not stored in a specific region affords the administrator of the GWS environment a degree of control and governance over their cloud data. This policy takes into account geopolitical and USG national security concerns. - Last Modified: November 30, 2023 +- MITRE ATT&CK TTP Mapping + - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/) + - [T1591:001 Gather Victim Organization Information: Determine Physical Location](https://attack.mitre.org/techniques/T1591/001/) + - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) + - [T1537: Transfer Data to Cloud Account](https://attack.mitre.org/techniques/T1537/) + ### Resources - [GWS Admin Help \| Set up Supplemental Data Storage](https://support.google.com/a/answer/6281927) From 23247d36f94fd799314a587128a9e2ba478ccf2c Mon Sep 17 00:00:00 2001 From: jkaufman-mitre Date: Tue, 12 Dec 2023 13:32:58 -0500 Subject: [PATCH 2/2] Added Mappings for GWS.MEET.4.1v0.1 --- ... Meet Minimum Viable Secure Configuration Baseline v0.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/baselines/Google Meet Minimum Viable Secure Configuration Baseline v0.1.md b/baselines/Google Meet Minimum Viable Secure Configuration Baseline v0.1.md index ec5a9f06..6f14d1cf 100644 --- a/baselines/Google Meet Minimum Viable Secure Configuration Baseline v0.1.md +++ b/baselines/Google Meet Minimum Viable Secure Configuration Baseline v0.1.md @@ -167,6 +167,10 @@ Warn for external participants SHALL be enabled. - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) + - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/) + - [T1566:004: Phishing: Spearphishing Voice](https://attack.mitre.org/techniques/T1566/004/) + - [T1598: Phishing for Information](https://attack.mitre.org/techniques/T1598/) + - [T1598:004: Phishing for Information: Spearphishing Voice](https://attack.mitre.org/techniques/T1598/004/) - [T1123: Audio Capture](https://attack.mitre.org/techniques/T1123/) - [T1113: Screen Capture](https://attack.mitre.org/techniques/T1113/) - [T1125: Video Capture](https://attack.mitre.org/techniques/T1125/)