Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added ATT&CK TTP Mappings for COMMONCONTROLS 17.1 and 18.1 #103

Merged
merged 2 commits into from
Dec 13, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -1272,6 +1272,12 @@ The data storage region SHALL be set to be the United States for all users in th
- FCEB agencies may need to meet specific regulations for various data classifications including data governance, security controls, privacy, and data residency. Being able to establish data sovereignty and identify residency regions can aid in these efforts.
- Last Modified: October 30, 2023

- MITRE ATT&CK TTP Mapping
- [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/)
- [T1591:001 Gather Victim Organization Information: Determine Physical Location](https://attack.mitre.org/techniques/T1591/001/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1537: Transfer Data to Cloud Account](https://attack.mitre.org/techniques/T1537/)

### Resources
- [GWS Admin Help \| Data regions: Choose a geographic location for your data](https://support.google.com/a/answer/7630496)
- [GWS Admin Help \| What data is covered by a data region policy?](https://support.google.com/a/answer/9223653)
Expand Down Expand Up @@ -1306,6 +1312,12 @@ The supplemental data storage region SHALL NOT be set to 'Russian Federation'.
- This policy is aligned with the concept of data sovereignty. Ensuring that data is not stored in a specific region affords the administrator of the GWS environment a degree of control and governance over their cloud data. This policy takes into account geopolitical and USG national security concerns.
- Last Modified: November 30, 2023

- MITRE ATT&CK TTP Mapping
- [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/)
- [T1591:001 Gather Victim Organization Information: Determine Physical Location](https://attack.mitre.org/techniques/T1591/001/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1537: Transfer Data to Cloud Account](https://attack.mitre.org/techniques/T1537/)

### Resources
- [GWS Admin Help \| Set up Supplemental Data Storage](https://support.google.com/a/answer/6281927)

Expand Down