Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
189 barriers — page 1 of 4
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| MFA on ERP Access | prevention | Access Control | Enforce multi-factor authentication for all ERP user and administrator accounts, including service a… | Edit | |
| Business Continuity Procedures | mitigation | Continuity | Manual fallback procedures for critical financial and procurement processes to sustain operations du… | Edit | |
| SR 4.1 – Information Confidentiality | prevention | Data Confidentiality | The system shall protect the confidentiality of information at rest and in transit. Confidentiality … | Edit | |
| SR 4.2 – Information Persistence | prevention | Data Confidentiality | The system shall protect information from unauthorized access via reuse of storage resources. Residu… | Edit | |
| Use of Cryptography | prevention | Data Confidentiality | Apply cryptographic controls to protect the confidentiality and integrity of information at rest and… | Edit | |
| SR 1.1 – Human User Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all human users. This requirement applies to all interfac… | Edit | |
| SR 1.10 – Authenticator Feedback | prevention | Identification and Authentication Control | The system shall obscure feedback of authentication information during the authentication process to… | Edit | |
| SR 1.11 – Unsuccessful Login Attempts | prevention | Identification and Authentication Control | The system shall enforce a limit on consecutive unsuccessful login attempts and apply a response suc… | Edit | |
| SR 1.12 – System Use Notification | prevention | Identification and Authentication Control | The system shall display an approved system use notification message before granting access, providi… | Edit | |
| SR 1.13 – Access via Untrusted Networks | prevention | Identification and Authentication Control | The system shall monitor and control all access to the control system via untrusted networks. Remote… | Edit | |
| SR 1.2 – Software Process and Device Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all software processes and devices that attempt to access… | Edit | |
| SR 1.3 – Account Management | prevention | Identification and Authentication Control | The system shall support the management of accounts including creation, modification, disabling, and… | Edit | |
| SR 1.4 – Identifier Management | prevention | Identification and Authentication Control | The system shall support and enforce identifier management policies, including unique identifiers pe… | Edit | |
| SR 1.5 – Authenticator Management | prevention | Identification and Authentication Control | The system shall enforce authenticator management practices including initial generation, distributi… | Edit | |
| SR 1.6 – Wireless Access Management | prevention | Identification and Authentication Control | The system shall identify and authenticate wireless access to the control system using recognized go… | Edit | |
| SR 1.7 – Strength of Password-Based Authentication | prevention | Identification and Authentication Control | The system shall enforce minimum password strength requirements such as length, complexity, and hist… | Edit | |
| SR 1.8 – Public Key Infrastructure Certificates | prevention | Identification and Authentication Control | The system shall implement and maintain a PKI for issuing, validating, revoking, and renewing digita… | Edit | |
| SR 1.9 – Strength of Public Key Authentication | prevention | Identification and Authentication Control | The system shall use public key authentication mechanisms with sufficient cryptographic strength. Ke… | Edit | |
| Account Use Policies | prevention | MITRE Mitigation | Account Use Policies help mitigate unauthorized access by configuring and enforcing rules that gover… | Edit | |
| Active Directory Configuration | prevention | MITRE Mitigation | Implement robust Active Directory (AD) configurations using group policies to secure user accounts, … | Edit | |
| Antivirus/Antimalware | prevention | MITRE Mitigation | Antivirus/Antimalware solutions utilize signatures, heuristics, and behavioral analysis to detect, b… | Edit | |
| Application Developer Guidance | prevention | MITRE Mitigation | Application Developer Guidance focuses on providing developers with the knowledge, tools, and best p… | Edit | |
| Application Isolation and Sandboxing | prevention | MITRE Mitigation | Application Isolation and Sandboxing refers to the technique of restricting the execution of code to… | Edit | |
| Audit | prevention | MITRE Mitigation | Auditing is the process of recording activity and systematically reviewing and analyzing the activit… | Edit | |
| Behavior Prevention on Endpoint | prevention | MITRE Mitigation | Behavior Prevention on Endpoint refers to the use of technologies and strategies to detect and block… | Edit | |
| Boot Integrity | prevention | MITRE Mitigation | Boot Integrity ensures that a system starts securely by verifying the integrity of its boot process,… | Edit | |
| Code Signing | prevention | MITRE Mitigation | Code Signing is a security process that ensures the authenticity and integrity of software by digita… | Edit | |
| Credential Access Protection | prevention | MITRE Mitigation | Credential Access Protection focuses on implementing measures to prevent adversaries from obtaining … | Edit | |
| Data Backup | prevention | MITRE Mitigation | Data Backup involves taking and securely storing backups of data from end-user systems and critical … | Edit | |
| Data Loss Prevention | prevention | MITRE Mitigation | Data Loss Prevention (DLP) involves implementing strategies and technologies to identify, categorize… | Edit | |
| Disable or Remove Feature or Program | prevention | MITRE Mitigation | Disable or remove unnecessary and potentially vulnerable software, features, or services to reduce t… | Edit | |
| Do Not Mitigate | prevention | MITRE Mitigation | The Do Not Mitigate category highlights scenarios where attempting to mitigate a specific technique … | Edit | |
| Encrypt Sensitive Information | prevention | MITRE Mitigation | Protect sensitive information at rest, in transit, and during processing by using strong encryption … | Edit | |
| Environment Variable Permissions | prevention | MITRE Mitigation | Restrict the modification of environment variables to authorized users and processes by enforcing st… | Edit | |
| Execution Prevention | prevention | MITRE Mitigation | Prevent the execution of unauthorized or malicious code on systems by implementing application contr… | Edit | |
| Exploit Protection | prevention | MITRE Mitigation | Deploy capabilities that detect, block, and mitigate conditions indicative of software exploits. The… | Edit | |
| Filter Network Traffic | prevention | MITRE Mitigation | Employ network appliances and endpoint software to filter ingress, egress, and lateral network traff… | Edit | |
| Limit Access to Resource Over Network | prevention | MITRE Mitigation | Restrict access to network resources, such as file shares, remote systems, and services, to only tho… | Edit | |
| Limit Hardware Installation | prevention | MITRE Mitigation | Prevent unauthorized users or groups from installing or using hardware, such as external drives, per… | Edit | |
| Limit Software Installation | prevention | MITRE Mitigation | Prevent users or groups from installing unauthorized or unapproved software to reduce the risk of in… | Edit | |
| Multi-factor Authentication | prevention | MITRE Mitigation | Multi-Factor Authentication (MFA) enhances security by requiring users to provide at least two forms… | Edit | |
| Network Intrusion Prevention | prevention | MITRE Mitigation | Use intrusion detection signatures to block traffic at network boundaries. | Edit | |
| Network Segmentation | prevention | MITRE Mitigation | Network segmentation involves dividing a network into smaller, isolated segments to control and limi… | Edit | |
| Operating System Configuration | prevention | MITRE Mitigation | Operating System Configuration involves adjusting system settings and hardening the default configur… | Edit | |
| Out-of-Band Communications Channel | prevention | MITRE Mitigation | Establish secure out-of-band communication channels to ensure the continuity of critical communicati… | Edit | |
| Password Policies | prevention | MITRE Mitigation | Set and enforce secure password policies for accounts to reduce the likelihood of unauthorized acces… | Edit | |
| Pre-compromise | prevention | MITRE Mitigation | Pre-compromise mitigations involve proactive measures and defenses implemented to prevent adversarie… | Edit | |
| Privileged Account Management | prevention | MITRE Mitigation | Privileged Account Management focuses on implementing policies, controls, and tools to securely mana… | Edit | |
| Privileged Process Integrity | prevention | MITRE Mitigation | Privileged Process Integrity focuses on defending highly privileged processes (e.g., system services… | Edit | |
| Remote Data Storage | prevention | MITRE Mitigation | Remote Data Storage focuses on moving critical data, such as security logs and sensitive files, to s… | Edit |