{"description": "ICS techniques mitigated by Privileged Account Management, ATT&CK mitigation M0926 (v1.0)", "name": "Privileged Account Management (M0926)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0809", "comment": "Minimize permissions and access for service accounts to limit the information that may be impacted by malicious users or software. (Citation: National Institute of Standards and Technology April 2013)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0811", "comment": "Minimize permissions and access for service accounts to limit the information that may be exposed or collected by malicious users or software. (Citation: National Institute of Standards and Technology April 2013)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0819", "comment": "Use least privilege for service accounts. (Citation: Keith Stouffer May 2015) (Citation: National Institute of Standards and Technology April 2013)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0866", "comment": "Minimize permissions and access for service accounts to limit impact of exploitation. (Citation: Keith Stouffer May 2015)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0842", "comment": "Restrict root or administrator access on user accounts to limit the ability to capture promiscuous traffic on a network through common packet capture tools. (Citation: National Institute of Standards and Technology April 2013)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0859", "comment": "Audit domain and local accounts and their permission levels routinely to look for situations that could allow an adversary to gain system wide access with stolen privileged account credentials. (Citation: Microsoft May 2017) (Citation: Microsoft August 2018)These audits should also identify if default accounts have been enabled, or if new local accounts are created that have not be authorized. Follow best practices for design and administration of an enterprise network to limit privileged account use across administrative tiers. (Citation: Microsoft February 2019)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Privileged Account Management", "color": "#66b1ff"}]}