{"description": "ICS techniques mitigated by Network Segmentation, ATT&CK mitigation M0930 (v1.0)", "name": "Network Segmentation (M0930)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0800", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0830", "comment": "Network segmentation can be used to isolate infrastructure components that do not require broad network access. This may mitigate, or at least alleviate, the scope of AiTM activity.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0878", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0802", "comment": "Prevent unauthorized systems from accessing control servers or field devices containing industrial information, especially services used for common automation protocols (e.g., DNP3, OPC).\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0805", "comment": "Restrict unauthorized devices from accessing serial comm ports.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0806", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0858", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0885", "comment": "Configure internal and external firewalls to block traffic using common ports that associate to network protocols that may be unnecessary for that particular network segment.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0868", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0816", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0819", "comment": "Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0866", "comment": "Segment networks and systems appropriately to reduce access to critical system and services communications.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0822", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls. Consider a jump server or host into the DMZ for greater access control. Leverage this DMZ or corporate resources for vendor access. (Citation: Keith Stouffer May 2015)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0883", "comment": "Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls. Steps should be taken to periodically inventory internet accessible devices to determine if it differs from the expected.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0838", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016) (Citation: N/A)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0839", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0842", "comment": "Segment networks and systems appropriately to reduce access to critical system and services communications.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0861", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0843", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0845", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0886", "comment": "Segment and control software movement between business and OT environments by way of one directional DMZs. Web access should be restricted from the OT environment. Engineering workstations, including transient cyber assets (TCAs) should have minimal connectivity to external networks, including Internet and email, further limit the extent to which these devices are dual-homed to multiple networks. (Citation: North America Transmission Forum December 2019)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0848", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0881", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0856", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0869", "comment": "Ensure proper network segmentation between higher level corporate resources and the control process environment.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0857", "comment": "Segment operational network and systems to restrict access to critical system functions to predetermined management systems. (Citation: Department of Homeland Security September 2016)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0864", "comment": "Segment and control software movement between business and OT environments by way of one directional DMZs. Web access should be restricted from the OT environment. Engineering workstations, including transient cyber assets (TCAs) should have minimal connectivity to external networks, including Internet and email, further limit the extent to which these devices are dual-homed to multiple networks. (Citation: North America Transmission Forum December 2019)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0855", "comment": "Segment operational assets and their management devices based on their functional role within the process. Enabling more strict isolation to more critical control and operational information within the control environment. (Citation: Karen Scarfone; Paul Hoffman September 2009) (Citation: Keith Stouffer May 2015) (Citation: Department of Homeland Security September 2016) (Citation: Dwight Anderson 2014) \n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Network Segmentation", "color": "#66b1ff"}]}