Restrict File and Directory Permissions

From attackics
Jump to navigation Jump to search
Restrict File and Directory Permissions
Mitigation
ID M0922
NIST SP 800-53 Rev. 4 AC-6
IEC 62443-3-3:2013 SR 2.1
IEC 62443-4-2:2019 CR 2.1

Description

Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.


Techniques Addressed by Mitigation

NameUse
Data DestructionProtect files stored locally with proper permissions to limit opportunities for adversaries to impact data storage.1
Data from Information RepositoriesProtect files stored locally with proper permissions to limit opportunities for adversaries to interact and collect information from databases.21
Indicator Removal on HostProtect files stored locally with proper permissions to limit opportunities for adversaries to remove indicators of their activity on the system.21
MasqueradingUse file system access controls to protect system and application folders.
Project File InfectionEnsure permissions restrict project file access to only engineer and technician user groups and accounts.
Service StopEnsure proper process and file permissions are in place to inhibit adversaries from disabling or interfering with critical services.
Theft of Operational InformationProtect files stored locally with proper permissions to limit opportunities for adversaries to interact and collect information from databases.21