Tactics
Techniques
Countermeasures
Countermeasures
Space Segment Cybersecurity Profile
NIST References
ISO IEC 27001
NASA Best Practice Guide
D3FEND
Tactics
Technqiues
Artifacts
Resources
General Information
Getting Started
FAQ
Working with SPARTA
Updates
SPARTA Versions
Contribute
Related Work
Spacecraft Functional Decomposition
Defense-in-Depth Space Systems
Threat Levels
Threats
Risk Assessment
Cybersecurity Protections for
Spacecraft: A Threat Based
Approach (pdf)
Tools
Navigator
Countermeasure Mapper
Control Mapper
Spacecraft Mapper
JSON Creator
Notional Risk Scores
Search
TECHNIQUES
D3FEND
Model
D3-AI - Asset Inventory
D3-CI - Configuration Inventory
D3-DI - Data Inventory
D3-SWI - Software Inventory
D3-AVE - Asset Vulnerability Enumeration
D3-NNI - Network Node Inventory
D3-HCI - Hardware Component Inventory
D3-NM - Network Mapping
D3-LLM - Logical Link Mapping
D3-ALLM - Active Logical Link Mapping
D3-PLLM - Passive Logical Link Mapping
D3-NVA - Network Vulnerability Assessment
D3-PLM - Physical Link Mapping
D3-APLM - Active Physical Link Mapping
D3-PPLM - Passive Physical Link Mapping
D3-NTPM - Network Traffic Policy Mapping
D3-OAM - Operational Activity Mapping
D3-AM - Access Modeling
D3-ODM - Operational Dependency Mapping
D3-ORA - Operational Risk Assessment
D3-OM - Organization Mapping
D3-SYSM - System Mapping
D3-DEM - Data Exchange Mapping
D3-SVCDM - Service Dependency Mapping
D3-SYSDM - System Dependency Mapping
D3-SYSVA - System Vulnerability Assessment
Harden
D3-MH - Message Hardening
D3-MAN - Message Authentication
D3-MENCR - Message Encryption
D3-TAAN - Transfer Agent Authentication
D3-CH - Credential Hardening
D3-BAN - Biometric Authentication
D3-CBAN - Certificate-based Authentication
D3-CP - Certificate Pinning
D3-CTS - Credential Transmission Scoping
D3-DTP - Domain Trust Policy
D3-MFA - Multi-factor Authentication
D3-OTP - One-time Password
D3-SPP - Strong Password Policy
D3-UAP - User Account Permissions
D3-CRO - Credential Rotation
D3-PH - Platform Hardening
D3-BA - Bootloader Authentication
D3-DENCR - Disk Encryption
D3-DLIC - Driver Load Integrity Checking
D3-FE - File Encryption
D3-LFP - Local File Permissions
D3-RFS - RF Shielding
D3-SU - Software Update
D3-SCP - System Configuration Permissions
D3-TBI - TPM Boot Integrity
D3-AH - Application Hardening
D3-ACH - Application Configuration Hardening
D3-DCE - Dead Code Elimination
D3-EHPV - Exception Handler Pointer Validation
D3-PAN - Pointer Authentication
D3-PSEP - Process Segment Execution Prevention
D3-SAOR - Segment Address Offset Randomization
D3-SFCV - Stack Frame Canary Validation
Detect
D3-NTA - Network Traffic Analysis
D3-ANAA - Administrative Network Activity Analysis
D3-BSE - Byte Sequence Emulation
D3-CA - Certificate Analysis
D3-ACA - Active Certificate Analysis
D3-PCA - Passive Certificate Analysis
D3-CSPP - Client-server Payload Profiling
D3-CAA - Connection Attempt Analysis
D3-DNSTA - DNS Traffic Analysis
D3-FC - File Carving
D3-ISVA - Inbound Session Volume Analysis
D3-IPCTA - IPC Traffic Analysis
D3-NTCD - Network Traffic Community Deviation
D3-PHDURA - Per Host Download-Upload Ratio Analysis
D3-PMAD - Protocol Metadata Anomaly Detection
D3-RPA - Relay Pattern Analysis
D3-RTSD - Remote Terminal Session Detection
D3-RTA - RPC Traffic Analysis
D3-PM - Platform Monitoring
D3-FBA - Firmware Behavior Analysis
D3-FEMC - Firmware Embedded Monitoring Code
D3-FV - Firmware Verification
D3-PFV - Peripheral Firmware Verification
D3-SFV - System Firmware Verification
D3-OSM - Operating System Monitoring
D3-EHB - Endpoint Health Beacon
D3-IDA - Input Device Analysis
D3-MBT - Memory Boundary Tracking
D3-SJA - Scheduled Job Analysis
D3-SDM - System Daemon Monitoring
D3-SFA - System File Analysis
D3-SBV - Service Binary Verification
D3-SICA - System Init Config Analysis
D3-USICA - User Session Init Config Analysis
D3-PA - Process Analysis
D3-DQSA - Database Query String Analysis
D3-FAPA - File Access Pattern Analysis
D3-IBCA - Indirect Branch Call Analysis
D3-PCSV - Process Code Segment Verification
D3-PSMD - Process Self-Modification Detection
D3-PSA - Process Spawn Analysis
D3-PLA - Process Lineage Analysis
D3-SEA - Script Execution Analysis
D3-SSC - Shadow Stack Comparisons
D3-SCA - System Call Analysis
D3-FCA - File Creation Analysis
D3-MA - Message Analysis
D3-SMRA - Sender MTA Reputation Analysis
D3-SRA - Sender Reputation Analysis
D3-ID - Identifier Analysis
D3-HD - Homoglyph Detection
D3-UA - URL Analysis
D3-IRA - Identifier Reputation Analysis
D3-DNRA - Domain Name Reputation Analysis
D3-FHRA - File Hash Reputation Analysis
D3-IPRA - IP Reputation Analysis
D3-URA - URL Reputation Analysis
D3-IAA - Identifier Activity Analysis
D3-UBA - User Behavior Analysis
D3-ANET - Authentication Event Thresholding
D3-AZET - Authorization Event Thresholding
D3-CCSA - Credential Compromise Scope Analysis
D3-DAM - Domain Account Monitoring
D3-JFAPA - Job Function Access Pattern Analysis
D3-LAM - Local Account Monitoring
D3-RAPA - Resource Access Pattern Analysis
D3-SDA - Session Duration Analysis
D3-UDTA - User Data Transfer Analysis
D3-UGLPA - User Geolocation Logon Pattern Analysis
D3-WSAA - Web Session Activity Analysis
D3-FA - File Analysis
D3-DA - Dynamic Analysis
D3-EFA - Emulated File Analysis
D3-FCR - File Content Rules
D3-FH - File Hashing
Isolate
D3-NI - Network Isolation
D3-BDI - Broadcast Domain Isolation
D3-DNSAL - DNS Allowlisting
D3-DNSDL - DNS Denylisting
D3-FRDDL - Forward Resolution Domain Denylisting
D3-HDDL - Hierarchical Domain Denylisting
D3-HDL - Homoglyph Denylisting
D3-FRIDL - Forward Resolution IP Denylisting
D3-RRDD - Reverse Resolution Domain Denylisting
D3-RRID - Reverse Resolution IP Denylisting
D3-ET - Encrypted Tunnels
D3-NTF - Network Traffic Filtering
D3-ITF - Inbound Traffic Filtering
D3-OTF - Outbound Traffic Filtering
D3-EI - Execution Isolation
D3-EAL - Executable Allowlisting
D3-EDL - Executable Denylisting
D3-HBPI - Hardware-based Process Isolation
D3-IOPR - IO Port Restriction
D3-KBPI - Kernel-based Process Isolation
D3-MAC - Mandatory Access Control
D3-SCF - System Call Filtering
Deceive
D3-DE - Decoy Environment
D3-CHN - Connected Honeynet
D3-IHN - Integrated Honeynet
D3-SHN - Standalone Honeynet
D3-DO - Decoy Object
D3-DF - Decoy File
D3-DNR - Decoy Network Resource
D3-DP - Decoy Persona
D3-DPR - Decoy Public Release
D3-DST - Decoy Session Token
D3-DUC - Decoy User Credential
Evict
D3-FEV - File Eviction
D3-FR - File Removal
D3-ER - Email Removal
D3-CE - Credential Eviction
D3-AL - Account Locking
D3-ANCI - Authentication Cache Invalidation
D3-CR - Credential Revoking
D3-PE - Process Eviction
D3-PT - Process Termination
D3-PS - Process Suspension
Home
D3FEND Techniques
ID:
Subclasses:
No subclasses
Artifacts:
No artifacts
ⓘ
Tactic:
Informational References
Countermeasures
ID
Name
Description
NIST Rev5
D3FEND
ISO 27001
Related SPARTA Techniques and Sub-Techniques
ID
Name
Description
Space Threats Mapped
ID
Description
Sample Requirements
Requirement
Rationale/Additional Guidance/Notes
×