Masquerading as an authorized entity in order to gain access/Insider Threat
Requirement | Rationale/Additional Guidance/Notes |
---|---|
The [organization] shall have a two-man rule to achieve a high level of security for systems with command level access to the spacecraft.(Under this rule all access and actions require the presence of two authorized people at all times.) {SV-AC-4}{PE-3} | Note: These are not spacecraft requirements but important to call out but likely are covered under other requirements by the customer. |
The [organization] shall have Insider Threat Program to aid in the prevention of people with authorized access to perform malicious activities.{SV-AC-4}{PM-12,AT-2(2),IR-4(7)} | Note: These are not spacecraft requirements but important to call out but likely are covered under other requirements by the customer. |
The [organization], upon termination of individual employment, disables information system access within [TBD minutes] of termination.{SV-AC-4}{PS-4} | |
The [organization] shall have physical security controls to prevent unauthorized access to the systems that have the ability to command the spacecraft.{SV-AC-4}{PE-3} | Note: These are not spacecraft requirements but important to call out but likely are covered under other requirements by the customer. |
ID | Name | Description | |
---|---|---|---|
IA-0009 | Trusted Relationship | Access through trusted third-party relationship exploits an existing connection that has been approved for interconnection. Leveraging third party / approved interconnections to pivot into the target systems is a common technique for threat actors as these interconnections typically lack stringent access control due to the trusted status. | |
EX-0003 | Modify Authentication Process | Threat actors may modify the internal authentication process of the victim SV to facilitate initial access, recurring execution, or prevent authorized entities from accessing the SV. This can be done through the modification of the software binaries or memory manipulation techniques. | |
DE-0004 | Masquerading | Threat actors may gain access to a victim SV by masquerading as an authorized entity. This can be done several ways, including through the manipulation of command headers, spoofing locations, or even leveraging Insider's access (i.e., Insider Threat) |
ID | Name | Description | NIST Rev5 | D3FEND | ISO 27001 |
---|