NIST_CSFGOVERNvoice-validated
NIST_CSF GV: GOVERN
NIST_CSF
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
The organisation's cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored. GOVERN provides outcomes to inform what an organisation may do to achieve and prioritise the outcomes of the other five Functions in the context of its mission and stakeholder expectations.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1078 | 1. Weak governance over account management policies, as per GOVERN, directly enables adversaries to use valid accounts for initial access. 2. Inadequate communication of security expectations can lead to compromised credentials. | 90% |
| T1133 | 1. Poorly established or monitored policies for external remote services, as outlined in GOVERN, create opportunities for initial access. 2. Lack of strategic oversight permits unmanaged external connections. | 80% |
| T1547.001 | 1. Absence of clear policies for system configuration and monitoring, as per GOVERN, allows adversaries to establish persistence via boot or logon autostart execution. 2. Unmonitored system changes facilitate this technique. | 85% |
| T1053.005 | 1. Weak governance on system scheduling and task management, as defined by GOVERN, enables attackers to maintain persistence through scheduled tasks. 2. Lack of policy enforcement permits unauthorized job creation. | 80% |
| T1068 | 1. Inadequate governance over vulnerability management and patch policies, as per GOVERN, leaves systems susceptible to exploitation for privilege escalation. 2. Unaddressed vulnerabilities increase attack surface. | 90% |
| T1055 | 1. Lack of established policies for secure system hardening and process integrity, as required by GOVERN, can facilitate process injection for privilege escalation. 2. Unmonitored process behavior aids evasion. | 75% |
| T1070.004 | 1. Weak governance on logging and monitoring policies, as specified in GOVERN, allows adversaries to remove files and evade detection. 2. Inadequate monitoring permits indicator removal to go unnoticed. | 80% |
| T1027 | 1. Absence of policies for code review, static analysis, or secure development practices, as per GOVERN, can lead to obfuscated files or information being deployed, aiding defense evasion. 2. Unclear expectations hinder detection. | 70% |
| T1003 | 1. Poorly defined or enforced policies for credential protection and storage, as required by GOVERN, directly enable OS credential dumping. 2. Lack of strategic oversight on credential management increases risk. | 90% |
| T1552.001 | 1. Weak governance over secure configuration policies, as per GOVERN, results in unsecured credentials being stored in files, facilitating credential access. 2. Unmonitored configurations pose a direct threat. | 85% |
| T1087 | 1. Inadequate governance over account auditing and management policies, as per GOVERN, allows adversaries to perform account discovery. 2. Lack of monitoring for account enumeration aids this technique. | 80% |
| T1046 | 1. Weak governance on network segmentation and monitoring policies, as per GOVERN, enables adversaries to perform network service scanning for discovery. 2. Uncontrolled network access facilitates reconnaissance. | 75% |
| T1021.001 | 1. Poorly defined or enforced policies for remote access, as per GOVERN, allow adversaries to use Remote Desktop Protocol for lateral movement. 2. Unmonitored remote connections increase risk. | 80% |
| T1005 | 1. Weak governance over data handling and access policies, as per GOVERN, enables adversaries to collect data from local systems. 2. Inadequate data classification and protection policies contribute to this. | 85% |
| T1041 | 1. Inadequate governance over data egress and network monitoring policies, as per GOVERN, allows adversaries to exfiltrate data over C2 channels. 2. Unmonitored outbound traffic facilitates data theft. | 90% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1030 | 1. GOVERN's emphasis on strategy and policy directly supports network segmentation. 2. Establishing clear policies for network architecture reduces the attack surface and limits lateral movement. | 95% |
| M1028 | 1. GOVERN mandates establishing and communicating secure configuration policies for operating systems. 2. This proactive governance reduces vulnerabilities and prevents exploitation for privilege escalation. | 90% |
| M1017 | 1. GOVERN requires clear policies and expectations for user account management. 2. This includes account provisioning, deprovisioning, and auditing, directly mitigating valid account misuse and credential access. | 95% |
| M1035 | 1. GOVERN's focus on policy establishment and communication ensures that access to resources is limited based on need-to-know. 2. This reduces the scope of potential damage from compromised accounts. | 90% |
| M1040 | 1. GOVERN's strategic oversight includes defining approved software and services. 2. Policies for disabling or removing unneeded features reduce the attack surface and potential for exploitation. | 85% |
| M1047 | 1. GOVERN explicitly states that monitoring is essential for cybersecurity risk management. 2. Robust auditing policies ensure detection of malicious activities and adherence to security expectations. | 90% |
| M1051 | 1. GOVERN's strategy includes defining data protection and recovery expectations. 2. Establishing and communicating data backup policies mitigates the impact of data loss or encryption attacks. | 85% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 1. Weak governance, as per GOVERN, often leads to insufficient policies for data classification and handling. 2. This directly results in the exposure of sensitive information to unauthorized actors. | 90% |
| CWE-284 | 1. GOVERN's core function is to establish access control policies. 2. Failure in this area leads to improper access control, allowing unauthorized access to resources and escalating privileges. | 95% |
| CWE-522 | 1. Inadequate governance over credential management policies, as per GOVERN, results in insufficiently protected credentials. 2. This weakness directly enables credential theft and reuse. | 90% |
| CWE-668 | 1. Weak governance on network architecture and asset management, as per GOVERN, can expose resources to the wrong security sphere. 2. This leads to unintended access and increased attack surface. | 85% |
| CWE-732 | 1. GOVERN requires establishing and monitoring policies for resource permissions. 2. Incorrect permission assignments for critical resources stem from a lack of governance enforcement. | 85% |
| CWE-1007 | 1. GOVERN emphasizes monitoring as a key component of risk management. 2. Insufficient logging is a direct consequence of weak governance over monitoring and audit policies. | 90% |
| CWE-306 | 1. Lack of clear policies and expectations for authentication, as per GOVERN, can lead to missing authentication for critical functions. 2. This allows unauthorized access and manipulation. | 80% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0195 compute · voice-rubric self-validated