What is the authoritative source for D3-EAL?

Executable Allowlisting (D3-EAL) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Isolatetechnique

D3-EALExecutable Allowlisting

Executable Allowlisting

Using a digital signature to authenticate a file before opening.

Type	Target	Confidence	Tier
SubTechnique	Path Interception by Search Order Hijackingt1574.008	100%	live
SubTechnique	Process Doppelgängingt1055.013	100%	live
SubTechnique	Impair Command History Loggingt1562.003	100%	live
SubTechnique	Control Panelt1218.002	100%	live
SubTechnique	Web Shellt1505.003	100%	live
SubTechnique	AppInit DLLst1546.010	100%	live
SubTechnique	Trapt1546.005	100%	live
Technique	Remote System Discoveryt1018	100%	live
SubTechnique	Parent PID Spoofingt1134.004	100%	live
Technique	Scheduled Task/Jobt1053	100%	live
Technique	Windows Management Instrumentationt1047	100%	live
SubTechnique	Rename System Utilitiest1036.003	100%	live
SubTechnique	Binary Paddingt1027.001	100%	live
SubTechnique	SQL Stored Procedurest1505.001	100%	live
SubTechnique	Invalid Code Signaturet1036.001	100%	live
Technique	Application Window Discoveryt1010	100%	live
SubTechnique	Asynchronous Procedure Callt1055.004	100%	live
SubTechnique	Shortcut Modificationt1547.009	100%	live
SubTechnique	Software Packingt1027.002	100%	live
Technique	System Service Discoveryt1007	100%	live
SubTechnique	Component Object Model Hijackingt1546.015	100%	live
SubTechnique	Compile After Deliveryt1027.004	100%	live
Technique	Command and Scripting Interpretert1059	100%	live
SubTechnique	PowerShell Profilet1546.013	100%	live
Technique	System Information Discoveryt1082	100%	live
SubTechnique	Screensavert1546.002	100%	live
SubTechnique	Rundll32t1218.011	100%	live
Technique	System Network Configuration Discoveryt1016	100%	live
SubTechnique	LC_LOAD_DYLIB Additiont1546.006	100%	live
SubTechnique	Logon Script (Windows)t1037.001	100%	live