Below, you’ll find tables outlining various standard controls, detailing how BloodHound Enterprise supports these controls, and mapping them to relevant sections within the specific compliance frameworks. Within each table, the specific controls can be expanded to learn how BloodHound Enterprise satisfies each particular control.Documentation Index
Fetch the complete documentation index at: https://specterops-enable-tls-feedback.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Asset Management
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Asset Management The organization retains control over a system of devices, which undergoes reconciliation at intervals defined by the organization. | BloodHound Enterprise provides a comprehensive inventory of Active Directory and Azure assets through automated scans of the environment. | ID.AM-1 ID.AM-2 ID.AM-5 PR.IP-1 | ID.AM-01 ID.AM-02 ID.AM-05 | 3.1.1 3.4.1 | CM-8 CP-2 PM-5 RA-2 |
Risk Assessment
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Risk Assessment The organization employs mechanisms to understand the cybersecurity risk to operations, assets, and individuals. | BloodHound Enterprise’s attack path analysis and risk scoring help to satisfy this control. | ID.RA-1 ID.RA-3 ID.RA-5 | ID.RA-01 ID.RA-03 ID.RA-05 | 3.11.1 3.11.2 3.11.3 3.12.1 3.12.2 3.12.3 3.14.1 3.14.2 | CA-2 CA-7 CA-8 RA-3 RA-5 SA-5 SA-11 SI-2 SI-4 |
Configuration Management
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Configuration Management The organization employs proactive mechanisms to detect deviations from baseline configurations within production environments. | Analysis of Active Directory/Azure Identities audits user and object permissions for deviations from established access and identity baselines | PR.AC-4 PR.IP-1 DE.AE-1 | PR.PS-01 | 3.1.1 3.1.2 3.1.5 3.1.6 3.1.7 3.4.5 3.4.6 | AC-2 AC-3 IA-1 IA-2 IA-4 IA-8 |
Detection
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Detection The organization employs mechanisms within the environment that continuously monitor for anomalies and events. | Identity Attack Path vectors are assigned a severity rating in BloodHound Enterprise when detected during routine and on-demand scans | DE.AE-2 DE.AE-4 DE.AE-5 DE.CM-1 DE.CM-8 | DE.AE-02 DE.AE-04 DE.AE-08 | 3.3.1 3.3.2 3.3.5 | CA-3 CM-2 |
Respond
| Control Category/Activity | How Does BloodHound Enterprise Satisfy This Control? | NIST CSF v1.1 | NIST CSF v2 | NIST 800-171 | NIST 800-53 rev 8 | |
| Respond Activities are performed to ensure effective response, support recovery activities, and mitigating steps are taken to prevent the expansion of an incident. | BloodHound Enterprise detects and reports identified attack paths with a quantifiable risk metric and inventory of all impacted systems. Relevant remediation and mitigation documentation provided during analysis may help to satisfy this control. | RS.AN-1 RS.AN-2 RS.MI-2 | RS.MI-02 | 3.3.1 3.3.2 3.3.5 3.6.1 3.6.2 | CA-7 IR-5 |