Thank you to Tidal Cyber and SOC Prime for becoming ATT&CK's first Benefactors. To join the cohort, or learn more about this program visit our Benefactors page.

Operational Information Confidentiality

Deploy mechanisms to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP).

ID: M0809

Security Controls: IEC 62443-3-3:2013 - SR 4.1, IEC 62443-4-2:2019 - CR 4.1

Version: 1.0

Created: 06 June 2019

Last Modified: 30 March 2023

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
ICS	T0882		Theft of Operational Information	Example mitigations could include minimizing its distribution/storage or obfuscating the information (e.g., facility coverterms, codenames). In many cases this information may be necessary to support critical engineering, maintenance, or operational functions, therefore, it may not be feasible to implement.

Operational Information Confidentiality

ICS Layer

Techniques Addressed by Mitigation