December 14, 2020

669 words 4 mins read

center-for-threat-informed-defense/attack-control-framework-mappings

center-for-threat-informed-defense/attack-control-framework-mappings

Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
repo name center-for-threat-informed-defense/attack-control-framework-mappings
repo link https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings
homepage https://mitre-engenuity.org/ctid/
language Python
size (curr.) 22550 kB
stars (curr.) 51
created 2020-04-22
license Apache License 2.0

Security Control Framework Mappings to ATT&CK

This repository contains security control framework mappings to MITRE ATT&CK® with supporting documentation and resources. These mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process. This work was developed by the Center for Threat Informed Defense in collaboration with our participants.

Security Control Framework Mappings as XLSX ATT&CK Navigator Layers STIX Data
NIST 800-53 Revision 4 Spreadsheet Navigator Layers STIX
NIST 800-53 Revision 5 Spreadsheet Navigator Layers STIX

A Collaborative Approach

Mapping NIST Special Publication 800-53, or any security control framework, to ATT&CK is a labor intensive and often subjective undertaking. Furthermore, due to the large number of security controls in any given framework and the evolving nature of cyber adversaries, these mappings are often error prone and difficult to maintain. We recognized that there was not only a need for mappings NIST 800-53, but an opportunity to work collaboratively and advance threat-informed defense with the global community. With over 6,300 individual mappings between NIST 800-53 and ATT&CK, we believe that this work will greatly reduce the burden on the community – allowing organizations to focus their limited time and resources on understanding how controls map to threats in their environment.

Repository Contents

  • Frameworks — this directory contains the security control frameworks and their mappings to ATT&CK techniques. Each security control framework has its own directory of documentation and resources.
  • Mapping Methodology — a description of the general process used to create the control mappings
  • Tooling — a set of python tools to support the creation of new mappings and the customization of existing mappings
  • Use Cases - use cases for security control framework mappings to ATT&CK
  • STIX Format — information regarding the STIX representation of the control frameworks and the mappings to ATT&CK
  • Visualization — this document describes some ways the mappings data can be visualized.
  • Contributing — information about how to contribute controls, mappings, or other improvements to this repository
  • Changelog — list of updates to this repository

Getting Involved

There are several ways that you can get involved with this project and help advance threat-informed defense.

First, review the mappings, use them, and tell us what you think. We welcome your review and feedback on the NIST 800-53 mappings, our methodology, and resources.

Second, we are interested in applying our methodology to other security control frameworks. Let us know what frameworks you would like to see mapped to ATT&CK. Your input will help us prioritize how we expand our mappings.

Finally, we are interested developing additional tools and resources to help the community understand and make threat-informed decisions in their risk management programs. Share your ideas and we will consider them as we explore additional research projects.

Questions and Feedback

Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.

Also see the guidance for contributors if are you interested in contributing or simply reporting issues.

Notice

Copyright 2020 MITRE Engenuity. Approved for public release. Document number CT0011

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®

ATT&CK Terms of Use

python framework framework management
comments powered by Disqus
RasaHQ/rasa

RasaHQ/rasa

February 12, 2020

Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants
nornir-automation/nornir

nornir-automation/nornir

June 4, 2019

Pluggable multi-threaded framework with inventory management to help operate collections of devices
frappe/frappe

frappe/frappe

December 11, 2020

Low Code Open Source Framework in Python and JS
iPERDance/iPERCore

iPERDance/iPERCore

December 11, 2020

Liquid Warping GAN with Attention: A Unified Framework for Human Image Synthesis
pyrogram/pyrogram

pyrogram/pyrogram

November 8, 2020

Telegram MTProto API Client Library and Framework for Python
Qiskit/qiskit

Qiskit/qiskit

November 1, 2020

Qiskit is an open-source framework for working with noisy quantum computers at the level of pulses, circuits, and algorithms.
aiogram/aiogram

aiogram/aiogram

October 30, 2020

Is a pretty simple and fully asynchronous framework for Telegram Bot API written in Python 3.7 with asyncio and aiohttp.
pythonlessons/TensorFlow-object-detection-tutorial

pythonlessons/TensorFlow-object-detection-tutorial

October 29, 2020

The purpose of this tutorial is to learn how to install and prepare TensorFlow framework to train your own convolutional neural network object detection classifier for multiple objects, starting from scratch
phodal/awesome-iot

phodal/awesome-iot

October 23, 2020

Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform