Advanced security features in Intel vPro hardware can be leveraged by operating system (OS) and security software features across system attack surfaces to optimize mitigations against cyber threats. These mappings demonstrate the practical application of hardware features by capabilities in Microsoft Windows 11 with Defender and CrowdStrike Falcon to assist defenders in understanding how these integrated capabilities can help mitigate real-world adversary behaviors as described in MITRE ATT&CK®.

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. These mappings provide resources for security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

The Known Exploited Vulnerabilities (KEV) Catalog is an authoritative source of vulnerabilities exploited in the wild maintained by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Vulnerabilities in the KEV Catalog are contained in the Common Vulnerabilities and Exposures (CVE®) List, which identifies and defines publicly known cybersecurity vulnerabilities. These mappings use the behaviors described in MITRE ATT&CK® to connect known exploited CVEs to publicly reported methods and impacts of adversary exploitation. Mapped ATT&CK techniques enable defenders to take a threat-informed approach to vulnerability management. With knowledge of mapped adversary behaviors, defenders will better understand how a vulnerability can impact them, helping defenders integrate vulnerability information into their risk models and identify appropriate compensating security controls.

The Vocabulary for Event Recording and Incident Sharing (VERIS) provides a common language for describing security incidents in a structured and repeatable manner that allows for the analysis of data across a variety of incidents. These mappings provide the context to better connect the who, what, and why captured in VERIS incident representation with the when and how described in MITRE ATT&CK® adversary behavioral tactics and techniques.

Azure is a widely used cloud computing platform. These mappings connect the security controls native to the Azure platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Google Cloud Platform (GCP) is a widely used cloud computing platform. These mappings connect the security controls native to the GCP platform to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Amazon Web Services (AWS) is a widely used cloud computing platform. These mappings connect the security controls native to the (AWS) platformto MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Microsoft 365 (M365) is a widely used Software as a Service (SaaS) product family of productivity software, collaboration, and cloud-based services. These mappings connect the security controls native to M365 product areas to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.