National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

The Common Vulnerabilities and Exposures (CVE®) Program provides a catalog of publicly disclosed cybersecurity vulnerabilities, used throughout the cyber community to communicate consistent descriptions of vulnerabilities. This project uses the adversary behaviors described in MITRE ATT&CK® to characterize the impact of vulnerabilities from CVE, establishing a critical connection between vulnerability management, threat modeling, and compensating controls.

The Vocabulary for Event Recording and Incident Sharing (VERIS) provides a common language for describing security incidents in a structured and repeatable manner that allows for the analysis of data across a variety of incidents. This project provides mappings to better connect the who, what, and why captured in VERIS incident representation with the when and how described in MITRE ATT&CK® adversary behavioral tactics and techniques.

Azure is a widely used cloud computing platform. This project maps the security controls native to the Azure platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Google Cloud Platform (GCP) is a widely used cloud computing platform. This project maps the security controls native to the GCP platform to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Amazon Web Services (AWS) is a widely used cloud computing platform. This project maps the security controls native to the (AWS) platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

Microsoft 365 (M365) is a widely used Software as a Service (SaaS) product family of productivity software, collaboration, and cloud-based services. This project maps the security controls native to M365 product areas to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.