The Center for Threat-Informed Defense has created the following mappings of security capabilities to MITRE ATT&CK®, empowering defenders with data. Mappings Explorer provides a central location where all Center mapping resources are provided in a more accessible and connected manner, improving a defender’s ability to make threat-informed decisions based on mapped security capabilities.
Advanced security features in Intel vPro hardware can be leveraged by operating system (OS) and security software features across system attack surfaces to optimize mitigations against cyber threats. These mappings demonstrate the practical application of hardware features by capabilities in Microsoft Windows 11 with Defender and CrowdStrike Falcon to assist defenders in understanding how these integrated capabilities can help mitigate real-world adversary behaviors as described in MITRE ATT&CK®.
ATT&CK Version 15.1 ATT&CK Domain Enterprise
Learn MoreNational Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.
ATT&CK Versions 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain Enterprise
Learn MoreThe Common Vulnerabilities and Exposures (CVE®) Program provides a catalog of publicly disclosed cybersecurity vulnerabilities, used throughout the cyber community to communicate consistent descriptions of vulnerabilities. This project uses the adversary behaviors described in MITRE ATT&CK® to characterize the impact of vulnerabilities from CVE, establishing a critical connection between vulnerability management, threat modeling, and compensating controls.
ATT&CK Version 9.0 ATT&CK Domain Enterprise
Learn MoreThe Vocabulary for Event Recording and Incident Sharing (VERIS) provides a common language for describing security incidents in a structured and repeatable manner that allows for the analysis of data across a variety of incidents. This project provides mappings to better connect the who, what, and why captured in VERIS incident representation with the when and how described in MITRE ATT&CK® adversary behavioral tactics and techniques.
ATT&CK Versions 12.1, 9.0 ATT&CK Domains Enterprise, ICS, Mobile
Learn MoreAzure is a widely used cloud computing platform. This project maps the security controls native to the Azure platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.
ATT&CK Version 8.2 ATT&CK Domain Enterprise
Learn MoreGoogle Cloud Platform (GCP) is a widely used cloud computing platform. This project maps the security controls native to the GCP platform to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.
ATT&CK Version 10.0 ATT&CK Domain Enterprise
Learn MoreAmazon Web Services (AWS) is a widely used cloud computing platform. This project maps the security controls native to the (AWS) platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.
ATT&CK Versions 16.1, 9.0 ATT&CK Domain Enterprise
Learn MoreMicrosoft 365 (M365) is a widely used Software as a Service (SaaS) product family of productivity software, collaboration, and cloud-based services. This project maps the security controls native to M365 product areas to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.
ATT&CK Version 14.1 ATT&CK Domain Enterprise
Learn More