ABOUT MAPPINGS

The Center for Threat-Informed Defense has created the following mappings of security capabilities to MITRE ATT&CK®, empowering defenders with data. Mappings Explorer provides a central location where all Center mapping resources are provided in a more accessible and connected manner, improving a defender’s ability to make threat-informed decisions based on mapped security capabilities.

MAPPING FRAMEWORKS

NIST 800-53

National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. This project provides resources for assessing security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

ATT&CK Versions 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain Enterprise

Learn More

CVE

The Common Vulnerabilities and Exposures (CVE®) Program provides a catalog of publicly disclosed cybersecurity vulnerabilities, used throughout the cyber community to communicate consistent descriptions of vulnerabilities. This project uses the adversary behaviors described in MITRE ATT&CK® to characterize the impact of vulnerabilities from CVE, establishing a critical connection between vulnerability management, threat modeling, and compensating controls.

ATT&CK Version 9.0 ATT&CK Domain Enterprise

Learn More

VERIS

The Vocabulary for Event Recording and Incident Sharing (VERIS) provides a common language for describing security incidents in a structured and repeatable manner that allows for the analysis of data across a variety of incidents. This project provides mappings to better connect the who, what, and why captured in VERIS incident representation with the when and how described in MITRE ATT&CK® adversary behavioral tactics and techniques.

ATT&CK Versions 12.1, 9.0 ATT&CK Domains Enterprise, ICS, Mobile

Learn More

Azure

Azure is a widely used cloud computing platform. This project maps the security controls native to the Azure platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

ATT&CK Version 8.2 ATT&CK Domain Enterprise

Learn More

GCP

Google Cloud Platform (GCP) is a widely used cloud computing platform. This project maps the security controls native to the GCP platform to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

ATT&CK Version 10.0 ATT&CK Domain Enterprise

Learn More

AWS

Amazon Web Services (AWS) is a widely used cloud computing platform. This project maps the security controls native to the (AWS) platform to MITRE ATT&CK®, providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

ATT&CK Version 9.0 ATT&CK Domain Enterprise

Learn More

M365

Microsoft 365 (M365) is a widely used Software as a Service (SaaS) product family of productivity software, collaboration, and cloud-based services. This project maps the security controls native to M365 product areas to MITRE ATT&CK® providing resources to assess how to protect, detect, and respond to real-world threats as described in the ATT&CK knowledge base.

ATT&CK Version 14.1 ATT&CK Domain Enterprise

Learn More