ABSTRACT

Best Practices for MITRE ATT&CK® Mapping   [open pdf - 2MB]

From the Introduction: "For the Cybersecurity and Infrastructure Security Agency (CISA), understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® [MITRE Adversarial Tactics, Techniques, and Common Knowledge] framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides details on 100+ threat actor groups, including the techniques and software they are known to use. ATT&CK can be used to identify defensive gaps, assess security tool capabilities, organize detections, hunt for threats, engage in red team activities, or validate mitigation controls. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. CISA created this guide with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned federally funded research and development center (FFRDC), which worked with the MITRE ATT&CK team."

Publisher:
Date:
2021-06
Copyright:
Public Domain
Retrieved From:
Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations