The Cybersecurity and Infrastructure Security Agency has updated the best practices for mapping to the MITRE ATT&CK framework, a knowledge base of techniques, software and tactics used by adversaries meant to help network defenders assess security tools, identify gaps in cyber defense and validate mitigation controls.
The document Best Practices for MITRE ATT&CK Mapping provides network defenders with instructions, examples and guidance on how to use the MITRE ATT&CK framework and seeks to help them improve their capability to detect adversary behavior and facilitate information sharing to ensure the security of networks and data.
CISA said Tuesday it made the update in coordination with the Homeland Security Systems Engineering and Development Institute, a MITRE-operated research and development center.
According to the agency, the update covers mapping mistakes, common analytical biases and specific ATT&CK mapping guidance for industrial control systems and changes to the MITRE ATT&CK framework since the initial publication of the best practices in June 2021.
These changes include the introduction of new platforms, addition of ATT&CK campaigns, expansion of macOS and Linux coverage and redefinition of data sources and detections.