Center for Threat-Informed Defense releases security control mappings to ATT&CK

The Center for Threat-Informed Defense (Center) just released set of mappings between MITRE ATT&CK® and NIST Special Publication 800-53 with supporting documentation and resources. These publicly-available mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

In collaboration with Center Participants, AttackIQ, the Center for Internet Security, and JPMorgan Chase, the Center recognized that there was not only a need for mappings for NIST 800-53, but an opportunity to work collaboratively and advance threat-informed defense with the global community. With over 6,300 individual mappings between NIST 800-53 and ATT&CK, we believe that this work will greatly reduce the burden on the community – allowing organizations to focus their limited time and resources on understanding how controls map to threats in their environment.

Read the full blog post to learn more.

About the Center for Threat-Informed Defense

The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Currently comprised of 24 Participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.