Mapping of CSP security controls to MITRE ATT&CK


For cyber defenders to map Azure, AWS, and GCP's native security controls to MITRE ATT&CK Security Stack.

There are three (3) simple use cases for the MITRE ATT&CK security stack mapping to determine:

1) The (sub-)technique coverage of a control or set of controls

2) Security controls to be implemented to mitigate a specific set of (sub-)techniques

3) Security controls to defend against a given group or software.

The Git repository maintain by MITRE contains a collection of native security controls mapped to MITRE ATT&CK® based on a common methodology and tool set.

MITRE aim to empower organizations with independent data on which native security controls are most useful in defending against the adversary TTPs that they care about and establish a foundation for systematically mapping product security controls to ATT&CK.

These mappings will allow organizations to make threat-informed decisions when selecting which native security capabilities to use.

Last updated