search

CISecurity / CISControls_OSCAL

A repository containing OSCAL serializations of the CIS Critical Security Controls
Other
48 stars 10 forks source link

MITRE ATT&CK v12 mapping #12

Open MaurizioCasciano opened 1 year ago

MaurizioCasciano commented 1 year ago

Hi, are there any plans to include the mappings between CIS Controls and MITRE ATT&CK techniques?

Something similar to what has been provided here https://github.com/CISecurity/CISControls_OSCAL/blob/main/src/mappings/SP_800_53MOD_CISControlsv8_Mapping.xml for NIST SP 800-53 Rev 5 Moderate

E.g.

<?xml version="1.0" encoding="UTF-8"?>
<mapping-collection xmlns="http://csrc.nist.gov/ns/oscal/1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 ../../../xml/schema/oscal_complete_schema.xsd"
    uuid="1c02b862-65b8-4019-b6f6-2cc32dba7c9c">
    <metadata>
        <title>Example of mapping between CIS Controls v8 and MITRE ATTCK v12 Techniques</title>
        <last-modified>2022-08-31T00:00:00.0000001-04:00</last-modified>
        <version>0.0.1</version>
        <oscal-version>1.1.0-alpha</oscal-version>
    </metadata>

    <mapping uuid="0327d26a-83bd-443a-9aa4-45198efccdc5">
        <source-resource type="catalog" href="#7f0c0991-54d6-489a-a8d1-30e61b3de4fe"/>
        <target-resource type="catalog" href="#5c01a62a-0912-45dd-9916-ff66656dc602"/>
        <map uuid="7056a072-6c88-4e0f-b28d-2c64a1417605">
            <relationship>subset-of</relationship>
            <source type="control" id-ref="#cis-1.1"/>
            <target type="attack-pattern" id-ref="#T1200">
            </target>
        </map>
        <map uuid="ce1c015d-78f2-4ce3-b392-0cad485189bb">
            <relationship>subset-of</relationship>
            <source type="control" id-ref="#cis-1.2"/>
            <target type="attack-pattern" id-ref="#T1200">
            </target>
        </map>
    <mapping>
</mapping-collection>
MaurizioCasciano commented 1 year ago

Hi @ginger-anderson @aj-stein-nist @david-waltermire-nist, I'd like to ask you how should we provide this mapping using the OSCAL standard? I have seen that the OSCAL OSCAL Control mapping mainly controls of different frameworks https://pages.nist.gov/OSCAL/reference/develop/mapping/json-definitions/

The OSCAL Control mapping format can be used to describe how a collection of security controls and related control enhancements relate to another collection of controls. The root of the Control Catalog format is mapping-collection.

On the CIS Controls Navigator https://www.cisecurity.org/controls/cis-controls-navigator/ it is possible to see the mappings between CIS Controls and the MITRE Enterprise ATT&CK v8.2

E.g. CISC-1.1 --> T1200

We should also include information about the target framework (domain, version, ...) and allow multiple targets mappings from a single controller to multiple targets from different sources. How could we proceed with this feature, mapping CIS Control --> MITRE ATT&CK Techniques ?

vbrifo commented 1 year ago

Hello,

You should be able to find what you're looking for at https://workbench.cisecurity.org/files/3664

FYI