Open ioggstream opened 2 years ago
Currently working alignments between NIST Cybersecurity Framework and D3FEND. Agree that some areas are outside current D3FEND Tactics. Attached is a mapping, with gray areas proposed additions to D3FEND to cover all of the CSF.
@Glenn1963l I identified similar mapping:
Identify: no mapping Protect: d3f:Harden, d3f:Isolate Detect: d3f:Detect Respond: d3f:Evict Recover: no mapping
Not sure about Detect -> d3f:Deceive, but it can be ok.
Do you confirm that Identify and Recover do not have any mapping in d3fend? cc: @netfl0
Correct. D3FEND is working on adding an Asset Inventory countermeasure which would map to part of Identify
Question
how can I correlate the 5 cybersecurity functions https://www.nist.gov/cyberframework/online-learning/five-functions to d3fend entities?
For example:
nist:Detect iso:related d3f:Detect . nist:Protect iso:related [ d3f:Harden, d3f:Isolate . nist:Respond iso:related d3f:Evict .
In d3f, functions such as Identify (asset identification) and Respond doesn't seem to be classified (though d3f:Evict is probably related), while it seems that Recover is currently out of scope.
Note
see Correlating cybersecurity functions #6