Correlating NIST / ISO27100 cybersecurity functions

d3fend / d3fend-ontology

This repository holds the necessary content to produce the D3FEND ontology distribution.

https://d3fend.mitre.org

MIT License

58 stars 26 forks source link

Correlating NIST / ISO27100 cybersecurity functions #4

Open ioggstream opened 2 years ago

ioggstream commented 2 years ago

Question

how can I correlate the 5 cybersecurity functions https://www.nist.gov/cyberframework/online-learning/five-functions to d3fend entities?

For example:

nist:Detect iso:related d3f:Detect . nist:Protect iso:related [ d3f:Harden, d3f:Isolate . nist:Respond iso:related d3f:Evict .

In d3f, functions such as Identify (asset identification) and Respond doesn't seem to be classified (though d3f:Evict is probably related), while it seems that Recover is currently out of scope.

Note

see Correlating cybersecurity functions #6

Glenn1963l commented 2 years ago

Currently working alignments between NIST Cybersecurity Framework and D3FEND. Agree that some areas are outside current D3FEND Tactics. Attached is a mapping, with gray areas proposed additions to D3FEND to cover all of the CSF.

D3FEND - CSF

ioggstream commented 2 years ago

@Glenn1963l I identified similar mapping:

Identify: no mapping Protect: d3f:Harden, d3f:Isolate Detect: d3f:Detect Respond: d3f:Evict Recover: no mapping

Not sure about Detect -> d3f:Deceive, but it can be ok.

Do you confirm that Identify and Recover do not have any mapping in d3fend? cc: @netfl0

Glenn1963l commented 2 years ago

Correct. D3FEND is working on adding an Asset Inventory countermeasure which would map to part of Identify