Your ATs to Ts: MITRE ATT&CK Attack Technique to P-SSCRM Task Mapping
Sivana Hamer, Jacob Bowen, Md Nazmul Haque, Chris Madden, Laurie Williams
TL;DR
This paper presents a mapping framework linking MITRE ATT&CK attack techniques to P-SSCRM tasks, aiding software organizations in understanding how specific tasks mitigate supply chain attack techniques.
Contribution
It introduces a comprehensive mapping between MITRE ATT&CK and P-SSCRM tasks, integrating multiple frameworks for improved supply chain security management.
Findings
Mapped MITRE ATT&CK techniques to P-SSCRM tasks through four strategies
Created a cross-framework mapping between MITRE ATT&CK and other industry standards
Facilitates better understanding of mitigation strategies for supply chain attacks
Abstract
The MITRE Adversarial Tactics, Techniques and Common Knowledge (MITRE ATT&CK) Attack Technique to Proactive Software Supply Chain Risk Management Framework (P-SSCRM) Task mapping described in this document helps software organizations to determine how different tasks mitigate the attack techniques of software supply chain attacks. The mapping was created through four independent strategies to find agreed-upon mappings. Because each P-SSCRM task is mapped to one or more tasks from the 10 frameworks, the mapping we provide is also a mapping between MITRE ATT&CK and other prominent government and industry frameworks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Network Security and Intrusion Detection · Digital and Cyber Forensics