Cyber Preparedness – CISA Updates Best Practices for Mapping to MITRE ATT&CK®

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Best Practices Guide for MITRE ATT&CK® Mapping. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. ATT&CK provides details on 100-plus threat actor groups, including the techniques and software they are known to use. According CISA Executive Assistant Director Eric Goldstein, it directly supports “robust, contextual bi-directional sharing of information to help strengthen the security of our systems, networks, and data.” CISA encourages the cybersecurity community to use the framework because it provides a common language for threat actor analysis. The update contains changes that the MITRE ATT&CK team made to the framework since CISA initially released the best practices in June 2021. The update also includes common analytical biases, mapping mistakes, and specific ATT&CK mapping guidance for industrial control systems (ICS). Access the full guide at CISA.