mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
fe01d6244d
Introduces galaxies for cybersecurity: - Work roles - Skills - Tasks - Knowledges - Competency areas - OPM codes
6519 lines
262 KiB
JSON
6519 lines
262 KiB
JSON
{
|
|
"authors": [
|
|
"NIST",
|
|
"Jean-Louis Huynen"
|
|
],
|
|
"category": "workforce",
|
|
"description": "Tasks based on the NIST NICE framework",
|
|
"name": "NICE Tasks",
|
|
"source": "https://csrc.nist.gov/pubs/sp/800/181/r1/final",
|
|
"type": "nice-framework-tasks",
|
|
"uuid": "6bcf78de-a3fb-4636-90bc-95a86817ad65",
|
|
"values": [
|
|
{
|
|
"description": "Employ secure configuration management processes",
|
|
"related": [],
|
|
"uuid": "8bff1e4a-7d09-535e-b272-79e281e6bb09",
|
|
"value": "Employ secure configuration management processes - T0084"
|
|
},
|
|
{
|
|
"description": "Translate proposed capabilities into technical requirements",
|
|
"related": [],
|
|
"uuid": "4aea85ca-bd37-5da8-92bd-82db9a0f0653",
|
|
"value": "Translate proposed capabilities into technical requirements - T0542"
|
|
},
|
|
{
|
|
"description": "Communicate enterprise information technology architecture",
|
|
"related": [],
|
|
"uuid": "79b8aadb-ecf8-5b4f-b14e-077e5dd17ed6",
|
|
"value": "Communicate enterprise information technology architecture - T1010"
|
|
},
|
|
{
|
|
"description": "Determine special needs of cyber-physical systems",
|
|
"related": [],
|
|
"uuid": "27fde591-3d44-596d-9e7d-1ff60fb963ba",
|
|
"value": "Determine special needs of cyber-physical systems - T1019"
|
|
},
|
|
{
|
|
"description": "Determine the operational and safety impacts of cybersecurity lapses",
|
|
"related": [],
|
|
"uuid": "07879643-ce6e-5cab-af2d-975e0569136e",
|
|
"value": "Determine the operational and safety impacts of cybersecurity lapses - T1020"
|
|
},
|
|
{
|
|
"description": "Integrate organizational goals and objectives into security architecture",
|
|
"related": [],
|
|
"uuid": "c3664a7c-b611-547f-a5d6-226889bb8ca8",
|
|
"value": "Integrate organizational goals and objectives into security architecture - T1027"
|
|
},
|
|
{
|
|
"description": "Implement organizational evaluation and validation criteria",
|
|
"related": [],
|
|
"uuid": "788c9ac6-444e-535d-90d5-b14208e0b886",
|
|
"value": "Implement organizational evaluation and validation criteria - T1029"
|
|
},
|
|
{
|
|
"description": "Assess the organization's cybersecurity architecture",
|
|
"related": [],
|
|
"uuid": "6ee18892-5c36-5337-827c-0dfe76ebbf09",
|
|
"value": "Assess the organization's cybersecurity architecture - T1077"
|
|
},
|
|
{
|
|
"description": "Perform privacy impact assessments (PIAs)",
|
|
"related": [],
|
|
"uuid": "300a86c1-b6fc-52ed-9220-eafa6fab4fe7",
|
|
"value": "Perform privacy impact assessments (PIAs) - T1096"
|
|
},
|
|
{
|
|
"description": "Configure network hubs, routers, and switches",
|
|
"related": [],
|
|
"uuid": "490a578a-31a2-51ff-a4e1-99eed0faa06f",
|
|
"value": "Configure network hubs, routers, and switches - T1100"
|
|
},
|
|
{
|
|
"description": "Optimize network hubs, routers, and switches",
|
|
"related": [],
|
|
"uuid": "60cd5453-4482-5bd6-ad31-429d67f94c23",
|
|
"value": "Optimize network hubs, routers, and switches - T1101"
|
|
},
|
|
{
|
|
"description": "Determine essential system capabilities and business functions",
|
|
"related": [],
|
|
"uuid": "a0895c62-c4d5-5692-b16f-846d49e5a9e4",
|
|
"value": "Determine essential system capabilities and business functions - T1122"
|
|
},
|
|
{
|
|
"description": "Prioritize essential system capabilities and business functions",
|
|
"related": [],
|
|
"uuid": "e803b7cf-e285-5f4d-9076-9834081e7923",
|
|
"value": "Prioritize essential system capabilities and business functions - T1123"
|
|
},
|
|
{
|
|
"description": "Restore essential system capabilities and business functions after catastrophic failure events",
|
|
"related": [],
|
|
"uuid": "a5d8ac07-7f8a-5cbd-b73f-c7600f4711dc",
|
|
"value": "Restore essential system capabilities and business functions after catastrophic failure events - T1124"
|
|
},
|
|
{
|
|
"description": "Define system availability levels",
|
|
"related": [],
|
|
"uuid": "34a31ddd-f2ac-5d3c-8cb6-9c437ee385fd",
|
|
"value": "Define system availability levels - T1125"
|
|
},
|
|
{
|
|
"description": "Determine disaster recovery and continuity of operations system requirements",
|
|
"related": [],
|
|
"uuid": "cbcef3ff-e4b5-573e-b36d-146ea0321c56",
|
|
"value": "Determine disaster recovery and continuity of operations system requirements - T1126"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity designs for systems and networks with multilevel security requirements",
|
|
"related": [],
|
|
"uuid": "36615262-d3e9-52b0-bf78-92d9afb77291",
|
|
"value": "Develop cybersecurity designs for systems and networks with multilevel security requirements - T1151"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity designs for systems and networks that require processing of multiple data classification levels",
|
|
"related": [],
|
|
"uuid": "cd020251-8bef-522b-823d-96b048fef3c1",
|
|
"value": "Develop cybersecurity designs for systems and networks that require processing of multiple data classification levels - T1152"
|
|
},
|
|
{
|
|
"description": "Integrate cybersecurity designs for systems and networks",
|
|
"related": [],
|
|
"uuid": "650ca951-cd7e-52e7-8fff-4ecf222e3531",
|
|
"value": "Integrate cybersecurity designs for systems and networks - T1153"
|
|
},
|
|
{
|
|
"description": "Define acquisition life cycle cybersecurity architecture requirements",
|
|
"related": [],
|
|
"uuid": "cfb20094-eee6-5938-9a90-db99898aa484",
|
|
"value": "Define acquisition life cycle cybersecurity architecture requirements - T1168"
|
|
},
|
|
{
|
|
"description": "Define acquisition life cycle systems security engineering requirements",
|
|
"related": [],
|
|
"uuid": "cbf0a112-8d72-52dd-baf4-b3da927477d2",
|
|
"value": "Define acquisition life cycle systems security engineering requirements - T1169"
|
|
},
|
|
{
|
|
"description": "Determine if systems and architecture are consistent with cybersecurity architecture guidelines",
|
|
"related": [],
|
|
"uuid": "9171a0bb-97cb-5bad-b41b-f6dd3d2738da",
|
|
"value": "Determine if systems and architecture are consistent with cybersecurity architecture guidelines - T1179"
|
|
},
|
|
{
|
|
"description": "Perform security reviews",
|
|
"related": [],
|
|
"uuid": "251537f0-b0c6-5cb4-86d4-8c4a8543d487",
|
|
"value": "Perform security reviews - T1263"
|
|
},
|
|
{
|
|
"description": "Identify gaps in security architecture",
|
|
"related": [],
|
|
"uuid": "98c25dc1-b432-59ab-a874-f4db9700d41a",
|
|
"value": "Identify gaps in security architecture - T1264"
|
|
},
|
|
{
|
|
"description": "Develop a cybersecurity risk management plan",
|
|
"related": [],
|
|
"uuid": "1421c3bc-1ef2-5b98-a145-a3414159540e",
|
|
"value": "Develop a cybersecurity risk management plan - T1265"
|
|
},
|
|
{
|
|
"description": "Advise on security requirements to be included in statements of work",
|
|
"related": [],
|
|
"uuid": "287ed80e-7a8e-5e43-a002-404748cd6584",
|
|
"value": "Advise on security requirements to be included in statements of work - T1293"
|
|
},
|
|
{
|
|
"description": "Advise on Risk Management Framework process activities and documentation",
|
|
"related": [],
|
|
"uuid": "49c1c17e-57ad-5c65-aa7a-a3e6e13c1f93",
|
|
"value": "Advise on Risk Management Framework process activities and documentation - T1294"
|
|
},
|
|
{
|
|
"description": "Determine the impact of new system and interface implementations on organization's cybersecurity posture",
|
|
"related": [],
|
|
"uuid": "18caf8b7-c76a-59b5-9347-75111625c8a5",
|
|
"value": "Determine the impact of new system and interface implementations on organization's cybersecurity posture - T1361"
|
|
},
|
|
{
|
|
"description": "Document impact of new system and interface implementations on organization's cybersecurity posture",
|
|
"related": [],
|
|
"uuid": "0d724994-72ac-5db1-9a6f-14ddf1ef3be9",
|
|
"value": "Document impact of new system and interface implementations on organization's cybersecurity posture - T1362"
|
|
},
|
|
{
|
|
"description": "Plan system security development",
|
|
"related": [],
|
|
"uuid": "c5253504-a6bd-5dd7-b980-1718988fd0b3",
|
|
"value": "Plan system security development - T1363"
|
|
},
|
|
{
|
|
"description": "Conduct system security development",
|
|
"related": [],
|
|
"uuid": "1e4d797b-bc66-5a02-bf93-dbffc6214df4",
|
|
"value": "Conduct system security development - T1364"
|
|
},
|
|
{
|
|
"description": "Allocate cybersecurity services",
|
|
"related": [],
|
|
"uuid": "65609788-de4d-5f53-bb70-15a3af880ea2",
|
|
"value": "Allocate cybersecurity services - T1403"
|
|
},
|
|
{
|
|
"description": "Select cybersecurity mechanisms",
|
|
"related": [],
|
|
"uuid": "f11a20a0-6644-568e-954d-507d323b4809",
|
|
"value": "Select cybersecurity mechanisms - T1404"
|
|
},
|
|
{
|
|
"description": "Develop system security contexts",
|
|
"related": [],
|
|
"uuid": "8f2ab070-5a93-5208-b276-7ad369c16388",
|
|
"value": "Develop system security contexts - T1410"
|
|
},
|
|
{
|
|
"description": "Create system security concept of operations (ConOps) documents",
|
|
"related": [],
|
|
"uuid": "b9cd61d9-2b23-535a-9c03-ecdd7fc24ec6",
|
|
"value": "Create system security concept of operations (ConOps) documents - T1423"
|
|
},
|
|
{
|
|
"description": "Determine cybersecurity design and architecture effectiveness",
|
|
"related": [],
|
|
"uuid": "f910abad-e99b-524c-88a6-e34eea1cc78d",
|
|
"value": "Determine cybersecurity design and architecture effectiveness - T1426"
|
|
},
|
|
{
|
|
"description": "Create cybersecurity architecture functional specifications",
|
|
"related": [],
|
|
"uuid": "acfb1e58-03fd-5b9d-81cc-014ff74782cb",
|
|
"value": "Create cybersecurity architecture functional specifications - T1434"
|
|
},
|
|
{
|
|
"description": "Determine user requirements",
|
|
"related": [],
|
|
"uuid": "a190d419-307e-56fe-90ce-3d931015a8f9",
|
|
"value": "Determine user requirements - T1507"
|
|
},
|
|
{
|
|
"description": "Plan cybersecurity architecture",
|
|
"related": [],
|
|
"uuid": "1b39be56-1dd9-51c6-bc23-c48e1e797358",
|
|
"value": "Plan cybersecurity architecture - T1508"
|
|
},
|
|
{
|
|
"description": "Design system security measures",
|
|
"related": [],
|
|
"uuid": "490f0d80-caa1-520a-86c4-7653264f0a93",
|
|
"value": "Design system security measures - T1519"
|
|
},
|
|
{
|
|
"description": "Update system security measures",
|
|
"related": [],
|
|
"uuid": "14585968-7335-5774-ace2-72968e1177ae",
|
|
"value": "Update system security measures - T1520"
|
|
},
|
|
{
|
|
"description": "Develop enterprise architecture",
|
|
"related": [],
|
|
"uuid": "cdff3f8b-53d7-5d76-8326-6b5c915c8923",
|
|
"value": "Develop enterprise architecture - T1521"
|
|
},
|
|
{
|
|
"description": "Define baseline system security requirements",
|
|
"related": [],
|
|
"uuid": "192155ab-745f-5a31-a344-11866a12cb7c",
|
|
"value": "Define baseline system security requirements - T1527"
|
|
},
|
|
{
|
|
"description": "Create definition activity documentation",
|
|
"related": [],
|
|
"uuid": "9517f98b-acc6-50f8-a83c-c1c670409633",
|
|
"value": "Create definition activity documentation - T1544"
|
|
},
|
|
{
|
|
"description": "Create architecture activity documentation",
|
|
"related": [],
|
|
"uuid": "04d896ee-93a3-50d3-b602-be01a54de8ed",
|
|
"value": "Create architecture activity documentation - T1545"
|
|
},
|
|
{
|
|
"description": "Identify system and network protection needs",
|
|
"related": [],
|
|
"uuid": "cc09f262-6665-55e7-b29f-571a11cded34",
|
|
"value": "Identify system and network protection needs - T1556"
|
|
},
|
|
{
|
|
"description": "Implement system security measures",
|
|
"related": [],
|
|
"uuid": "1d2d0316-1a7f-58e0-aa34-74af6bbb0fa1",
|
|
"value": "Implement system security measures - T1563"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of system implementation and testing processes",
|
|
"related": [],
|
|
"uuid": "1b805d0c-a1f1-54c5-ba3d-d47f4d0932df",
|
|
"value": "Determine effectiveness of system implementation and testing processes - T1583"
|
|
},
|
|
{
|
|
"description": "Conduct cybersecurity management assessments",
|
|
"related": [],
|
|
"uuid": "b74990a9-e7aa-5d56-8afe-051e2d59ee2a",
|
|
"value": "Conduct cybersecurity management assessments - T1627"
|
|
},
|
|
{
|
|
"description": "Design cybersecurity management functions",
|
|
"related": [],
|
|
"uuid": "1efdc40a-9299-5631-8b54-01dc8c8cab10",
|
|
"value": "Design cybersecurity management functions - T1628"
|
|
},
|
|
{
|
|
"description": "Develop secure code and error handling",
|
|
"related": [],
|
|
"uuid": "ec37e9c0-93f9-57cd-960b-13305a8f6f07",
|
|
"value": "Develop secure code and error handling - T0077"
|
|
},
|
|
{
|
|
"description": "Consult with customers about software system design and maintenance",
|
|
"related": [],
|
|
"uuid": "46b964d0-baf8-532a-8a06-4f101fe8b93a",
|
|
"value": "Consult with customers about software system design and maintenance - T0311"
|
|
},
|
|
{
|
|
"description": "Recommend development of new applications or modification of existing applications",
|
|
"related": [],
|
|
"uuid": "ecc44267-9faa-5200-90e1-2831f25b0866",
|
|
"value": "Recommend development of new applications or modification of existing applications - T1067"
|
|
},
|
|
{
|
|
"description": "Create development plans for new applications or modification of existing applications",
|
|
"related": [],
|
|
"uuid": "edd41447-5602-53d0-b21d-51e67e6d4d3e",
|
|
"value": "Create development plans for new applications or modification of existing applications - T1068"
|
|
},
|
|
{
|
|
"description": "Evaluate software design plan timelines and cost estimates",
|
|
"related": [],
|
|
"uuid": "84904ac3-42a0-5bb6-8aa2-0c29036c04aa",
|
|
"value": "Evaluate software design plan timelines and cost estimates - T1071"
|
|
},
|
|
{
|
|
"description": "Perform code reviews",
|
|
"related": [],
|
|
"uuid": "9bbf5002-e1c7-551c-92ea-a1440f382780",
|
|
"value": "Perform code reviews - T1073"
|
|
},
|
|
{
|
|
"description": "Prepare secure code documentation",
|
|
"related": [],
|
|
"uuid": "df759ece-26d6-5664-a64f-bf767c94fd96",
|
|
"value": "Prepare secure code documentation - T1074"
|
|
},
|
|
{
|
|
"description": "Integrate software cybersecurity objectives into project plans and schedules",
|
|
"related": [],
|
|
"uuid": "a9612328-263c-5246-8bad-7c802f3086cc",
|
|
"value": "Integrate software cybersecurity objectives into project plans and schedules - T1082"
|
|
},
|
|
{
|
|
"description": "Determine project security controls",
|
|
"related": [],
|
|
"uuid": "2a51ad41-46b8-5b4d-bd2e-d75f7dd1da54",
|
|
"value": "Determine project security controls - T1083"
|
|
},
|
|
{
|
|
"description": "Create program documentation during initial development and subsequent revision phases",
|
|
"related": [],
|
|
"uuid": "764caf3d-cbe8-55a0-8bc0-9b5826d4f3c1",
|
|
"value": "Create program documentation during initial development and subsequent revision phases - T1089"
|
|
},
|
|
{
|
|
"description": "Determine system performance requirements",
|
|
"related": [],
|
|
"uuid": "4d74e300-d2d5-522c-9024-122f5e432c06",
|
|
"value": "Determine system performance requirements - T1098"
|
|
},
|
|
{
|
|
"description": "Design application interfaces",
|
|
"related": [],
|
|
"uuid": "c7d83380-cfa4-5414-870b-76484415b307",
|
|
"value": "Design application interfaces - T1099"
|
|
},
|
|
{
|
|
"description": "Evaluate interfaces between hardware and software",
|
|
"related": [],
|
|
"uuid": "4a467bfd-8d27-56c3-930d-4ad1d6b0bf74",
|
|
"value": "Evaluate interfaces between hardware and software - T1108"
|
|
},
|
|
{
|
|
"description": "Correct program errors",
|
|
"related": [],
|
|
"uuid": "d30c0988-25bf-559e-b4da-1b3b3d3b1392",
|
|
"value": "Correct program errors - T1116"
|
|
},
|
|
{
|
|
"description": "Determine if desired program results are produced",
|
|
"related": [],
|
|
"uuid": "e7f315c7-6794-5050-b718-a14182a492f1",
|
|
"value": "Determine if desired program results are produced - T1117"
|
|
},
|
|
{
|
|
"description": "Design and develop software systems",
|
|
"related": [],
|
|
"uuid": "f987ca42-85ba-580d-9517-a1522b0e6c66",
|
|
"value": "Design and develop software systems - T1135"
|
|
},
|
|
{
|
|
"description": "Determine hardware configuration",
|
|
"related": [],
|
|
"uuid": "9344929b-ec05-56f3-96ed-6b28ae920c00",
|
|
"value": "Determine hardware configuration - T1190"
|
|
},
|
|
{
|
|
"description": "Identify common coding flaws",
|
|
"related": [],
|
|
"uuid": "a5f5c44c-6daa-5b0d-8c65-199f0d6a62af",
|
|
"value": "Identify common coding flaws - T1197"
|
|
},
|
|
{
|
|
"description": "Determine software development security implications within centralized and decentralized environments across the enterprise",
|
|
"related": [],
|
|
"uuid": "69330ddf-ba43-5367-88fd-cc35c360c419",
|
|
"value": "Determine software development security implications within centralized and decentralized environments across the enterprise - T1202"
|
|
},
|
|
{
|
|
"description": "Implement software development cybersecurity methodologies within centralized and decentralized environments across the enterprise",
|
|
"related": [],
|
|
"uuid": "7fefaea9-336e-5b42-82ae-8e4484d0e9d9",
|
|
"value": "Implement software development cybersecurity methodologies within centralized and decentralized environments across the enterprise - T1203"
|
|
},
|
|
{
|
|
"description": "Determine cybersecurity measures for steady state operation and management of software",
|
|
"related": [],
|
|
"uuid": "65807c8d-911e-5ed9-867b-4f5b54ee5920",
|
|
"value": "Determine cybersecurity measures for steady state operation and management of software - T1204"
|
|
},
|
|
{
|
|
"description": "Incorporate product end-of-life cybersecurity measures",
|
|
"related": [],
|
|
"uuid": "92da1e6c-8993-502a-8595-ed844aad239f",
|
|
"value": "Incorporate product end-of-life cybersecurity measures - T1205"
|
|
},
|
|
{
|
|
"description": "Perform integrated quality assurance testing",
|
|
"related": [],
|
|
"uuid": "7e66254f-6329-5b56-9067-ae1be9a0bf24",
|
|
"value": "Perform integrated quality assurance testing - T1258"
|
|
},
|
|
{
|
|
"description": "Mitigate programming vulnerabilities",
|
|
"related": [],
|
|
"uuid": "336a9223-8700-57d7-9067-e8a2c2f0632a",
|
|
"value": "Mitigate programming vulnerabilities - T1261"
|
|
},
|
|
{
|
|
"description": "Identify programming code flaws",
|
|
"related": [],
|
|
"uuid": "173e60f3-e1c9-511b-b762-d884605aa326",
|
|
"value": "Identify programming code flaws - T1262"
|
|
},
|
|
{
|
|
"description": "Conduct risk analysis of applications and systems undergoing major changes",
|
|
"related": [],
|
|
"uuid": "0e459f4d-cc70-5d3f-8996-7e1e34f2959a",
|
|
"value": "Conduct risk analysis of applications and systems undergoing major changes - T1269"
|
|
},
|
|
{
|
|
"description": "Develop workflow charts and diagrams",
|
|
"related": [],
|
|
"uuid": "a0937b5b-56e7-5d65-8253-2c7772337cee",
|
|
"value": "Develop workflow charts and diagrams - T1280"
|
|
},
|
|
{
|
|
"description": "Convert workflow charts and diagrams into coded computer language instructions",
|
|
"related": [],
|
|
"uuid": "bac4b901-cc7f-5bd5-88a2-3e0f07b8d47a",
|
|
"value": "Convert workflow charts and diagrams into coded computer language instructions - T1281"
|
|
},
|
|
{
|
|
"description": "Address security implications in the software acceptance phase",
|
|
"related": [],
|
|
"uuid": "250675b2-a6d3-5546-898e-93e1ae23f062",
|
|
"value": "Address security implications in the software acceptance phase - T1302"
|
|
},
|
|
{
|
|
"description": "Analyze system capabilities and requirements",
|
|
"related": [],
|
|
"uuid": "5b5b9de6-b7ae-51cd-bba4-556645d97396",
|
|
"value": "Analyze system capabilities and requirements - T1309"
|
|
},
|
|
{
|
|
"description": "Integrate security requirements into application design elements",
|
|
"related": [],
|
|
"uuid": "b05fcffb-f088-54b0-86b9-e11665517205",
|
|
"value": "Integrate security requirements into application design elements - T1318"
|
|
},
|
|
{
|
|
"description": "Document software attack surface elements",
|
|
"related": [],
|
|
"uuid": "1c32acd1-c147-547b-9688-1e2b5220c68e",
|
|
"value": "Document software attack surface elements - T1319"
|
|
},
|
|
{
|
|
"description": "Conduct threat modeling",
|
|
"related": [],
|
|
"uuid": "aa97e4e7-fd42-5fd5-a17c-d521a68fc806",
|
|
"value": "Conduct threat modeling - T1320"
|
|
},
|
|
{
|
|
"description": "Design programming language exploitation countermeasures and mitigations",
|
|
"related": [],
|
|
"uuid": "654331c4-ad47-54f4-a8d1-7bcb63e2cfa3",
|
|
"value": "Design programming language exploitation countermeasures and mitigations - T1360"
|
|
},
|
|
{
|
|
"description": "Design and develop secure applications",
|
|
"related": [],
|
|
"uuid": "97693b72-e88d-5440-a6f9-91b03817a826",
|
|
"value": "Design and develop secure applications - T1400"
|
|
},
|
|
{
|
|
"description": "Develop software documentation",
|
|
"related": [],
|
|
"uuid": "cae77688-6c0a-5a2b-b403-433388aec6f2",
|
|
"value": "Develop software documentation - T1422"
|
|
},
|
|
{
|
|
"description": "Integrate public key cryptography into applications",
|
|
"related": [],
|
|
"uuid": "52d9d8fc-8695-5f8d-920e-858162e11afe",
|
|
"value": "Integrate public key cryptography into applications - T1499"
|
|
},
|
|
{
|
|
"description": "Analyze feasibility of software design within time and cost constraints",
|
|
"related": [],
|
|
"uuid": "00658566-ae9e-5693-9ee5-511b59c940ef",
|
|
"value": "Analyze feasibility of software design within time and cost constraints - T1509"
|
|
},
|
|
{
|
|
"description": "Conduct trial runs of programs and software applications",
|
|
"related": [],
|
|
"uuid": "f1ebb069-18e1-5cf4-9b79-bf7b1ba04854",
|
|
"value": "Conduct trial runs of programs and software applications - T1513"
|
|
},
|
|
{
|
|
"description": "Develop software system testing and validation procedures",
|
|
"related": [],
|
|
"uuid": "eb68e74d-710c-5ff3-ae06-67341341a318",
|
|
"value": "Develop software system testing and validation procedures - T1528"
|
|
},
|
|
{
|
|
"description": "Create software system documentation",
|
|
"related": [],
|
|
"uuid": "5634da1b-ee4f-5dce-9cf9-2c5f97693347",
|
|
"value": "Create software system documentation - T1529"
|
|
},
|
|
{
|
|
"description": "Adapt software to new hardware",
|
|
"related": [],
|
|
"uuid": "8b8a5569-4c2a-54bc-b9a6-c6d9c914b99e",
|
|
"value": "Adapt software to new hardware - T1575"
|
|
},
|
|
{
|
|
"description": "Upgrade software interfaces",
|
|
"related": [],
|
|
"uuid": "2bf6b9f5-8e25-588d-a621-1e126930a9ec",
|
|
"value": "Upgrade software interfaces - T1576"
|
|
},
|
|
{
|
|
"description": "Improve software performance",
|
|
"related": [],
|
|
"uuid": "b0d6b05b-0bbb-55a4-a52d-6b5b4884f34b",
|
|
"value": "Improve software performance - T1577"
|
|
},
|
|
{
|
|
"description": "Conduct vulnerability analysis of software patches and updates",
|
|
"related": [],
|
|
"uuid": "8379d0da-4089-5d0c-af82-b115e1cd2be2",
|
|
"value": "Conduct vulnerability analysis of software patches and updates - T1624"
|
|
},
|
|
{
|
|
"description": "Prepare vulnerability analysis reports",
|
|
"related": [],
|
|
"uuid": "a4902834-2c15-5b32-99a9-43662d3d42bf",
|
|
"value": "Prepare vulnerability analysis reports - T1625"
|
|
},
|
|
{
|
|
"description": "Implement security designs for new or existing systems",
|
|
"related": [],
|
|
"uuid": "7f7444cd-9bb9-50ee-b93d-271a7d913b6c",
|
|
"value": "Implement security designs for new or existing systems - T0122"
|
|
},
|
|
{
|
|
"description": "Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts)",
|
|
"related": [],
|
|
"uuid": "577de367-3b46-5a99-a35d-a35bdd322ebf",
|
|
"value": "Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts) - T0124"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information)",
|
|
"related": [],
|
|
"uuid": "e6b60872-96c1-5552-a505-2d3ae9b4a153",
|
|
"value": "Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked o - T0271"
|
|
},
|
|
{
|
|
"description": "Review enterprise information technology (IT) goals and objectives",
|
|
"related": [],
|
|
"uuid": "97a2f7f9-9983-55c0-80c6-f2d7a731f0c5",
|
|
"value": "Review enterprise information technology (IT) goals and objectives - T1022"
|
|
},
|
|
{
|
|
"description": "Determine procurement requirements",
|
|
"related": [],
|
|
"uuid": "ac1dd0d4-6aa4-5919-aff0-72f69d8688cc",
|
|
"value": "Determine procurement requirements - T1026"
|
|
},
|
|
{
|
|
"description": "Estimate the impact of collateral damage",
|
|
"related": [],
|
|
"uuid": "874d14a7-1d03-56fc-8d05-1019dafe4438",
|
|
"value": "Estimate the impact of collateral damage - T1030"
|
|
},
|
|
{
|
|
"description": "Determine impact of software configurations",
|
|
"related": [],
|
|
"uuid": "a005dabf-636d-5c78-8097-9e4760d727f2",
|
|
"value": "Determine impact of software configurations - T1041"
|
|
},
|
|
{
|
|
"description": "Assess operation performance",
|
|
"related": [],
|
|
"uuid": "5914a140-8cb5-558f-a74b-423c783948fd",
|
|
"value": "Assess operation performance - T1046"
|
|
},
|
|
{
|
|
"description": "Assess operation impact",
|
|
"related": [],
|
|
"uuid": "ab618206-2df2-57ff-916a-0b7fa016d2c2",
|
|
"value": "Assess operation impact - T1047"
|
|
},
|
|
{
|
|
"description": "Determine life cycle support requirements",
|
|
"related": [],
|
|
"uuid": "02471da1-f2f4-5dba-96e5-a344ce8b907e",
|
|
"value": "Determine life cycle support requirements - T1072"
|
|
},
|
|
{
|
|
"description": "Implement application cybersecurity policies",
|
|
"related": [],
|
|
"uuid": "1777cc43-de1e-50ed-a5aa-e8602bdf6edc",
|
|
"value": "Implement application cybersecurity policies - T1075"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of system cybersecurity measures",
|
|
"related": [],
|
|
"uuid": "f1fe2918-eb75-5651-af04-ab672a4ee366",
|
|
"value": "Determine effectiveness of system cybersecurity measures - T1078"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity risk profiles",
|
|
"related": [],
|
|
"uuid": "66f62ba1-a9cd-5b8d-90a8-4e29f8300ef6",
|
|
"value": "Develop cybersecurity risk profiles - T1079"
|
|
},
|
|
{
|
|
"description": "Create product prototypes using working and theoretical models",
|
|
"related": [],
|
|
"uuid": "8ea14df6-0096-58af-82bc-f93a0cf42c1e",
|
|
"value": "Create product prototypes using working and theoretical models - T1081"
|
|
},
|
|
{
|
|
"description": "Identify anomalous network activity",
|
|
"related": [],
|
|
"uuid": "980e2118-5472-53f1-804c-0a7aa9c0e17b",
|
|
"value": "Identify anomalous network activity - T1084"
|
|
},
|
|
{
|
|
"description": "Identify vulnerabilities",
|
|
"related": [],
|
|
"uuid": "b3c5f1ed-1cb6-5c0b-a000-304fbfa4ae92",
|
|
"value": "Identify vulnerabilities - T1118"
|
|
},
|
|
{
|
|
"description": "Recommend vulnerability remediation strategies",
|
|
"related": [],
|
|
"uuid": "dd6f8009-5e6e-5a14-97b8-e5855499e9ab",
|
|
"value": "Recommend vulnerability remediation strategies - T1119"
|
|
},
|
|
{
|
|
"description": "Design cybersecurity or cybersecurity-enabled products",
|
|
"related": [],
|
|
"uuid": "d6cb403f-ead4-545d-9689-8841c8b2fe97",
|
|
"value": "Design cybersecurity or cybersecurity-enabled products - T1128"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity or cybersecurity-enabled products",
|
|
"related": [],
|
|
"uuid": "905c7fcb-c67a-5bc0-97e4-e3684d94a2a6",
|
|
"value": "Develop cybersecurity or cybersecurity-enabled products - T1129"
|
|
},
|
|
{
|
|
"description": "Determine if hardware, operating systems, and software applications adequately address cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "b7ad35bc-c67e-5c1f-ac28-e2f934362352",
|
|
"value": "Determine if hardware, operating systems, and software applications adequately address cybersecurity requirements - T1131"
|
|
},
|
|
{
|
|
"description": "Design system data backup capabilities",
|
|
"related": [],
|
|
"uuid": "0ba17638-c767-537c-82a9-8b1fd8a202a4",
|
|
"value": "Design system data backup capabilities - T1132"
|
|
},
|
|
{
|
|
"description": "Develop technical and procedural processes for integrity of stored backup data",
|
|
"related": [],
|
|
"uuid": "54f8dc5e-895f-5986-bdbd-f22c2259dd16",
|
|
"value": "Develop technical and procedural processes for integrity of stored backup data - T1133"
|
|
},
|
|
{
|
|
"description": "Develop technical and procedural processes for backup data storage",
|
|
"related": [],
|
|
"uuid": "e378d2d6-f996-5f15-9068-ca5c64838f60",
|
|
"value": "Develop technical and procedural processes for backup data storage - T1134"
|
|
},
|
|
{
|
|
"description": "Create system testing and validation procedures and documentation",
|
|
"related": [],
|
|
"uuid": "25ac4e48-3e3e-55fb-9721-cab061787c74",
|
|
"value": "Create system testing and validation procedures and documentation - T1138"
|
|
},
|
|
{
|
|
"description": "Develop systems security design documentation",
|
|
"related": [],
|
|
"uuid": "dbfda627-7eb8-57ec-b742-992f546df64b",
|
|
"value": "Develop systems security design documentation - T1148"
|
|
},
|
|
{
|
|
"description": "Develop disaster recovery and continuity of operations plans for systems under development",
|
|
"related": [],
|
|
"uuid": "75e2ca42-6b93-5737-9955-0590016f66e1",
|
|
"value": "Develop disaster recovery and continuity of operations plans for systems under development - T1149"
|
|
},
|
|
{
|
|
"description": "Test disaster recovery and continuity of operations plans for systems prior to deployment",
|
|
"related": [],
|
|
"uuid": "b4a23e68-13ac-58b1-92e5-0be6c5fd444a",
|
|
"value": "Test disaster recovery and continuity of operations plans for systems prior to deployment - T1150"
|
|
},
|
|
{
|
|
"description": "Develop risk mitigation strategies",
|
|
"related": [],
|
|
"uuid": "fb812192-c46f-5105-9ac9-a8819db78fa0",
|
|
"value": "Develop risk mitigation strategies - T1160"
|
|
},
|
|
{
|
|
"description": "Resolve system vulnerabilities",
|
|
"related": [],
|
|
"uuid": "2c71ba4c-c711-5e6b-9249-42987222be79",
|
|
"value": "Resolve system vulnerabilities - T1161"
|
|
},
|
|
{
|
|
"description": "Recommend security changes to systems and system components",
|
|
"related": [],
|
|
"uuid": "dde08582-93bb-5438-95ef-e2301652abb3",
|
|
"value": "Recommend security changes to systems and system components - T1162"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity countermeasures for systems and applications",
|
|
"related": [],
|
|
"uuid": "025ada71-5163-5dc4-891d-81eb1fc0bcb5",
|
|
"value": "Develop cybersecurity countermeasures for systems and applications - T1163"
|
|
},
|
|
{
|
|
"description": "Develop risk mitigation strategies for systems and applications",
|
|
"related": [],
|
|
"uuid": "752c4994-b144-58f6-be14-f7d06d0be8ec",
|
|
"value": "Develop risk mitigation strategies for systems and applications - T1164"
|
|
},
|
|
{
|
|
"description": "Allocate security functions to components and elements",
|
|
"related": [],
|
|
"uuid": "2d6a4f2f-4e35-55a2-be89-f716dfbe90c5",
|
|
"value": "Allocate security functions to components and elements - T1193"
|
|
},
|
|
{
|
|
"description": "Remediate technical problems encountered during system testing and implementation",
|
|
"related": [],
|
|
"uuid": "3e1bf749-619d-58ce-a587-7d6b18a5868f",
|
|
"value": "Remediate technical problems encountered during system testing and implementation - T1194"
|
|
},
|
|
{
|
|
"description": "Direct the remediation of technical problems encountered during system testing and implementation",
|
|
"related": [],
|
|
"uuid": "d550b52f-b320-5619-a868-19f0a713fe3e",
|
|
"value": "Direct the remediation of technical problems encountered during system testing and implementation - T1195"
|
|
},
|
|
{
|
|
"description": "Recommend cybersecurity or cybersecurity-enabled products for use within a system",
|
|
"related": [],
|
|
"uuid": "bdd276c2-0a31-57d1-a041-74e5285e313c",
|
|
"value": "Recommend cybersecurity or cybersecurity-enabled products for use within a system - T1206"
|
|
},
|
|
{
|
|
"description": "Develop guidelines for implementing developed systems for customers and installation teams",
|
|
"related": [],
|
|
"uuid": "1470fe09-8825-5c10-93cd-b3773a97ecc8",
|
|
"value": "Develop guidelines for implementing developed systems for customers and installation teams - T1292"
|
|
},
|
|
{
|
|
"description": "Conduct test and evaluation activities",
|
|
"related": [],
|
|
"uuid": "c7be2ee2-460c-50b3-aa41-f3326bf4d06f",
|
|
"value": "Conduct test and evaluation activities - T1312"
|
|
},
|
|
{
|
|
"description": "Develop system performance predictions for various operating conditions",
|
|
"related": [],
|
|
"uuid": "c51c054c-3703-576d-861a-ae19e896740b",
|
|
"value": "Develop system performance predictions for various operating conditions - T1326"
|
|
},
|
|
{
|
|
"description": "Document cybersecurity design and development activities",
|
|
"related": [],
|
|
"uuid": "cad00481-419e-591a-b68c-4db362f7c4fd",
|
|
"value": "Document cybersecurity design and development activities - T1365"
|
|
},
|
|
{
|
|
"description": "Integrate system development life cycle methodologies into development environment",
|
|
"related": [],
|
|
"uuid": "49638374-1606-5ca4-ad4d-3fc93ac31c67",
|
|
"value": "Integrate system development life cycle methodologies into development environment - T1401"
|
|
},
|
|
{
|
|
"description": "Design secure interfaces between information systems, physical systems, and embedded technologies",
|
|
"related": [],
|
|
"uuid": "aff7aa41-28eb-5463-be93-e6ca79fbaf25",
|
|
"value": "Design secure interfaces between information systems, physical systems, and embedded technologies - T1454"
|
|
},
|
|
{
|
|
"description": "Implement secure interfaces between information systems, physical systems, and embedded technologies",
|
|
"related": [],
|
|
"uuid": "b01ffb32-405b-5c70-bacb-aeab237eceee",
|
|
"value": "Implement secure interfaces between information systems, physical systems, and embedded technologies - T1455"
|
|
},
|
|
{
|
|
"description": "Correlate incident data",
|
|
"related": [],
|
|
"uuid": "2e107712-cf80-5126-8d77-c21424dd520b",
|
|
"value": "Correlate incident data - T1489"
|
|
},
|
|
{
|
|
"description": "Determine if systems meet minimum security requirements",
|
|
"related": [],
|
|
"uuid": "63411911-77e8-5acf-b962-a95cec818a53",
|
|
"value": "Determine if systems meet minimum security requirements - T1522"
|
|
},
|
|
{
|
|
"description": "Establish minimum security requirements for applications",
|
|
"related": [],
|
|
"uuid": "17758d5c-b55c-5688-9dc8-95925ebaa1b9",
|
|
"value": "Establish minimum security requirements for applications - T1584"
|
|
},
|
|
{
|
|
"description": "Determine if applications meet minimum security requirements",
|
|
"related": [],
|
|
"uuid": "a2658343-7b53-58e5-bf97-a252092997ac",
|
|
"value": "Determine if applications meet minimum security requirements - T1585"
|
|
},
|
|
{
|
|
"description": "Conduct cybersecurity risk assessments",
|
|
"related": [],
|
|
"uuid": "7513ee80-5a15-56da-b89f-bba8f49573bb",
|
|
"value": "Conduct cybersecurity risk assessments - T1586"
|
|
},
|
|
{
|
|
"description": "Conduct cybersecurity reviews",
|
|
"related": [],
|
|
"uuid": "a366dcfa-c212-5bce-afea-7360b48478cf",
|
|
"value": "Conduct cybersecurity reviews - T1592"
|
|
},
|
|
{
|
|
"description": "Identify cybersecurity gaps in enterprise architecture",
|
|
"related": [],
|
|
"uuid": "451398c1-b1de-579a-9103-d7a948c0fbbf",
|
|
"value": "Identify cybersecurity gaps in enterprise architecture - T1593"
|
|
},
|
|
{
|
|
"description": "Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials",
|
|
"related": [],
|
|
"uuid": "e1b79ab7-9e63-5097-8cf2-dd9d60247711",
|
|
"value": "Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials - T1604"
|
|
},
|
|
{
|
|
"description": "Determine if design components meet system requirements",
|
|
"related": [],
|
|
"uuid": "4cc17b60-cb62-5b13-a33b-548d0e4520fd",
|
|
"value": "Determine if design components meet system requirements - T1613"
|
|
},
|
|
{
|
|
"description": "Determine scalability of system architecture",
|
|
"related": [],
|
|
"uuid": "a3e9880f-65fb-5c75-9373-57f48e93770a",
|
|
"value": "Determine scalability of system architecture - T1614"
|
|
},
|
|
{
|
|
"description": "Incorporate intelligence equities into the overall design of cyber operations plans",
|
|
"related": [],
|
|
"uuid": "bfed2c5a-890a-5987-b410-c337c95bfac3",
|
|
"value": "Incorporate intelligence equities into the overall design of cyber operations plans - T0630"
|
|
},
|
|
{
|
|
"description": "Incorporate cyber operations and communications security support plans into organization objectives",
|
|
"related": [],
|
|
"uuid": "a7b7112b-e535-5db1-8a0d-d863f3086293",
|
|
"value": "Incorporate cyber operations and communications security support plans into organization objectives - T0704"
|
|
},
|
|
{
|
|
"description": "Identify intelligence gaps and shortfalls",
|
|
"related": [],
|
|
"uuid": "b7aea31b-eb44-55ff-a91b-34df13a0d109",
|
|
"value": "Identify intelligence gaps and shortfalls - T0718"
|
|
},
|
|
{
|
|
"description": "Issue requests for information",
|
|
"related": [],
|
|
"uuid": "c0ca98a4-cc21-54be-9455-6d8aee79f0a3",
|
|
"value": "Issue requests for information - T0734"
|
|
},
|
|
{
|
|
"description": "Maintain situational awareness of cyber-related intelligence requirements and associated tasking",
|
|
"related": [],
|
|
"uuid": "e52d8d24-e58f-5d8d-986a-ef95e756c5db",
|
|
"value": "Maintain situational awareness of cyber-related intelligence requirements and associated tasking - T0741"
|
|
},
|
|
{
|
|
"description": "Maintain situational awareness of partner capabilities and activities",
|
|
"related": [],
|
|
"uuid": "bfa7f8c2-6c39-5f0a-bb18-5238eed7619a",
|
|
"value": "Maintain situational awareness of partner capabilities and activities - T0742"
|
|
},
|
|
{
|
|
"description": "Support cyber operations",
|
|
"related": [],
|
|
"uuid": "76b01c60-8307-5bea-9dfa-6d6ae9d81add",
|
|
"value": "Support cyber operations - T1033"
|
|
},
|
|
{
|
|
"description": "Integrate leadership priorities",
|
|
"related": [],
|
|
"uuid": "e0e59457-f684-5fc8-9506-af30ac7d4db9",
|
|
"value": "Integrate leadership priorities - T1036"
|
|
},
|
|
{
|
|
"description": "Develop operations strategies",
|
|
"related": [],
|
|
"uuid": "e686347d-a042-562d-84d4-faf0d8e12aa0",
|
|
"value": "Develop operations strategies - T1037"
|
|
},
|
|
{
|
|
"description": "Integrate organization objectives in intelligence collection",
|
|
"related": [],
|
|
"uuid": "b0bf43e5-63bc-5df5-9608-8b142c03334a",
|
|
"value": "Integrate organization objectives in intelligence collection - T1038"
|
|
},
|
|
{
|
|
"description": "Determine staffing needs",
|
|
"related": [],
|
|
"uuid": "5b7970fd-f4c8-5a8a-988c-cf400ed64ad7",
|
|
"value": "Determine staffing needs - T1043"
|
|
},
|
|
{
|
|
"description": "Review course of action analysis results",
|
|
"related": [],
|
|
"uuid": "67b09d8f-4e7e-5749-a8fc-1c132ce0e2a3",
|
|
"value": "Review course of action analysis results - T1044"
|
|
},
|
|
{
|
|
"description": "Review exercise analysis results",
|
|
"related": [],
|
|
"uuid": "7679a8ce-683f-5c34-b96b-6b68021d237f",
|
|
"value": "Review exercise analysis results - T1045"
|
|
},
|
|
{
|
|
"description": "Synchronize operational assessment procedures and critical information requirement processes",
|
|
"related": [],
|
|
"uuid": "a3255b89-1448-521d-bff1-47c559addf1e",
|
|
"value": "Synchronize operational assessment procedures and critical information requirement processes - T1048"
|
|
},
|
|
{
|
|
"description": "Scope analysis reports to various audiences that accounts for data sharing classification restrictions",
|
|
"related": [],
|
|
"uuid": "1cccdce7-c1c5-57a8-827b-d19561080f94",
|
|
"value": "Scope analysis reports to various audiences that accounts for data sharing classification restrictions - T1054"
|
|
},
|
|
{
|
|
"description": "Determine if priority information requirements are satisfied",
|
|
"related": [],
|
|
"uuid": "7ccb96da-6709-5ca0-bccd-cd88b90a0900",
|
|
"value": "Determine if priority information requirements are satisfied - T1055"
|
|
},
|
|
{
|
|
"description": "Determine the impact of threats on cybersecurity",
|
|
"related": [],
|
|
"uuid": "dfe9eaff-1d14-5f69-966c-04a86ba7e408",
|
|
"value": "Determine the impact of threats on cybersecurity - T1456"
|
|
},
|
|
{
|
|
"description": "Implement threat countermeasures",
|
|
"related": [],
|
|
"uuid": "1ff236ba-aea0-5172-85be-e7036174ccae",
|
|
"value": "Implement threat countermeasures - T1457"
|
|
},
|
|
{
|
|
"description": "Assess target vulnerabilities and operational capabilities",
|
|
"related": [],
|
|
"uuid": "37c391d9-042b-5d27-830e-d33b4d2f6978",
|
|
"value": "Assess target vulnerabilities and operational capabilities - T1639"
|
|
},
|
|
{
|
|
"description": "Develop cyber operations indicators",
|
|
"related": [],
|
|
"uuid": "799bd6a9-36fa-5842-9680-d68f915bd9a3",
|
|
"value": "Develop cyber operations indicators - T1644"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity success metrics",
|
|
"related": [],
|
|
"uuid": "a23adc88-7dcb-50d7-a0bd-12428c907982",
|
|
"value": "Develop cybersecurity success metrics - T1650"
|
|
},
|
|
{
|
|
"description": "Develop cyber operations crisis action plans",
|
|
"related": [],
|
|
"uuid": "29ec3d2f-a1f7-5942-bd98-c2d4888d8d47",
|
|
"value": "Develop cyber operations crisis action plans - T1678"
|
|
},
|
|
{
|
|
"description": "Develop organizational decision support tools",
|
|
"related": [],
|
|
"uuid": "cfe41e01-6679-5ce3-817a-27c8d986ee25",
|
|
"value": "Develop organizational decision support tools - T1679"
|
|
},
|
|
{
|
|
"description": "Identify strategies to counter potential target actions",
|
|
"related": [],
|
|
"uuid": "e4b590fe-b5da-5816-a04d-3c76f2111c7a",
|
|
"value": "Identify strategies to counter potential target actions - T1688"
|
|
},
|
|
{
|
|
"description": "Develop crisis plans",
|
|
"related": [],
|
|
"uuid": "3071fba4-b746-50f7-b26d-043c07df6337",
|
|
"value": "Develop crisis plans - T1699"
|
|
},
|
|
{
|
|
"description": "Maintain crisis plans",
|
|
"related": [],
|
|
"uuid": "5309155f-9276-57ca-8b69-599a39a04e05",
|
|
"value": "Maintain crisis plans - T1700"
|
|
},
|
|
{
|
|
"description": "Integrate cyber operations guidance into broader planning activities",
|
|
"related": [],
|
|
"uuid": "0801ddf7-f0f4-59d9-b72f-e69d4eddb430",
|
|
"value": "Integrate cyber operations guidance into broader planning activities - T1701"
|
|
},
|
|
{
|
|
"description": "Develop intelligence operations plans",
|
|
"related": [],
|
|
"uuid": "2ff765c4-b15c-5b2b-815f-974195e9c015",
|
|
"value": "Develop intelligence operations plans - T1704"
|
|
},
|
|
{
|
|
"description": "Develop policies for providing and obtaining cyber operations support from external partners",
|
|
"related": [],
|
|
"uuid": "e23a93ca-e901-581d-897a-c9364ca8b6b8",
|
|
"value": "Develop policies for providing and obtaining cyber operations support from external partners - T1710"
|
|
},
|
|
{
|
|
"description": "Recommend potential courses of action",
|
|
"related": [],
|
|
"uuid": "f0db05c4-8b74-57f7-9964-a83c1a7f0256",
|
|
"value": "Recommend potential courses of action - T1712"
|
|
},
|
|
{
|
|
"description": "Recommend changes to planning policies and procedures",
|
|
"related": [],
|
|
"uuid": "44c7a827-dd02-55df-a29d-3f778f7b6392",
|
|
"value": "Recommend changes to planning policies and procedures - T1717"
|
|
},
|
|
{
|
|
"description": "Implement changes to planning policies and procedures",
|
|
"related": [],
|
|
"uuid": "2805d34e-19fb-553e-9d49-2c393f34a555",
|
|
"value": "Implement changes to planning policies and procedures - T1718"
|
|
},
|
|
{
|
|
"description": "Prepare cyber operation strategy and planning documents",
|
|
"related": [],
|
|
"uuid": "9ac4380c-3007-5be3-bd2c-263d23d4b862",
|
|
"value": "Prepare cyber operation strategy and planning documents - T1722"
|
|
},
|
|
{
|
|
"description": "Implement collection operation plans",
|
|
"related": [],
|
|
"uuid": "95bd5a00-6629-514c-add6-52b0d7ef3e2d",
|
|
"value": "Implement collection operation plans - T1728"
|
|
},
|
|
{
|
|
"description": "Synchronize intelligence planning activities with operational planning timelines",
|
|
"related": [],
|
|
"uuid": "df80dac9-407d-5b25-bcd0-2a47ad8f0883",
|
|
"value": "Synchronize intelligence planning activities with operational planning timelines - T1729"
|
|
},
|
|
{
|
|
"description": "Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action",
|
|
"related": [],
|
|
"uuid": "964ae70e-76c0-5c25-b888-a46a28bb293a",
|
|
"value": "Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action - T1735"
|
|
},
|
|
{
|
|
"description": "Develop courses of action based on threat factors",
|
|
"related": [],
|
|
"uuid": "216cf673-0da1-51bc-8726-e40a48451b09",
|
|
"value": "Develop courses of action based on threat factors - T1752"
|
|
},
|
|
{
|
|
"description": "Integrate cyber planning and targeting efforts",
|
|
"related": [],
|
|
"uuid": "8be04c91-fb94-5132-a6af-9230e1941262",
|
|
"value": "Integrate cyber planning and targeting efforts - T1755"
|
|
},
|
|
{
|
|
"description": "Interpret environment preparation assessments",
|
|
"related": [],
|
|
"uuid": "eefabf44-a550-5042-832f-bd890f7600d4",
|
|
"value": "Interpret environment preparation assessments - T1756"
|
|
},
|
|
{
|
|
"description": "Determine if changes to the operating environment require review of the plan",
|
|
"related": [],
|
|
"uuid": "ebbbfe04-f607-57be-9bda-8b39e98e9f5e",
|
|
"value": "Determine if changes to the operating environment require review of the plan - T1761"
|
|
},
|
|
{
|
|
"description": "Asssess effectiveness of integrated cyber operations",
|
|
"related": [],
|
|
"uuid": "5f2ed733-bc1f-54cb-9e3f-0846844b2512",
|
|
"value": "Asssess effectiveness of integrated cyber operations - T1764"
|
|
},
|
|
{
|
|
"description": "Coordinate strategic planning efforts with internal and external partners",
|
|
"related": [],
|
|
"uuid": "ad15e783-298d-513c-8c85-5861d059daff",
|
|
"value": "Coordinate strategic planning efforts with internal and external partners - T1779"
|
|
},
|
|
{
|
|
"description": "Develop cyber operations strategies",
|
|
"related": [],
|
|
"uuid": "5b0a01dc-606b-58d1-ad4a-e1964a7834c1",
|
|
"value": "Develop cyber operations strategies - T1794"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on administrative and logistical elements of operational support plans",
|
|
"related": [],
|
|
"uuid": "38de0717-d59f-58eb-908d-55b88026c768",
|
|
"value": "Advise stakeholders on administrative and logistical elements of operational support plans - T1797"
|
|
},
|
|
{
|
|
"description": "Recommend changes to operational plans",
|
|
"related": [],
|
|
"uuid": "d51287fd-ecc8-56bb-9f0c-4c9a761695e4",
|
|
"value": "Recommend changes to operational plans - T1800"
|
|
},
|
|
{
|
|
"description": "Approve operational requirements for research, development, and acquisition of cyber capabilities",
|
|
"related": [],
|
|
"uuid": "476d4288-69f6-5f52-b754-b8d9e949578e",
|
|
"value": "Approve operational requirements for research, development, and acquisition of cyber capabilities - T1810"
|
|
},
|
|
{
|
|
"description": "Prioritize operational requirements for research, development, and acquisition of cyber capabilities",
|
|
"related": [],
|
|
"uuid": "e6707346-5493-53e6-9d24-e8cf20aa9ff8",
|
|
"value": "Prioritize operational requirements for research, development, and acquisition of cyber capabilities - T1811"
|
|
},
|
|
{
|
|
"description": "Submit operational requirements for research, development, and acquisition of cyber capabilities",
|
|
"related": [],
|
|
"uuid": "ec5c04a6-87a0-50e5-ad88-11add497a950",
|
|
"value": "Submit operational requirements for research, development, and acquisition of cyber capabilities - T1812"
|
|
},
|
|
{
|
|
"description": "Submit requests for deconfliction of cyber operations",
|
|
"related": [],
|
|
"uuid": "415fb9bc-29a7-5153-b758-c9b6d412f395",
|
|
"value": "Submit requests for deconfliction of cyber operations - T1822"
|
|
},
|
|
{
|
|
"description": "Respond to requests for deconfliction of cyber operations",
|
|
"related": [],
|
|
"uuid": "a1c6778a-69a8-5dec-9fae-43d3e444c469",
|
|
"value": "Respond to requests for deconfliction of cyber operations - T1823"
|
|
},
|
|
{
|
|
"description": "Determine if intelligence requirements and collection plans are accurate and up-to-date",
|
|
"related": [],
|
|
"uuid": "665f97c9-79b3-5ac1-bf6c-248c870d9c23",
|
|
"value": "Determine if intelligence requirements and collection plans are accurate and up-to-date - T1835"
|
|
},
|
|
{
|
|
"description": "Document lessons learned during events and exercises",
|
|
"related": [],
|
|
"uuid": "9f385901-5687-5d2d-9289-499ea605c146",
|
|
"value": "Document lessons learned during events and exercises - T1836"
|
|
},
|
|
{
|
|
"description": "Develop test plans to address specifications and requirements",
|
|
"related": [],
|
|
"uuid": "afff7856-01ac-5647-96ac-72715dcc77ea",
|
|
"value": "Develop test plans to address specifications and requirements - T0080"
|
|
},
|
|
{
|
|
"description": "Create auditable evidence of security measures",
|
|
"related": [],
|
|
"uuid": "57a8ad4c-f428-5ecb-ba8d-4d250fe9ff6e",
|
|
"value": "Create auditable evidence of security measures - T0274"
|
|
},
|
|
{
|
|
"description": "Perform interoperability testing on systems exchanging electronic information with other systems",
|
|
"related": [],
|
|
"uuid": "7526e08b-5ae4-5f5f-9126-3bf307b11a13",
|
|
"value": "Perform interoperability testing on systems exchanging electronic information with other systems - T0512"
|
|
},
|
|
{
|
|
"description": "Perform operational testing",
|
|
"related": [],
|
|
"uuid": "9f64d7de-1d4b-54c7-8f62-297c46384d72",
|
|
"value": "Perform operational testing - T0513"
|
|
},
|
|
{
|
|
"description": "Determine appropriate level of test rigor for a given system",
|
|
"related": [],
|
|
"uuid": "a2bf2dde-455e-55f8-a597-9486157e5635",
|
|
"value": "Determine appropriate level of test rigor for a given system - T1049"
|
|
},
|
|
{
|
|
"description": "Determine level of assurance of developed capabilities",
|
|
"related": [],
|
|
"uuid": "b34b7899-e087-58d0-99a2-273924b1bd54",
|
|
"value": "Determine level of assurance of developed capabilities - T1136"
|
|
},
|
|
{
|
|
"description": "Implement new system design procedures",
|
|
"related": [],
|
|
"uuid": "b1cf2f31-6438-5de4-8a1c-7fe066be9202",
|
|
"value": "Implement new system design procedures - T1208"
|
|
},
|
|
{
|
|
"description": "Implement new system test procedures",
|
|
"related": [],
|
|
"uuid": "ab55b93d-33ee-54bb-80cb-790dea19cff7",
|
|
"value": "Implement new system test procedures - T1209"
|
|
},
|
|
{
|
|
"description": "Implement new system quality standards",
|
|
"related": [],
|
|
"uuid": "1e12758f-c082-5a47-bdb2-41ff6b2f2a1f",
|
|
"value": "Implement new system quality standards - T1210"
|
|
},
|
|
{
|
|
"description": "Install network infrastructure device operating system software",
|
|
"related": [],
|
|
"uuid": "541cf35d-a9dc-5099-b64d-084e3682add8",
|
|
"value": "Install network infrastructure device operating system software - T1214"
|
|
},
|
|
{
|
|
"description": "Maintain network infrastructure device operating system software",
|
|
"related": [],
|
|
"uuid": "4cad1980-07a9-5b10-936d-16f4af684e52",
|
|
"value": "Maintain network infrastructure device operating system software - T1215"
|
|
},
|
|
{
|
|
"description": "Perform cybersecurity testing of developed applications and systems",
|
|
"related": [],
|
|
"uuid": "09447af0-0ec6-5d11-92d3-1d6b989a2f9e",
|
|
"value": "Perform cybersecurity testing of developed applications and systems - T1255"
|
|
},
|
|
{
|
|
"description": "Determine if system requirements are adequately demonstrated in data samples",
|
|
"related": [],
|
|
"uuid": "698c833d-25da-5ac6-ac72-f1b5d4c237e2",
|
|
"value": "Determine if system requirements are adequately demonstrated in data samples - T1346"
|
|
},
|
|
{
|
|
"description": "Establish testing specifications and requirements",
|
|
"related": [],
|
|
"uuid": "907a21df-90fc-5b5e-b715-256dbccb291c",
|
|
"value": "Establish testing specifications and requirements - T1484"
|
|
},
|
|
{
|
|
"description": "Analyze software and hardware testing results",
|
|
"related": [],
|
|
"uuid": "6c0d42eb-6e34-5944-a317-59f233984329",
|
|
"value": "Analyze software and hardware testing results - T1506"
|
|
},
|
|
{
|
|
"description": "Perform cybersecurity testing on systems in development",
|
|
"related": [],
|
|
"uuid": "f0eb3592-6908-5858-bae8-0ec53f88a955",
|
|
"value": "Perform cybersecurity testing on systems in development - T1587"
|
|
},
|
|
{
|
|
"description": "Determine if hardware and software complies with defined specifications and requirements",
|
|
"related": [],
|
|
"uuid": "b45bf16d-8792-5584-b2d7-f56ab12c5826",
|
|
"value": "Determine if hardware and software complies with defined specifications and requirements - T1610"
|
|
},
|
|
{
|
|
"description": "Record test data",
|
|
"related": [],
|
|
"uuid": "1021d800-48d8-5f20-b3c3-ac953948a3e6",
|
|
"value": "Record test data - T1611"
|
|
},
|
|
{
|
|
"description": "Manage test data",
|
|
"related": [],
|
|
"uuid": "2aa89bd8-de1c-5d9d-aadc-5a6f23b5dc7c",
|
|
"value": "Manage test data - T1612"
|
|
},
|
|
{
|
|
"description": "Evaluate locally developed tools",
|
|
"related": [],
|
|
"uuid": "3a73ab17-fdc1-55a7-8451-58a2a9e75b1e",
|
|
"value": "Evaluate locally developed tools - T1829"
|
|
},
|
|
{
|
|
"description": "Validate data mining and data warehousing programs, processes, and requirements",
|
|
"related": [],
|
|
"uuid": "88964d71-65e4-5b25-a148-57b13c33c1bb",
|
|
"value": "Validate data mining and data warehousing programs, processes, and requirements - T1142"
|
|
},
|
|
{
|
|
"description": "Identify system and network capabilities",
|
|
"related": [],
|
|
"uuid": "a3433026-b61e-5dbe-a572-0f42710db203",
|
|
"value": "Identify system and network capabilities - T1337"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity capability strategies for custom hardware and software development",
|
|
"related": [],
|
|
"uuid": "7333e12c-81c5-5513-867b-7e0ff8e05074",
|
|
"value": "Develop cybersecurity capability strategies for custom hardware and software development - T1338"
|
|
},
|
|
{
|
|
"description": "Identify cybersecurity solutions tools and technologies",
|
|
"related": [],
|
|
"uuid": "33ee3a62-a037-51f9-81a3-cd1df6261b13",
|
|
"value": "Identify cybersecurity solutions tools and technologies - T1378"
|
|
},
|
|
{
|
|
"description": "Design cybersecurity tools and technologies",
|
|
"related": [],
|
|
"uuid": "d192b7b2-8238-5eac-9e81-7ee5d49faa4c",
|
|
"value": "Design cybersecurity tools and technologies - T1379"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity tools and technologies",
|
|
"related": [],
|
|
"uuid": "313a49e7-8cb6-51a7-a19c-932bc01fc0f9",
|
|
"value": "Develop cybersecurity tools and technologies - T1380"
|
|
},
|
|
{
|
|
"description": "Evaluate network infrastructure vulnerabilities",
|
|
"related": [],
|
|
"uuid": "74394e31-3e88-5ee1-919d-492da207a79b",
|
|
"value": "Evaluate network infrastructure vulnerabilities - T1424"
|
|
},
|
|
{
|
|
"description": "Recommend network infrastructure enhancements",
|
|
"related": [],
|
|
"uuid": "aa54ebc7-2fa4-5562-8239-87f930150c26",
|
|
"value": "Recommend network infrastructure enhancements - T1425"
|
|
},
|
|
{
|
|
"description": "Design data management systems",
|
|
"related": [],
|
|
"uuid": "c1f80ace-fb10-544d-bc9f-bbc3ca97eb4a",
|
|
"value": "Design data management systems - T1491"
|
|
},
|
|
{
|
|
"description": "Troubleshoot prototype design and process issues",
|
|
"related": [],
|
|
"uuid": "d5a0fa7d-c524-51d4-9609-59d00ebfc426",
|
|
"value": "Troubleshoot prototype design and process issues - T1493"
|
|
},
|
|
{
|
|
"description": "Recommend vulnerability exploitation functional and security-related features",
|
|
"related": [],
|
|
"uuid": "d512c359-91a0-5ce2-9a85-8790abe40da2",
|
|
"value": "Recommend vulnerability exploitation functional and security-related features - T1494"
|
|
},
|
|
{
|
|
"description": "Recommend vulnerability mitigation functional- and security-related features",
|
|
"related": [],
|
|
"uuid": "0b6edc60-bd8f-548e-bb82-602960005f58",
|
|
"value": "Recommend vulnerability mitigation functional- and security-related features - T1495"
|
|
},
|
|
{
|
|
"description": "Develop reverse engineering tools",
|
|
"related": [],
|
|
"uuid": "4a7958fc-1ca7-5ca3-979c-9015b0dfae36",
|
|
"value": "Develop reverse engineering tools - T1496"
|
|
},
|
|
{
|
|
"description": "Translate functional requirements into technical solutions",
|
|
"related": [],
|
|
"uuid": "7a9d2b37-2f5e-58d2-881e-0bf6cb708d31",
|
|
"value": "Translate functional requirements into technical solutions - T0235"
|
|
},
|
|
{
|
|
"description": "Identify critical technology procurement requirements",
|
|
"related": [],
|
|
"uuid": "02bc86a7-0ecc-5df6-9abc-1ab619ccede6",
|
|
"value": "Identify critical technology procurement requirements - T1023"
|
|
},
|
|
{
|
|
"description": "Implement intelligence collection requirements",
|
|
"related": [],
|
|
"uuid": "f197772f-455e-588e-966a-32001ff75141",
|
|
"value": "Implement intelligence collection requirements - T1031"
|
|
},
|
|
{
|
|
"description": "Determine functional requirements and specifications",
|
|
"related": [],
|
|
"uuid": "26d375c3-4d46-5673-bf8d-10d772a49ca0",
|
|
"value": "Determine functional requirements and specifications - T1097"
|
|
},
|
|
{
|
|
"description": "Evaluate functional requirements",
|
|
"related": [],
|
|
"uuid": "d69d04f3-5c2e-5ebf-b571-9f04407c69a5",
|
|
"value": "Evaluate functional requirements - T1107"
|
|
},
|
|
{
|
|
"description": "Oversee the development of design solutions",
|
|
"related": [],
|
|
"uuid": "2bd28eca-d043-528e-be8e-ccbf685bdab8",
|
|
"value": "Oversee the development of design solutions - T1115"
|
|
},
|
|
{
|
|
"description": "Define project scope and objectives",
|
|
"related": [],
|
|
"uuid": "627017be-a010-511e-8d7a-8306f45094d8",
|
|
"value": "Define project scope and objectives - T1127"
|
|
},
|
|
{
|
|
"description": "Develop systems design procedures and processes",
|
|
"related": [],
|
|
"uuid": "2a72f717-2bfd-52e1-895b-76a73e8c7dff",
|
|
"value": "Develop systems design procedures and processes - T1139"
|
|
},
|
|
{
|
|
"description": "Determine if system analysis meets cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "f73f32d8-a8bf-59ed-83a1-ced19a733dd0",
|
|
"value": "Determine if system analysis meets cybersecurity requirements - T1217"
|
|
},
|
|
{
|
|
"description": "Oversee configuration management",
|
|
"related": [],
|
|
"uuid": "32da4bd8-319f-53ae-82f3-44479fa8d51c",
|
|
"value": "Oversee configuration management - T1243"
|
|
},
|
|
{
|
|
"description": "Develop configuration management recommendations",
|
|
"related": [],
|
|
"uuid": "8f2e01bd-8f06-55b0-9396-1b244586b514",
|
|
"value": "Develop configuration management recommendations - T1244"
|
|
},
|
|
{
|
|
"description": "Identify opportunities for new and improved business process solutions",
|
|
"related": [],
|
|
"uuid": "54d2bfe0-4ec7-5764-b7d7-a115bd075e66",
|
|
"value": "Identify opportunities for new and improved business process solutions - T1259"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity use cases",
|
|
"related": [],
|
|
"uuid": "84bc9016-a3b2-53fa-8539-e2ab1caf1c37",
|
|
"value": "Develop cybersecurity use cases - T1283"
|
|
},
|
|
{
|
|
"description": "Identify supply chain risks for critical system elements",
|
|
"related": [],
|
|
"uuid": "09dacb07-6293-526f-bc1b-95b19bf405a6",
|
|
"value": "Identify supply chain risks for critical system elements - T1366"
|
|
},
|
|
{
|
|
"description": "Document supply chain risks for critical system elements",
|
|
"related": [],
|
|
"uuid": "2fed5e88-64f4-504b-ae73-7e3d3585a2ff",
|
|
"value": "Document supply chain risks for critical system elements - T1367"
|
|
},
|
|
{
|
|
"description": "Develop user experience requirements",
|
|
"related": [],
|
|
"uuid": "fa4e106d-5693-5148-a6a9-0497b5119d5e",
|
|
"value": "Develop user experience requirements - T1392"
|
|
},
|
|
{
|
|
"description": "Document user experience requirements",
|
|
"related": [],
|
|
"uuid": "cca7eb1f-4533-58b6-a7a0-81fb30c6e916",
|
|
"value": "Document user experience requirements - T1393"
|
|
},
|
|
{
|
|
"description": "Develop quality standards",
|
|
"related": [],
|
|
"uuid": "7bd4a325-a41b-535d-8729-5e004d85c21f",
|
|
"value": "Develop quality standards - T1408"
|
|
},
|
|
{
|
|
"description": "Document quality standards",
|
|
"related": [],
|
|
"uuid": "a0d3cb7c-cbae-5950-89c6-61ed877483ae",
|
|
"value": "Document quality standards - T1409"
|
|
},
|
|
{
|
|
"description": "Determine if system components can be aligned",
|
|
"related": [],
|
|
"uuid": "f47ab754-98ce-542b-8194-2ad9d2dea658",
|
|
"value": "Determine if system components can be aligned - T1430"
|
|
},
|
|
{
|
|
"description": "Integrate system components",
|
|
"related": [],
|
|
"uuid": "91b594dd-7b56-5ccd-b47e-fae0fb766bac",
|
|
"value": "Integrate system components - T1431"
|
|
},
|
|
{
|
|
"description": "Develop cost estimates for new or modified systems",
|
|
"related": [],
|
|
"uuid": "8326e1fd-df54-539c-b000-0d89915ea39e",
|
|
"value": "Develop cost estimates for new or modified systems - T1534"
|
|
},
|
|
{
|
|
"description": "Determine if developed solutions meet customer requirements",
|
|
"related": [],
|
|
"uuid": "2341ef4d-a462-5066-a2f7-6b35b837518b",
|
|
"value": "Determine if developed solutions meet customer requirements - T1573"
|
|
},
|
|
{
|
|
"description": "Prepare trend analysis reports",
|
|
"related": [],
|
|
"uuid": "99af4dfc-d246-5697-9486-4f98cfda94ab",
|
|
"value": "Prepare trend analysis reports - T1429"
|
|
},
|
|
{
|
|
"description": "Address security architecture gaps",
|
|
"related": [],
|
|
"uuid": "774c4caf-560b-50ea-a47b-da9afb0590d2",
|
|
"value": "Address security architecture gaps - T1591"
|
|
},
|
|
{
|
|
"description": "Plan implementation strategies",
|
|
"related": [],
|
|
"uuid": "7acd0983-3139-55f1-8099-89e27bf6277d",
|
|
"value": "Plan implementation strategies - T1597"
|
|
},
|
|
{
|
|
"description": "Assess the integration and alignment capabilities of enterprise components",
|
|
"related": [],
|
|
"uuid": "2051a9f6-e308-59f3-986a-736e685f18d2",
|
|
"value": "Assess the integration and alignment capabilities of enterprise components - T1598"
|
|
},
|
|
{
|
|
"description": "Prepare impact reports",
|
|
"related": [],
|
|
"uuid": "e6c29d30-bef3-5c9d-8b5f-4bb623e6495f",
|
|
"value": "Prepare impact reports - T1606"
|
|
},
|
|
{
|
|
"description": "Determine impact of new systems and system interfaces on current and target environments",
|
|
"related": [],
|
|
"uuid": "9c58951e-7f17-5a29-a8f2-3dfef0a50eaa",
|
|
"value": "Determine impact of new systems and system interfaces on current and target environments - T1626"
|
|
},
|
|
{
|
|
"description": "Integrate black-box security testing tools into quality assurance processes",
|
|
"related": [],
|
|
"uuid": "71f0a8ee-8711-5c35-b94e-02c52635b523",
|
|
"value": "Integrate black-box security testing tools into quality assurance processes - T1052"
|
|
},
|
|
{
|
|
"description": "Develop threat models",
|
|
"related": [],
|
|
"uuid": "4eacea9c-8f03-5b07-a075-1c8f8479fcff",
|
|
"value": "Develop threat models - T1106"
|
|
},
|
|
{
|
|
"description": "Determine security requirements for new information technologies",
|
|
"related": [],
|
|
"uuid": "12198ead-b6f6-522e-a521-0024fd7d68b7",
|
|
"value": "Determine security requirements for new information technologies - T1222"
|
|
},
|
|
{
|
|
"description": "Determine security requirements for new operational technologies",
|
|
"related": [],
|
|
"uuid": "9e9df84a-ed49-5b0d-8022-ff12be8901ad",
|
|
"value": "Determine security requirements for new operational technologies - T1223"
|
|
},
|
|
{
|
|
"description": "Identify system cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "79215424-dd31-5b37-bb35-0333f241206d",
|
|
"value": "Identify system cybersecurity requirements - T1354"
|
|
},
|
|
{
|
|
"description": "Perform penetration testing",
|
|
"related": [],
|
|
"uuid": "2fd00be8-7f03-5df4-99d4-dbcd89f9b0f7",
|
|
"value": "Perform penetration testing - T1359"
|
|
},
|
|
{
|
|
"description": "Identify programming flaws",
|
|
"related": [],
|
|
"uuid": "086bc2a8-5186-5477-917f-e4a680bf8448",
|
|
"value": "Identify programming flaws - T1590"
|
|
},
|
|
{
|
|
"description": "Determine customer requirements",
|
|
"related": [],
|
|
"uuid": "c2497566-0c53-5561-a0c9-a3e105f975a8",
|
|
"value": "Determine customer requirements - T1658"
|
|
},
|
|
{
|
|
"description": "Identify system security requirements",
|
|
"related": [],
|
|
"uuid": "6a9b9466-1fdd-5214-a5eb-614591d9734b",
|
|
"value": "Identify system security requirements - T1913"
|
|
},
|
|
{
|
|
"description": "Provide real-time actionable geolocation information",
|
|
"related": [],
|
|
"uuid": "15234af3-79d9-51a6-8ac4-4c197fb54140",
|
|
"value": "Provide real-time actionable geolocation information - T0796"
|
|
},
|
|
{
|
|
"description": "Prepare deconfliction report",
|
|
"related": [],
|
|
"uuid": "13149ee1-3d6d-5d52-9544-824db616ac4e",
|
|
"value": "Prepare deconfliction report - T1034"
|
|
},
|
|
{
|
|
"description": "Determine how threat activity groups employ encryption to support their operations",
|
|
"related": [],
|
|
"uuid": "e25c9788-f1ef-54fc-b8e8-aa605bae7df3",
|
|
"value": "Determine how threat activity groups employ encryption to support their operations - T1035"
|
|
},
|
|
{
|
|
"description": "Identify network artifacts from hardware and software options",
|
|
"related": [],
|
|
"uuid": "e2bf007f-9712-5f30-bafb-7633775b9ff7",
|
|
"value": "Identify network artifacts from hardware and software options - T1039"
|
|
},
|
|
{
|
|
"description": "Identify impact of network artifacts on exploitation",
|
|
"related": [],
|
|
"uuid": "d992bcbd-c38b-52f0-8141-1c352bdbbe1e",
|
|
"value": "Identify impact of network artifacts on exploitation - T1040"
|
|
},
|
|
{
|
|
"description": "Identify target operational architecture vulnerabilities",
|
|
"related": [],
|
|
"uuid": "d362b6eb-7f36-5566-a85c-f76ca822d243",
|
|
"value": "Identify target operational architecture vulnerabilities - T1633"
|
|
},
|
|
{
|
|
"description": "Identify potential avenues of access in digital technologies",
|
|
"related": [],
|
|
"uuid": "3d2c01b2-c325-5b07-9770-20e98b747030",
|
|
"value": "Identify potential avenues of access in digital technologies - T1663"
|
|
},
|
|
{
|
|
"description": "Access wireless computer and digital networks",
|
|
"related": [],
|
|
"uuid": "7507cca0-4a05-58c4-9b26-b5e7483dce26",
|
|
"value": "Access wireless computer and digital networks - T1664"
|
|
},
|
|
{
|
|
"description": "Process intelligence collection data",
|
|
"related": [],
|
|
"uuid": "1c45c3d1-9195-5fcc-997f-014021d2b8de",
|
|
"value": "Process intelligence collection data - T1665"
|
|
},
|
|
{
|
|
"description": "Exploit wireless computer and digital networks",
|
|
"related": [],
|
|
"uuid": "00e4c4a7-7d4a-5815-913a-999f4d2f65d4",
|
|
"value": "Exploit wireless computer and digital networks - T1666"
|
|
},
|
|
{
|
|
"description": "Conduct network scouting",
|
|
"related": [],
|
|
"uuid": "3640a52a-b364-5127-9167-db8c5c3ce683",
|
|
"value": "Conduct network scouting - T1668"
|
|
},
|
|
{
|
|
"description": "Analyze system vulnerabilities within a network",
|
|
"related": [],
|
|
"uuid": "6543b434-f2e1-5150-bc50-17534107bbe3",
|
|
"value": "Analyze system vulnerabilities within a network - T1669"
|
|
},
|
|
{
|
|
"description": "Conduct on-net activities",
|
|
"related": [],
|
|
"uuid": "ee703879-0816-5961-a0a7-b6ec167cab5b",
|
|
"value": "Conduct on-net activities - T1670"
|
|
},
|
|
{
|
|
"description": "Exfiltrate data from deployed technologies",
|
|
"related": [],
|
|
"uuid": "2d8ed6ac-b055-5280-b719-42177fada9e8",
|
|
"value": "Exfiltrate data from deployed technologies - T1671"
|
|
},
|
|
{
|
|
"description": "Conduct off-net activities",
|
|
"related": [],
|
|
"uuid": "1b6d6913-9072-596c-bd31-b7fd55615575",
|
|
"value": "Conduct off-net activities - T1672"
|
|
},
|
|
{
|
|
"description": "Exfiltrate data from automated technologies",
|
|
"related": [],
|
|
"uuid": "bbfe37dd-ef81-5b0a-bc4c-13328c4af737",
|
|
"value": "Exfiltrate data from automated technologies - T1673"
|
|
},
|
|
{
|
|
"description": "Perform open source data collection",
|
|
"related": [],
|
|
"uuid": "764c8b56-a93f-5025-ae9b-84ac201a2058",
|
|
"value": "Perform open source data collection - T1674"
|
|
},
|
|
{
|
|
"description": "Survey computer and digital networks",
|
|
"related": [],
|
|
"uuid": "33b0c99f-d6bc-5346-a928-2912520f73ce",
|
|
"value": "Survey computer and digital networks - T1676"
|
|
},
|
|
{
|
|
"description": "Detect exploits against targeted networks and hosts",
|
|
"related": [],
|
|
"uuid": "0b7678be-7474-5384-9240-a154a7514f64",
|
|
"value": "Detect exploits against targeted networks and hosts - T1691"
|
|
},
|
|
{
|
|
"description": "Counter exploits against targeted networks and hosts",
|
|
"related": [],
|
|
"uuid": "ae3298bd-092a-5b62-95f7-8295d640071a",
|
|
"value": "Counter exploits against targeted networks and hosts - T1692"
|
|
},
|
|
{
|
|
"description": "Develop new techniques for accessing target systems",
|
|
"related": [],
|
|
"uuid": "077a9932-61be-5117-8b49-34451a12ccdc",
|
|
"value": "Develop new techniques for accessing target systems - T1709"
|
|
},
|
|
{
|
|
"description": "Exploit network devices and terminals",
|
|
"related": [],
|
|
"uuid": "f01a5726-8410-5206-bd06-c317ab9d7b4b",
|
|
"value": "Exploit network devices and terminals - T1734"
|
|
},
|
|
{
|
|
"description": "Identify system vulnerabilities within a network",
|
|
"related": [],
|
|
"uuid": "7ed10d32-8059-5593-8876-c123b4e61015",
|
|
"value": "Identify system vulnerabilities within a network - T1747"
|
|
},
|
|
{
|
|
"description": "Maintain situational awareness of organic operational infrastructure",
|
|
"related": [],
|
|
"uuid": "41b7e63a-f4e8-5bb7-8db3-8d299a5b0517",
|
|
"value": "Maintain situational awareness of organic operational infrastructure - T1759"
|
|
},
|
|
{
|
|
"description": "Maintain functionality of organic operational infrastructure",
|
|
"related": [],
|
|
"uuid": "d00ef54a-4487-5cc9-bfbc-13c4ea54dea8",
|
|
"value": "Maintain functionality of organic operational infrastructure - T1760"
|
|
},
|
|
{
|
|
"description": "Gain and maintain access to target systems",
|
|
"related": [],
|
|
"uuid": "aac2231f-713d-5cca-9be9-4222514380c2",
|
|
"value": "Gain and maintain access to target systems - T1774"
|
|
},
|
|
{
|
|
"description": "Degrade or remove data from networks and computers",
|
|
"related": [],
|
|
"uuid": "11333f3d-92f0-5a51-a9d6-3ba9a31b4f80",
|
|
"value": "Degrade or remove data from networks and computers - T1781"
|
|
},
|
|
{
|
|
"description": "Process exfiltrated data",
|
|
"related": [],
|
|
"uuid": "b235b5b4-81d5-5d08-8971-05150ac824da",
|
|
"value": "Process exfiltrated data - T1784"
|
|
},
|
|
{
|
|
"description": "Document information collection and environment activities",
|
|
"related": [],
|
|
"uuid": "7086b15e-37df-56b1-9296-1afbeccbf5f3",
|
|
"value": "Document information collection and environment activities - T1803"
|
|
},
|
|
{
|
|
"description": "Test internally developed software",
|
|
"related": [],
|
|
"uuid": "a8a77882-6915-57be-a5ba-5b4eb59c5a86",
|
|
"value": "Test internally developed software - T1830"
|
|
},
|
|
{
|
|
"description": "Perform analysis for target infrastructure exploitation activities",
|
|
"related": [],
|
|
"uuid": "22ed9a33-856b-5695-bb52-b53e0cc542dd",
|
|
"value": "Perform analysis for target infrastructure exploitation activities - T0591"
|
|
},
|
|
{
|
|
"description": "Produce network reconstructions",
|
|
"related": [],
|
|
"uuid": "3e4e405e-8ec1-5eb8-b0dd-e099a8eab54c",
|
|
"value": "Produce network reconstructions - T0775"
|
|
},
|
|
{
|
|
"description": "Expand network access",
|
|
"related": [],
|
|
"uuid": "486fb33f-3755-507c-8f0f-4143bd9babee",
|
|
"value": "Expand network access - T1012"
|
|
},
|
|
{
|
|
"description": "Conduct technical exploitation of a target",
|
|
"related": [],
|
|
"uuid": "3fdcd630-293e-5b9e-8d52-ad430498ec2c",
|
|
"value": "Conduct technical exploitation of a target - T1013"
|
|
},
|
|
{
|
|
"description": "Perform authorized penetration testing on enterprise network assets",
|
|
"related": [],
|
|
"uuid": "f9cd8902-8dd1-5375-87ed-5f23a0d5f083",
|
|
"value": "Perform authorized penetration testing on enterprise network assets - T1091"
|
|
},
|
|
{
|
|
"description": "Track targets",
|
|
"related": [],
|
|
"uuid": "bf749634-d5e7-5156-a08c-442a83fb0ae8",
|
|
"value": "Track targets - T1211"
|
|
},
|
|
{
|
|
"description": "Access targeted networks",
|
|
"related": [],
|
|
"uuid": "d10c612a-6c27-564e-84a6-60e296e9a01d",
|
|
"value": "Access targeted networks - T1635"
|
|
},
|
|
{
|
|
"description": "Conduct independent in-depth target and technical analysis",
|
|
"related": [],
|
|
"uuid": "0a9c6fa6-c4a2-58c4-9633-e9e1f2821898",
|
|
"value": "Conduct independent in-depth target and technical analysis - T1667"
|
|
},
|
|
{
|
|
"description": "Develop intelligence collection plans",
|
|
"related": [],
|
|
"uuid": "8be0e6f6-5507-54dd-b317-2c8d12e7c102",
|
|
"value": "Develop intelligence collection plans - T1677"
|
|
},
|
|
{
|
|
"description": "Create comprehensive exploitation strategies",
|
|
"related": [],
|
|
"uuid": "a827386b-cae6-5855-a8af-3946c4d228ab",
|
|
"value": "Create comprehensive exploitation strategies - T1689"
|
|
},
|
|
{
|
|
"description": "Identify exploitable technical or operational vulnerabilities",
|
|
"related": [],
|
|
"uuid": "08defb38-b806-554e-abd6-8b3c07052a54",
|
|
"value": "Identify exploitable technical or operational vulnerabilities - T1690"
|
|
},
|
|
{
|
|
"description": "Communicate tool requirements to developers",
|
|
"related": [],
|
|
"uuid": "711cb661-643a-5bf8-bc49-16d2fa2f60f4",
|
|
"value": "Communicate tool requirements to developers - T1736"
|
|
},
|
|
{
|
|
"description": "Identify gaps in understanding of target technology",
|
|
"related": [],
|
|
"uuid": "6192884b-528a-5d52-820a-51f865727b8a",
|
|
"value": "Identify gaps in understanding of target technology - T1745"
|
|
},
|
|
{
|
|
"description": "Locate targets",
|
|
"related": [],
|
|
"uuid": "467a7af1-3735-54b4-b5b9-d55d01dfca47",
|
|
"value": "Locate targets - T1751"
|
|
},
|
|
{
|
|
"description": "Coordinate exploitation operations",
|
|
"related": [],
|
|
"uuid": "f608cff6-db2f-572a-8e9f-397f9892ac5c",
|
|
"value": "Coordinate exploitation operations - T1757"
|
|
},
|
|
{
|
|
"description": "Determine potential implications of new and emerging hardware and software technologies",
|
|
"related": [],
|
|
"uuid": "0ffd6e26-f9a8-5661-a2a9-1885a2ea86b9",
|
|
"value": "Determine potential implications of new and emerging hardware and software technologies - T1758"
|
|
},
|
|
{
|
|
"description": "Identify indications and warnings of target communication changes or processing failures",
|
|
"related": [],
|
|
"uuid": "9b09bbbe-917d-5474-8de7-879e983c9ce0",
|
|
"value": "Identify indications and warnings of target communication changes or processing failures - T1772"
|
|
},
|
|
{
|
|
"description": "Profile network administrators and their activities",
|
|
"related": [],
|
|
"uuid": "25916f83-d0f3-5584-8084-575cf7ca6f98",
|
|
"value": "Profile network administrators and their activities - T1785"
|
|
},
|
|
{
|
|
"description": "Conduct end-of-operations assessments",
|
|
"related": [],
|
|
"uuid": "6c853798-0749-541e-95c1-f74a5444675b",
|
|
"value": "Conduct end-of-operations assessments - T0611"
|
|
},
|
|
{
|
|
"description": "Conduct target research and analysis",
|
|
"related": [],
|
|
"uuid": "c1124d7e-c252-54d0-9aa2-aa2d6a71ac51",
|
|
"value": "Conduct target research and analysis - T0624"
|
|
},
|
|
{
|
|
"description": "Estimate operational effects generated through cyber activities",
|
|
"related": [],
|
|
"uuid": "145258f9-1888-5cb8-bb0d-663c33b61dc0",
|
|
"value": "Estimate operational effects generated through cyber activities - T0684"
|
|
},
|
|
{
|
|
"description": "Evaluate threat decision-making processes",
|
|
"related": [],
|
|
"uuid": "2a7f891a-5272-5629-9b2c-90004146c5b4",
|
|
"value": "Evaluate threat decision-making processes - T0685"
|
|
},
|
|
{
|
|
"description": "Identify threat vulnerabilities",
|
|
"related": [],
|
|
"uuid": "b5208175-351a-586b-87b0-d184e5ff19e3",
|
|
"value": "Identify threat vulnerabilities - T0686"
|
|
},
|
|
{
|
|
"description": "Generate requests for information",
|
|
"related": [],
|
|
"uuid": "b9cefab5-986d-5975-9fa6-a874ad76730c",
|
|
"value": "Generate requests for information - T0707"
|
|
},
|
|
{
|
|
"description": "Identify and characterize intrusion activities against a victim or target",
|
|
"related": [],
|
|
"uuid": "d45e11d5-0825-5e5d-9725-2a74a90f4305",
|
|
"value": "Identify and characterize intrusion activities against a victim or target - T1053"
|
|
},
|
|
{
|
|
"description": "Recommend cyber operation targets",
|
|
"related": [],
|
|
"uuid": "bdd31360-cb81-55c4-ae03-b4fb5aa3ebd3",
|
|
"value": "Recommend cyber operation targets - T1638"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of intelligence collection operations",
|
|
"related": [],
|
|
"uuid": "e412f5a8-31cd-5a76-90b9-27f7f99d7e61",
|
|
"value": "Determine effectiveness of intelligence collection operations - T1640"
|
|
},
|
|
{
|
|
"description": "Recommend adjustments to intelligence collection strategies",
|
|
"related": [],
|
|
"uuid": "567d4878-307b-554f-8202-be78199e1a57",
|
|
"value": "Recommend adjustments to intelligence collection strategies - T1641"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on course of action development",
|
|
"related": [],
|
|
"uuid": "dc55a787-dcca-5b70-bf1a-e225d4246de3",
|
|
"value": "Advise stakeholders on course of action development - T1642"
|
|
},
|
|
{
|
|
"description": "Develop common operational pictures",
|
|
"related": [],
|
|
"uuid": "cc4d292d-993b-5e34-8935-fcd32151ac08",
|
|
"value": "Develop common operational pictures - T1643"
|
|
},
|
|
{
|
|
"description": "Coordinate all-source collection activities",
|
|
"related": [],
|
|
"uuid": "62e70a80-afe7-5286-8323-6cb0f0f8fc65",
|
|
"value": "Coordinate all-source collection activities - T1645"
|
|
},
|
|
{
|
|
"description": "Validate all-source collection requirements and plans",
|
|
"related": [],
|
|
"uuid": "a6474d1e-e143-5d4b-94b6-f72ddf31a77e",
|
|
"value": "Validate all-source collection requirements and plans - T1646"
|
|
},
|
|
{
|
|
"description": "Develop priority information requirements",
|
|
"related": [],
|
|
"uuid": "9ddeeeb8-e984-5190-b3cd-78bd016b2c3e",
|
|
"value": "Develop priority information requirements - T1647"
|
|
},
|
|
{
|
|
"description": "Develop performance success metrics",
|
|
"related": [],
|
|
"uuid": "b4dd52a4-c47c-513d-8c43-ed8a30273f34",
|
|
"value": "Develop performance success metrics - T1648"
|
|
},
|
|
{
|
|
"description": "Prepare threat and target briefings",
|
|
"related": [],
|
|
"uuid": "7269fe64-033d-5792-843b-686044fc7155",
|
|
"value": "Prepare threat and target briefings - T1651"
|
|
},
|
|
{
|
|
"description": "Prepare threat and target situational updates",
|
|
"related": [],
|
|
"uuid": "454291bc-9ebf-5b72-8819-b91d7b573e7b",
|
|
"value": "Prepare threat and target situational updates - T1652"
|
|
},
|
|
{
|
|
"description": "Assess all-source data for intelligence or vulnerability value",
|
|
"related": [],
|
|
"uuid": "41d50cd9-e470-5740-963c-61050cbfb090",
|
|
"value": "Assess all-source data for intelligence or vulnerability value - T1661"
|
|
},
|
|
{
|
|
"description": "Identify intelligence requirements",
|
|
"related": [],
|
|
"uuid": "3663220e-eaa7-54ea-a446-6c3d32561999",
|
|
"value": "Identify intelligence requirements - T1686"
|
|
},
|
|
{
|
|
"description": "Prepare munitions effectiveness assessment reports",
|
|
"related": [],
|
|
"uuid": "f8454b9a-3d7a-5a7f-8c1d-b6e5af1e8fae",
|
|
"value": "Prepare munitions effectiveness assessment reports - T1707"
|
|
},
|
|
{
|
|
"description": "Modify collection requirements",
|
|
"related": [],
|
|
"uuid": "921f00bc-5f36-5d8d-82c2-4a504cd15bee",
|
|
"value": "Modify collection requirements - T1762"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of collection requirements",
|
|
"related": [],
|
|
"uuid": "61ff7844-8334-54dc-b4f9-79359a38aba7",
|
|
"value": "Determine effectiveness of collection requirements - T1763"
|
|
},
|
|
{
|
|
"description": "Monitor changes to designated cyber operations warning problem sets",
|
|
"related": [],
|
|
"uuid": "9e64ba7b-de6a-5413-b3ff-05d2914a92b9",
|
|
"value": "Monitor changes to designated cyber operations warning problem sets - T1765"
|
|
},
|
|
{
|
|
"description": "Prepare change reports for designated cyber operations warning problem sets",
|
|
"related": [],
|
|
"uuid": "dcad3071-0e88-595d-9e2f-f8d850eedcfc",
|
|
"value": "Prepare change reports for designated cyber operations warning problem sets - T1766"
|
|
},
|
|
{
|
|
"description": "Monitor threat activities",
|
|
"related": [],
|
|
"uuid": "9b6c0e2f-904a-5586-a34a-2b8c198345cb",
|
|
"value": "Monitor threat activities - T1767"
|
|
},
|
|
{
|
|
"description": "Prepare threat activity reports",
|
|
"related": [],
|
|
"uuid": "a8f34ff7-25df-514b-917d-0115ce5d0119",
|
|
"value": "Prepare threat activity reports - T1768"
|
|
},
|
|
{
|
|
"description": "Report on adversarial activities that fulfill priority information requirements",
|
|
"related": [],
|
|
"uuid": "68faede0-3e57-50bd-ad8c-40118ff7aab5",
|
|
"value": "Report on adversarial activities that fulfill priority information requirements - T1770"
|
|
},
|
|
{
|
|
"description": "Prepare cyber operations intelligence reports",
|
|
"related": [],
|
|
"uuid": "2622c158-72ec-5189-824e-eb4bb888b8fe",
|
|
"value": "Prepare cyber operations intelligence reports - T1775"
|
|
},
|
|
{
|
|
"description": "Prepare indications and warnings intelligence reports",
|
|
"related": [],
|
|
"uuid": "95c3ad36-25dc-57a9-be57-4526f810dc2f",
|
|
"value": "Prepare indications and warnings intelligence reports - T1776"
|
|
},
|
|
{
|
|
"description": "Asssess effectiveness of intelligence production",
|
|
"related": [],
|
|
"uuid": "34828e9b-e043-542a-bf5f-56c43c321601",
|
|
"value": "Asssess effectiveness of intelligence production - T1792"
|
|
},
|
|
{
|
|
"description": "Asssess effectiveness of intelligence reporting",
|
|
"related": [],
|
|
"uuid": "92fb6238-1b13-54aa-a55b-6ff8c0612b64",
|
|
"value": "Asssess effectiveness of intelligence reporting - T1793"
|
|
},
|
|
{
|
|
"description": "Conduct post-action effectiveness assessments",
|
|
"related": [],
|
|
"uuid": "43c19e7f-636e-5949-af79-439140511f4d",
|
|
"value": "Conduct post-action effectiveness assessments - T1795"
|
|
},
|
|
{
|
|
"description": "Determine what technologies are used by a given target",
|
|
"related": [],
|
|
"uuid": "6eb4dcf9-a0af-5508-bd34-9aae2bc90646",
|
|
"value": "Determine what technologies are used by a given target - T0650"
|
|
},
|
|
{
|
|
"description": "Identify critical target elements",
|
|
"related": [],
|
|
"uuid": "206d0c7b-59cf-5eed-926f-229da71a437a",
|
|
"value": "Identify critical target elements - T0717"
|
|
},
|
|
{
|
|
"description": "Maintain target lists (i.e., RTL, JTL, CTL, etc.)",
|
|
"related": [],
|
|
"uuid": "f5f2447c-b8bb-5f25-8a15-5b87b272d92b",
|
|
"value": "Maintain target lists (i.e., RTL, JTL, CTL, etc.) - T0744"
|
|
},
|
|
{
|
|
"description": "Perform targeting automation activities",
|
|
"related": [],
|
|
"uuid": "c9edf231-1a61-5922-b04d-3e2d1cb1fd2a",
|
|
"value": "Perform targeting automation activities - T0769"
|
|
},
|
|
{
|
|
"description": "Produce target system analysis products",
|
|
"related": [],
|
|
"uuid": "962dd976-ba04-5c57-9232-cad106778e2d",
|
|
"value": "Produce target system analysis products - T0776"
|
|
},
|
|
{
|
|
"description": "Profile targets and their activities",
|
|
"related": [],
|
|
"uuid": "622be037-09b9-50e3-bf38-066534b07f01",
|
|
"value": "Profile targets and their activities - T0778"
|
|
},
|
|
{
|
|
"description": "Determine cyber operation objectives",
|
|
"related": [],
|
|
"uuid": "668d82ff-71bd-50b7-951f-0b89370d04f9",
|
|
"value": "Determine cyber operation objectives - T1032"
|
|
},
|
|
{
|
|
"description": "Acquire target identifiers",
|
|
"related": [],
|
|
"uuid": "56e0af3a-e20c-55dd-b131-988201a868ab",
|
|
"value": "Acquire target identifiers - T1042"
|
|
},
|
|
{
|
|
"description": "Identify potential threats to network resources",
|
|
"related": [],
|
|
"uuid": "88e48743-61dd-5470-b6df-db49353c740d",
|
|
"value": "Identify potential threats to network resources - T1085"
|
|
},
|
|
{
|
|
"description": "Prepare target analysis reports",
|
|
"related": [],
|
|
"uuid": "fc0e015c-766a-5038-bcdc-9f3bb8fcbfcf",
|
|
"value": "Prepare target analysis reports - T1629"
|
|
},
|
|
{
|
|
"description": "Build electronic target folders",
|
|
"related": [],
|
|
"uuid": "b7f544e5-5cc7-5cc7-aca6-6c56d291afb9",
|
|
"value": "Build electronic target folders - T1653"
|
|
},
|
|
{
|
|
"description": "Maintain electronic target folders",
|
|
"related": [],
|
|
"uuid": "e542d744-8c72-5c3d-b3d2-4c974626833d",
|
|
"value": "Maintain electronic target folders - T1654"
|
|
},
|
|
{
|
|
"description": "Vet targets with partners",
|
|
"related": [],
|
|
"uuid": "4315e457-48f0-50a2-96a2-2a96cbe4e87a",
|
|
"value": "Vet targets with partners - T1683"
|
|
},
|
|
{
|
|
"description": "Prepare all-source intelligence targeting reports",
|
|
"related": [],
|
|
"uuid": "12664582-fa78-5d87-954f-82623e3e09c1",
|
|
"value": "Prepare all-source intelligence targeting reports - T1697"
|
|
},
|
|
{
|
|
"description": "Initiate requests to guide tasking",
|
|
"related": [],
|
|
"uuid": "5dd4c108-1bc2-5b8e-8103-e06d8bc4955a",
|
|
"value": "Initiate requests to guide tasking - T1754"
|
|
},
|
|
{
|
|
"description": "Develop website characterizations",
|
|
"related": [],
|
|
"uuid": "cbd7bc8c-b6c6-53cc-b5c6-e52c718238fd",
|
|
"value": "Develop website characterizations - T1782"
|
|
},
|
|
{
|
|
"description": "Provide aim point recommendations for targets",
|
|
"related": [],
|
|
"uuid": "44a36e03-b61c-5695-b088-2902fb17a943",
|
|
"value": "Provide aim point recommendations for targets - T1789"
|
|
},
|
|
{
|
|
"description": "Provide reengagement recommendations",
|
|
"related": [],
|
|
"uuid": "a6e91ab8-45fd-5d9b-80fb-64d01182ede9",
|
|
"value": "Provide reengagement recommendations - T1790"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of targeting activities",
|
|
"related": [],
|
|
"uuid": "194cac11-3872-5d64-9605-5dd05bdc7892",
|
|
"value": "Determine effectiveness of targeting activities - T1796"
|
|
},
|
|
{
|
|
"description": "Determine validity and relevance of information",
|
|
"related": [],
|
|
"uuid": "845a3e87-eae0-53ce-bfb3-18d2d03f6484",
|
|
"value": "Determine validity and relevance of information - T1801"
|
|
},
|
|
{
|
|
"description": "Protect information sources and methods",
|
|
"related": [],
|
|
"uuid": "eedf250d-3fbb-5097-a3c4-e07267a2dafa",
|
|
"value": "Protect information sources and methods - T1814"
|
|
},
|
|
{
|
|
"description": "Identify cyber collateral damage",
|
|
"related": [],
|
|
"uuid": "65a48d69-a961-52fe-98fd-56d1e0cfd68d",
|
|
"value": "Identify cyber collateral damage - T1824"
|
|
},
|
|
{
|
|
"description": "Document cyber collateral damage",
|
|
"related": [],
|
|
"uuid": "b9b02072-0314-5d90-b8bc-29e2015bece3",
|
|
"value": "Document cyber collateral damage - T1825"
|
|
},
|
|
{
|
|
"description": "Classify documents",
|
|
"related": [],
|
|
"uuid": "4a9bd980-9e4f-5968-b91a-055ebeb3c793",
|
|
"value": "Classify documents - T1655"
|
|
},
|
|
{
|
|
"description": "Identify information essential to intelligence collection operations",
|
|
"related": [],
|
|
"uuid": "4120df85-a41f-5755-ad23-af65fe7023e1",
|
|
"value": "Identify information essential to intelligence collection operations - T1662"
|
|
},
|
|
{
|
|
"description": "Determine validity and relevance of information gathered about networks",
|
|
"related": [],
|
|
"uuid": "051da4ed-fdd3-5f0f-b5ad-137c66d35b10",
|
|
"value": "Determine validity and relevance of information gathered about networks - T1675"
|
|
},
|
|
{
|
|
"description": "Collect target information",
|
|
"related": [],
|
|
"uuid": "3530f309-7406-5941-8642-ce4f32d535e4",
|
|
"value": "Collect target information - T1698"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of network analysis strategies",
|
|
"related": [],
|
|
"uuid": "0e575416-8242-5362-b3c7-c4cb3082fc51",
|
|
"value": "Determine effectiveness of network analysis strategies - T1732"
|
|
},
|
|
{
|
|
"description": "Develop intelligence collection strategies",
|
|
"related": [],
|
|
"uuid": "9b614cce-3b07-5330-9405-75312a339a41",
|
|
"value": "Develop intelligence collection strategies - T1737"
|
|
},
|
|
{
|
|
"description": "Identify information collection gaps",
|
|
"related": [],
|
|
"uuid": "df76b185-2b6d-51db-a0f0-4a934c8be038",
|
|
"value": "Identify information collection gaps - T1743"
|
|
},
|
|
{
|
|
"description": "Prepare network reports",
|
|
"related": [],
|
|
"uuid": "993214af-b87e-5826-ad86-210c37d69675",
|
|
"value": "Prepare network reports - T1802"
|
|
},
|
|
{
|
|
"description": "Research communications trends in emerging technologies",
|
|
"related": [],
|
|
"uuid": "c194e50d-8b79-5094-a295-8fac7389e117",
|
|
"value": "Research communications trends in emerging technologies - T1806"
|
|
},
|
|
{
|
|
"description": "Analyze target communications",
|
|
"related": [],
|
|
"uuid": "60e6e3b5-a69e-5818-8629-31ce5078bc1b",
|
|
"value": "Analyze target communications - T1840"
|
|
},
|
|
{
|
|
"description": "Inform external partners of the potential effects of new or revised policy and guidance on cyber operations partnering activities",
|
|
"related": [],
|
|
"uuid": "95f80d0e-efba-50d6-82b5-ac0e67a1faa3",
|
|
"value": "Inform external partners of the potential effects of new or revised policy and guidance on cyber operations partnering activities - T0729"
|
|
},
|
|
{
|
|
"description": "Serve as a liaison with external partners",
|
|
"related": [],
|
|
"uuid": "18562385-8da2-5518-afc1-488dc9fb9013",
|
|
"value": "Serve as a liaison with external partners - T0818"
|
|
},
|
|
{
|
|
"description": "Synchronize intelligence support plans across partner organizations",
|
|
"related": [],
|
|
"uuid": "de09d44c-2322-54ad-89be-b143d3a8ec39",
|
|
"value": "Synchronize intelligence support plans across partner organizations - T1649"
|
|
},
|
|
{
|
|
"description": "Develop a diverse program of information materials",
|
|
"related": [],
|
|
"uuid": "4d489af4-9c66-5b65-b808-d4164e10c798",
|
|
"value": "Develop a diverse program of information materials - T1657"
|
|
},
|
|
{
|
|
"description": "Develop cyber operations staffing policies",
|
|
"related": [],
|
|
"uuid": "c445cf93-6e1c-5c99-9746-a2ec0c972f12",
|
|
"value": "Develop cyber operations staffing policies - T1680"
|
|
},
|
|
{
|
|
"description": "Develop international cybersecurity strategies, policies, and activities to meet organizational objectives",
|
|
"related": [],
|
|
"uuid": "77e26df1-e657-5846-a872-6a229b1f4bd6",
|
|
"value": "Develop international cybersecurity strategies, policies, and activities to meet organizational objectives - T1711"
|
|
},
|
|
{
|
|
"description": "Develop partner planning strategies and processes",
|
|
"related": [],
|
|
"uuid": "0f5aa9aa-b460-5d03-b314-c300b168190a",
|
|
"value": "Develop partner planning strategies and processes - T1714"
|
|
},
|
|
{
|
|
"description": "Develop operations strategies and processes",
|
|
"related": [],
|
|
"uuid": "7cb65ffa-fe8e-52ee-add8-2562656badcd",
|
|
"value": "Develop operations strategies and processes - T1715"
|
|
},
|
|
{
|
|
"description": "Develop capability development strategies and processes",
|
|
"related": [],
|
|
"uuid": "0837f69d-0c67-5e2f-993f-4eae5da1183d",
|
|
"value": "Develop capability development strategies and processes - T1716"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity cooperation agreements with external partners",
|
|
"related": [],
|
|
"uuid": "39ed7b98-0a3e-58fd-b8ab-10157759b71a",
|
|
"value": "Develop cybersecurity cooperation agreements with external partners - T1719"
|
|
},
|
|
{
|
|
"description": "Maintain cybersecurity cooperation agreements with external partners",
|
|
"related": [],
|
|
"uuid": "55b00a03-981d-5536-91de-a0e1fe6a836a",
|
|
"value": "Maintain cybersecurity cooperation agreements with external partners - T1720"
|
|
},
|
|
{
|
|
"description": "Assess cybersecurity cooperation agreements with external partners",
|
|
"related": [],
|
|
"uuid": "4b21586e-e94b-5a97-b049-c69e9fc81a39",
|
|
"value": "Assess cybersecurity cooperation agreements with external partners - T1721"
|
|
},
|
|
{
|
|
"description": "Identify security cooperation priorities",
|
|
"related": [],
|
|
"uuid": "3633d621-b1f5-5969-9ed3-fd4ccb9f5c61",
|
|
"value": "Identify security cooperation priorities - T1740"
|
|
},
|
|
{
|
|
"description": "Conduct policy reviews",
|
|
"related": [],
|
|
"uuid": "90a11b80-ec55-56ab-ae93-c9cebfca8ab3",
|
|
"value": "Conduct policy reviews - T1777"
|
|
},
|
|
{
|
|
"description": "Assess the consequences of endorsing or not endorsing policies",
|
|
"related": [],
|
|
"uuid": "0f088f71-8f88-5003-824f-5f3e84b27287",
|
|
"value": "Assess the consequences of endorsing or not endorsing policies - T1778"
|
|
},
|
|
{
|
|
"description": "Develop external coordination policies",
|
|
"related": [],
|
|
"uuid": "bbb7da85-6dd4-59b0-a727-49d427a62cb4",
|
|
"value": "Develop external coordination policies - T1780"
|
|
},
|
|
{
|
|
"description": "Provide cyber recommendations to intelligence support planning",
|
|
"related": [],
|
|
"uuid": "cd2bc21d-179c-515a-b77e-a2d9b46442bb",
|
|
"value": "Provide cyber recommendations to intelligence support planning - T1791"
|
|
},
|
|
{
|
|
"description": "Recommend subject matter experts who can assist in the investigation of complex or unusual situations",
|
|
"related": [],
|
|
"uuid": "ab71d18c-602d-54b4-aa0e-8ce5c038efc0",
|
|
"value": "Recommend subject matter experts who can assist in the investigation of complex or unusual situations - T1816"
|
|
},
|
|
{
|
|
"description": "Synchronize intelligence engagement activities across partner organizations",
|
|
"related": [],
|
|
"uuid": "7dd160d1-b066-59c6-a04a-09b29f40387f",
|
|
"value": "Synchronize intelligence engagement activities across partner organizations - T1826"
|
|
},
|
|
{
|
|
"description": "Synchronize cybersecurity cooperation plans",
|
|
"related": [],
|
|
"uuid": "73ffd846-389c-5fcc-b2e7-0a9ed5cf0c57",
|
|
"value": "Synchronize cybersecurity cooperation plans - T1827"
|
|
},
|
|
{
|
|
"description": "Develop content for cyber defense tools",
|
|
"related": [],
|
|
"uuid": "33bcd47d-e2e5-5778-9dc2-bc226f70f3ca",
|
|
"value": "Develop content for cyber defense tools - T0020"
|
|
},
|
|
{
|
|
"description": "Perform cyber defense trend analysis and reporting",
|
|
"related": [],
|
|
"uuid": "a0dc31ce-ad69-5267-ae9c-7d353995c594",
|
|
"value": "Perform cyber defense trend analysis and reporting - T0164"
|
|
},
|
|
{
|
|
"description": "Recommend computing environment vulnerability corrections",
|
|
"related": [],
|
|
"uuid": "da8a1d8d-e930-5e48-9245-e2da5d243ed8",
|
|
"value": "Recommend computing environment vulnerability corrections - T0292"
|
|
},
|
|
{
|
|
"description": "Identify network mapping and operating system (OS) fingerprinting activities",
|
|
"related": [],
|
|
"uuid": "f6c4a897-8c68-5d3e-9258-36fc4adfdebb",
|
|
"value": "Identify network mapping and operating system (OS) fingerprinting activities - T0299"
|
|
},
|
|
{
|
|
"description": "Review cyber defense service provider reporting structure",
|
|
"related": [],
|
|
"uuid": "534a99a6-5965-5271-9e46-7afa161c8f1a",
|
|
"value": "Review cyber defense service provider reporting structure - T1021"
|
|
},
|
|
{
|
|
"description": "Validate network alerts",
|
|
"related": [],
|
|
"uuid": "d5ba1b6b-47cb-5c84-af51-fdf6768fdb85",
|
|
"value": "Validate network alerts - T1112"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity-enabled products reduce identified risk to acceptable levels",
|
|
"related": [],
|
|
"uuid": "1e659b4b-2618-5b10-a186-b6c1ed320305",
|
|
"value": "Determine if cybersecurity-enabled products reduce identified risk to acceptable levels - T1176"
|
|
},
|
|
{
|
|
"description": "Determine if security control technologies reduce identified risk to acceptable levels",
|
|
"related": [],
|
|
"uuid": "b7dce8e0-38dc-52b4-a9b1-fd483fc111a2",
|
|
"value": "Determine if security control technologies reduce identified risk to acceptable levels - T1177"
|
|
},
|
|
{
|
|
"description": "Document cybersecurity incidents",
|
|
"related": [],
|
|
"uuid": "69733475-9af5-58cc-8916-4809bf3bf623",
|
|
"value": "Document cybersecurity incidents - T1241"
|
|
},
|
|
{
|
|
"description": "Escalate incidents that may cause ongoing and immediate impact to the environment",
|
|
"related": [],
|
|
"uuid": "cec577bf-46ee-58ce-ab82-7cea53f49170",
|
|
"value": "Escalate incidents that may cause ongoing and immediate impact to the environment - T1242"
|
|
},
|
|
{
|
|
"description": "Determine the effectiveness of an observed attack",
|
|
"related": [],
|
|
"uuid": "b021b52d-113c-5229-b129-cb50d00b07f9",
|
|
"value": "Determine the effectiveness of an observed attack - T1254"
|
|
},
|
|
{
|
|
"description": "Recommend risk mitigation strategies",
|
|
"related": [],
|
|
"uuid": "40f22405-6194-585b-aa8d-fc636da25c56",
|
|
"value": "Recommend risk mitigation strategies - T1266"
|
|
},
|
|
{
|
|
"description": "Recommend system modifications",
|
|
"related": [],
|
|
"uuid": "164dc3a9-d4ad-5dcc-892a-3ed7f0fe7c3d",
|
|
"value": "Recommend system modifications - T1278"
|
|
},
|
|
{
|
|
"description": "Communicate daily network event and activity reports",
|
|
"related": [],
|
|
"uuid": "ddb5734f-8ca2-5ad2-ab99-2024bd4ab381",
|
|
"value": "Communicate daily network event and activity reports - T1290"
|
|
},
|
|
{
|
|
"description": "Determine causes of network alerts",
|
|
"related": [],
|
|
"uuid": "f7b20d98-001d-5abc-a287-cee8faddfc19",
|
|
"value": "Determine causes of network alerts - T1299"
|
|
},
|
|
{
|
|
"description": "Detect cybersecurity attacks and intrusions",
|
|
"related": [],
|
|
"uuid": "871880fe-6619-578c-8967-2d8fd436a338",
|
|
"value": "Detect cybersecurity attacks and intrusions - T1347"
|
|
},
|
|
{
|
|
"description": "Distinguish between benign and potentially malicious cybersecurity attacks and intrusions",
|
|
"related": [],
|
|
"uuid": "2fa69541-18c9-548e-95dd-d258d245f386",
|
|
"value": "Distinguish between benign and potentially malicious cybersecurity attacks and intrusions - T1348"
|
|
},
|
|
{
|
|
"description": "Communicate cybersecurity attacks and intrusions alerts",
|
|
"related": [],
|
|
"uuid": "b1ccb3f8-8710-5790-aa1c-73740280b5e3",
|
|
"value": "Communicate cybersecurity attacks and intrusions alerts - T1349"
|
|
},
|
|
{
|
|
"description": "Perform continuous monitoring of system activity",
|
|
"related": [],
|
|
"uuid": "3631da3e-bd6c-51fd-a1ee-fda390f0e2de",
|
|
"value": "Perform continuous monitoring of system activity - T1350"
|
|
},
|
|
{
|
|
"description": "Determine impact of malicious activity on systems and information",
|
|
"related": [],
|
|
"uuid": "c939d9e0-5315-53eb-9644-7270cc7d67f8",
|
|
"value": "Determine impact of malicious activity on systems and information - T1351"
|
|
},
|
|
{
|
|
"description": "Establish intrusion set procedures",
|
|
"related": [],
|
|
"uuid": "b5826203-8612-5aab-8ab3-5eaec9eba0d3",
|
|
"value": "Establish intrusion set procedures - T1384"
|
|
},
|
|
{
|
|
"description": "Identify network traffic anomalies",
|
|
"related": [],
|
|
"uuid": "0103e49b-5867-508d-b398-304f37a1154e",
|
|
"value": "Identify network traffic anomalies - T1385"
|
|
},
|
|
{
|
|
"description": "Analyze network traffic anomalies",
|
|
"related": [],
|
|
"uuid": "614d6990-d329-5438-abc9-e0cf7fe933cb",
|
|
"value": "Analyze network traffic anomalies - T1386"
|
|
},
|
|
{
|
|
"description": "Validate intrusion detection system alerts",
|
|
"related": [],
|
|
"uuid": "c25b7f4d-bd47-5364-b802-b9e5ae44fbfc",
|
|
"value": "Validate intrusion detection system alerts - T1387"
|
|
},
|
|
{
|
|
"description": "Isolate malware",
|
|
"related": [],
|
|
"uuid": "7de73a90-57a7-571c-9d40-3bdf2de17cb9",
|
|
"value": "Isolate malware - T1388"
|
|
},
|
|
{
|
|
"description": "Remove malware",
|
|
"related": [],
|
|
"uuid": "fbc305d9-5bdb-5bb1-b0b6-1be667d14de9",
|
|
"value": "Remove malware - T1389"
|
|
},
|
|
{
|
|
"description": "Identify network device applications and operating systems",
|
|
"related": [],
|
|
"uuid": "2796f239-566d-54d8-8930-8270224d17d5",
|
|
"value": "Identify network device applications and operating systems - T1390"
|
|
},
|
|
{
|
|
"description": "Reconstruct malicious attacks",
|
|
"related": [],
|
|
"uuid": "d7acd3a1-59b4-5808-8729-0317f1807702",
|
|
"value": "Reconstruct malicious attacks - T1391"
|
|
},
|
|
{
|
|
"description": "Construct cyber defense network tool signatures",
|
|
"related": [],
|
|
"uuid": "104f4e7d-f3c8-5f53-ae1c-f3ff52d4f3d7",
|
|
"value": "Construct cyber defense network tool signatures - T1406"
|
|
},
|
|
{
|
|
"description": "Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents",
|
|
"related": [],
|
|
"uuid": "d7bcbad3-3191-5951-acda-87e1f34ab62c",
|
|
"value": "Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents - T1428"
|
|
},
|
|
{
|
|
"description": "Analyze organizational cybrersecurity posture trends",
|
|
"related": [],
|
|
"uuid": "416ffd71-8209-5862-848e-c2d02d989457",
|
|
"value": "Analyze organizational cybrersecurity posture trends - T1539"
|
|
},
|
|
{
|
|
"description": "Develop organizational cybersecurity posture trend reports",
|
|
"related": [],
|
|
"uuid": "cb312db7-cd73-5139-a7de-756ff5a62cda",
|
|
"value": "Develop organizational cybersecurity posture trend reports - T1540"
|
|
},
|
|
{
|
|
"description": "Develop system security posture trend reports",
|
|
"related": [],
|
|
"uuid": "8067a32a-08dc-5e52-9176-5022d4e663be",
|
|
"value": "Develop system security posture trend reports - T1541"
|
|
},
|
|
{
|
|
"description": "Determine adequacy of access controls",
|
|
"related": [],
|
|
"uuid": "8e7f19d7-03a6-5741-bc7a-a3dfbbc45585",
|
|
"value": "Determine adequacy of access controls - T1548"
|
|
},
|
|
{
|
|
"description": "Maintain currency of cyber defense threat conditions",
|
|
"related": [],
|
|
"uuid": "895ed93f-fdf4-5ef8-a7c2-8cba3c79514c",
|
|
"value": "Maintain currency of cyber defense threat conditions - T1582"
|
|
},
|
|
{
|
|
"description": "Recommend threat and vulnerability risk mitigation strategies",
|
|
"related": [],
|
|
"uuid": "c002bb23-3cdb-5569-bbc7-425eceee21db",
|
|
"value": "Recommend threat and vulnerability risk mitigation strategies - T1603"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on vulnerability compliance",
|
|
"related": [],
|
|
"uuid": "823dd43b-a0c0-5b56-8cdb-7ccf20db6ef3",
|
|
"value": "Advise stakeholders on vulnerability compliance - T1615"
|
|
},
|
|
{
|
|
"description": "Resolve computer security incidents",
|
|
"related": [],
|
|
"uuid": "434c2757-1e74-597b-b106-668ac23cd445",
|
|
"value": "Resolve computer security incidents - T1616"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on disaster recovery, contingency, and continuity of operations plans",
|
|
"related": [],
|
|
"uuid": "3cea9eff-9af7-5e22-aa98-acec65891010",
|
|
"value": "Advise stakeholders on disaster recovery, contingency, and continuity of operations plans - T1618"
|
|
},
|
|
{
|
|
"description": "Perform file signature analysis",
|
|
"related": [],
|
|
"uuid": "3794b25d-7cc9-5df7-b490-6baad4040a55",
|
|
"value": "Perform file signature analysis - T0167"
|
|
},
|
|
{
|
|
"description": "Perform data comparison against established database",
|
|
"related": [],
|
|
"uuid": "fd264229-f501-581e-9172-9b571becb1ac",
|
|
"value": "Perform data comparison against established database - T0168"
|
|
},
|
|
{
|
|
"description": "Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)",
|
|
"related": [],
|
|
"uuid": "82e62093-5064-5b9c-bcc9-eb35e2925caa",
|
|
"value": "Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView) - T0172"
|
|
},
|
|
{
|
|
"description": "Perform timeline analysis",
|
|
"related": [],
|
|
"uuid": "c9226c46-9bca-5727-a909-cde013fe753d",
|
|
"value": "Perform timeline analysis - T0173"
|
|
},
|
|
{
|
|
"description": "Perform static media analysis",
|
|
"related": [],
|
|
"uuid": "f25f6448-2d33-53cb-87cc-651f8da23298",
|
|
"value": "Perform static media analysis - T0179"
|
|
},
|
|
{
|
|
"description": "Perform tier 1, 2, and 3 malware analysis",
|
|
"related": [],
|
|
"uuid": "7e7de38a-cf5d-5ea0-95b4-76819d281a9c",
|
|
"value": "Perform tier 1, 2, and 3 malware analysis - T0182"
|
|
},
|
|
{
|
|
"description": "Perform Windows registry analysis",
|
|
"related": [],
|
|
"uuid": "98ae9224-371b-58b0-b062-1664438c557e",
|
|
"value": "Perform Windows registry analysis - T0397"
|
|
},
|
|
{
|
|
"description": "Set up a forensic workstation",
|
|
"related": [],
|
|
"uuid": "3c8847ab-940b-584d-bfda-b09664b347ea",
|
|
"value": "Set up a forensic workstation - T1051"
|
|
},
|
|
{
|
|
"description": "Determine best methods for identifying the perpetrator(s) of a network intrusion",
|
|
"related": [],
|
|
"uuid": "438afae4-472d-510e-bc8b-5e6a22129c5a",
|
|
"value": "Determine best methods for identifying the perpetrator(s) of a network intrusion - T1090"
|
|
},
|
|
{
|
|
"description": "Identify instrusions",
|
|
"related": [],
|
|
"uuid": "943675b1-f3f2-5475-9767-8254498e2037",
|
|
"value": "Identify instrusions - T1102"
|
|
},
|
|
{
|
|
"description": "Analyze intrusions",
|
|
"related": [],
|
|
"uuid": "cac17a2e-8497-59c8-81d6-d285bd310f9a",
|
|
"value": "Analyze intrusions - T1103"
|
|
},
|
|
{
|
|
"description": "Document what is known about intrusions",
|
|
"related": [],
|
|
"uuid": "39af33df-ca6b-5766-9a2b-bd7d961f5e21",
|
|
"value": "Document what is known about intrusions - T1104"
|
|
},
|
|
{
|
|
"description": "Create forensically sound duplicates of evidence",
|
|
"related": [],
|
|
"uuid": "7f468f5b-8445-5712-82c4-6a343263abc9",
|
|
"value": "Create forensically sound duplicates of evidence - T1120"
|
|
},
|
|
{
|
|
"description": "Decrypt seized data",
|
|
"related": [],
|
|
"uuid": "b48bd62f-957c-5cc0-a27d-521bc624b56c",
|
|
"value": "Decrypt seized data - T1121"
|
|
},
|
|
{
|
|
"description": "Create technical summary of findings reports",
|
|
"related": [],
|
|
"uuid": "6e7b470c-cdbb-569b-8196-68e53e38fc28",
|
|
"value": "Create technical summary of findings reports - T1159"
|
|
},
|
|
{
|
|
"description": "Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements",
|
|
"related": [],
|
|
"uuid": "c62a0c79-afc1-51c7-a5a3-5e96e56cd4b7",
|
|
"value": "Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements - T1175"
|
|
},
|
|
{
|
|
"description": "Determine relevance of recovered data",
|
|
"related": [],
|
|
"uuid": "cc671298-a97d-5908-a8c2-abf53167072f",
|
|
"value": "Determine relevance of recovered data - T1191"
|
|
},
|
|
{
|
|
"description": "Identify digital evidence for analysis",
|
|
"related": [],
|
|
"uuid": "8e24b906-d536-5572-a280-89c12508c7b9",
|
|
"value": "Identify digital evidence for analysis - T1199"
|
|
},
|
|
{
|
|
"description": "Perform dynamic analysis on drives",
|
|
"related": [],
|
|
"uuid": "9970b3cc-d89b-51a2-83e2-53192ef23454",
|
|
"value": "Perform dynamic analysis on drives - T1253"
|
|
},
|
|
{
|
|
"description": "Perform real-time cyber defense incident handling",
|
|
"related": [],
|
|
"uuid": "bf46f973-093d-5343-92a3-9b29fdf79949",
|
|
"value": "Perform real-time cyber defense incident handling - T1260"
|
|
},
|
|
{
|
|
"description": "Prepare digital media for imaging",
|
|
"related": [],
|
|
"uuid": "f131ff07-0b0f-5ba9-90a2-0510665f8b20",
|
|
"value": "Prepare digital media for imaging - T1282"
|
|
},
|
|
{
|
|
"description": "Report forensic artifacts indicative of a particular operating system",
|
|
"related": [],
|
|
"uuid": "3fdd0703-ff2f-564a-a34e-0eef6b6d97c9",
|
|
"value": "Report forensic artifacts indicative of a particular operating system - T1301"
|
|
},
|
|
{
|
|
"description": "Capture network traffic associated with malicious activities",
|
|
"related": [],
|
|
"uuid": "9ae253f1-7366-5a28-97de-fe417f44e0d2",
|
|
"value": "Capture network traffic associated with malicious activities - T1322"
|
|
},
|
|
{
|
|
"description": "Analyze network traffic associated with malicious activities",
|
|
"related": [],
|
|
"uuid": "ead0e582-0a29-5e73-bf7b-f27adf9f91bc",
|
|
"value": "Analyze network traffic associated with malicious activities - T1323"
|
|
},
|
|
{
|
|
"description": "Process digital evidence",
|
|
"related": [],
|
|
"uuid": "982526d5-534e-53ef-bba5-3d0d1514fdac",
|
|
"value": "Process digital evidence - T1324"
|
|
},
|
|
{
|
|
"description": "Document digital evidence",
|
|
"related": [],
|
|
"uuid": "ae0ff15b-b1a6-5ec9-a7b2-3914b9117041",
|
|
"value": "Document digital evidence - T1325"
|
|
},
|
|
{
|
|
"description": "Collect intrusion artifacts",
|
|
"related": [],
|
|
"uuid": "cd88870f-52cf-50d5-855a-ad9219b78e4c",
|
|
"value": "Collect intrusion artifacts - T1370"
|
|
},
|
|
{
|
|
"description": "Mitigate potential cyber defense incidents",
|
|
"related": [],
|
|
"uuid": "3ce65cd4-7ec1-590b-9e5c-d2ccffc70782",
|
|
"value": "Mitigate potential cyber defense incidents - T1371"
|
|
},
|
|
{
|
|
"description": "Advise law enforcement personnel as technical expert",
|
|
"related": [],
|
|
"uuid": "0e0c7418-9074-543a-9de6-153f8e327563",
|
|
"value": "Advise law enforcement personnel as technical expert - T1372"
|
|
},
|
|
{
|
|
"description": "Scan digital media for viruses",
|
|
"related": [],
|
|
"uuid": "535c2334-8bf2-5eba-8670-176fcc7f258e",
|
|
"value": "Scan digital media for viruses - T1381"
|
|
},
|
|
{
|
|
"description": "Mount a drive image",
|
|
"related": [],
|
|
"uuid": "1fbd8387-bcc6-5df7-909f-318dbd83908f",
|
|
"value": "Mount a drive image - T1382"
|
|
},
|
|
{
|
|
"description": "Utilize deployable forensics toolkit",
|
|
"related": [],
|
|
"uuid": "a94d3e40-5462-5811-8ff8-b315c15a1a17",
|
|
"value": "Utilize deployable forensics toolkit - T1383"
|
|
},
|
|
{
|
|
"description": "Correlate threat assessment data",
|
|
"related": [],
|
|
"uuid": "075e4bdf-0218-57c5-b807-03a90a5b8e43",
|
|
"value": "Correlate threat assessment data - T1407"
|
|
},
|
|
{
|
|
"description": "Process forensic images",
|
|
"related": [],
|
|
"uuid": "3f7ee4ba-6011-556c-ba26-978a87c72712",
|
|
"value": "Process forensic images - T1486"
|
|
},
|
|
{
|
|
"description": "Perform file and registry monitoring on running systems",
|
|
"related": [],
|
|
"uuid": "75ad025e-52e0-5cc8-b646-6ad447e03862",
|
|
"value": "Perform file and registry monitoring on running systems - T1487"
|
|
},
|
|
{
|
|
"description": "Enter digital media information into tracking databases",
|
|
"related": [],
|
|
"uuid": "12f7e697-9b8e-560e-816f-4b89b2fbf0ea",
|
|
"value": "Enter digital media information into tracking databases - T1488"
|
|
},
|
|
{
|
|
"description": "Prepare cyber defense toolkits",
|
|
"related": [],
|
|
"uuid": "76aa6a8f-f51b-5a98-9927-e8206d19ba77",
|
|
"value": "Prepare cyber defense toolkits - T1490"
|
|
},
|
|
{
|
|
"description": "Preserve digital evidence",
|
|
"related": [],
|
|
"uuid": "5f0bcb3e-98c3-5637-b411-55c58d4dc2b0",
|
|
"value": "Preserve digital evidence - T1510"
|
|
},
|
|
{
|
|
"description": "Recover information from forensic data sources",
|
|
"related": [],
|
|
"uuid": "1d47c389-8087-56c8-aeff-128a0ff006ba",
|
|
"value": "Recover information from forensic data sources - T1607"
|
|
},
|
|
{
|
|
"description": "Prepare cyber defense reports",
|
|
"related": [],
|
|
"uuid": "e48ba5d6-fb27-577b-94dc-225d95145b12",
|
|
"value": "Prepare cyber defense reports - T1617"
|
|
},
|
|
{
|
|
"description": "Acquire resources to support cybersecurity program goals and objectives",
|
|
"related": [],
|
|
"uuid": "7ebf1128-18d6-502e-990d-65cd47c20437",
|
|
"value": "Acquire resources to support cybersecurity program goals and objectives - T1056"
|
|
},
|
|
{
|
|
"description": "Conduct an effective enterprise continuity of operations program",
|
|
"related": [],
|
|
"uuid": "b29c250b-efaf-5fc9-8cc0-948e6a061498",
|
|
"value": "Conduct an effective enterprise continuity of operations program - T1057"
|
|
},
|
|
{
|
|
"description": "Contribute insider threat expertise to organizational cybersecurity awareness program",
|
|
"related": [],
|
|
"uuid": "5fb8b032-7fbd-5996-864c-711c354bfc33",
|
|
"value": "Contribute insider threat expertise to organizational cybersecurity awareness program - T1062"
|
|
},
|
|
{
|
|
"description": "Manage cybersecurity budget, staffing, and contracting",
|
|
"related": [],
|
|
"uuid": "3db4d294-9d90-59b6-99aa-106c94679173",
|
|
"value": "Manage cybersecurity budget, staffing, and contracting - T1227"
|
|
},
|
|
{
|
|
"description": "Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations",
|
|
"related": [],
|
|
"uuid": "bdbd12ca-99af-5db6-89b2-603798a409f2",
|
|
"value": "Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations - T1439"
|
|
},
|
|
{
|
|
"description": "Notify appropriate personnel of imminent hostile intentions or activities",
|
|
"related": [],
|
|
"uuid": "a8a5a2f0-4873-5d88-bf0f-0b94bcc25e31",
|
|
"value": "Notify appropriate personnel of imminent hostile intentions or activities - T1799"
|
|
},
|
|
{
|
|
"description": "Document system alerts",
|
|
"related": [],
|
|
"uuid": "816e898b-c4f0-5bae-8151-41ed44078370",
|
|
"value": "Document system alerts - T1969"
|
|
},
|
|
{
|
|
"description": "Escalate system alerts that may indicate risks",
|
|
"related": [],
|
|
"uuid": "fc519c49-afd7-5f0e-8881-f5a39a4151fc",
|
|
"value": "Escalate system alerts that may indicate risks - T1970"
|
|
},
|
|
{
|
|
"description": "Disseminate anomalous activity reports to the insider threat hub",
|
|
"related": [],
|
|
"uuid": "ad30757e-2be3-5795-861f-b1f99183f862",
|
|
"value": "Disseminate anomalous activity reports to the insider threat hub - T1971"
|
|
},
|
|
{
|
|
"description": "Conduct independent comprehensive assessments of target-specific information",
|
|
"related": [],
|
|
"uuid": "4e9b0b29-040c-5cda-903e-da2648301251",
|
|
"value": "Conduct independent comprehensive assessments of target-specific information - T1973"
|
|
},
|
|
{
|
|
"description": "Conduct insider threat risk assessments",
|
|
"related": [],
|
|
"uuid": "be1b9e72-48f7-58e7-b474-868b07377513",
|
|
"value": "Conduct insider threat risk assessments - T1974"
|
|
},
|
|
{
|
|
"description": "Prepare insider threat briefings",
|
|
"related": [],
|
|
"uuid": "a041bfc3-a757-578f-8803-eea1004182db",
|
|
"value": "Prepare insider threat briefings - T1975"
|
|
},
|
|
{
|
|
"description": "Recommend risk mitigation courses of action (CoA)",
|
|
"related": [],
|
|
"uuid": "475e7c4f-b834-5a50-ae97-15d121bc46df",
|
|
"value": "Recommend risk mitigation courses of action (CoA) - T1976"
|
|
},
|
|
{
|
|
"description": "Coordinate with internal and external incident management partners across jurisdictions",
|
|
"related": [],
|
|
"uuid": "209b8bef-6e71-5883-afa1-cd09433e890a",
|
|
"value": "Coordinate with internal and external incident management partners across jurisdictions - T1977"
|
|
},
|
|
{
|
|
"description": "Recommend improvements to insider threat detection processes",
|
|
"related": [],
|
|
"uuid": "0b75b667-16f9-5f2f-aba2-e489e3e15eb8",
|
|
"value": "Recommend improvements to insider threat detection processes - T1978"
|
|
},
|
|
{
|
|
"description": "Determine digital evidence priority intelligence requirements",
|
|
"related": [],
|
|
"uuid": "381f7b0f-9138-5912-948a-a97822443d79",
|
|
"value": "Determine digital evidence priority intelligence requirements - T1979"
|
|
},
|
|
{
|
|
"description": "Develop digital evidence reports for internal and external partners",
|
|
"related": [],
|
|
"uuid": "00ba6f94-f75d-5a96-adb2-dabef9d0a20b",
|
|
"value": "Develop digital evidence reports for internal and external partners - T1980"
|
|
},
|
|
{
|
|
"description": "Develop elicitation indicators",
|
|
"related": [],
|
|
"uuid": "58c930ba-6888-5714-8888-917dc1b2924c",
|
|
"value": "Develop elicitation indicators - T1981"
|
|
},
|
|
{
|
|
"description": "Identify high value assets",
|
|
"related": [],
|
|
"uuid": "02f47504-74f6-500c-9419-3f5390000535",
|
|
"value": "Identify high value assets - T1982"
|
|
},
|
|
{
|
|
"description": "Identify potential insider threats",
|
|
"related": [],
|
|
"uuid": "275cdbf4-8314-5ce5-acf5-2582cd8cd62f",
|
|
"value": "Identify potential insider threats - T1983"
|
|
},
|
|
{
|
|
"description": "Identify imminent or hostile intentions or activities",
|
|
"related": [],
|
|
"uuid": "7dec0594-2980-5a70-8601-faf8a8b4227b",
|
|
"value": "Identify imminent or hostile intentions or activities - T1985"
|
|
},
|
|
{
|
|
"description": "Develop a continuously updated overview of an incident throughout the incident's life cycle",
|
|
"related": [],
|
|
"uuid": "f4087091-c94a-5485-9c43-3f34d89ef00e",
|
|
"value": "Develop a continuously updated overview of an incident throughout the incident's life cycle - T1986"
|
|
},
|
|
{
|
|
"description": "Develop insider threat cyber operations indicators",
|
|
"related": [],
|
|
"uuid": "84f7b8ac-979e-5516-824e-b5597240edf5",
|
|
"value": "Develop insider threat cyber operations indicators - T1987"
|
|
},
|
|
{
|
|
"description": "Integrate information from cyber resources, internal partners, and external partners",
|
|
"related": [],
|
|
"uuid": "c9fab1b2-afda-5f4f-82c2-2e91d32f649d",
|
|
"value": "Integrate information from cyber resources, internal partners, and external partners - T1988"
|
|
},
|
|
{
|
|
"description": "Advise insider threat hub inquiries",
|
|
"related": [],
|
|
"uuid": "3e1f71a3-d3ee-5c43-bd88-cc65ec0c9fbc",
|
|
"value": "Advise insider threat hub inquiries - T1989"
|
|
},
|
|
{
|
|
"description": "Conduct cybersecurity insider threat inquiries",
|
|
"related": [],
|
|
"uuid": "9fda9bcc-85a5-55e3-890a-2889776c54a4",
|
|
"value": "Conduct cybersecurity insider threat inquiries - T1990"
|
|
},
|
|
{
|
|
"description": "Deliver all-source cyber operations and intelligence indications and warnings",
|
|
"related": [],
|
|
"uuid": "85503aaa-034c-5288-b85d-2bbe34473481",
|
|
"value": "Deliver all-source cyber operations and intelligence indications and warnings - T1991"
|
|
},
|
|
{
|
|
"description": "Interpret network activity for intelligence value",
|
|
"related": [],
|
|
"uuid": "e807d4f3-1268-54db-bef0-544a05051c72",
|
|
"value": "Interpret network activity for intelligence value - T1992"
|
|
},
|
|
{
|
|
"description": "Monitor network activity for vulnerabilities",
|
|
"related": [],
|
|
"uuid": "656c4002-beca-5607-a114-443cbee7879c",
|
|
"value": "Monitor network activity for vulnerabilities - T1993"
|
|
},
|
|
{
|
|
"description": "Identify potential insider risks to networks",
|
|
"related": [],
|
|
"uuid": "3db81136-966b-5f97-9798-5e1b9606353c",
|
|
"value": "Identify potential insider risks to networks - T1994"
|
|
},
|
|
{
|
|
"description": "Document potential insider risks to networks",
|
|
"related": [],
|
|
"uuid": "f4067a1e-afae-5743-b44d-386f24c19f6c",
|
|
"value": "Document potential insider risks to networks - T1995"
|
|
},
|
|
{
|
|
"description": "Report network vulnerabilities",
|
|
"related": [],
|
|
"uuid": "f7ef72e0-7e59-50dd-a9f2-72481d05a485",
|
|
"value": "Report network vulnerabilities - T1996"
|
|
},
|
|
{
|
|
"description": "Develop insider threat investigation plans",
|
|
"related": [],
|
|
"uuid": "8e20b466-9a49-550b-a9cd-523b934bd73e",
|
|
"value": "Develop insider threat investigation plans - T1997"
|
|
},
|
|
{
|
|
"description": "Investigate alleged insider threat cybersecurity policy violations",
|
|
"related": [],
|
|
"uuid": "b0dff356-3268-53af-b518-b98e74f87be1",
|
|
"value": "Investigate alleged insider threat cybersecurity policy violations - T1998"
|
|
},
|
|
{
|
|
"description": "Refer cases on active insider threat activities to law enforcement investigators",
|
|
"related": [],
|
|
"uuid": "292dc15a-dab1-5f77-ac96-f7ff9834539a",
|
|
"value": "Refer cases on active insider threat activities to law enforcement investigators - T1999"
|
|
},
|
|
{
|
|
"description": "Establish an insider threat risk management assessment program",
|
|
"related": [],
|
|
"uuid": "c10c6198-ac92-51db-ade6-13fbb7b3caa3",
|
|
"value": "Establish an insider threat risk management assessment program - T2001"
|
|
},
|
|
{
|
|
"description": "Evaluate organizational insider risk response capabilities",
|
|
"related": [],
|
|
"uuid": "ae5bdd7c-3d5e-5c71-8907-c5c9b2ba6269",
|
|
"value": "Evaluate organizational insider risk response capabilities - T2003"
|
|
},
|
|
{
|
|
"description": "Document insider threat information sources",
|
|
"related": [],
|
|
"uuid": "44616dcc-2972-51ea-846b-8f2fad1d071d",
|
|
"value": "Document insider threat information sources - T2004"
|
|
},
|
|
{
|
|
"description": "Conduct insider threat studies",
|
|
"related": [],
|
|
"uuid": "26d8be86-6f8f-5706-80e5-21490f6b9353",
|
|
"value": "Conduct insider threat studies - T2005"
|
|
},
|
|
{
|
|
"description": "Identify potential targets for exploitation",
|
|
"related": [],
|
|
"uuid": "01ead95e-28f8-5e4a-8de8-cad5aed4817b",
|
|
"value": "Identify potential targets for exploitation - T2006"
|
|
},
|
|
{
|
|
"description": "Analyze potential targets for exploitation",
|
|
"related": [],
|
|
"uuid": "e9c7eae2-6212-5263-9d55-e66f9b477034",
|
|
"value": "Analyze potential targets for exploitation - T2007"
|
|
},
|
|
{
|
|
"description": "Vet insider threat targeting with law enforcement and intelligence partners",
|
|
"related": [],
|
|
"uuid": "9bfb92f7-b5c9-5118-b98e-6a094471ce8e",
|
|
"value": "Vet insider threat targeting with law enforcement and intelligence partners - T2008"
|
|
},
|
|
{
|
|
"description": "Develop insider threat targets",
|
|
"related": [],
|
|
"uuid": "222e57c3-d4d5-58b8-83ec-8c5493a963b3",
|
|
"value": "Develop insider threat targets - T2009"
|
|
},
|
|
{
|
|
"description": "Maintain User Activity Monitoring (UAM) tools",
|
|
"related": [],
|
|
"uuid": "013c9094-9747-563d-92dd-c91673c6cfa9",
|
|
"value": "Maintain User Activity Monitoring (UAM) tools - T2010"
|
|
},
|
|
{
|
|
"description": "Monitor the output from User Activity Monitoring (UAM) tools",
|
|
"related": [],
|
|
"uuid": "c3f28acb-609d-53b0-ae7f-c85ff7a216f9",
|
|
"value": "Monitor the output from User Activity Monitoring (UAM) tools - T2011"
|
|
},
|
|
{
|
|
"description": "Administer rule and signature updates for specialized cyber defense applications",
|
|
"related": [],
|
|
"uuid": "fd8be546-6dae-5586-9292-613c7e2b5538",
|
|
"value": "Administer rule and signature updates for specialized cyber defense applications - T1111"
|
|
},
|
|
{
|
|
"description": "Perform system administration on specialized cyber defense applications and systems",
|
|
"related": [],
|
|
"uuid": "7ecebab5-c169-523e-a770-5e8ec31b4951",
|
|
"value": "Perform system administration on specialized cyber defense applications and systems - T1267"
|
|
},
|
|
{
|
|
"description": "Administer Virtual Private Network (VPN) devices",
|
|
"related": [],
|
|
"uuid": "bad89339-0a8d-5a2a-8f8a-bcadd4ae2971",
|
|
"value": "Administer Virtual Private Network (VPN) devices - T1268"
|
|
},
|
|
{
|
|
"description": "Coordinate critical cyber defense infrastructure protection measures",
|
|
"related": [],
|
|
"uuid": "615d0ed7-5d8b-59ea-9351-3dfee45461ec",
|
|
"value": "Coordinate critical cyber defense infrastructure protection measures - T1352"
|
|
},
|
|
{
|
|
"description": "Prioritize critical cyber defense infrastructure resources",
|
|
"related": [],
|
|
"uuid": "dce09b59-7135-5793-9cbc-441b9444cee4",
|
|
"value": "Prioritize critical cyber defense infrastructure resources - T1353"
|
|
},
|
|
{
|
|
"description": "Build dedicated cyber defense hardware",
|
|
"related": [],
|
|
"uuid": "45105fe8-2d7e-56c4-9f11-11078e0bc17b",
|
|
"value": "Build dedicated cyber defense hardware - T1432"
|
|
},
|
|
{
|
|
"description": "Install dedicated cyber defense hardware",
|
|
"related": [],
|
|
"uuid": "eea08ebb-e51a-5aa0-ae3d-704cbc31cc82",
|
|
"value": "Install dedicated cyber defense hardware - T1433"
|
|
},
|
|
{
|
|
"description": "Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure",
|
|
"related": [],
|
|
"uuid": "012738b1-6df6-50cd-aceb-9df8a8496dd5",
|
|
"value": "Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure - T1442"
|
|
},
|
|
{
|
|
"description": "Evaluate platforms managed by service providers",
|
|
"related": [],
|
|
"uuid": "5d6fa192-3102-533d-a736-577ce903d41e",
|
|
"value": "Evaluate platforms managed by service providers - T1503"
|
|
},
|
|
{
|
|
"description": "Manage network access control lists on specialized cyber defense systems",
|
|
"related": [],
|
|
"uuid": "440b88ac-457d-5cc2-a8f3-3b74edddbc99",
|
|
"value": "Manage network access control lists on specialized cyber defense systems - T1515"
|
|
},
|
|
{
|
|
"description": "Implement cyber defense tools",
|
|
"related": [],
|
|
"uuid": "1f4d2c36-9bfe-537e-9ef6-9cefc7af3854",
|
|
"value": "Implement cyber defense tools - T1555"
|
|
},
|
|
{
|
|
"description": "Implement dedicated cyber defense systems",
|
|
"related": [],
|
|
"uuid": "c8cfe917-3849-5f87-955d-e570e465b2ca",
|
|
"value": "Implement dedicated cyber defense systems - T1561"
|
|
},
|
|
{
|
|
"description": "Document system requirements",
|
|
"related": [],
|
|
"uuid": "c8cd5e13-f1b0-5cf1-b421-75a792b7693c",
|
|
"value": "Document system requirements - T1562"
|
|
},
|
|
{
|
|
"description": "Evaluate organizational cybersecurity policy regulatory compliance",
|
|
"related": [],
|
|
"uuid": "e91a2973-3b1a-5b17-ad4f-8893b91661ea",
|
|
"value": "Evaluate organizational cybersecurity policy regulatory compliance - T1069"
|
|
},
|
|
{
|
|
"description": "Evaluate organizational cybersecurity policy alignment with organizational directives",
|
|
"related": [],
|
|
"uuid": "96b8c2ef-2e66-5abd-8137-5ab45c42aa11",
|
|
"value": "Evaluate organizational cybersecurity policy alignment with organizational directives - T1070"
|
|
},
|
|
{
|
|
"description": "Maintain deployable cyber defense audit toolkits",
|
|
"related": [],
|
|
"uuid": "6ee656b2-87eb-52a3-b67f-7ad2810b2c0a",
|
|
"value": "Maintain deployable cyber defense audit toolkits - T1229"
|
|
},
|
|
{
|
|
"description": "Prepare audit reports",
|
|
"related": [],
|
|
"uuid": "280a7759-dea8-5698-b500-35c3fea9fd75",
|
|
"value": "Prepare audit reports - T1279"
|
|
},
|
|
{
|
|
"description": "Perform required reviews",
|
|
"related": [],
|
|
"uuid": "99bebf2b-648d-52af-93bf-da3bdd986f89",
|
|
"value": "Perform required reviews - T1341"
|
|
},
|
|
{
|
|
"description": "Perform risk and vulnerability assessments",
|
|
"related": [],
|
|
"uuid": "6b451c30-7241-53a3-87fa-800905962232",
|
|
"value": "Perform risk and vulnerability assessments - T1619"
|
|
},
|
|
{
|
|
"description": "Recommend cost-effective security controls",
|
|
"related": [],
|
|
"uuid": "5e9778ec-ff00-5d14-8b20-692c8eb0e3af",
|
|
"value": "Recommend cost-effective security controls - T1620"
|
|
},
|
|
{
|
|
"description": "Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)",
|
|
"related": [],
|
|
"uuid": "7bda1d4a-a579-522f-85b6-0cc13d6514a8",
|
|
"value": "Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness) - T0262"
|
|
},
|
|
{
|
|
"description": "Coordinate incident response functions",
|
|
"related": [],
|
|
"uuid": "3bf52572-eda6-5a74-97ae-c4eb9c700c5b",
|
|
"value": "Coordinate incident response functions - T0510"
|
|
},
|
|
{
|
|
"description": "Resolve cyber defense incidents",
|
|
"related": [],
|
|
"uuid": "43af23b1-56ab-5564-86b2-9529f68090c3",
|
|
"value": "Resolve cyber defense incidents - T1109"
|
|
},
|
|
{
|
|
"description": "Coordinate technical support to enterprise-wide cybersecurity defense technicians",
|
|
"related": [],
|
|
"uuid": "4522376d-15cb-51b5-950f-323407b0a1c7",
|
|
"value": "Coordinate technical support to enterprise-wide cybersecurity defense technicians - T1110"
|
|
},
|
|
{
|
|
"description": "Perform cyber defense incident triage",
|
|
"related": [],
|
|
"uuid": "bf78d7ae-eb45-594b-b8c2-38a12417af5c",
|
|
"value": "Perform cyber defense incident triage - T1250"
|
|
},
|
|
{
|
|
"description": "Recommend incident remediation strategies",
|
|
"related": [],
|
|
"uuid": "ab9c9eae-5827-5aed-b166-96615c36bfa5",
|
|
"value": "Recommend incident remediation strategies - T1251"
|
|
},
|
|
{
|
|
"description": "Determine the scope, urgency, and impact of cyber defense incidents",
|
|
"related": [],
|
|
"uuid": "7a3e6974-0178-59af-8ec2-7fa2e3c5cf2e",
|
|
"value": "Determine the scope, urgency, and impact of cyber defense incidents - T1252"
|
|
},
|
|
{
|
|
"description": "Perform forensically sound image collection",
|
|
"related": [],
|
|
"uuid": "54e1a562-92c6-5c90-9f4a-94b28942f6a1",
|
|
"value": "Perform forensically sound image collection - T1256"
|
|
},
|
|
{
|
|
"description": "Recommend mitigation and remediation strategies for enterprise systems",
|
|
"related": [],
|
|
"uuid": "fe4d5582-0608-5965-8c00-52e250911fdc",
|
|
"value": "Recommend mitigation and remediation strategies for enterprise systems - T1257"
|
|
},
|
|
{
|
|
"description": "Track cyber defense incidents from initial detection through final resolution",
|
|
"related": [],
|
|
"uuid": "456b9f65-73a5-571f-bffc-49d6e05da9c4",
|
|
"value": "Track cyber defense incidents from initial detection through final resolution - T1315"
|
|
},
|
|
{
|
|
"description": "Document cyber defense incidents from initial detection through final resolution",
|
|
"related": [],
|
|
"uuid": "3a08645a-e6d2-5b1f-97d2-0b0dca5635ff",
|
|
"value": "Document cyber defense incidents from initial detection through final resolution - T1316"
|
|
},
|
|
{
|
|
"description": "Produce incident findings reports",
|
|
"related": [],
|
|
"uuid": "a345bd13-3404-5ba3-8f11-5dcdee17496a",
|
|
"value": "Produce incident findings reports - T1332"
|
|
},
|
|
{
|
|
"description": "Communicate incident findings to appropriate constituencies",
|
|
"related": [],
|
|
"uuid": "a3f3a846-94e4-570e-ad9a-c17e269a0d3c",
|
|
"value": "Communicate incident findings to appropriate constituencies - T1333"
|
|
},
|
|
{
|
|
"description": "Prepare after action reviews (AARs)",
|
|
"related": [],
|
|
"uuid": "f4d1270c-748a-560a-b192-2c901a2a0868",
|
|
"value": "Prepare after action reviews (AARs) - T1485"
|
|
},
|
|
{
|
|
"description": "Maintain database management systems software",
|
|
"related": [],
|
|
"uuid": "f834d550-8b2c-518e-8587-bd1a8fd7e394",
|
|
"value": "Maintain database management systems software - T0137"
|
|
},
|
|
{
|
|
"description": "Maintain assured message delivery systems",
|
|
"related": [],
|
|
"uuid": "cbff7989-c4d6-5705-85c0-6ac06ade93d1",
|
|
"value": "Maintain assured message delivery systems - T0330"
|
|
},
|
|
{
|
|
"description": "Implement data management standards, requirements, and specifications",
|
|
"related": [],
|
|
"uuid": "24eb8912-ecd7-5ab9-8609-9e0bc924ef2d",
|
|
"value": "Implement data management standards, requirements, and specifications - T0422"
|
|
},
|
|
{
|
|
"description": "Implement data mining and data warehousing applications",
|
|
"related": [],
|
|
"uuid": "4b637d05-ff87-5459-bd74-25289e1562c7",
|
|
"value": "Implement data mining and data warehousing applications - T0459"
|
|
},
|
|
{
|
|
"description": "Maintain directory replication services",
|
|
"related": [],
|
|
"uuid": "e5b954e9-6fe3-55e6-a09d-e7159b2c802b",
|
|
"value": "Maintain directory replication services - T1230"
|
|
},
|
|
{
|
|
"description": "Maintain information exchanges through publish, subscribe, and alert functions",
|
|
"related": [],
|
|
"uuid": "60eac195-527a-5016-b4f4-15b5ae310feb",
|
|
"value": "Maintain information exchanges through publish, subscribe, and alert functions - T1231"
|
|
},
|
|
{
|
|
"description": "Perform backup and recovery of databases",
|
|
"related": [],
|
|
"uuid": "e125c410-c289-5d94-bd0f-cf5f1abe3112",
|
|
"value": "Perform backup and recovery of databases - T1249"
|
|
},
|
|
{
|
|
"description": "Manage databases and data management systems",
|
|
"related": [],
|
|
"uuid": "dbda1e3b-af0d-5a00-8f6c-d7f29d5dbce8",
|
|
"value": "Manage databases and data management systems - T1402"
|
|
},
|
|
{
|
|
"description": "Install database management systems and software",
|
|
"related": [],
|
|
"uuid": "16d343da-8ce7-5c30-baf9-9697cab0b45d",
|
|
"value": "Install database management systems and software - T1564"
|
|
},
|
|
{
|
|
"description": "Configure database management systems and software",
|
|
"related": [],
|
|
"uuid": "5df973e7-8191-506d-b437-9422b715f59b",
|
|
"value": "Configure database management systems and software - T1565"
|
|
},
|
|
{
|
|
"description": "Construct access paths to suites of information",
|
|
"related": [],
|
|
"uuid": "c88f19e4-1dd5-53ab-ac06-e94d7f0645e9",
|
|
"value": "Construct access paths to suites of information - T1105"
|
|
},
|
|
{
|
|
"description": "Monitor the usage of knowledge management assets and resources",
|
|
"related": [],
|
|
"uuid": "00cf0ea9-90a0-58a6-bd14-c43ec480d95c",
|
|
"value": "Monitor the usage of knowledge management assets and resources - T1239"
|
|
},
|
|
{
|
|
"description": "Create knowledge management assets and resources usage reports",
|
|
"related": [],
|
|
"uuid": "97656d8a-336c-548c-8783-24db4e911b34",
|
|
"value": "Create knowledge management assets and resources usage reports - T1240"
|
|
},
|
|
{
|
|
"description": "Plan knowledge management projects",
|
|
"related": [],
|
|
"uuid": "56326b7c-a2d6-540c-a0ad-b5bae8a6dc9e",
|
|
"value": "Plan knowledge management projects - T1273"
|
|
},
|
|
{
|
|
"description": "Deliver knowledge management projects",
|
|
"related": [],
|
|
"uuid": "67ab82c1-3ea2-5a67-add3-9adb5815d550",
|
|
"value": "Deliver knowledge management projects - T1274"
|
|
},
|
|
{
|
|
"description": "Recommend data structures for use in the production of reports",
|
|
"related": [],
|
|
"uuid": "a75fbcb8-1815-5c74-844f-ee60ef1f3712",
|
|
"value": "Recommend data structures for use in the production of reports - T1296"
|
|
},
|
|
{
|
|
"description": "Manage organizational knowledge repositories",
|
|
"related": [],
|
|
"uuid": "d75fd246-93c3-5cf4-b680-e9a7f35f001d",
|
|
"value": "Manage organizational knowledge repositories - T1504"
|
|
},
|
|
{
|
|
"description": "Design organizational knowledge management frameworks",
|
|
"related": [],
|
|
"uuid": "41fd4186-8bbe-5384-8b0c-bc07c098d1ca",
|
|
"value": "Design organizational knowledge management frameworks - T1523"
|
|
},
|
|
{
|
|
"description": "Implement organizational knowledge management frameworks",
|
|
"related": [],
|
|
"uuid": "94eaf660-d5d2-5138-83c6-2e700e846faa",
|
|
"value": "Implement organizational knowledge management frameworks - T1524"
|
|
},
|
|
{
|
|
"description": "Maintain organizational knowledge management frameworks",
|
|
"related": [],
|
|
"uuid": "295c10d9-edca-50f0-a447-64cbedb19800",
|
|
"value": "Maintain organizational knowledge management frameworks - T1525"
|
|
},
|
|
{
|
|
"description": "Check system hardware availability, functionality, integrity, and efficiency",
|
|
"related": [],
|
|
"uuid": "553c4543-054d-5312-878e-28ce2a841508",
|
|
"value": "Check system hardware availability, functionality, integrity, and efficiency - T0431"
|
|
},
|
|
{
|
|
"description": "Troubleshoot hardware/software interface and interoperability problems",
|
|
"related": [],
|
|
"uuid": "b1898523-e494-5404-b4e8-08755850c237",
|
|
"value": "Troubleshoot hardware/software interface and interoperability problems - T0531"
|
|
},
|
|
{
|
|
"description": "Conduct functional and connectivity testing",
|
|
"related": [],
|
|
"uuid": "8fc96987-ad58-55e0-b9d5-d161da328b16",
|
|
"value": "Conduct functional and connectivity testing - T1092"
|
|
},
|
|
{
|
|
"description": "Develop group policies and access control lists",
|
|
"related": [],
|
|
"uuid": "5d849e3b-bb8c-54a3-b87a-4d197b74086c",
|
|
"value": "Develop group policies and access control lists - T1130"
|
|
},
|
|
{
|
|
"description": "Develop systems administration standard operating procedures",
|
|
"related": [],
|
|
"uuid": "463fa2af-fb89-509f-8d0c-83ef1b50395c",
|
|
"value": "Develop systems administration standard operating procedures - T1140"
|
|
},
|
|
{
|
|
"description": "Document systems administration standard operating procedures",
|
|
"related": [],
|
|
"uuid": "ed9174db-6396-5fc7-844e-4a9e05c28fbb",
|
|
"value": "Document systems administration standard operating procedures - T1141"
|
|
},
|
|
{
|
|
"description": "Maintain baseline system security",
|
|
"related": [],
|
|
"uuid": "2699d799-a048-59bc-9213-24b6d094203c",
|
|
"value": "Maintain baseline system security - T1228"
|
|
},
|
|
{
|
|
"description": "Determine the effectiveness of data redundancy and system recovery procedures",
|
|
"related": [],
|
|
"uuid": "7f7d7ac5-4a70-5887-8f81-1f89ca2d7b9a",
|
|
"value": "Determine the effectiveness of data redundancy and system recovery procedures - T1275"
|
|
},
|
|
{
|
|
"description": "Develop data redundancy and system recovery procedures",
|
|
"related": [],
|
|
"uuid": "1b279867-d702-5d77-becf-0d78fe33c3c5",
|
|
"value": "Develop data redundancy and system recovery procedures - T1276"
|
|
},
|
|
{
|
|
"description": "Execute data redundancy and system recovery procedures",
|
|
"related": [],
|
|
"uuid": "1539e5ea-bf06-5309-abf5-e9b4d3dbd5fa",
|
|
"value": "Execute data redundancy and system recovery procedures - T1277"
|
|
},
|
|
{
|
|
"description": "Produce cybersecurity instructional materials",
|
|
"related": [],
|
|
"uuid": "63775672-f93d-5dee-90d6-8e97a97ad771",
|
|
"value": "Produce cybersecurity instructional materials - T1334"
|
|
},
|
|
{
|
|
"description": "Install systems and servers",
|
|
"related": [],
|
|
"uuid": "87e412b9-e23c-5a54-875d-efc368b9a9e7",
|
|
"value": "Install systems and servers - T1500"
|
|
},
|
|
{
|
|
"description": "Update systems and servers",
|
|
"related": [],
|
|
"uuid": "c46d4b49-375a-5cfa-bba1-600cebd5187f",
|
|
"value": "Update systems and servers - T1501"
|
|
},
|
|
{
|
|
"description": "Troubleshoot systems and servers",
|
|
"related": [],
|
|
"uuid": "c3706b36-e92a-5cab-9e54-604696aa4de5",
|
|
"value": "Troubleshoot systems and servers - T1502"
|
|
},
|
|
{
|
|
"description": "Perform periodic system maintenance",
|
|
"related": [],
|
|
"uuid": "d35d5d44-000b-560b-80d3-e5c8eec97d35",
|
|
"value": "Perform periodic system maintenance - T1512"
|
|
},
|
|
{
|
|
"description": "Develop local network usage policies and procedures",
|
|
"related": [],
|
|
"uuid": "0351ba75-7944-5b8a-ab13-b6ca3f5955fc",
|
|
"value": "Develop local network usage policies and procedures - T1530"
|
|
},
|
|
{
|
|
"description": "Determine compliance with local network usage policies and procedures",
|
|
"related": [],
|
|
"uuid": "f21405b5-0246-5308-bb97-532e446ac4f0",
|
|
"value": "Determine compliance with local network usage policies and procedures - T1531"
|
|
},
|
|
{
|
|
"description": "Administer system and network user accounts",
|
|
"related": [],
|
|
"uuid": "d3cd6956-3133-5e63-9058-c62ab8d2641c",
|
|
"value": "Administer system and network user accounts - T1569"
|
|
},
|
|
{
|
|
"description": "Establish system and network rights processes and procedures",
|
|
"related": [],
|
|
"uuid": "b8341c45-f6bf-5c84-83a9-1fa4402db545",
|
|
"value": "Establish system and network rights processes and procedures - T1570"
|
|
},
|
|
{
|
|
"description": "Establish systems and equipment access protocols",
|
|
"related": [],
|
|
"uuid": "54592f5e-9ff9-531b-b90f-f11e5ca35fa6",
|
|
"value": "Establish systems and equipment access protocols - T1571"
|
|
},
|
|
{
|
|
"description": "Monitor system and server configurations",
|
|
"related": [],
|
|
"uuid": "6cf00c3c-aea0-5807-9a56-2b1278d29b33",
|
|
"value": "Monitor system and server configurations - T1578"
|
|
},
|
|
{
|
|
"description": "Maintain system and server configurations",
|
|
"related": [],
|
|
"uuid": "7f5fba86-fc93-5522-81f0-8649c7492c68",
|
|
"value": "Maintain system and server configurations - T1579"
|
|
},
|
|
{
|
|
"description": "Diagnose faulty system and server hardware",
|
|
"related": [],
|
|
"uuid": "bf03fa36-c84a-5b91-9a21-060804b517dc",
|
|
"value": "Diagnose faulty system and server hardware - T1588"
|
|
},
|
|
{
|
|
"description": "Repair faulty system and server hardware",
|
|
"related": [],
|
|
"uuid": "ea7a9ca4-cc95-5094-b283-60045c7c9983",
|
|
"value": "Repair faulty system and server hardware - T1589"
|
|
},
|
|
{
|
|
"description": "Develop data standards, policies, and procedures",
|
|
"related": [],
|
|
"uuid": "945215b0-8307-5500-b908-bf172e779bfe",
|
|
"value": "Develop data standards, policies, and procedures - T0068"
|
|
},
|
|
{
|
|
"description": "Collect metrics and trending data",
|
|
"related": [],
|
|
"uuid": "8798520b-33d9-5753-90d2-d103b8dec4f6",
|
|
"value": "Collect metrics and trending data - T0349"
|
|
},
|
|
{
|
|
"description": "Program custom algorithms",
|
|
"related": [],
|
|
"uuid": "f55e4c33-ac86-58da-964f-53f350d8e16f",
|
|
"value": "Program custom algorithms - T0383"
|
|
},
|
|
{
|
|
"description": "Develop and implement data mining and data warehousing programs",
|
|
"related": [],
|
|
"uuid": "a74a56f1-3923-5963-b895-b433347c6a06",
|
|
"value": "Develop and implement data mining and data warehousing programs - T0460"
|
|
},
|
|
{
|
|
"description": "Determine data requirements",
|
|
"related": [],
|
|
"uuid": "636016fd-53fb-52a0-bef7-fddeed2969d7",
|
|
"value": "Determine data requirements - T1063"
|
|
},
|
|
{
|
|
"description": "Determine data specifications",
|
|
"related": [],
|
|
"uuid": "2b78acbf-3775-5244-bc9a-358280432fe3",
|
|
"value": "Determine data specifications - T1064"
|
|
},
|
|
{
|
|
"description": "Determine data capacity requirements",
|
|
"related": [],
|
|
"uuid": "1cff678a-6549-56a1-b849-14880821a17a",
|
|
"value": "Determine data capacity requirements - T1065"
|
|
},
|
|
{
|
|
"description": "Plan for anticipated changes in data capacity requirements",
|
|
"related": [],
|
|
"uuid": "b7e12787-1ed3-5818-840a-b20836017b52",
|
|
"value": "Plan for anticipated changes in data capacity requirements - T1066"
|
|
},
|
|
{
|
|
"description": "Recommend new database technologies and architectures",
|
|
"related": [],
|
|
"uuid": "c76d09e1-82dc-5596-a2a7-607d4bfeae59",
|
|
"value": "Recommend new database technologies and architectures - T1297"
|
|
},
|
|
{
|
|
"description": "Assess the validity of source data",
|
|
"related": [],
|
|
"uuid": "56463962-db96-5cbc-9b21-15f6542bb080",
|
|
"value": "Assess the validity of source data - T1440"
|
|
},
|
|
{
|
|
"description": "Conduct hypothesis testing",
|
|
"related": [],
|
|
"uuid": "74d13743-8c88-56a1-92eb-9b81181a84fd",
|
|
"value": "Conduct hypothesis testing - T1445"
|
|
},
|
|
{
|
|
"description": "Develop data gathering processes",
|
|
"related": [],
|
|
"uuid": "25717e37-6472-56f5-9aa6-f17c9b014480",
|
|
"value": "Develop data gathering processes - T1458"
|
|
},
|
|
{
|
|
"description": "Process crime scenes",
|
|
"related": [],
|
|
"uuid": "694a060b-fe1a-566e-8ad8-4f4c43e872e2",
|
|
"value": "Process crime scenes - T0193"
|
|
},
|
|
{
|
|
"description": "Conduct victim and witness interviews",
|
|
"related": [],
|
|
"uuid": "e79833e9-2f77-5e17-88a6-6c61eb57b6ac",
|
|
"value": "Conduct victim and witness interviews - T1094"
|
|
},
|
|
{
|
|
"description": "Conduct suspect interrogations",
|
|
"related": [],
|
|
"uuid": "96a8592f-31b9-517b-af8f-e3b0212080eb",
|
|
"value": "Conduct suspect interrogations - T1095"
|
|
},
|
|
{
|
|
"description": "Investigate suspicious activity and alleged digital crimes",
|
|
"related": [],
|
|
"uuid": "7b3ca8a3-cac7-5848-b333-21ed7fe5f77a",
|
|
"value": "Investigate suspicious activity and alleged digital crimes - T1137"
|
|
},
|
|
{
|
|
"description": "Establish internal and external cross-team relationships",
|
|
"related": [],
|
|
"uuid": "e90d7e57-2a72-5d35-bb77-05f4c53953eb",
|
|
"value": "Establish internal and external cross-team relationships - T1187"
|
|
},
|
|
{
|
|
"description": "Conduct analysis of computer network attacks",
|
|
"related": [],
|
|
"uuid": "a467b562-638f-5591-a892-e4378be7d8d5",
|
|
"value": "Conduct analysis of computer network attacks - T1192"
|
|
},
|
|
{
|
|
"description": "Determine if security incidents are indicative of a violation of law that requires specific legal action",
|
|
"related": [],
|
|
"uuid": "738b57c1-a62a-5d0c-89e8-08eeafed21d4",
|
|
"value": "Determine if security incidents are indicative of a violation of law that requires specific legal action - T1196"
|
|
},
|
|
{
|
|
"description": "Identify data or intelligence of evidentiary value",
|
|
"related": [],
|
|
"uuid": "40efc18c-433a-519e-acb8-6cc5f54ee601",
|
|
"value": "Identify data or intelligence of evidentiary value - T1198"
|
|
},
|
|
{
|
|
"description": "Identify elements of proof of cybersecurity crimes",
|
|
"related": [],
|
|
"uuid": "5e07e47d-511e-534c-8e00-545260a0c949",
|
|
"value": "Identify elements of proof of cybersecurity crimes - T1200"
|
|
},
|
|
{
|
|
"description": "Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations",
|
|
"related": [],
|
|
"uuid": "6d8cf8ba-d71b-5f2c-9c43-6bb44a6fafe9",
|
|
"value": "Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations - T1207"
|
|
},
|
|
{
|
|
"description": "Advise trial counsel as technical expert",
|
|
"related": [],
|
|
"uuid": "f40c6935-07d2-5c4b-819e-c000534aaf84",
|
|
"value": "Advise trial counsel as technical expert - T1477"
|
|
},
|
|
{
|
|
"description": "Analyze cybersecurity threats for counter intelligence or criminal activity",
|
|
"related": [],
|
|
"uuid": "2cd7a566-4faf-51c2-a585-c2c2ad9387fb",
|
|
"value": "Analyze cybersecurity threats for counter intelligence or criminal activity - T1505"
|
|
},
|
|
{
|
|
"description": "Identify responsible parties for intrusions and other crimes",
|
|
"related": [],
|
|
"uuid": "0a7d4b8c-f6b2-5dea-ab37-a15021ee419a",
|
|
"value": "Identify responsible parties for intrusions and other crimes - T1526"
|
|
},
|
|
{
|
|
"description": "Document original condition of digital evidence",
|
|
"related": [],
|
|
"uuid": "fc2e71fe-b1e0-5f63-b3cd-3f95341934ad",
|
|
"value": "Document original condition of digital evidence - T1542"
|
|
},
|
|
{
|
|
"description": "Prosecute cybercrimes and fraud committed against people and property",
|
|
"related": [],
|
|
"uuid": "f186dcb8-e333-525a-a1ee-8c6f5ee4ab38",
|
|
"value": "Prosecute cybercrimes and fraud committed against people and property - T1551"
|
|
},
|
|
{
|
|
"description": "Prepare investigative reports",
|
|
"related": [],
|
|
"uuid": "b7afa541-d808-58ff-8c98-fb78feb802ec",
|
|
"value": "Prepare investigative reports - T1600"
|
|
},
|
|
{
|
|
"description": "Detect concealed data",
|
|
"related": [],
|
|
"uuid": "2c73f0d5-9982-5f71-b710-aa976d6234cb",
|
|
"value": "Detect concealed data - T1516"
|
|
},
|
|
{
|
|
"description": "Answer requests for information",
|
|
"related": [],
|
|
"uuid": "c89d008b-8dc4-5632-bd1d-b3661ffd4305",
|
|
"value": "Answer requests for information - T0569"
|
|
},
|
|
{
|
|
"description": "Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers",
|
|
"related": [],
|
|
"uuid": "4ea95041-3bd2-5fe1-b7ed-ec2f45956327",
|
|
"value": "Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers - T0698"
|
|
},
|
|
{
|
|
"description": "Monitor open source websites for hostile content directed towards organizational or partner interests",
|
|
"related": [],
|
|
"uuid": "062c6d1b-ec0b-557e-9da7-aef718ddb5fb",
|
|
"value": "Monitor open source websites for hostile content directed towards organizational or partner interests - T0751"
|
|
},
|
|
{
|
|
"description": "Identify cyber threat tactics and methodologies",
|
|
"related": [],
|
|
"uuid": "d1dcbf94-4992-5178-95de-b5f68d56d845",
|
|
"value": "Identify cyber threat tactics and methodologies - T0845"
|
|
},
|
|
{
|
|
"description": "Provide intelligence analysis and support",
|
|
"related": [],
|
|
"uuid": "9f3aee02-8f33-5fdd-8e2c-993a6217fbaf",
|
|
"value": "Provide intelligence analysis and support - T1798"
|
|
},
|
|
{
|
|
"description": "Prepare network intrusion reports",
|
|
"related": [],
|
|
"uuid": "6723748d-037c-5a91-8d48-5ea206f01e43",
|
|
"value": "Prepare network intrusion reports - T1804"
|
|
},
|
|
{
|
|
"description": "Assess performance of collection assets against prescribed specifications",
|
|
"related": [],
|
|
"uuid": "d9bffb53-e9f9-549d-8629-9f920a0186ee",
|
|
"value": "Assess performance of collection assets against prescribed specifications - T0578"
|
|
},
|
|
{
|
|
"description": "Determine course of action for addressing changes to objectives, guidance, and operational environment",
|
|
"related": [],
|
|
"uuid": "31639e78-fcb0-559a-9e2f-8d768e360c96",
|
|
"value": "Determine course of action for addressing changes to objectives, guidance, and operational environment - T0645"
|
|
},
|
|
{
|
|
"description": "Identify potential collection disciplines for application against priority information requirements",
|
|
"related": [],
|
|
"uuid": "05131755-ce83-5284-8ab0-e4e160a60740",
|
|
"value": "Identify potential collection disciplines for application against priority information requirements - T0723"
|
|
},
|
|
{
|
|
"description": "Link priority collection requirements to optimal assets and resources",
|
|
"related": [],
|
|
"uuid": "1385be4d-b616-5101-83c7-a13a7b705d89",
|
|
"value": "Link priority collection requirements to optimal assets and resources - T0737"
|
|
},
|
|
{
|
|
"description": "Address identified issues in collection operations and collection plans",
|
|
"related": [],
|
|
"uuid": "35ea3b95-db7c-5ffd-b723-748d5a0d81c1",
|
|
"value": "Address identified issues in collection operations and collection plans - T1630"
|
|
},
|
|
{
|
|
"description": "Synchronize collections with operational requirements",
|
|
"related": [],
|
|
"uuid": "97c6665b-afa2-534a-a323-bf6393780e79",
|
|
"value": "Synchronize collections with operational requirements - T1631"
|
|
},
|
|
{
|
|
"description": "Determine if collection products and services meet requirements",
|
|
"related": [],
|
|
"uuid": "03616396-94ac-587b-a675-69b6042d82df",
|
|
"value": "Determine if collection products and services meet requirements - T1632"
|
|
},
|
|
{
|
|
"description": "Determine impacts on collection management operational structure and requirements",
|
|
"related": [],
|
|
"uuid": "3764d8e5-06c9-5c05-a9fc-d9b965835c4c",
|
|
"value": "Determine impacts on collection management operational structure and requirements - T1634"
|
|
},
|
|
{
|
|
"description": "Develop intelligence collection management processes",
|
|
"related": [],
|
|
"uuid": "2ee2fa0a-eff1-5730-8ca0-42f73a3d353f",
|
|
"value": "Develop intelligence collection management processes - T1636"
|
|
},
|
|
{
|
|
"description": "Compare allocated and available assets to collection demand",
|
|
"related": [],
|
|
"uuid": "b794d291-7a81-58ae-b948-6cabb679e450",
|
|
"value": "Compare allocated and available assets to collection demand - T1659"
|
|
},
|
|
{
|
|
"description": "Prepare intelligence collection reports",
|
|
"related": [],
|
|
"uuid": "40a3e6c4-420f-542b-9a6a-47142852b3b4",
|
|
"value": "Prepare intelligence collection reports - T1660"
|
|
},
|
|
{
|
|
"description": "Coordinate resource allocation of collection assets with collection discipline leads",
|
|
"related": [],
|
|
"uuid": "4179881f-e178-58f0-a3cf-15b80073cc11",
|
|
"value": "Coordinate resource allocation of collection assets with collection discipline leads - T1681"
|
|
},
|
|
{
|
|
"description": "Prepare collection plan documentation",
|
|
"related": [],
|
|
"uuid": "ead0fcb2-6e7b-527d-a48b-237c447d3ec4",
|
|
"value": "Prepare collection plan documentation - T1682"
|
|
},
|
|
{
|
|
"description": "Inventory existing collection management webpage databases, libraries, and storehouses",
|
|
"related": [],
|
|
"uuid": "ee7958a7-9961-5c2c-a433-c96e60137f00",
|
|
"value": "Inventory existing collection management webpage databases, libraries, and storehouses - T1693"
|
|
},
|
|
{
|
|
"description": "Determine organizations with collection authority over predefined accessible collection assets",
|
|
"related": [],
|
|
"uuid": "7e9e7fdd-a5d8-5877-98e9-74b2c8298ed2",
|
|
"value": "Determine organizations with collection authority over predefined accessible collection assets - T1695"
|
|
},
|
|
{
|
|
"description": "Develop intelligence collection report analysis processes",
|
|
"related": [],
|
|
"uuid": "201f61d3-b0d8-57c7-b370-a7bc141a0c41",
|
|
"value": "Develop intelligence collection report analysis processes - T1696"
|
|
},
|
|
{
|
|
"description": "Prepare collections operation instructions",
|
|
"related": [],
|
|
"uuid": "4c4e2064-5874-536c-822f-0a376a03502d",
|
|
"value": "Prepare collections operation instructions - T1703"
|
|
},
|
|
{
|
|
"description": "Allocate collection assets",
|
|
"related": [],
|
|
"uuid": "5ca31d8c-bbca-5f9c-ac35-9d7709ba1513",
|
|
"value": "Allocate collection assets - T1706"
|
|
},
|
|
{
|
|
"description": "Disseminate tasking messages",
|
|
"related": [],
|
|
"uuid": "c4d24078-75b0-5a0a-bca6-ad666ec93a1a",
|
|
"value": "Disseminate tasking messages - T1723"
|
|
},
|
|
{
|
|
"description": "Disseminate collection plans",
|
|
"related": [],
|
|
"uuid": "b82db822-9721-5391-a111-daeb22975d6e",
|
|
"value": "Disseminate collection plans - T1724"
|
|
},
|
|
{
|
|
"description": "Select collaboration platforms",
|
|
"related": [],
|
|
"uuid": "a8fb6ed8-dcec-5684-a5b0-9e243be565e8",
|
|
"value": "Select collaboration platforms - T1742"
|
|
},
|
|
{
|
|
"description": "Develop coordination requirements and procedures",
|
|
"related": [],
|
|
"uuid": "d27da991-9550-5d73-bd77-f386c067b8c9",
|
|
"value": "Develop coordination requirements and procedures - T1744"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of processing, exploitation, and dissemination architecture",
|
|
"related": [],
|
|
"uuid": "ec57796a-e8ee-5de7-9f8e-41771e67f3a3",
|
|
"value": "Determine effectiveness of processing, exploitation, and dissemination architecture - T1746"
|
|
},
|
|
{
|
|
"description": "Identify collection management risks",
|
|
"related": [],
|
|
"uuid": "21109e37-1b62-5d8a-b844-bb2c19fe19fe",
|
|
"value": "Identify collection management risks - T1748"
|
|
},
|
|
{
|
|
"description": "Mitigate collection management risks",
|
|
"related": [],
|
|
"uuid": "6bb4d33f-fb04-5b76-8d2e-617425448b0b",
|
|
"value": "Mitigate collection management risks - T1749"
|
|
},
|
|
{
|
|
"description": "Determine when reallocated collection efforts are completed",
|
|
"related": [],
|
|
"uuid": "7b04201b-ebdc-57df-82d8-b094a50243e3",
|
|
"value": "Determine when reallocated collection efforts are completed - T1769"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of the processing, exploitation, and dissemination architecture",
|
|
"related": [],
|
|
"uuid": "a7e4587e-cfe6-58cd-96c3-2a645a33556a",
|
|
"value": "Determine effectiveness of the processing, exploitation, and dissemination architecture - T1771"
|
|
},
|
|
{
|
|
"description": "Identify collection operational management process risks",
|
|
"related": [],
|
|
"uuid": "a54e7b67-5fb8-5e51-b1de-43312b264eb4",
|
|
"value": "Identify collection operational management process risks - T1773"
|
|
},
|
|
{
|
|
"description": "Prioritize collection requirements for collection platforms",
|
|
"related": [],
|
|
"uuid": "42be42da-a91a-5851-bead-ff1974f782e6",
|
|
"value": "Prioritize collection requirements for collection platforms - T1783"
|
|
},
|
|
{
|
|
"description": "Reassign collection assets and resources in response to dynamic operational situations",
|
|
"related": [],
|
|
"uuid": "0d3567e1-ded5-518d-83cd-938ad15fca41",
|
|
"value": "Reassign collection assets and resources in response to dynamic operational situations - T1787"
|
|
},
|
|
{
|
|
"description": "Request discipline-specific processing, exploitation, and dissemination information",
|
|
"related": [],
|
|
"uuid": "87642b0c-f70a-51c5-a2ed-38b224752739",
|
|
"value": "Request discipline-specific processing, exploitation, and dissemination information - T1805"
|
|
},
|
|
{
|
|
"description": "Determine intelligence collection asset capabilities",
|
|
"related": [],
|
|
"uuid": "aa0027f0-a2a6-5c94-b1ae-b4f2de9755f9",
|
|
"value": "Determine intelligence collection asset capabilities - T1807"
|
|
},
|
|
{
|
|
"description": "Determine accuracy of intelligence collection guidance",
|
|
"related": [],
|
|
"uuid": "97926717-8943-53d7-874d-8f81f6ade104",
|
|
"value": "Determine accuracy of intelligence collection guidance - T1808"
|
|
},
|
|
{
|
|
"description": "Update collection plans",
|
|
"related": [],
|
|
"uuid": "278e5873-9ef3-5ba5-8a68-d927f8db2674",
|
|
"value": "Update collection plans - T1809"
|
|
},
|
|
{
|
|
"description": "Update collection matrices",
|
|
"related": [],
|
|
"uuid": "9bc939d2-c397-5297-accd-c35eabc14c67",
|
|
"value": "Update collection matrices - T1813"
|
|
},
|
|
{
|
|
"description": "Recommend changes to collection plans",
|
|
"related": [],
|
|
"uuid": "5da69117-1ed7-5237-be9b-e1a6cf4a61da",
|
|
"value": "Recommend changes to collection plans - T1818"
|
|
},
|
|
{
|
|
"description": "Recommend changes to operational environment",
|
|
"related": [],
|
|
"uuid": "d5655938-29b4-52bc-af40-014f17b15f76",
|
|
"value": "Recommend changes to operational environment - T1819"
|
|
},
|
|
{
|
|
"description": "Specify discipline-specific taskings",
|
|
"related": [],
|
|
"uuid": "4394dbc0-a63c-5829-80f6-111a2f08e87e",
|
|
"value": "Specify discipline-specific taskings - T1820"
|
|
},
|
|
{
|
|
"description": "Synchronize the integrated employment of organic and partner intelligence collection assets",
|
|
"related": [],
|
|
"uuid": "b188e3e1-78a7-5c12-91ac-468113ded78c",
|
|
"value": "Synchronize the integrated employment of organic and partner intelligence collection assets - T1828"
|
|
},
|
|
{
|
|
"description": "Diagnose network connectivity problems",
|
|
"related": [],
|
|
"uuid": "0fe8d244-1fb7-59a0-a4b3-9066aa179387",
|
|
"value": "Diagnose network connectivity problems - T0081"
|
|
},
|
|
{
|
|
"description": "Install or replace network hubs, routers, and switches",
|
|
"related": [],
|
|
"uuid": "d74d7fda-ef40-56cf-a12a-85660ca8d1db",
|
|
"value": "Install or replace network hubs, routers, and switches - T0126"
|
|
},
|
|
{
|
|
"description": "Integrate new systems into existing network architecture",
|
|
"related": [],
|
|
"uuid": "db0b5f0e-3ae0-5940-ad44-ba2386d4a48f",
|
|
"value": "Integrate new systems into existing network architecture - T0129"
|
|
},
|
|
{
|
|
"description": "Monitor network capacity and performance",
|
|
"related": [],
|
|
"uuid": "b7db7052-1cc0-5285-a447-dc60764b8eb1",
|
|
"value": "Monitor network capacity and performance - T0153"
|
|
},
|
|
{
|
|
"description": "Improve network security practices",
|
|
"related": [],
|
|
"uuid": "d7ae7bcb-9e16-592b-9dd3-11d22b5f8974",
|
|
"value": "Improve network security practices - T1050"
|
|
},
|
|
{
|
|
"description": "Develop network backup and recovery procedures",
|
|
"related": [],
|
|
"uuid": "1d36c87c-61db-5b68-ae33-2658b8c8a2cc",
|
|
"value": "Develop network backup and recovery procedures - T1143"
|
|
},
|
|
{
|
|
"description": "Implement network backup and recovery procedures",
|
|
"related": [],
|
|
"uuid": "dfaafba2-8033-56e5-acd9-5cbfbc01bbbf",
|
|
"value": "Implement network backup and recovery procedures - T1144"
|
|
},
|
|
{
|
|
"description": "Patch network vulnerabilities",
|
|
"related": [],
|
|
"uuid": "c43d7ca8-8042-59f1-83a7-399e1e1f66da",
|
|
"value": "Patch network vulnerabilities - T1248"
|
|
},
|
|
{
|
|
"description": "Test network infrastructure, including software and hardware devices",
|
|
"related": [],
|
|
"uuid": "7212f353-74ab-5851-8175-8190718380ec",
|
|
"value": "Test network infrastructure, including software and hardware devices - T1313"
|
|
},
|
|
{
|
|
"description": "Maintain network infrastructure, including software and hardware devices",
|
|
"related": [],
|
|
"uuid": "2466be6f-216e-564c-9d45-e86f025b611b",
|
|
"value": "Maintain network infrastructure, including software and hardware devices - T1314"
|
|
},
|
|
{
|
|
"description": "Assess the effectiveness of security controls",
|
|
"related": [],
|
|
"uuid": "fe596108-64f4-565f-bbce-887d1b90c791",
|
|
"value": "Assess the effectiveness of security controls - T0309"
|
|
},
|
|
{
|
|
"description": "Implement system cybersecurity policies",
|
|
"related": [],
|
|
"uuid": "366c3570-b382-5412-88f1-ac268e3845f7",
|
|
"value": "Implement system cybersecurity policies - T1076"
|
|
},
|
|
{
|
|
"description": "Determine if systems security operations and maintenance activities are property documented and updated",
|
|
"related": [],
|
|
"uuid": "e391f0b2-f582-5c9c-b514-5b86f78d37a2",
|
|
"value": "Determine if systems security operations and maintenance activities are property documented and updated - T1172"
|
|
},
|
|
{
|
|
"description": "Determine that the application of security patches for commercial products meets timeline requirements",
|
|
"related": [],
|
|
"uuid": "de9a16c6-290c-51c7-9b4b-274af9d85f05",
|
|
"value": "Determine that the application of security patches for commercial products meets timeline requirements - T1173"
|
|
},
|
|
{
|
|
"description": "Document commercial product timeline requirements dictated by the management authority for intended operational environments",
|
|
"related": [],
|
|
"uuid": "646b352d-c0bc-579b-8406-a5ea827299ef",
|
|
"value": "Document commercial product timeline requirements dictated by the management authority for intended operational environments - T1174"
|
|
},
|
|
{
|
|
"description": "Implement cybersecurity countermeasures for systems and applications",
|
|
"related": [],
|
|
"uuid": "d6cd4087-1edf-5db7-a355-9fdf4d5e78fd",
|
|
"value": "Implement cybersecurity countermeasures for systems and applications - T1212"
|
|
},
|
|
{
|
|
"description": "Integrate automated capabilities for updating or patching system software",
|
|
"related": [],
|
|
"uuid": "3359363d-1108-5825-a1d0-ef4643871c89",
|
|
"value": "Integrate automated capabilities for updating or patching system software - T1218"
|
|
},
|
|
{
|
|
"description": "Develop processes and procedures for manual updating and patching of system software",
|
|
"related": [],
|
|
"uuid": "3dfca7d1-186d-59bd-a93d-8a1d2908afb5",
|
|
"value": "Develop processes and procedures for manual updating and patching of system software - T1219"
|
|
},
|
|
{
|
|
"description": "Document systems security activities",
|
|
"related": [],
|
|
"uuid": "680cb5e4-61bc-5444-a813-63110e0d9f8e",
|
|
"value": "Document systems security activities - T1287"
|
|
},
|
|
{
|
|
"description": "Update security documentation to reflect current application and system security design features",
|
|
"related": [],
|
|
"uuid": "1106c978-28bd-5ca1-92bd-c17b7ab6a6d9",
|
|
"value": "Update security documentation to reflect current application and system security design features - T1327"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of configuration management processes",
|
|
"related": [],
|
|
"uuid": "f8601b7f-7874-5043-bcf7-24f92fcf15b0",
|
|
"value": "Determine effectiveness of configuration management processes - T1437"
|
|
},
|
|
{
|
|
"description": "Develop procedures for system operations transfer to alternate sites",
|
|
"related": [],
|
|
"uuid": "f337c8a1-65f7-56d5-8d68-3973cd836aa3",
|
|
"value": "Develop procedures for system operations transfer to alternate sites - T1532"
|
|
},
|
|
{
|
|
"description": "Test failover for system operations transfer to alternative sites",
|
|
"related": [],
|
|
"uuid": "a56935b9-4ac1-5b78-a309-31f1c4f52b85",
|
|
"value": "Test failover for system operations transfer to alternative sites - T1533"
|
|
},
|
|
{
|
|
"description": "Execute disaster recovery and continuity of operations processes",
|
|
"related": [],
|
|
"uuid": "4d554725-979d-58bb-bc7e-1f8e74b4f3cc",
|
|
"value": "Execute disaster recovery and continuity of operations processes - T1550"
|
|
},
|
|
{
|
|
"description": "Implement security measures for systems and system components",
|
|
"related": [],
|
|
"uuid": "b5310b09-ef6b-5de7-a3ca-d019996c861f",
|
|
"value": "Implement security measures for systems and system components - T1557"
|
|
},
|
|
{
|
|
"description": "Resolve vulnerabilities in systems and system components",
|
|
"related": [],
|
|
"uuid": "0060977d-0aab-56de-87c3-7a39982ca97f",
|
|
"value": "Resolve vulnerabilities in systems and system components - T1559"
|
|
},
|
|
{
|
|
"description": "Mitigate risks in systems and system components",
|
|
"related": [],
|
|
"uuid": "017620db-704f-591b-a754-dea829d2bafb",
|
|
"value": "Mitigate risks in systems and system components - T1560"
|
|
},
|
|
{
|
|
"description": "Implement cross-domain solutions",
|
|
"related": [],
|
|
"uuid": "951a6129-cd5a-5e34-87d5-ed91699859d9",
|
|
"value": "Implement cross-domain solutions - T1568"
|
|
},
|
|
{
|
|
"description": "Develop risk acceptance documentation for senior leaders and authorized representatives",
|
|
"related": [],
|
|
"uuid": "77d9d581-80c6-5889-a6bb-3057e272f955",
|
|
"value": "Develop risk acceptance documentation for senior leaders and authorized representatives - T1574"
|
|
},
|
|
{
|
|
"description": "Troubleshoot system hardware and software",
|
|
"related": [],
|
|
"uuid": "1e2e8e40-5951-5b31-b5cf-4b73eb951566",
|
|
"value": "Troubleshoot system hardware and software - T0237"
|
|
},
|
|
{
|
|
"description": "Implement organizational security policies and procedures",
|
|
"related": [],
|
|
"uuid": "1aacc00b-97d5-583f-a364-7df4fc69aa09",
|
|
"value": "Implement organizational security policies and procedures - T1024"
|
|
},
|
|
{
|
|
"description": "Identify emerging incident trends",
|
|
"related": [],
|
|
"uuid": "7c9fabfe-8664-5b45-8a2b-e767c93ac8b7",
|
|
"value": "Identify emerging incident trends - T1405"
|
|
},
|
|
{
|
|
"description": "Develop technical training curriculum and resources",
|
|
"related": [],
|
|
"uuid": "f57f7bc5-f72d-5c56-9699-e21503c9f6b6",
|
|
"value": "Develop technical training curriculum and resources - T1411"
|
|
},
|
|
{
|
|
"description": "Deliver technical training to customers",
|
|
"related": [],
|
|
"uuid": "c827a452-c29f-57d8-98a1-821178909eac",
|
|
"value": "Deliver technical training to customers - T1412"
|
|
},
|
|
{
|
|
"description": "Maintain incident tracking and solution databases",
|
|
"related": [],
|
|
"uuid": "c433219d-d95d-5d88-b182-d702ef68954e",
|
|
"value": "Maintain incident tracking and solution databases - T1427"
|
|
},
|
|
{
|
|
"description": "Resolve customer-reported system incidents and events",
|
|
"related": [],
|
|
"uuid": "ef2b9e2b-7b27-51aa-94bd-2ef2de61d3d9",
|
|
"value": "Resolve customer-reported system incidents and events - T1538"
|
|
},
|
|
{
|
|
"description": "Recommend enhancements to software and hardware solutions",
|
|
"related": [],
|
|
"uuid": "bd711988-1a2e-56bd-a86a-08679265b094",
|
|
"value": "Recommend enhancements to software and hardware solutions - T1554"
|
|
},
|
|
{
|
|
"description": "Install system hardware, software, and peripheral equipment",
|
|
"related": [],
|
|
"uuid": "a12dbe26-8691-5d1d-8e21-3866f660c0a5",
|
|
"value": "Install system hardware, software, and peripheral equipment - T1566"
|
|
},
|
|
{
|
|
"description": "Configure system hardware, software, and peripheral equipment",
|
|
"related": [],
|
|
"uuid": "1a3cdbdd-d174-50ea-b30c-22659bc8cb8e",
|
|
"value": "Configure system hardware, software, and peripheral equipment - T1567"
|
|
},
|
|
{
|
|
"description": "Inventory technology resources",
|
|
"related": [],
|
|
"uuid": "c290aaca-c31b-5e74-bb33-c6e40389d8c7",
|
|
"value": "Inventory technology resources - T1572"
|
|
},
|
|
{
|
|
"description": "Monitor client-level computer system performance",
|
|
"related": [],
|
|
"uuid": "a4a36047-33b9-515e-9ed6-9456d90f933f",
|
|
"value": "Monitor client-level computer system performance - T1580"
|
|
},
|
|
{
|
|
"description": "Create client-level computer system performance reports",
|
|
"related": [],
|
|
"uuid": "d1b36586-bf27-5d70-83c8-8b407a9ee3b4",
|
|
"value": "Create client-level computer system performance reports - T1581"
|
|
},
|
|
{
|
|
"description": "Develop intelligence collection requirements",
|
|
"related": [],
|
|
"uuid": "25d5377c-a1a2-548a-8802-5e05cd3419a5",
|
|
"value": "Develop intelligence collection requirements - T1739"
|
|
},
|
|
{
|
|
"description": "Designate priority information requirements",
|
|
"related": [],
|
|
"uuid": "541754b7-00c3-5b13-b3a9-6cf70fd7e26d",
|
|
"value": "Designate priority information requirements - T1741"
|
|
},
|
|
{
|
|
"description": "Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel",
|
|
"related": [],
|
|
"uuid": "9ff08964-2616-5560-b6cc-020ee08e9b6b",
|
|
"value": "Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel - T1015"
|
|
},
|
|
{
|
|
"description": "Identify Communications Security (COMSEC) incidents",
|
|
"related": [],
|
|
"uuid": "840727d7-192c-5be2-b782-bf5faca62314",
|
|
"value": "Identify Communications Security (COMSEC) incidents - T1016"
|
|
},
|
|
{
|
|
"description": "Report Communications Security (COMSEC) incidents",
|
|
"related": [],
|
|
"uuid": "0443959e-0c69-51f7-b11c-73282c869eb7",
|
|
"value": "Report Communications Security (COMSEC) incidents - T1017"
|
|
},
|
|
{
|
|
"description": "Identify in-process accounting requirements for Communications Security (COMSEC)",
|
|
"related": [],
|
|
"uuid": "4f2da212-0c4b-5e79-9ace-2cbec84431cd",
|
|
"value": "Identify in-process accounting requirements for Communications Security (COMSEC) - T1018"
|
|
},
|
|
{
|
|
"description": "Advise senior management on risk levels and security posture",
|
|
"related": [],
|
|
"uuid": "53d76bf2-c366-54bd-a2ab-abbbf3f1bd4c",
|
|
"value": "Advise senior management on risk levels and security posture - T1058"
|
|
},
|
|
{
|
|
"description": "Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements",
|
|
"related": [],
|
|
"uuid": "a131d1ed-7c7b-5469-8deb-ae973093fc13",
|
|
"value": "Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements - T1059"
|
|
},
|
|
{
|
|
"description": "Advise senior management on organizational cybersecurity efforts",
|
|
"related": [],
|
|
"uuid": "360bb565-b827-58d5-ba5e-66d108251332",
|
|
"value": "Advise senior management on organizational cybersecurity efforts - T1060"
|
|
},
|
|
{
|
|
"description": "Communicate the value of cybersecurity to organizational stakeholders",
|
|
"related": [],
|
|
"uuid": "15596869-68b1-5495-9d23-a33dc64ce34b",
|
|
"value": "Communicate the value of cybersecurity to organizational stakeholders - T1088"
|
|
},
|
|
{
|
|
"description": "Develop the enterprise continuity of operations strategy",
|
|
"related": [],
|
|
"uuid": "e325af53-af60-50f4-9c1d-31e2a0ea9137",
|
|
"value": "Develop the enterprise continuity of operations strategy - T1113"
|
|
},
|
|
{
|
|
"description": "Establish the enterprise continuity of operations program",
|
|
"related": [],
|
|
"uuid": "e3ad8ef4-563b-5616-a487-06bf5b572ae2",
|
|
"value": "Establish the enterprise continuity of operations program - T1114"
|
|
},
|
|
{
|
|
"description": "Determine if security improvement actions are evaluated, validated, and implemented as required",
|
|
"related": [],
|
|
"uuid": "64d98688-1305-5fca-8287-91c3ff8c53ba",
|
|
"value": "Determine if security improvement actions are evaluated, validated, and implemented as required - T1178"
|
|
},
|
|
{
|
|
"description": "Establish enterprise information security architecture",
|
|
"related": [],
|
|
"uuid": "8e242239-d8ca-582a-8b18-c5a514df0ebb",
|
|
"value": "Establish enterprise information security architecture - T1186"
|
|
},
|
|
{
|
|
"description": "Report cybersecurity incidents",
|
|
"related": [],
|
|
"uuid": "45045b65-6c2c-5424-a0cb-c2411bc46775",
|
|
"value": "Report cybersecurity incidents - T1300"
|
|
},
|
|
{
|
|
"description": "Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered",
|
|
"related": [],
|
|
"uuid": "036483f3-161f-55f6-8618-eb1713376a84",
|
|
"value": "Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered - T1310"
|
|
},
|
|
{
|
|
"description": "Serve on agency and interagency policy boards",
|
|
"related": [],
|
|
"uuid": "24190d36-37ae-5598-9ca7-b45342f0dad5",
|
|
"value": "Serve on agency and interagency policy boards - T0226"
|
|
},
|
|
{
|
|
"description": "Research new vulnerabilities in emerging technologies",
|
|
"related": [],
|
|
"uuid": "9b322392-b56d-5ed5-b894-f65fe1e59e70",
|
|
"value": "Research new vulnerabilities in emerging technologies - T1028"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity implementation policies and guidelines",
|
|
"related": [],
|
|
"uuid": "90a87b48-dcea-5342-97c5-8f062eed9d66",
|
|
"value": "Develop cybersecurity implementation policies and guidelines - T1158"
|
|
},
|
|
{
|
|
"description": "Establish stakeholder communication channels",
|
|
"related": [],
|
|
"uuid": "011558a6-5cea-55cf-8346-2cb63c5f1014",
|
|
"value": "Establish stakeholder communication channels - T1184"
|
|
},
|
|
{
|
|
"description": "Maintain stakeholder communication channels",
|
|
"related": [],
|
|
"uuid": "2dd2cfcb-aa79-58a8-986e-03e6b1be308a",
|
|
"value": "Maintain stakeholder communication channels - T1185"
|
|
},
|
|
{
|
|
"description": "Conduct technology program and project audits",
|
|
"related": [],
|
|
"uuid": "7f56616d-51e2-5870-9f58-1cffd03c58e1",
|
|
"value": "Conduct technology program and project audits - T1306"
|
|
},
|
|
{
|
|
"description": "Promote cybersecurity awareness to management",
|
|
"related": [],
|
|
"uuid": "054fab7d-b7bf-5361-9c73-6cebe7048ffe",
|
|
"value": "Promote cybersecurity awareness to management - T1335"
|
|
},
|
|
{
|
|
"description": "Verify the inclusion of sound cybersecurity principles in the organization's vision and goals",
|
|
"related": [],
|
|
"uuid": "5928df95-0ed5-5f12-af2a-5a8395791f2a",
|
|
"value": "Verify the inclusion of sound cybersecurity principles in the organization's vision and goals - T1336"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity requirements have been successfully implemented",
|
|
"related": [],
|
|
"uuid": "4f8978f9-a8d0-5d0f-bdf8-d8cd8d0a24f9",
|
|
"value": "Determine if cybersecurity requirements have been successfully implemented - T1357"
|
|
},
|
|
{
|
|
"description": "Determine the effectiveness of organizational cybersecurity policies and procedures",
|
|
"related": [],
|
|
"uuid": "8ee0971c-145a-5af7-a489-8038cab473b2",
|
|
"value": "Determine the effectiveness of organizational cybersecurity policies and procedures - T1358"
|
|
},
|
|
{
|
|
"description": "Develop independent cybersecurity audit processes for application software, networks, and systems",
|
|
"related": [],
|
|
"uuid": "c055770c-e5ac-562f-b481-e1df3056f09e",
|
|
"value": "Develop independent cybersecurity audit processes for application software, networks, and systems - T1394"
|
|
},
|
|
{
|
|
"description": "Implement independent cybersecurity audit processes for application software, networks, and systems",
|
|
"related": [],
|
|
"uuid": "8f8433c1-623c-57a5-a825-ee8b5d2d76b1",
|
|
"value": "Implement independent cybersecurity audit processes for application software, networks, and systems - T1395"
|
|
},
|
|
{
|
|
"description": "Oversee independent cybersecurity audits",
|
|
"related": [],
|
|
"uuid": "d591f5a4-2eee-592c-8990-28ba766ca8d8",
|
|
"value": "Oversee independent cybersecurity audits - T1396"
|
|
},
|
|
{
|
|
"description": "Determine if research and design processes and procedures are in compliance with cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "ecf7cbfe-066e-5298-b37f-70747cebd2f3",
|
|
"value": "Determine if research and design processes and procedures are in compliance with cybersecurity requirements - T1397"
|
|
},
|
|
{
|
|
"description": "Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities",
|
|
"related": [],
|
|
"uuid": "8bdec8bf-fd86-5dbc-b8c0-e9c9afe5f236",
|
|
"value": "Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities - T1398"
|
|
},
|
|
{
|
|
"description": "Acquire adequate funding for cybersecurity training",
|
|
"related": [],
|
|
"uuid": "980c22b7-a05b-5b6a-b9b5-a0f6b6c39ac8",
|
|
"value": "Acquire adequate funding for cybersecurity training - T1436"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements",
|
|
"related": [],
|
|
"uuid": "f4a11ea6-f8dd-5b78-8fcf-d6c547613327",
|
|
"value": "Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements - T1464"
|
|
},
|
|
{
|
|
"description": "Promote awareness of cybersecurity policy and strategy among management",
|
|
"related": [],
|
|
"uuid": "ebf28778-29d0-532e-a1cf-7db9d7e26529",
|
|
"value": "Promote awareness of cybersecurity policy and strategy among management - T1476"
|
|
},
|
|
{
|
|
"description": "Conduct cybersecurity workforce assessments",
|
|
"related": [],
|
|
"uuid": "ab7eea94-011c-52c6-86e4-b777feb66029",
|
|
"value": "Conduct cybersecurity workforce assessments - T1482"
|
|
},
|
|
{
|
|
"description": "Integrate laws and regulations into policy",
|
|
"related": [],
|
|
"uuid": "655013e0-cf99-5d7c-91fe-6a7c705da2d5",
|
|
"value": "Integrate laws and regulations into policy - T1492"
|
|
},
|
|
{
|
|
"description": "Develop organizational cybersecurity strategy",
|
|
"related": [],
|
|
"uuid": "4ec2f1dc-83ab-5dbd-8d1f-70ceed0c3d3a",
|
|
"value": "Develop organizational cybersecurity strategy - T1518"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity policies and procedures",
|
|
"related": [],
|
|
"uuid": "51656ebc-8526-5850-84bc-4c671f023b80",
|
|
"value": "Develop cybersecurity policies and procedures - T1543"
|
|
},
|
|
{
|
|
"description": "Advise management, staff, and users on cybersecurity policy",
|
|
"related": [],
|
|
"uuid": "a467ebe7-0ec6-5139-b023-6ae881980946",
|
|
"value": "Advise management, staff, and users on cybersecurity policy - T1605"
|
|
},
|
|
{
|
|
"description": "Identify organizational policy stakeholders",
|
|
"related": [],
|
|
"uuid": "60681908-bcfb-5fa5-af6d-b8bad05b6fdf",
|
|
"value": "Identify organizational policy stakeholders - T0116"
|
|
},
|
|
{
|
|
"description": "Correlate training and learning to business or mission requirements",
|
|
"related": [],
|
|
"uuid": "9290752f-a1c4-5696-b917-da83835ec23b",
|
|
"value": "Correlate training and learning to business or mission requirements - T0437"
|
|
},
|
|
{
|
|
"description": "Implement organizational training and education policies and procedures",
|
|
"related": [],
|
|
"uuid": "0ab7ed8b-941d-5e4e-bdaa-c8dab6365497",
|
|
"value": "Implement organizational training and education policies and procedures - T1025"
|
|
},
|
|
{
|
|
"description": "Conduct learning needs assessments",
|
|
"related": [],
|
|
"uuid": "32af5272-86dd-5336-9904-7f7b26175516",
|
|
"value": "Conduct learning needs assessments - T1446"
|
|
},
|
|
{
|
|
"description": "Identify training requirements",
|
|
"related": [],
|
|
"uuid": "939faeae-80a8-55d6-a50b-00cc8685536b",
|
|
"value": "Identify training requirements - T1447"
|
|
},
|
|
{
|
|
"description": "Determine if qualification standards meet organizational functional requirements and comply with industry standards",
|
|
"related": [],
|
|
"uuid": "e58b3cac-ecfc-53a7-8587-20acb8140213",
|
|
"value": "Determine if qualification standards meet organizational functional requirements and comply with industry standards - T1449"
|
|
},
|
|
{
|
|
"description": "Allocate and distribute human capital assets",
|
|
"related": [],
|
|
"uuid": "ae85af4f-a626-5587-a20f-5a85e24a113b",
|
|
"value": "Allocate and distribute human capital assets - T1450"
|
|
},
|
|
{
|
|
"description": "Develop standardized cybersecurity position descriptions using the NICE Framework",
|
|
"related": [],
|
|
"uuid": "f7c5e1d1-d1b4-53ab-8b1c-10ca7d114612",
|
|
"value": "Develop standardized cybersecurity position descriptions using the NICE Framework - T1459"
|
|
},
|
|
{
|
|
"description": "Develop recruiting, hiring, and retention processes",
|
|
"related": [],
|
|
"uuid": "9f8bcae9-7ead-5dc9-9088-8ad0adcd7b09",
|
|
"value": "Develop recruiting, hiring, and retention processes - T1460"
|
|
},
|
|
{
|
|
"description": "Determine cybersecurity position requirements",
|
|
"related": [],
|
|
"uuid": "8e053ae5-1187-5303-b36e-37ae836b02f3",
|
|
"value": "Determine cybersecurity position requirements - T1461"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity training policies and procedures",
|
|
"related": [],
|
|
"uuid": "99853bb3-f9b7-5a98-bca3-509307f4ae74",
|
|
"value": "Develop cybersecurity training policies and procedures - T1462"
|
|
},
|
|
{
|
|
"description": "Establish cybersecurity workforce readiness metrics",
|
|
"related": [],
|
|
"uuid": "543988f4-60a7-5ace-9034-b324b042ac18",
|
|
"value": "Establish cybersecurity workforce readiness metrics - T1466"
|
|
},
|
|
{
|
|
"description": "Establish waiver processes for cybersecurity career field entry and training qualification requirements",
|
|
"related": [],
|
|
"uuid": "57a732b2-4349-553d-8338-0b7aca798f57",
|
|
"value": "Establish waiver processes for cybersecurity career field entry and training qualification requirements - T1467"
|
|
},
|
|
{
|
|
"description": "Establish organizational cybersecurity career pathways",
|
|
"related": [],
|
|
"uuid": "228381c0-3f11-5684-a80e-ee07694fc3fc",
|
|
"value": "Establish organizational cybersecurity career pathways - T1468"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity workforce reporting requirements",
|
|
"related": [],
|
|
"uuid": "8152d762-f054-5c7c-b8b6-47ff9c4cb00e",
|
|
"value": "Develop cybersecurity workforce reporting requirements - T1469"
|
|
},
|
|
{
|
|
"description": "Establish cybersecurity workforce management programs",
|
|
"related": [],
|
|
"uuid": "ab707f8b-c94f-5340-89fd-30f309a48d7b",
|
|
"value": "Establish cybersecurity workforce management programs - T1470"
|
|
},
|
|
{
|
|
"description": "Assess cybersecurity workforce management programs",
|
|
"related": [],
|
|
"uuid": "1e820944-9c95-5115-89f5-2612affd2e3a",
|
|
"value": "Assess cybersecurity workforce management programs - T1471"
|
|
},
|
|
{
|
|
"description": "Determine cybersecurity career field qualification requirements",
|
|
"related": [],
|
|
"uuid": "55103ba1-d695-5faa-9270-d34529bf431c",
|
|
"value": "Determine cybersecurity career field qualification requirements - T1478"
|
|
},
|
|
{
|
|
"description": "Determine organizational policies related to or influencing the cyber workforce",
|
|
"related": [],
|
|
"uuid": "ad4c56fb-1c93-5eda-935d-3696a699bd17",
|
|
"value": "Determine organizational policies related to or influencing the cyber workforce - T1479"
|
|
},
|
|
{
|
|
"description": "Integrate cybersecurity workforce personnel into information systems life cycle development processes",
|
|
"related": [],
|
|
"uuid": "3ad7c834-fdcd-5be2-8524-1732c6461ade",
|
|
"value": "Integrate cybersecurity workforce personnel into information systems life cycle development processes - T1483"
|
|
},
|
|
{
|
|
"description": "Identify cyber workforce planning and management issues",
|
|
"related": [],
|
|
"uuid": "91f4188d-c3af-5fb6-a5c7-71e6b35dcf23",
|
|
"value": "Identify cyber workforce planning and management issues - T1552"
|
|
},
|
|
{
|
|
"description": "Address cyber workforce planning and management issues",
|
|
"related": [],
|
|
"uuid": "ea8ec361-7d7a-5acd-9cff-32abdb89a78f",
|
|
"value": "Address cyber workforce planning and management issues - T1553"
|
|
},
|
|
{
|
|
"description": "Develop supply chain cybersecurity risk management policy",
|
|
"related": [],
|
|
"uuid": "1d6217cc-fd9b-56b7-b93e-de7533e8585e",
|
|
"value": "Develop supply chain cybersecurity risk management policy - T1623"
|
|
},
|
|
{
|
|
"description": "Identify foreign language terminology within computer programs (e.g., comments, variable names)",
|
|
"related": [],
|
|
"uuid": "d955b2b5-2194-56cd-8ce7-13fdb143ffbd",
|
|
"value": "Identify foreign language terminology within computer programs (e.g., comments, variable names) - T0858"
|
|
},
|
|
{
|
|
"description": "Advise managers and operators on language and cultural issues",
|
|
"related": [],
|
|
"uuid": "58310912-66d2-5ff3-b84f-a9104fe2b6cd",
|
|
"value": "Advise managers and operators on language and cultural issues - T1837"
|
|
},
|
|
{
|
|
"description": "Assess target motivation",
|
|
"related": [],
|
|
"uuid": "bfb3d7f8-5302-5f5e-ad6e-94eedf0820cc",
|
|
"value": "Assess target motivation - T1838"
|
|
},
|
|
{
|
|
"description": "Conduct all-source target research",
|
|
"related": [],
|
|
"uuid": "825e3de1-3fc4-52ad-9185-53b434a1afb2",
|
|
"value": "Conduct all-source target research - T1839"
|
|
},
|
|
{
|
|
"description": "Conduct quality reviews of transcribed or translated materials",
|
|
"related": [],
|
|
"uuid": "371cea83-d797-5df1-920e-809683bb8231",
|
|
"value": "Conduct quality reviews of transcribed or translated materials - T1841"
|
|
},
|
|
{
|
|
"description": "Identify metadata patterns",
|
|
"related": [],
|
|
"uuid": "07bfdb40-538d-583a-ab8f-beb5435f751d",
|
|
"value": "Identify metadata patterns - T1842"
|
|
},
|
|
{
|
|
"description": "Identify metadata anomalies",
|
|
"related": [],
|
|
"uuid": "4da360d3-9603-5067-84c7-759aa75b930d",
|
|
"value": "Identify metadata anomalies - T1843"
|
|
},
|
|
{
|
|
"description": "Identify metadata events",
|
|
"related": [],
|
|
"uuid": "a542686b-c6ff-54e7-8706-08dafd5dce0b",
|
|
"value": "Identify metadata events - T1844"
|
|
},
|
|
{
|
|
"description": "Identify foreign languages and dialects in initial source data",
|
|
"related": [],
|
|
"uuid": "a42d87ad-bc41-5c11-a75b-1c6aa31a6807",
|
|
"value": "Identify foreign languages and dialects in initial source data - T1845"
|
|
},
|
|
{
|
|
"description": "Develop language processing tools",
|
|
"related": [],
|
|
"uuid": "9f085f8c-f48f-584f-b7ff-075523769e4b",
|
|
"value": "Develop language processing tools - T1846"
|
|
},
|
|
{
|
|
"description": "Prepare social network analysis documents",
|
|
"related": [],
|
|
"uuid": "3bca1d14-a50f-5639-98d3-c9401883b5b2",
|
|
"value": "Prepare social network analysis documents - T1847"
|
|
},
|
|
{
|
|
"description": "Scan target graphic and audio language materials",
|
|
"related": [],
|
|
"uuid": "f6c277ec-b947-5fa8-94bb-ae7e8805b6cd",
|
|
"value": "Scan target graphic and audio language materials - T1848"
|
|
},
|
|
{
|
|
"description": "Communicate critical or time-sensitive information",
|
|
"related": [],
|
|
"uuid": "fffe38bc-28af-5b7b-aa91-4a7840c569e8",
|
|
"value": "Communicate critical or time-sensitive information - T1849"
|
|
},
|
|
{
|
|
"description": "Transcribe target audio language materials",
|
|
"related": [],
|
|
"uuid": "7116b3e7-3676-50e9-89f6-6c0714d99495",
|
|
"value": "Transcribe target audio language materials - T1850"
|
|
},
|
|
{
|
|
"description": "Translate target graphic language materials",
|
|
"related": [],
|
|
"uuid": "9e061631-c313-524c-a72a-6064120c7478",
|
|
"value": "Translate target graphic language materials - T1851"
|
|
},
|
|
{
|
|
"description": "Translate target audio language materials",
|
|
"related": [],
|
|
"uuid": "bc1e10bd-5b2e-51ef-8a4f-4d4ef22aea5c",
|
|
"value": "Translate target audio language materials - T1852"
|
|
},
|
|
{
|
|
"description": "Coordinate intelligence support to operational planning",
|
|
"related": [],
|
|
"uuid": "a2e21160-b99d-5614-88b6-193136abd888",
|
|
"value": "Coordinate intelligence support to operational planning - T1637"
|
|
},
|
|
{
|
|
"description": "Communicate information requirements to collection managers",
|
|
"related": [],
|
|
"uuid": "4e1013e0-f610-5e00-b766-017a9fe00040",
|
|
"value": "Communicate information requirements to collection managers - T1684"
|
|
},
|
|
{
|
|
"description": "Assess capability to satisfy assigned intelligence tasks",
|
|
"related": [],
|
|
"uuid": "e636c115-2b0f-598d-9288-48be8ddd86e3",
|
|
"value": "Assess capability to satisfy assigned intelligence tasks - T1685"
|
|
},
|
|
{
|
|
"description": "Draft intelligence sections of cyber operations plans",
|
|
"related": [],
|
|
"uuid": "05e7ed30-8ee4-5d15-9dd9-1fcc40dff5ce",
|
|
"value": "Draft intelligence sections of cyber operations plans - T1687"
|
|
},
|
|
{
|
|
"description": "Integrate intelligence guidance into cyber operations planning activities",
|
|
"related": [],
|
|
"uuid": "67a7b9a4-9f53-5c81-810d-821935ee50bb",
|
|
"value": "Integrate intelligence guidance into cyber operations planning activities - T1702"
|
|
},
|
|
{
|
|
"description": "Provide intelligence guidance to cyber operations requirements",
|
|
"related": [],
|
|
"uuid": "e00cb80b-7093-59d4-b7b9-72035f0153c1",
|
|
"value": "Provide intelligence guidance to cyber operations requirements - T1705"
|
|
},
|
|
{
|
|
"description": "Develop cyber intelligence collection and production requirements",
|
|
"related": [],
|
|
"uuid": "4c98b25d-3cf7-5af9-a68b-09da31aaad65",
|
|
"value": "Develop cyber intelligence collection and production requirements - T1727"
|
|
},
|
|
{
|
|
"description": "Determine cyber operations partner intelligence capabilities and limitations",
|
|
"related": [],
|
|
"uuid": "cd731282-61fb-5f8f-a40a-b865e8ca5d9f",
|
|
"value": "Determine cyber operations partner intelligence capabilities and limitations - T1738"
|
|
},
|
|
{
|
|
"description": "Identify intelligence environment preparation derived production needs",
|
|
"related": [],
|
|
"uuid": "5873a628-9c9f-58f5-a914-7b2ca110bacb",
|
|
"value": "Identify intelligence environment preparation derived production needs - T1750"
|
|
},
|
|
{
|
|
"description": "Develop cyber intelligence plans",
|
|
"related": [],
|
|
"uuid": "28f6190e-95a8-512b-b3b3-e22d117d80ee",
|
|
"value": "Develop cyber intelligence plans - T1815"
|
|
},
|
|
{
|
|
"description": "Analyze incoming collection requests",
|
|
"related": [],
|
|
"uuid": "5804790a-e297-57be-afdf-e7164f8b1ecc",
|
|
"value": "Analyze incoming collection requests - T0565"
|
|
},
|
|
{
|
|
"description": "Assess efficiency of existing information exchange and management systems",
|
|
"related": [],
|
|
"uuid": "e9ef898a-2664-5db0-b164-55b1bd069e95",
|
|
"value": "Assess efficiency of existing information exchange and management systems - T0577"
|
|
},
|
|
{
|
|
"description": "Manage request for information (RFI) processes",
|
|
"related": [],
|
|
"uuid": "46681098-b86b-50d5-aae5-4bedd3916df8",
|
|
"value": "Manage request for information (RFI) processes - T1656"
|
|
},
|
|
{
|
|
"description": "Develop feedback procedures",
|
|
"related": [],
|
|
"uuid": "3640058c-aaba-57c2-9fa6-f7f0188b8227",
|
|
"value": "Develop feedback procedures - T1713"
|
|
},
|
|
{
|
|
"description": "Assess intelligence collection results",
|
|
"related": [],
|
|
"uuid": "66d3d604-2534-5ac8-9f91-3c10e44a3286",
|
|
"value": "Assess intelligence collection results - T1725"
|
|
},
|
|
{
|
|
"description": "Document intelligence collection assessment findings",
|
|
"related": [],
|
|
"uuid": "a1a89814-1001-5074-a24b-89f87fe8908f",
|
|
"value": "Document intelligence collection assessment findings - T1726"
|
|
},
|
|
{
|
|
"description": "Determine if collection requests meet priority intelligence requirements",
|
|
"related": [],
|
|
"uuid": "5c745f71-f6ec-57b4-b0ce-554e90316772",
|
|
"value": "Determine if collection requests meet priority intelligence requirements - T1730"
|
|
},
|
|
{
|
|
"description": "Determine if information collected satisfies intelligence requests",
|
|
"related": [],
|
|
"uuid": "4018e710-563f-53d8-b55e-63f1f40c2019",
|
|
"value": "Determine if information collected satisfies intelligence requests - T1731"
|
|
},
|
|
{
|
|
"description": "Determine if collection operations meet operational requirements",
|
|
"related": [],
|
|
"uuid": "e58d6b48-4837-502b-b0e2-ff7727e240f1",
|
|
"value": "Determine if collection operations meet operational requirements - T1733"
|
|
},
|
|
{
|
|
"description": "Inform stakeholders of evaluation results",
|
|
"related": [],
|
|
"uuid": "59202ee0-2d55-5a48-bc2a-1fb684a422a2",
|
|
"value": "Inform stakeholders of evaluation results - T1753"
|
|
},
|
|
{
|
|
"description": "Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans",
|
|
"related": [],
|
|
"uuid": "a9f3871e-8c06-535a-82a2-48435d3e4180",
|
|
"value": "Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans - T1788"
|
|
},
|
|
{
|
|
"description": "Submit information requests to collection requirement management section",
|
|
"related": [],
|
|
"uuid": "fde11526-08f5-5cf8-a1e6-a52569331ea1",
|
|
"value": "Submit information requests to collection requirement management section - T1821"
|
|
},
|
|
{
|
|
"description": "Track status of information requests",
|
|
"related": [],
|
|
"uuid": "a74d9358-7c3c-580f-a81b-9e384f17ee16",
|
|
"value": "Track status of information requests - T1831"
|
|
},
|
|
{
|
|
"description": "Translate collection requests for discipline-specific collection requirements",
|
|
"related": [],
|
|
"uuid": "ff474753-7c53-5f00-902b-1146c265e7a8",
|
|
"value": "Translate collection requests for discipline-specific collection requirements - T1832"
|
|
},
|
|
{
|
|
"description": "Identify opportunities to improve collection management efficiency and effectiveness",
|
|
"related": [],
|
|
"uuid": "0d4b8e9d-100b-5353-b9f7-01401ea078c5",
|
|
"value": "Identify opportunities to improve collection management efficiency and effectiveness - T1833"
|
|
},
|
|
{
|
|
"description": "Validate information requests",
|
|
"related": [],
|
|
"uuid": "d73f275e-090a-53cc-b764-6e940b5784c7",
|
|
"value": "Validate information requests - T1834"
|
|
},
|
|
{
|
|
"description": "Establish an internal privacy audit program",
|
|
"related": [],
|
|
"uuid": "a73925b6-d992-5ad4-ae47-d6f8ece2662b",
|
|
"value": "Establish an internal privacy audit program - T0898"
|
|
},
|
|
{
|
|
"description": "Determine if security incidents require legal action",
|
|
"related": [],
|
|
"uuid": "63810b6b-a77e-5916-ad57-27153ef6a210",
|
|
"value": "Determine if security incidents require legal action - T1014"
|
|
},
|
|
{
|
|
"description": "Determine impact of noncompliance on organizational risk levels",
|
|
"related": [],
|
|
"uuid": "2fba135a-0b76-5e9a-afb5-ed3dffeef36f",
|
|
"value": "Determine impact of noncompliance on organizational risk levels - T1224"
|
|
},
|
|
{
|
|
"description": "Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program",
|
|
"related": [],
|
|
"uuid": "13819653-e355-593a-b67e-3bcf0ac80017",
|
|
"value": "Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program - T1225"
|
|
},
|
|
{
|
|
"description": "Determine if new and existing services comply with privacy and data security obligations",
|
|
"related": [],
|
|
"uuid": "63e7b395-0c0b-5f5b-93a4-2dce1285cce6",
|
|
"value": "Determine if new and existing services comply with privacy and data security obligations - T1853"
|
|
},
|
|
{
|
|
"description": "Develop and maintain privacy and confidentiality consent forms",
|
|
"related": [],
|
|
"uuid": "a7d9a401-4c82-5469-a6ef-453aee1b55ee",
|
|
"value": "Develop and maintain privacy and confidentiality consent forms - T1854"
|
|
},
|
|
{
|
|
"description": "Develop and maintain privacy and confidentiality authorization forms",
|
|
"related": [],
|
|
"uuid": "eb9f787a-17eb-55b4-8fb0-1be8d4fa250b",
|
|
"value": "Develop and maintain privacy and confidentiality authorization forms - T1855"
|
|
},
|
|
{
|
|
"description": "Integrate civil rights and civil liberties in organizational programs, policies, and procedures",
|
|
"related": [],
|
|
"uuid": "c65b3799-8aa8-5862-8c36-4832fa983f43",
|
|
"value": "Integrate civil rights and civil liberties in organizational programs, policies, and procedures - T1856"
|
|
},
|
|
{
|
|
"description": "Integrate privacy considerations in organizational programs, policies, and procedures",
|
|
"related": [],
|
|
"uuid": "8bf3bc16-3db2-5db4-ac7a-0c1888f50732",
|
|
"value": "Integrate privacy considerations in organizational programs, policies, and procedures - T1857"
|
|
},
|
|
{
|
|
"description": "Serve as liaison to regulatory and accrediting bodies",
|
|
"related": [],
|
|
"uuid": "a0df6b57-7618-5e95-86b3-e2eb45097849",
|
|
"value": "Serve as liaison to regulatory and accrediting bodies - T1858"
|
|
},
|
|
{
|
|
"description": "Register databases with local privacy and data protection authorities",
|
|
"related": [],
|
|
"uuid": "84b4a3f1-4e14-58c9-a911-3faeaac3bd03",
|
|
"value": "Register databases with local privacy and data protection authorities - T1859"
|
|
},
|
|
{
|
|
"description": "Promote privacy awareness to management",
|
|
"related": [],
|
|
"uuid": "1e811e5b-5c2c-5177-a6c4-03fc3c5a69a2",
|
|
"value": "Promote privacy awareness to management - T1860"
|
|
},
|
|
{
|
|
"description": "Establish organizational Privacy Oversight Committee",
|
|
"related": [],
|
|
"uuid": "512b2485-86ce-5ab0-b1ba-00d81ab3895f",
|
|
"value": "Establish organizational Privacy Oversight Committee - T1861"
|
|
},
|
|
{
|
|
"description": "Develop information sharing strategic plans",
|
|
"related": [],
|
|
"uuid": "3afc5155-f929-5979-98dd-e4dfe0578bea",
|
|
"value": "Develop information sharing strategic plans - T1863"
|
|
},
|
|
{
|
|
"description": "Develop organizational information infrastructure",
|
|
"related": [],
|
|
"uuid": "a86d39b1-16e2-5db4-9ea6-8d37e24f93f3",
|
|
"value": "Develop organizational information infrastructure - T1864"
|
|
},
|
|
{
|
|
"description": "Implement organizational information infrastructure",
|
|
"related": [],
|
|
"uuid": "5b2c8112-8659-5d0b-b1b0-80362a3a3788",
|
|
"value": "Implement organizational information infrastructure - T1865"
|
|
},
|
|
{
|
|
"description": "Develop self-disclosure policies and procedures",
|
|
"related": [],
|
|
"uuid": "80a3a421-43a1-5e44-bde0-d9c0cd1a1c78",
|
|
"value": "Develop self-disclosure policies and procedures - T1866"
|
|
},
|
|
{
|
|
"description": "Oversee consumer information access rights",
|
|
"related": [],
|
|
"uuid": "8711dd51-6668-55e1-9e26-0e2af793e4d3",
|
|
"value": "Oversee consumer information access rights - T1867"
|
|
},
|
|
{
|
|
"description": "Serve as information privacy liaison to technology system users",
|
|
"related": [],
|
|
"uuid": "ddf083f9-3f3f-544a-8e05-5f8448c8718f",
|
|
"value": "Serve as information privacy liaison to technology system users - T1868"
|
|
},
|
|
{
|
|
"description": "Serve as liaison to information systems department",
|
|
"related": [],
|
|
"uuid": "232c267a-280e-59fc-98eb-a154134cad34",
|
|
"value": "Serve as liaison to information systems department - T1869"
|
|
},
|
|
{
|
|
"description": "Deliver privacy awareness orientations",
|
|
"related": [],
|
|
"uuid": "24da009c-c613-510c-b0b0-2957d6cd5f40",
|
|
"value": "Deliver privacy awareness orientations - T1872"
|
|
},
|
|
{
|
|
"description": "Manage organizational participation in public privacy and cybersecurity events",
|
|
"related": [],
|
|
"uuid": "69e96ec4-84d7-50f5-accf-ccd4d8245d50",
|
|
"value": "Manage organizational participation in public privacy and cybersecurity events - T1874"
|
|
},
|
|
{
|
|
"description": "Prepare privacy program status reports",
|
|
"related": [],
|
|
"uuid": "d8198b6d-88d4-57e3-abbd-ba0dd4563f00",
|
|
"value": "Prepare privacy program status reports - T1875"
|
|
},
|
|
{
|
|
"description": "Respond to press and other public data security inquiries",
|
|
"related": [],
|
|
"uuid": "98c4bb05-bcd2-5d49-941f-28a85847b6d3",
|
|
"value": "Respond to press and other public data security inquiries - T1876"
|
|
},
|
|
{
|
|
"description": "Develop organizational privacy program",
|
|
"related": [],
|
|
"uuid": "ef4da5cf-a39e-5de5-aaf9-94b41cd3bcfd",
|
|
"value": "Develop organizational privacy program - T1877"
|
|
},
|
|
{
|
|
"description": "Apply sanctions for failure to comply with privacy policies",
|
|
"related": [],
|
|
"uuid": "d388071c-1164-5ee1-b44b-15fd5d126964",
|
|
"value": "Apply sanctions for failure to comply with privacy policies - T1878"
|
|
},
|
|
{
|
|
"description": "Develop sanctions for failure to comply with privacy policies",
|
|
"related": [],
|
|
"uuid": "8605bc5f-bca9-570c-8678-e7b6ec9d7f63",
|
|
"value": "Develop sanctions for failure to comply with privacy policies - T1879"
|
|
},
|
|
{
|
|
"description": "Resolve allegations of noncompliance with privacy policies and notice of information practices",
|
|
"related": [],
|
|
"uuid": "64c0154a-9d17-5297-b35f-4786cf11791a",
|
|
"value": "Resolve allegations of noncompliance with privacy policies and notice of information practices - T1880"
|
|
},
|
|
{
|
|
"description": "Develop a risk management and compliance framework for privacy",
|
|
"related": [],
|
|
"uuid": "963dc78b-7e72-5da1-988e-e7ec5b1933c4",
|
|
"value": "Develop a risk management and compliance framework for privacy - T1881"
|
|
},
|
|
{
|
|
"description": "Determine if projects comply with organizational privacy and data security policies",
|
|
"related": [],
|
|
"uuid": "2101105f-fe0c-5d3b-9497-e25b2ca950b9",
|
|
"value": "Determine if projects comply with organizational privacy and data security policies - T1882"
|
|
},
|
|
{
|
|
"description": "Develop organizational privacy policies and procedures",
|
|
"related": [],
|
|
"uuid": "4dfaecec-41ef-54dd-976f-149677d5e3fd",
|
|
"value": "Develop organizational privacy policies and procedures - T1883"
|
|
},
|
|
{
|
|
"description": "Establish complaint processes",
|
|
"related": [],
|
|
"uuid": "4e21bf51-21d2-56a1-bc3d-691f289f8df7",
|
|
"value": "Establish complaint processes - T1884"
|
|
},
|
|
{
|
|
"description": "Establish mechanisms to track access to protected health information",
|
|
"related": [],
|
|
"uuid": "a8d2a966-f265-58ef-808d-457ad53dd0a8",
|
|
"value": "Establish mechanisms to track access to protected health information - T1885"
|
|
},
|
|
{
|
|
"description": "Maintain the organizational policy program",
|
|
"related": [],
|
|
"uuid": "b4cd1ea2-0069-5c54-9821-120041f34ec7",
|
|
"value": "Maintain the organizational policy program - T1886"
|
|
},
|
|
{
|
|
"description": "Conduct privacy impact assessments",
|
|
"related": [],
|
|
"uuid": "116f092f-9f27-5e51-be11-568ad20b780d",
|
|
"value": "Conduct privacy impact assessments - T1887"
|
|
},
|
|
{
|
|
"description": "Conduct privacy compliance monitoring",
|
|
"related": [],
|
|
"uuid": "13690135-7fa4-5cfc-9f14-97cb8e874b5d",
|
|
"value": "Conduct privacy compliance monitoring - T1888"
|
|
},
|
|
{
|
|
"description": "Align cybersecurity and privacy practices in system information security plans",
|
|
"related": [],
|
|
"uuid": "0faaa2c1-f8b4-5e17-aa86-8da62a66b767",
|
|
"value": "Align cybersecurity and privacy practices in system information security plans - T1889"
|
|
},
|
|
{
|
|
"description": "Determine if protected information releases comply with organizational policies and procedures",
|
|
"related": [],
|
|
"uuid": "dc935284-f647-5228-b36a-48abbe047174",
|
|
"value": "Determine if protected information releases comply with organizational policies and procedures - T1890"
|
|
},
|
|
{
|
|
"description": "Administer requests for release or disclosure of protected information",
|
|
"related": [],
|
|
"uuid": "d80f9d42-59c0-525f-8b6a-bf33419f7f71",
|
|
"value": "Administer requests for release or disclosure of protected information - T1891"
|
|
},
|
|
{
|
|
"description": "Develop vendor review procedures",
|
|
"related": [],
|
|
"uuid": "9f8a4ce7-38e2-5c06-b432-30513225a8ed",
|
|
"value": "Develop vendor review procedures - T1892"
|
|
},
|
|
{
|
|
"description": "Develop vendor auditing procedures",
|
|
"related": [],
|
|
"uuid": "fba6d041-42e1-573d-a56d-3acbefae3357",
|
|
"value": "Develop vendor auditing procedures - T1893"
|
|
},
|
|
{
|
|
"description": "Determine if partner and business agreements address privacy requirements and responsibilities",
|
|
"related": [],
|
|
"uuid": "e348c63a-c9d6-5280-b1d0-9d95754c6123",
|
|
"value": "Determine if partner and business agreements address privacy requirements and responsibilities - T1894"
|
|
},
|
|
{
|
|
"description": "Provide legal advice for business partner contracts",
|
|
"related": [],
|
|
"uuid": "fe2d8317-da16-5eb3-a3cd-6c31e1325a91",
|
|
"value": "Provide legal advice for business partner contracts - T1895"
|
|
},
|
|
{
|
|
"description": "Mitigate Personal Identifiable Information (PII) breaches",
|
|
"related": [],
|
|
"uuid": "1cdcac9d-e932-54ce-9fec-d6003501b0fe",
|
|
"value": "Mitigate Personal Identifiable Information (PII) breaches - T1896"
|
|
},
|
|
{
|
|
"description": "Administer action on organizational privacy complaints",
|
|
"related": [],
|
|
"uuid": "af04603f-b738-5a1f-9f6c-a4524fa1bbcb",
|
|
"value": "Administer action on organizational privacy complaints - T1897"
|
|
},
|
|
{
|
|
"description": "Determine if the organization's privacy program complies with federal and state privacy laws and regulations",
|
|
"related": [],
|
|
"uuid": "5fef375d-430d-5e77-86bd-4973ea50dded",
|
|
"value": "Determine if the organization's privacy program complies with federal and state privacy laws and regulations - T1898"
|
|
},
|
|
{
|
|
"description": "Identify organizational privacy compliance gaps",
|
|
"related": [],
|
|
"uuid": "522a4570-d974-5cdd-b2f0-da3adef27332",
|
|
"value": "Identify organizational privacy compliance gaps - T1899"
|
|
},
|
|
{
|
|
"description": "Correct organizational privacy compliance gaps",
|
|
"related": [],
|
|
"uuid": "7615bffb-b7ee-521f-803f-a5fcd81a0452",
|
|
"value": "Correct organizational privacy compliance gaps - T1900"
|
|
},
|
|
{
|
|
"description": "Manage privacy breaches",
|
|
"related": [],
|
|
"uuid": "cd43654b-d6aa-590e-b8bf-813396d85853",
|
|
"value": "Manage privacy breaches - T1901"
|
|
},
|
|
{
|
|
"description": "Implement and maintain organizational privacy policies and procedures",
|
|
"related": [],
|
|
"uuid": "843a86ca-e238-5c16-b246-5216d97cac89",
|
|
"value": "Implement and maintain organizational privacy policies and procedures - T1902"
|
|
},
|
|
{
|
|
"description": "Develop and maintain privacy and confidentiality information notices",
|
|
"related": [],
|
|
"uuid": "160d917b-0efd-5088-87bc-a89b2f51837f",
|
|
"value": "Develop and maintain privacy and confidentiality information notices - T1903"
|
|
},
|
|
{
|
|
"description": "Monitor advancements in information privacy technologies",
|
|
"related": [],
|
|
"uuid": "301b74b0-e64b-50f6-a19e-d5b81f6780de",
|
|
"value": "Monitor advancements in information privacy technologies - T1905"
|
|
},
|
|
{
|
|
"description": "Establish organizational risk management strategies",
|
|
"related": [],
|
|
"uuid": "809ccbda-dfad-542a-83c3-405b2fb918ab",
|
|
"value": "Establish organizational risk management strategies - T1907"
|
|
},
|
|
{
|
|
"description": "Design and execute exercise scenarios",
|
|
"related": [],
|
|
"uuid": "6eb87bb7-62f4-5f97-bcd1-3f3b93bb86ef",
|
|
"value": "Design and execute exercise scenarios - T1311"
|
|
},
|
|
{
|
|
"description": "Develop training modules and classes",
|
|
"related": [],
|
|
"uuid": "c3c4cf75-7cfa-5cb0-8c4e-0c34be3afe64",
|
|
"value": "Develop training modules and classes - T1413"
|
|
},
|
|
{
|
|
"description": "Develop training assignments",
|
|
"related": [],
|
|
"uuid": "dab56451-5e29-5670-ac8d-e157709bd6d5",
|
|
"value": "Develop training assignments - T1414"
|
|
},
|
|
{
|
|
"description": "Develop training evaluations",
|
|
"related": [],
|
|
"uuid": "a2dc6048-b066-5038-a64a-447441dc12a8",
|
|
"value": "Develop training evaluations - T1415"
|
|
},
|
|
{
|
|
"description": "Develop grading and proficiency standards",
|
|
"related": [],
|
|
"uuid": "2d20b4cb-9193-5367-bd98-a3d972813c01",
|
|
"value": "Develop grading and proficiency standards - T1416"
|
|
},
|
|
{
|
|
"description": "Create learner development, training, and remediation plans",
|
|
"related": [],
|
|
"uuid": "2dab189a-5db1-5fd9-811a-4b6dcd25795c",
|
|
"value": "Create learner development, training, and remediation plans - T1417"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of instruction and training",
|
|
"related": [],
|
|
"uuid": "33b7a521-7f91-552d-8eba-0b332f9ae657",
|
|
"value": "Determine effectiveness of instruction and training - T1438"
|
|
},
|
|
{
|
|
"description": "Create interactive learning exercises",
|
|
"related": [],
|
|
"uuid": "ce05ec70-cca0-52a0-8453-eec8cd049ea2",
|
|
"value": "Create interactive learning exercises - T1451"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity curriculum goals and objectives",
|
|
"related": [],
|
|
"uuid": "cd91d3aa-3e2f-5965-a458-b67337257961",
|
|
"value": "Develop cybersecurity curriculum goals and objectives - T1463"
|
|
},
|
|
{
|
|
"description": "Develop instructional strategies",
|
|
"related": [],
|
|
"uuid": "4ad86ee5-affd-5348-9f5f-89062d568f3e",
|
|
"value": "Develop instructional strategies - T1475"
|
|
},
|
|
{
|
|
"description": "Perform periodic reviews of learning materials and courses for accuracy and currency",
|
|
"related": [],
|
|
"uuid": "2e08a048-f9c3-5c58-bdc6-aefe68011278",
|
|
"value": "Perform periodic reviews of learning materials and courses for accuracy and currency - T1608"
|
|
},
|
|
{
|
|
"description": "Create privacy training materials",
|
|
"related": [],
|
|
"uuid": "01085bcf-c5cc-574c-a1be-d0969a65ee89",
|
|
"value": "Create privacy training materials - T1870"
|
|
},
|
|
{
|
|
"description": "Prepare privacy awareness communications",
|
|
"related": [],
|
|
"uuid": "5d998c7c-dc9d-53b6-aa5a-b842dd1f0684",
|
|
"value": "Prepare privacy awareness communications - T1871"
|
|
},
|
|
{
|
|
"description": "Deliver privacy awareness trainings",
|
|
"related": [],
|
|
"uuid": "24b38137-d702-5bec-b31e-b7d838013fba",
|
|
"value": "Deliver privacy awareness trainings - T1873"
|
|
},
|
|
{
|
|
"description": "Evaluate the effectiveness and comprehensiveness of existing training programs",
|
|
"related": [],
|
|
"uuid": "f56e731b-68f3-52da-9b39-c496c02f6809",
|
|
"value": "Evaluate the effectiveness and comprehensiveness of existing training programs - T0101"
|
|
},
|
|
{
|
|
"description": "Prepare and deliver education and awareness briefings",
|
|
"related": [],
|
|
"uuid": "a39c2a8a-4f88-55f6-9459-70062bb15dd2",
|
|
"value": "Prepare and deliver education and awareness briefings - T1008"
|
|
},
|
|
{
|
|
"description": "Create a cybersecurity awareness program",
|
|
"related": [],
|
|
"uuid": "827ff809-4f0f-580e-a329-5f7ff23be8cf",
|
|
"value": "Create a cybersecurity awareness program - T1009"
|
|
},
|
|
{
|
|
"description": "Conduct interactive training exercises",
|
|
"related": [],
|
|
"uuid": "b81ea632-3ddd-5e96-b278-e1e653b715fa",
|
|
"value": "Conduct interactive training exercises - T1093"
|
|
},
|
|
{
|
|
"description": "Develop awareness and training materials",
|
|
"related": [],
|
|
"uuid": "205eb7ca-460c-5f00-bb33-f1e8df38176e",
|
|
"value": "Develop awareness and training materials - T1156"
|
|
},
|
|
{
|
|
"description": "Identify pertinent awareness and training materials",
|
|
"related": [],
|
|
"uuid": "6baee639-51c3-526c-93f5-28c632ea947a",
|
|
"value": "Identify pertinent awareness and training materials - T1157"
|
|
},
|
|
{
|
|
"description": "Develop learning objectives and goals",
|
|
"related": [],
|
|
"uuid": "b4858edf-eec5-5783-910c-6cab199edcae",
|
|
"value": "Develop learning objectives and goals - T1418"
|
|
},
|
|
{
|
|
"description": "Develop organizational training materials",
|
|
"related": [],
|
|
"uuid": "05029d8d-f0f6-535c-8e52-1a5f9c3e422f",
|
|
"value": "Develop organizational training materials - T1419"
|
|
},
|
|
{
|
|
"description": "Develop proficiency assessments",
|
|
"related": [],
|
|
"uuid": "26990a81-8d78-5dbe-9942-6b46f48c2c0b",
|
|
"value": "Develop proficiency assessments - T1421"
|
|
},
|
|
{
|
|
"description": "Deliver training courses",
|
|
"related": [],
|
|
"uuid": "e379fe80-cda2-53c8-9b94-68e250a95ea1",
|
|
"value": "Deliver training courses - T1517"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity training, education, and awareness meet established goals",
|
|
"related": [],
|
|
"uuid": "ae5eb8ef-c36e-5f04-8b0c-0df7aebf7b5f",
|
|
"value": "Determine if cybersecurity training, education, and awareness meet established goals - T1537"
|
|
},
|
|
{
|
|
"description": "Plan classroom learning sessions",
|
|
"related": [],
|
|
"uuid": "d7b1b5a1-820f-5634-a7ce-ef2338e09319",
|
|
"value": "Plan classroom learning sessions - T1594"
|
|
},
|
|
{
|
|
"description": "Coordinate training and education",
|
|
"related": [],
|
|
"uuid": "b1bad081-b133-53bf-9195-a7b05140dc6f",
|
|
"value": "Coordinate training and education - T1595"
|
|
},
|
|
{
|
|
"description": "Plan delivery of non-classroom learning",
|
|
"related": [],
|
|
"uuid": "c4de2cc7-307c-52ef-b25c-15042c197ced",
|
|
"value": "Plan delivery of non-classroom learning - T1596"
|
|
},
|
|
{
|
|
"description": "Recommend revisions to learning materials and curriculum",
|
|
"related": [],
|
|
"uuid": "367ce606-ebc0-5e7b-8f31-df0a99b4d278",
|
|
"value": "Recommend revisions to learning materials and curriculum - T1609"
|
|
},
|
|
{
|
|
"description": "Advocate organization's official position in legal and legislative proceedings",
|
|
"related": [],
|
|
"uuid": "8552b522-afb2-5588-996a-7c8efce909be",
|
|
"value": "Advocate organization's official position in legal and legislative proceedings - T0006"
|
|
},
|
|
{
|
|
"description": "Resolve conflicts in laws, regulations, policies, standards, or procedures",
|
|
"related": [],
|
|
"uuid": "e4cc3202-2828-5e55-b1fd-028f261da477",
|
|
"value": "Resolve conflicts in laws, regulations, policies, standards, or procedures - T0220"
|
|
},
|
|
{
|
|
"description": "Determine if contracts comply with funding, legal, and program requirements",
|
|
"related": [],
|
|
"uuid": "78c3ebde-6f1f-5b50-90fe-a05dbfe308de",
|
|
"value": "Determine if contracts comply with funding, legal, and program requirements - T1189"
|
|
},
|
|
{
|
|
"description": "Identify alleged violations of law, regulations, policy, or guidance",
|
|
"related": [],
|
|
"uuid": "82502b46-e186-5814-8f42-c3587c37b565",
|
|
"value": "Identify alleged violations of law, regulations, policy, or guidance - T1511"
|
|
},
|
|
{
|
|
"description": "Develop implementation guidelines",
|
|
"related": [],
|
|
"uuid": "15f9b944-6494-5ac9-9f7d-24dc0d4499a5",
|
|
"value": "Develop implementation guidelines - T1535"
|
|
},
|
|
{
|
|
"description": "Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions",
|
|
"related": [],
|
|
"uuid": "8c69b698-bec4-5bd0-8c57-f9395148139e",
|
|
"value": "Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions - T1546"
|
|
},
|
|
{
|
|
"description": "Evaluate the impact of legal, regulatory, policy, standard, or procedural changes",
|
|
"related": [],
|
|
"uuid": "722a1227-830f-502c-a49f-9d0f947e3aed",
|
|
"value": "Evaluate the impact of legal, regulatory, policy, standard, or procedural changes - T1549"
|
|
},
|
|
{
|
|
"description": "Prepare legal documents",
|
|
"related": [],
|
|
"uuid": "5a5baf33-50ca-5163-bbbc-8233e900d88f",
|
|
"value": "Prepare legal documents - T1599"
|
|
},
|
|
{
|
|
"description": "Implement access control processes for continuous monitoring tools and technologies",
|
|
"related": [],
|
|
"uuid": "98970934-9292-514f-8c63-cf8d86ff0c4e",
|
|
"value": "Implement access control processes for continuous monitoring tools and technologies - T1959"
|
|
},
|
|
{
|
|
"description": "Manage the continuous monitoring program",
|
|
"related": [],
|
|
"uuid": "435b66da-f934-53ba-8931-3427df1a06e1",
|
|
"value": "Manage the continuous monitoring program - T1950"
|
|
},
|
|
{
|
|
"description": "Verify currency of software application, network, and system accreditation and assurance documentation",
|
|
"related": [],
|
|
"uuid": "8dba34b7-458e-5738-8722-3fa9aee525ce",
|
|
"value": "Verify currency of software application, network, and system accreditation and assurance documentation - T1331"
|
|
},
|
|
{
|
|
"description": "Develop architectures or system components consistent with technical specifications",
|
|
"related": [],
|
|
"uuid": "2d2e4944-699e-55ce-93ea-3ee36aec0b3f",
|
|
"value": "Develop architectures or system components consistent with technical specifications - T0067"
|
|
},
|
|
{
|
|
"description": "Determine if systems comply with security, resilience, and dependability requirements",
|
|
"related": [],
|
|
"uuid": "f1d4d26d-232b-56ce-8251-af0da36f1c69",
|
|
"value": "Determine if systems comply with security, resilience, and dependability requirements - T1237"
|
|
},
|
|
{
|
|
"description": "Determine compliance with cybersecurity policies and legal and regulatory requirements",
|
|
"related": [],
|
|
"uuid": "809679dc-bcb6-5424-af36-0531ed7e81fa",
|
|
"value": "Determine compliance with cybersecurity policies and legal and regulatory requirements - T1547"
|
|
},
|
|
{
|
|
"description": "Establish technical help processes for continuous monitoring mitigators",
|
|
"related": [],
|
|
"uuid": "a36973e7-bcec-5a56-aaad-28f73c0d0c72",
|
|
"value": "Establish technical help processes for continuous monitoring mitigators - T1960"
|
|
},
|
|
{
|
|
"description": "Communicate continuous monitoring reporting requirements",
|
|
"related": [],
|
|
"uuid": "8a85c58b-634a-5d8a-a1bb-70a0bad18031",
|
|
"value": "Communicate continuous monitoring reporting requirements - T1961"
|
|
},
|
|
{
|
|
"description": "Implement risk mitigation strategies",
|
|
"related": [],
|
|
"uuid": "7d2e136c-64a3-5c84-954c-938fad8195de",
|
|
"value": "Implement risk mitigation strategies - T1968"
|
|
},
|
|
{
|
|
"description": "Assess continuous monitoring performance",
|
|
"related": [],
|
|
"uuid": "dfdba75d-804c-5fcb-b746-ac00f72943f8",
|
|
"value": "Assess continuous monitoring performance - T1966"
|
|
},
|
|
{
|
|
"description": "Coordinate responses to issues flagged during continuous monitoring",
|
|
"related": [],
|
|
"uuid": "5033d3b5-9679-52ad-93d4-d36995e89c88",
|
|
"value": "Coordinate responses to issues flagged during continuous monitoring - T1967"
|
|
},
|
|
{
|
|
"description": "Establish risk management processes",
|
|
"related": [],
|
|
"uuid": "9eaa3efb-85cb-5f27-b3f9-c8eea0cdd9f7",
|
|
"value": "Establish risk management processes - T1964"
|
|
},
|
|
{
|
|
"description": "Establish performance measurement requirements for continuous monitoring tools and technologies",
|
|
"related": [],
|
|
"uuid": "5005c5c4-3bf7-5c64-b803-ce3c32961337",
|
|
"value": "Establish performance measurement requirements for continuous monitoring tools and technologies - T1965"
|
|
},
|
|
{
|
|
"description": "Define responsibilities for implementing continuous monitoring tools or technologies",
|
|
"related": [],
|
|
"uuid": "264f2bd4-acfd-5ae4-b2f6-dd7ffccf17a9",
|
|
"value": "Define responsibilities for implementing continuous monitoring tools or technologies - T1962"
|
|
},
|
|
{
|
|
"description": "Establish liaison to scoring and metrics working group",
|
|
"related": [],
|
|
"uuid": "48828261-e8a2-5587-b7aa-eebe5cd3c874",
|
|
"value": "Establish liaison to scoring and metrics working group - T1963"
|
|
},
|
|
{
|
|
"description": "Implement system disposal processes",
|
|
"related": [],
|
|
"uuid": "11e70f69-4bf8-5f55-be65-4c7cbb008021",
|
|
"value": "Implement system disposal processes - T1939"
|
|
},
|
|
{
|
|
"description": "Determine if system security meets acceptable risk levels",
|
|
"related": [],
|
|
"uuid": "ed03d4e2-7c03-5177-b031-ea6707bb7ee7",
|
|
"value": "Determine if system security meets acceptable risk levels - T1937"
|
|
},
|
|
{
|
|
"description": "Establish system disposal processes",
|
|
"related": [],
|
|
"uuid": "4339de40-71ab-5bf9-8a05-07a329b1eb00",
|
|
"value": "Establish system disposal processes - T1938"
|
|
},
|
|
{
|
|
"description": "Update cybersecurity action plans",
|
|
"related": [],
|
|
"uuid": "19fc5fb8-cb11-5b7d-ac8a-0ac494f57746",
|
|
"value": "Update cybersecurity action plans - T1935"
|
|
},
|
|
{
|
|
"description": "Report system security status to authorizing officials",
|
|
"related": [],
|
|
"uuid": "c3a3e89a-c7c0-5840-bdff-a7e1d0360046",
|
|
"value": "Report system security status to authorizing officials - T1936"
|
|
},
|
|
{
|
|
"description": "Determine if system security risks are acceptable",
|
|
"related": [],
|
|
"uuid": "3bb72c26-90fe-5bb0-b08b-1d04aa47a689",
|
|
"value": "Determine if system security risks are acceptable - T1933"
|
|
},
|
|
{
|
|
"description": "Determine if common control risks are acceptable",
|
|
"related": [],
|
|
"uuid": "e7503696-2da5-58e7-8462-467421a5edf2",
|
|
"value": "Determine if common control risks are acceptable - T1934"
|
|
},
|
|
{
|
|
"description": "Determine risks of using common controls",
|
|
"related": [],
|
|
"uuid": "d3339bdd-c6b2-53f5-b2a0-cf912f363953",
|
|
"value": "Determine risks of using common controls - T1931"
|
|
},
|
|
{
|
|
"description": "Implement cybersecurity action plans",
|
|
"related": [],
|
|
"uuid": "4282689b-08b9-5b0f-ae53-c2efae1af12c",
|
|
"value": "Implement cybersecurity action plans - T1932"
|
|
},
|
|
{
|
|
"description": "Determine risks of operating or using a system",
|
|
"related": [],
|
|
"uuid": "01873b22-65f1-51c8-a2c3-e532b1394599",
|
|
"value": "Determine risks of operating or using a system - T1930"
|
|
},
|
|
{
|
|
"description": "Prepare authorization packages",
|
|
"related": [],
|
|
"uuid": "f097f969-ba17-5b76-82fc-b49f5aba0635",
|
|
"value": "Prepare authorization packages - T1928"
|
|
},
|
|
{
|
|
"description": "Submit authorization packages to authorizing officials for adjudication",
|
|
"related": [],
|
|
"uuid": "aad8c087-d1fe-58fd-bce5-31be347cf64d",
|
|
"value": "Submit authorization packages to authorizing officials for adjudication - T1929"
|
|
},
|
|
{
|
|
"description": "Conduct security control remediations",
|
|
"related": [],
|
|
"uuid": "49d2c0bf-456e-598e-9493-ad3a2df199b0",
|
|
"value": "Conduct security control remediations - T1926"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity action plans and milestones",
|
|
"related": [],
|
|
"uuid": "c5522880-6f6d-5e30-92fe-2e74e1b85faf",
|
|
"value": "Develop cybersecurity action plans and milestones - T1927"
|
|
},
|
|
{
|
|
"description": "Determine accurate security levels in programs and software applications",
|
|
"related": [],
|
|
"uuid": "2dc60022-b0f2-56b0-9020-4da073c1dbe3",
|
|
"value": "Determine accurate security levels in programs and software applications - T1514"
|
|
},
|
|
{
|
|
"description": "Document software application, system, and network security postures, capabilities, and vulnerabilities",
|
|
"related": [],
|
|
"uuid": "794660e8-1aac-56c0-8ee4-c4de752c19d9",
|
|
"value": "Document software application, system, and network security postures, capabilities, and vulnerabilities - T1289"
|
|
},
|
|
{
|
|
"description": "Prepare technical evaluations of software applications, systems, and networks",
|
|
"related": [],
|
|
"uuid": "953cd638-f1ce-5e9c-8dac-2b4ce198f452",
|
|
"value": "Prepare technical evaluations of software applications, systems, and networks - T1288"
|
|
},
|
|
{
|
|
"description": "Determine effectiveness of security controls",
|
|
"related": [],
|
|
"uuid": "cefafab7-98e7-5625-a1db-31ec687af93b",
|
|
"value": "Determine effectiveness of security controls - T1924"
|
|
},
|
|
{
|
|
"description": "Prepare security control assessment reports",
|
|
"related": [],
|
|
"uuid": "10df8c3f-e999-5160-850f-7bac72d1896f",
|
|
"value": "Prepare security control assessment reports - T1925"
|
|
},
|
|
{
|
|
"description": "Develop system security control assessment plans",
|
|
"related": [],
|
|
"uuid": "11045597-5e31-57fa-980a-99ebebbf18fa",
|
|
"value": "Develop system security control assessment plans - T1922"
|
|
},
|
|
{
|
|
"description": "Approve system security control assessment plans",
|
|
"related": [],
|
|
"uuid": "0365912c-4eaa-57d0-8f9e-30cb9f59c9ad",
|
|
"value": "Approve system security control assessment plans - T1923"
|
|
},
|
|
{
|
|
"description": "Establish system configuration baselines",
|
|
"related": [],
|
|
"uuid": "3c543e3e-d02d-58a9-81c5-69f0ccc9489f",
|
|
"value": "Establish system configuration baselines - T1920"
|
|
},
|
|
{
|
|
"description": "Document changes to planned system control implementations",
|
|
"related": [],
|
|
"uuid": "02d5ac10-1518-5013-9a52-1751f848af00",
|
|
"value": "Document changes to planned system control implementations - T1921"
|
|
},
|
|
{
|
|
"description": "Implement system security controls",
|
|
"related": [],
|
|
"uuid": "d22bba9f-f20f-59bf-8304-19b397709bb1",
|
|
"value": "Implement system security controls - T1919"
|
|
},
|
|
{
|
|
"description": "Establish security control monitoring strategies",
|
|
"related": [],
|
|
"uuid": "e68deaa9-ac01-59c6-b2a6-7ddb90a92c11",
|
|
"value": "Establish security control monitoring strategies - T1917"
|
|
},
|
|
{
|
|
"description": "Review and approve System Security Plans (SSPs)",
|
|
"related": [],
|
|
"uuid": "5598113f-85a6-598d-a22e-c1e01d62cecf",
|
|
"value": "Review and approve System Security Plans (SSPs) - T1918"
|
|
},
|
|
{
|
|
"description": "Identify required system security controls",
|
|
"related": [],
|
|
"uuid": "349cf77c-6bf1-5c62-8b91-f48bb5c4aec7",
|
|
"value": "Identify required system security controls - T1915"
|
|
},
|
|
{
|
|
"description": "Document planned system security control implementations",
|
|
"related": [],
|
|
"uuid": "13e6037d-ae88-5dc9-948a-22e4b8e9e6ea",
|
|
"value": "Document planned system security control implementations - T1916"
|
|
},
|
|
{
|
|
"description": "Register systems with organizational program management offices",
|
|
"related": [],
|
|
"uuid": "36ac6d68-b50c-58a5-9f21-5751b49a469e",
|
|
"value": "Register systems with organizational program management offices - T1914"
|
|
},
|
|
{
|
|
"description": "Determine the security categorization for organizational systems",
|
|
"related": [],
|
|
"uuid": "fac6e06a-58df-5be3-beda-ad007f89900e",
|
|
"value": "Determine the security categorization for organizational systems - T1911"
|
|
},
|
|
{
|
|
"description": "Determine system boundaries",
|
|
"related": [],
|
|
"uuid": "1b2fc7c0-d66b-5d62-829f-99ef6431fe66",
|
|
"value": "Determine system boundaries - T1912"
|
|
},
|
|
{
|
|
"description": "Identify common controls available for inheritance by organizational systems",
|
|
"related": [],
|
|
"uuid": "aac9d54c-589a-55c3-90d6-c2ed8968a5a3",
|
|
"value": "Identify common controls available for inheritance by organizational systems - T1910"
|
|
},
|
|
{
|
|
"description": "Determine which business functions a system supports",
|
|
"related": [],
|
|
"uuid": "7050ffba-32ba-53cc-b0a0-9bf6e04eca04",
|
|
"value": "Determine which business functions a system supports - T1908"
|
|
},
|
|
{
|
|
"description": "Determine system stakeholders",
|
|
"related": [],
|
|
"uuid": "1604728c-64cf-56ba-a8f0-f6d37a790f31",
|
|
"value": "Determine system stakeholders - T1909"
|
|
},
|
|
{
|
|
"description": "Determine business partner requirements",
|
|
"related": [],
|
|
"uuid": "ab945b0e-1f2f-556c-9ee9-5c0e5071bf01",
|
|
"value": "Determine business partner requirements - T1904"
|
|
},
|
|
{
|
|
"description": "Determine if risk metrics support continuous monitoring",
|
|
"related": [],
|
|
"uuid": "286280cd-19a1-546f-b54c-cbe0ec263378",
|
|
"value": "Determine if risk metrics support continuous monitoring - T1946"
|
|
},
|
|
{
|
|
"description": "Determine if continuous monitoring data provides situational awareness of risk levels",
|
|
"related": [],
|
|
"uuid": "fefc4c61-38da-5a60-9f80-96f84d952092",
|
|
"value": "Determine if continuous monitoring data provides situational awareness of risk levels - T1947"
|
|
},
|
|
{
|
|
"description": "Provide training and resources to continuous monitoring staff",
|
|
"related": [],
|
|
"uuid": "e07cebd4-67ef-5509-9ccc-fc12d08d6e9c",
|
|
"value": "Provide training and resources to continuous monitoring staff - T1944"
|
|
},
|
|
{
|
|
"description": "Prepare continuous monitoring reports",
|
|
"related": [],
|
|
"uuid": "b33b57e3-269e-576b-8a87-196c03a2b4ec",
|
|
"value": "Prepare continuous monitoring reports - T1945"
|
|
},
|
|
{
|
|
"description": "Integrate a continuous monitoring program into organizational security governance structures and policies",
|
|
"related": [],
|
|
"uuid": "ad27211c-a62a-5137-bd4c-af04e756a059",
|
|
"value": "Integrate a continuous monitoring program into organizational security governance structures and policies - T1942"
|
|
},
|
|
{
|
|
"description": "Make cybersecurity investment decisions to address persistent issues",
|
|
"related": [],
|
|
"uuid": "538aa4a3-b7c1-58ef-936c-9a78a44ffc30",
|
|
"value": "Make cybersecurity investment decisions to address persistent issues - T1943"
|
|
},
|
|
{
|
|
"description": "Form continuous monitoring working groups",
|
|
"related": [],
|
|
"uuid": "86dfdd40-1884-5dcd-9dee-f9495293b581",
|
|
"value": "Form continuous monitoring working groups - T1940"
|
|
},
|
|
{
|
|
"description": "Establish continous monitoring scoring and grading metrics",
|
|
"related": [],
|
|
"uuid": "ab89fc0b-0ce2-5cc5-870f-09dd0ce9e29a",
|
|
"value": "Establish continous monitoring scoring and grading metrics - T1941"
|
|
},
|
|
{
|
|
"description": "Profile system administrators and their activities",
|
|
"related": [],
|
|
"uuid": "b078443b-98b9-56e9-9efb-4a89ddaa8e00",
|
|
"value": "Profile system administrators and their activities - T1786"
|
|
},
|
|
{
|
|
"description": "Recommend new or revised security, resilience, and dependability measures",
|
|
"related": [],
|
|
"uuid": "8e2d45b7-52ff-53a1-ad63-f02cec3a59fb",
|
|
"value": "Recommend new or revised security, resilience, and dependability measures - T1303"
|
|
},
|
|
{
|
|
"description": "Prepare operational assessment reports",
|
|
"related": [],
|
|
"uuid": "d93c6fce-7452-5563-bfd3-e3f04ffa4377",
|
|
"value": "Prepare operational assessment reports - T1708"
|
|
},
|
|
{
|
|
"description": "Intergrate continuous monitoring results in ongoing authorizations",
|
|
"related": [],
|
|
"uuid": "c5949f16-b0b1-5600-9864-32bfab45a928",
|
|
"value": "Intergrate continuous monitoring results in ongoing authorizations - T1957"
|
|
},
|
|
{
|
|
"description": "Establish access control processes for continuous monitoring tools and technologies",
|
|
"related": [],
|
|
"uuid": "579db313-02dd-5a17-b287-0aee611c06e0",
|
|
"value": "Establish access control processes for continuous monitoring tools and technologies - T1958"
|
|
},
|
|
{
|
|
"description": "Establish automated control assessment reporting requirements",
|
|
"related": [],
|
|
"uuid": "ca9f77d5-e4ae-5d02-9db5-5e33caa6ccf8",
|
|
"value": "Establish automated control assessment reporting requirements - T1955"
|
|
},
|
|
{
|
|
"description": "Conduct continuous monitoring data assessments",
|
|
"related": [],
|
|
"uuid": "9348b833-7a49-5d8e-a858-ab3bf310a344",
|
|
"value": "Conduct continuous monitoring data assessments - T1956"
|
|
},
|
|
{
|
|
"description": "Establish continuous monitoring reporting requirements",
|
|
"related": [],
|
|
"uuid": "a7f58976-6eff-5d32-adab-773cc5d5b113",
|
|
"value": "Establish continuous monitoring reporting requirements - T1953"
|
|
},
|
|
{
|
|
"description": "Perform continuous monitoring",
|
|
"related": [],
|
|
"uuid": "d950fffa-7d8f-5a3b-a3a6-afdd8471cd9a",
|
|
"value": "Perform continuous monitoring - T1954"
|
|
},
|
|
{
|
|
"description": "Establish continuous monitoring communication processes",
|
|
"related": [],
|
|
"uuid": "690860b1-c37a-5a16-b4a6-8da3c4165fb4",
|
|
"value": "Establish continuous monitoring communication processes - T1951"
|
|
},
|
|
{
|
|
"description": "Identify reporting requirements that are fulfilled by the continous monitoring program",
|
|
"related": [],
|
|
"uuid": "9b5cc632-dfe1-533e-8dcd-1f9497c1ce6f",
|
|
"value": "Identify reporting requirements that are fulfilled by the continous monitoring program - T1952"
|
|
},
|
|
{
|
|
"description": "Define unacceptable risk threshold triggers for continuous monitoring data",
|
|
"related": [],
|
|
"uuid": "65905fb1-b4f7-54eb-8011-95f44f81ccbf",
|
|
"value": "Define unacceptable risk threshold triggers for continuous monitoring data - T1948"
|
|
},
|
|
{
|
|
"description": "Establish system-level reporting categories",
|
|
"related": [],
|
|
"uuid": "96c2a79b-6c14-5d55-8910-70ff34cdbba5",
|
|
"value": "Establish system-level reporting categories - T1949"
|
|
},
|
|
{
|
|
"description": "Notify appropriate personnel of imminent of imminent hostile intentions or activities",
|
|
"related": [],
|
|
"uuid": "eb6c19ac-66d6-5cd8-87d9-0dee9b85a9c9",
|
|
"value": "Notify appropriate personnel of imminent of imminent hostile intentions or activities - T1984"
|
|
},
|
|
{
|
|
"description": "Document security, resilience, and dependability requirements",
|
|
"related": [],
|
|
"uuid": "a43b8c62-8ece-5fdd-9690-4d5c7be2ed02",
|
|
"value": "Document security, resilience, and dependability requirements - T1166"
|
|
},
|
|
{
|
|
"description": "Develop risk, compliance, and assurance specifications",
|
|
"related": [],
|
|
"uuid": "6e6b806e-7829-52af-bac2-6f888603aba5",
|
|
"value": "Develop risk, compliance, and assurance specifications - T1165"
|
|
},
|
|
{
|
|
"description": "Recommend courses of action or countermeasures to mitigate risks",
|
|
"related": [],
|
|
"uuid": "1e3714db-1c97-53ae-b0fb-fbb0811d9953",
|
|
"value": "Recommend courses of action or countermeasures to mitigate risks - T2002"
|
|
},
|
|
{
|
|
"description": "Perform cybersecurity reviews",
|
|
"related": [],
|
|
"uuid": "4eae6448-1146-576c-9993-d3d25e38ad30",
|
|
"value": "Perform cybersecurity reviews - T2000"
|
|
},
|
|
{
|
|
"description": "Document preliminary or residual security risks for system operation",
|
|
"related": [],
|
|
"uuid": "7de4b51a-eef5-5446-b1c0-92833ea1e9c3",
|
|
"value": "Document preliminary or residual security risks for system operation - T1170"
|
|
},
|
|
{
|
|
"description": "Identify anomalous activity",
|
|
"related": [],
|
|
"uuid": "c2edf5bf-8375-55d0-9722-03632ab505c3",
|
|
"value": "Identify anomalous activity - T1972"
|
|
},
|
|
{
|
|
"description": "Conduct import/export reviews for acquiring systems and software",
|
|
"related": [],
|
|
"uuid": "a62c323e-5f68-53a5-81d7-0f0bb43d2c10",
|
|
"value": "Conduct import/export reviews for acquiring systems and software - T0412"
|
|
},
|
|
{
|
|
"description": "Apply standards to identify safety risk and protect cyber-physical functions",
|
|
"related": [],
|
|
"uuid": "c8c3529c-3f3f-5e21-85ce-d82efed0e292",
|
|
"value": "Apply standards to identify safety risk and protect cyber-physical functions - T1011"
|
|
},
|
|
{
|
|
"description": "Develop risk, compliance, and assurance monitoring strategies",
|
|
"related": [],
|
|
"uuid": "126fb55c-0447-59f0-9a1f-d493b50e4a1f",
|
|
"value": "Develop risk, compliance, and assurance monitoring strategies - T1154"
|
|
},
|
|
{
|
|
"description": "Develop risk, compliance, and assurance measurement strategies",
|
|
"related": [],
|
|
"uuid": "a95bc104-c4fa-55a1-b34d-05531f6c7050",
|
|
"value": "Develop risk, compliance, and assurance measurement strategies - T1155"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on the development of continuity of operations plans",
|
|
"related": [],
|
|
"uuid": "b401f8f9-3156-56b3-b983-f419a47d7a75",
|
|
"value": "Advise stakeholders on the development of continuity of operations plans - T1291"
|
|
},
|
|
{
|
|
"description": "Determine if procurement activities sufficiently address supply chain risks",
|
|
"related": [],
|
|
"uuid": "ad50a90c-3fa7-510d-aa8a-40a61c3e4800",
|
|
"value": "Determine if procurement activities sufficiently address supply chain risks - T1344"
|
|
},
|
|
{
|
|
"description": "Recommend improvements to procurement activities to address cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "ee2847bd-ed45-556e-9215-04f9fcf75124",
|
|
"value": "Recommend improvements to procurement activities to address cybersecurity requirements - T1345"
|
|
},
|
|
{
|
|
"description": "Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "5f195360-53b6-55e8-9e66-6a58f36c706d",
|
|
"value": "Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements - T1369"
|
|
},
|
|
{
|
|
"description": "Develop supply chain, system, network, and operational security contract language",
|
|
"related": [],
|
|
"uuid": "a81340bc-48a3-5400-a423-4749f02b7f62",
|
|
"value": "Develop supply chain, system, network, and operational security contract language - T1399"
|
|
},
|
|
{
|
|
"description": "Determine if technology services are delivered successfully",
|
|
"related": [],
|
|
"uuid": "878d2df0-c60e-5d8f-8e5a-0ccd14a6d86e",
|
|
"value": "Determine if technology services are delivered successfully - T1435"
|
|
},
|
|
{
|
|
"description": "Manage customer services",
|
|
"related": [],
|
|
"uuid": "e859c316-ce3b-528c-8b63-cef82a849851",
|
|
"value": "Manage customer services - T1448"
|
|
},
|
|
{
|
|
"description": "Define service-level agreements (SLAs)",
|
|
"related": [],
|
|
"uuid": "e2448671-8260-5681-bb3d-0fbbde5d535a",
|
|
"value": "Define service-level agreements (SLAs) - T1465"
|
|
},
|
|
{
|
|
"description": "Gather customer satisfaction and service performance feedback",
|
|
"related": [],
|
|
"uuid": "90c77abb-6727-5c4f-a3cd-f2b87a53e92f",
|
|
"value": "Gather customer satisfaction and service performance feedback - T1472"
|
|
},
|
|
{
|
|
"description": "Examine service performance reports for issues and variances",
|
|
"related": [],
|
|
"uuid": "08ee8a78-273e-5bfa-bd03-f0a205ba8ef1",
|
|
"value": "Examine service performance reports for issues and variances - T1480"
|
|
},
|
|
{
|
|
"description": "Initiate corrective actions to service performance issues and variances",
|
|
"related": [],
|
|
"uuid": "7bdab8b5-e7cf-5df4-b5d2-bd1130b4cd5d",
|
|
"value": "Initiate corrective actions to service performance issues and variances - T1481"
|
|
},
|
|
{
|
|
"description": "Determine supply chain cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "39fa1447-7b0f-535f-9eea-f9bcaba12079",
|
|
"value": "Determine supply chain cybersecurity requirements - T1497"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on enterprise cybersecurity risk management",
|
|
"related": [],
|
|
"uuid": "c61cd761-5ba7-5ce4-8b92-168df58cbc83",
|
|
"value": "Advise stakeholders on enterprise cybersecurity risk management - T1601"
|
|
},
|
|
{
|
|
"description": "Advise stakeholders on supply chain risk management",
|
|
"related": [],
|
|
"uuid": "a710305e-2bdb-5c2f-817c-6664daacd504",
|
|
"value": "Advise stakeholders on supply chain risk management - T1602"
|
|
},
|
|
{
|
|
"description": "Prepare supply chain security reports",
|
|
"related": [],
|
|
"uuid": "d151126f-d0fd-5ad2-a777-d63f20194bbb",
|
|
"value": "Prepare supply chain security reports - T1621"
|
|
},
|
|
{
|
|
"description": "Prepare risk management reports",
|
|
"related": [],
|
|
"uuid": "b23ae4b2-eb12-5f8a-a532-cdf96f6cbf10",
|
|
"value": "Prepare risk management reports - T1622"
|
|
},
|
|
{
|
|
"description": "Develop strategic plans",
|
|
"related": [],
|
|
"uuid": "fb1071ea-ee82-5e78-9b93-e290eb068f56",
|
|
"value": "Develop strategic plans - T1145"
|
|
},
|
|
{
|
|
"description": "Maintain strategic plans",
|
|
"related": [],
|
|
"uuid": "9b73a84a-3b99-5186-8780-82e150087575",
|
|
"value": "Maintain strategic plans - T1146"
|
|
},
|
|
{
|
|
"description": "Disseminate incident and other Computer Network Defense (CND) information",
|
|
"related": [],
|
|
"uuid": "c4af8513-0e23-55d3-991a-1a9014b77ee2",
|
|
"value": "Disseminate incident and other Computer Network Defense (CND) information - T1221"
|
|
},
|
|
{
|
|
"description": "Align cybersecurity priorities with organizational security strategy",
|
|
"related": [],
|
|
"uuid": "923355db-860e-5feb-a4aa-9a8c88a7e37c",
|
|
"value": "Align cybersecurity priorities with organizational security strategy - T1226"
|
|
},
|
|
{
|
|
"description": "Develop Computer Network Defense (CND) guidance for organizational stakeholders",
|
|
"related": [],
|
|
"uuid": "3720f464-48fa-5aa5-b63a-5ee6203722c3",
|
|
"value": "Develop Computer Network Defense (CND) guidance for organizational stakeholders - T1234"
|
|
},
|
|
{
|
|
"description": "Determine the effectiveness of enterprise cybersecurity safeguards",
|
|
"related": [],
|
|
"uuid": "893e78e4-96dd-5834-ab24-cc5b86a37fa5",
|
|
"value": "Determine the effectiveness of enterprise cybersecurity safeguards - T1238"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity policy recommendations",
|
|
"related": [],
|
|
"uuid": "6d88900c-0d4b-5b6f-9eb4-bf9349e79370",
|
|
"value": "Develop cybersecurity policy recommendations - T1307"
|
|
},
|
|
{
|
|
"description": "Coordinate cybersecurity policy review and approval processes",
|
|
"related": [],
|
|
"uuid": "4c87c1aa-3172-52ac-95e4-f6b052cad7ef",
|
|
"value": "Coordinate cybersecurity policy review and approval processes - T1308"
|
|
},
|
|
{
|
|
"description": "Oversee policy standards and implementation strategy development",
|
|
"related": [],
|
|
"uuid": "e41565b1-3633-59ec-b583-aaba8eec440b",
|
|
"value": "Oversee policy standards and implementation strategy development - T1342"
|
|
},
|
|
{
|
|
"description": "Determine if vulnerability remediation plans are in place",
|
|
"related": [],
|
|
"uuid": "27bc66fb-5e7e-5c21-b9eb-ce7d9b9f31e0",
|
|
"value": "Determine if vulnerability remediation plans are in place - T1355"
|
|
},
|
|
{
|
|
"description": "Develop vulnerability remediation plans",
|
|
"related": [],
|
|
"uuid": "1f285a50-4d50-5c81-ab16-7f050b7a8453",
|
|
"value": "Develop vulnerability remediation plans - T1356"
|
|
},
|
|
{
|
|
"description": "Develop critical infrastructure protection policies and procedures",
|
|
"related": [],
|
|
"uuid": "f25ab376-df53-558c-8cfe-823ee47ba281",
|
|
"value": "Develop critical infrastructure protection policies and procedures - T1376"
|
|
},
|
|
{
|
|
"description": "Implement critical infrastructure protection policies and procedures",
|
|
"related": [],
|
|
"uuid": "353a3dd5-d516-51a6-8f15-65df62f680c7",
|
|
"value": "Implement critical infrastructure protection policies and procedures - T1377"
|
|
},
|
|
{
|
|
"description": "Establish cybersecurity risk assessment processes",
|
|
"related": [],
|
|
"uuid": "e97c6e21-a51e-50b4-9c11-3917b7e2b6a0",
|
|
"value": "Establish cybersecurity risk assessment processes - T1862"
|
|
},
|
|
{
|
|
"description": "Establish a cybersecurity risk management program",
|
|
"related": [],
|
|
"uuid": "f3d707a3-fe9c-55cd-b782-e454220a1b00",
|
|
"value": "Establish a cybersecurity risk management program - T1906"
|
|
},
|
|
{
|
|
"description": "Manage Accreditation Packages (e.g., ISO/IEC 15026-2)",
|
|
"related": [],
|
|
"uuid": "eeae1f33-c50c-5686-bb8b-964a72ff97d1",
|
|
"value": "Manage Accreditation Packages (e.g., ISO/IEC 15026-2) - T0495"
|
|
},
|
|
{
|
|
"description": "Approve accreditation packages",
|
|
"related": [],
|
|
"uuid": "952aa9dd-ef80-5a67-8c3c-fd08422414b2",
|
|
"value": "Approve accreditation packages - T1232"
|
|
},
|
|
{
|
|
"description": "Plan security authorization reviews for system and network installations",
|
|
"related": [],
|
|
"uuid": "58f5f01b-c1ee-5e9d-86b0-c26ce6c1ac61",
|
|
"value": "Plan security authorization reviews for system and network installations - T1270"
|
|
},
|
|
{
|
|
"description": "Conduct security authorization reviews for system and network installations",
|
|
"related": [],
|
|
"uuid": "21686556-93a1-5c34-b82f-fb4e0db1baf4",
|
|
"value": "Conduct security authorization reviews for system and network installations - T1271"
|
|
},
|
|
{
|
|
"description": "Develop security assurance cases for system and network installations",
|
|
"related": [],
|
|
"uuid": "ae2e04eb-340e-548b-a7f5-a15ed91861da",
|
|
"value": "Develop security assurance cases for system and network installations - T1272"
|
|
},
|
|
{
|
|
"description": "Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks",
|
|
"related": [],
|
|
"uuid": "e0652cdf-751a-57c5-aaeb-1f836ae7323f",
|
|
"value": "Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks - T1305"
|
|
},
|
|
{
|
|
"description": "Verify implementation of software, network, and system cybersecurity postures",
|
|
"related": [],
|
|
"uuid": "b4a0542b-c08b-5648-a8e0-37b12436c2c7",
|
|
"value": "Verify implementation of software, network, and system cybersecurity postures - T1328"
|
|
},
|
|
{
|
|
"description": "Document software, network, and system deviations from implemented security postures",
|
|
"related": [],
|
|
"uuid": "1a4b4162-46e4-5eeb-8e07-27701402dddc",
|
|
"value": "Document software, network, and system deviations from implemented security postures - T1329"
|
|
},
|
|
{
|
|
"description": "Recommend required actions to correct software, network, and system deviations from implemented security postures",
|
|
"related": [],
|
|
"uuid": "759e85ec-6a42-51c3-aa52-518591929cd2",
|
|
"value": "Recommend required actions to correct software, network, and system deviations from implemented security postures - T1330"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity compliance processes for external services",
|
|
"related": [],
|
|
"uuid": "924f55e7-5ce2-5f91-84bb-e9efd5cb4019",
|
|
"value": "Develop cybersecurity compliance processes for external services - T1339"
|
|
},
|
|
{
|
|
"description": "Develop cybersecurity audit processes for external services",
|
|
"related": [],
|
|
"uuid": "ed89471e-2751-5352-a869-fd4fe9f3fe88",
|
|
"value": "Develop cybersecurity audit processes for external services - T1340"
|
|
},
|
|
{
|
|
"description": "Provide cybersecurity guidance to organizational risk governance processes",
|
|
"related": [],
|
|
"uuid": "7819c599-61f4-52b4-9fca-34a69ee4aa48",
|
|
"value": "Provide cybersecurity guidance to organizational risk governance processes - T1343"
|
|
},
|
|
{
|
|
"description": "Support cybersecurity compliance activities",
|
|
"related": [],
|
|
"uuid": "da3b2ae0-6b20-52e6-acae-cb46f639c3b7",
|
|
"value": "Support cybersecurity compliance activities - T1368"
|
|
},
|
|
{
|
|
"description": "Monitor changes to a system and its environment of operation",
|
|
"related": [],
|
|
"uuid": "67b82a25-09d7-59e7-b49e-db51b9dee1f9",
|
|
"value": "Monitor changes to a system and its environment of operation - T0960"
|
|
},
|
|
{
|
|
"description": "Identify stakeholder assets that require protection",
|
|
"related": [],
|
|
"uuid": "2555f5ca-db5c-54ad-aec5-6c032dcc3cfe",
|
|
"value": "Identify stakeholder assets that require protection - T0934"
|
|
},
|
|
{
|
|
"description": "Develop organizational training programs",
|
|
"related": [],
|
|
"uuid": "0aca33e8-45ea-5c6d-b6c0-12a443f51473",
|
|
"value": "Develop organizational training programs - T1420"
|
|
},
|
|
{
|
|
"description": "Identify the types of information to be processed, stored, or transmitted by a system",
|
|
"related": [],
|
|
"uuid": "b45fbb29-d076-52cb-8d83-57ea0434b1d9",
|
|
"value": "Identify the types of information to be processed, stored, or transmitted by a system - T0942"
|
|
},
|
|
{
|
|
"description": "Recommend commercial, government off-the-shelf, or open source products for use within a system",
|
|
"related": [],
|
|
"uuid": "70daf9da-bdbe-5aad-a585-af81d97e957d",
|
|
"value": "Recommend commercial, government off-the-shelf, or open source products for use within a system - T1443"
|
|
},
|
|
{
|
|
"description": "Determine if products comply with cybersecurity requirements",
|
|
"related": [],
|
|
"uuid": "8f7b847e-daa9-5e52-a1d5-3d49088823fc",
|
|
"value": "Determine if products comply with cybersecurity requirements - T1444"
|
|
},
|
|
{
|
|
"description": "Determine the validity of findings",
|
|
"related": [],
|
|
"uuid": "2640b685-b553-5594-8295-dcec627c6e91",
|
|
"value": "Determine the validity of findings - T1441"
|
|
},
|
|
{
|
|
"description": "Design system administration and management functionality for privileged access users",
|
|
"related": [],
|
|
"uuid": "9f73a829-9545-5bde-8a18-eb25352b514b",
|
|
"value": "Design system administration and management functionality for privileged access users - T1452"
|
|
},
|
|
{
|
|
"description": "Develop system administration and management functionality for privileged access users",
|
|
"related": [],
|
|
"uuid": "40e45418-3f4b-55eb-8346-8a5d7dad9af9",
|
|
"value": "Develop system administration and management functionality for privileged access users - T1453"
|
|
},
|
|
{
|
|
"description": "Create risk-driven systems maintenance and updates processes",
|
|
"related": [],
|
|
"uuid": "0f7b400a-c9ef-56b3-ab0a-0dd306bce8a3",
|
|
"value": "Create risk-driven systems maintenance and updates processes - T1473"
|
|
},
|
|
{
|
|
"description": "Determine the placement of a system within the enterprise architecture",
|
|
"related": [],
|
|
"uuid": "e8df63e0-5a6d-50d6-b081-bae677bc69e6",
|
|
"value": "Determine the placement of a system within the enterprise architecture - T0937"
|
|
},
|
|
{
|
|
"description": "Maintain information systems assurance and accreditation materials",
|
|
"related": [],
|
|
"uuid": "c0f10584-fa5f-5394-bc27-d2a7e31e08cd",
|
|
"value": "Maintain information systems assurance and accreditation materials - T0141"
|
|
},
|
|
{
|
|
"description": "Define operating level agreements (OLAs)",
|
|
"related": [],
|
|
"uuid": "6f7056ae-13e9-5c40-b240-7ede551817e8",
|
|
"value": "Define operating level agreements (OLAs) - T1474"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity requirements included in contracts are delivered",
|
|
"related": [],
|
|
"uuid": "59567c61-1e46-5665-8546-d8d8d8d74924",
|
|
"value": "Determine if cybersecurity requirements included in contracts are delivered - T1498"
|
|
},
|
|
{
|
|
"description": "Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture",
|
|
"related": [],
|
|
"uuid": "c7196969-022f-5246-8673-b423d2f81334",
|
|
"value": "Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture - T1061"
|
|
},
|
|
{
|
|
"description": "Collect and maintain system cybersecurity report data",
|
|
"related": [],
|
|
"uuid": "6d2c71b1-9418-52fb-a298-63d178f0c3e9",
|
|
"value": "Collect and maintain system cybersecurity report data - T1086"
|
|
},
|
|
{
|
|
"description": "Create system cybersecurity reports",
|
|
"related": [],
|
|
"uuid": "98b043d2-a9a9-54bf-b8e2-b55029cfb6c9",
|
|
"value": "Create system cybersecurity reports - T1087"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment",
|
|
"related": [],
|
|
"uuid": "882d2ea6-5510-5ec0-8769-9a28a4127ecf",
|
|
"value": "Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment - T1180"
|
|
},
|
|
{
|
|
"description": "Determine if cybersecurity requirements are integrated into continuity planning",
|
|
"related": [],
|
|
"uuid": "204792a0-0f19-5699-a665-1d8ce75abc87",
|
|
"value": "Determine if cybersecurity requirements are integrated into continuity planning - T1181"
|
|
},
|
|
{
|
|
"description": "Determine if security engineering is used when acquiring or developing protection and detection capabilities",
|
|
"related": [],
|
|
"uuid": "06dd8d64-13f4-5208-a044-af5bdb5e0e7b",
|
|
"value": "Determine if security engineering is used when acquiring or developing protection and detection capabilities - T1182"
|
|
},
|
|
{
|
|
"description": "Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture",
|
|
"related": [],
|
|
"uuid": "242b4ce0-fb42-5bfe-b9da-b734c4c1580d",
|
|
"value": "Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture - T1183"
|
|
},
|
|
{
|
|
"description": "Determine if baseline security safeguards are appropriately installed",
|
|
"related": [],
|
|
"uuid": "5b317a1c-29b9-5a2f-ba79-e18ffda2f34f",
|
|
"value": "Determine if baseline security safeguards are appropriately installed - T1188"
|
|
},
|
|
{
|
|
"description": "Determine implications of new and upgraded technologies to the cybersecurity program",
|
|
"related": [],
|
|
"uuid": "3c5b8a9a-6adf-5e38-86b8-3c28169bc7b8",
|
|
"value": "Determine implications of new and upgraded technologies to the cybersecurity program - T1201"
|
|
},
|
|
{
|
|
"description": "Monitor cybersecurity data sources",
|
|
"related": [],
|
|
"uuid": "73b17469-b876-5815-be75-114c3f1184a3",
|
|
"value": "Monitor cybersecurity data sources - T1233"
|
|
},
|
|
{
|
|
"description": "Manage threat and target analysis",
|
|
"related": [],
|
|
"uuid": "18304935-a000-5d68-8c45-5eba7ed21edb",
|
|
"value": "Manage threat and target analysis - T1235"
|
|
},
|
|
{
|
|
"description": "Manage the production of threat information",
|
|
"related": [],
|
|
"uuid": "22282dc1-58b9-5e94-8d40-0d6de50e4a64",
|
|
"value": "Manage the production of threat information - T1236"
|
|
},
|
|
{
|
|
"description": "Oversee the cybersecurity training and awareness program",
|
|
"related": [],
|
|
"uuid": "e76cb8b1-490f-55ca-be2c-644994365068",
|
|
"value": "Oversee the cybersecurity training and awareness program - T1245"
|
|
},
|
|
{
|
|
"description": "Establish Security Assessment and Authorization processes",
|
|
"related": [],
|
|
"uuid": "4dfdaa8c-4014-583e-b35f-2e59a443a9c0",
|
|
"value": "Establish Security Assessment and Authorization processes - T1246"
|
|
},
|
|
{
|
|
"description": "Develop computer environment cybersecurity plans and requirements",
|
|
"related": [],
|
|
"uuid": "08f062bb-5b52-5243-a4de-ec67ce7b1723",
|
|
"value": "Develop computer environment cybersecurity plans and requirements - T1247"
|
|
},
|
|
{
|
|
"description": "Develop standard operating procedures for secure network system operations",
|
|
"related": [],
|
|
"uuid": "d4a58c55-d3f9-5433-8cbb-a21b387bb4a5",
|
|
"value": "Develop standard operating procedures for secure network system operations - T1284"
|
|
},
|
|
{
|
|
"description": "Distribute standard operating procedures",
|
|
"related": [],
|
|
"uuid": "9fa62b19-fc92-5ea1-a80f-cfefb1400a3f",
|
|
"value": "Distribute standard operating procedures - T1285"
|
|
},
|
|
{
|
|
"description": "Maintain standard operating procedures",
|
|
"related": [],
|
|
"uuid": "1d336e09-315e-5dc3-8cfc-b65a95b0955c",
|
|
"value": "Maintain standard operating procedures - T1286"
|
|
},
|
|
{
|
|
"description": "Provide cybersecurity awareness and training",
|
|
"related": [],
|
|
"uuid": "f415cee9-4d54-544e-b0b2-21cd84c983b5",
|
|
"value": "Provide cybersecurity awareness and training - T1295"
|
|
},
|
|
{
|
|
"description": "Communicate situational awareness information to leadership",
|
|
"related": [],
|
|
"uuid": "49db9745-6646-5d80-bf32-531e26baa900",
|
|
"value": "Communicate situational awareness information to leadership - T1298"
|
|
},
|
|
{
|
|
"description": "Recommend organizational cybersecurity resource allocations",
|
|
"related": [],
|
|
"uuid": "5bf737b7-f39e-5d6d-b8d4-82ef2b112dff",
|
|
"value": "Recommend organizational cybersecurity resource allocations - T1304"
|
|
},
|
|
{
|
|
"description": "Determine if appropriate threat mitigation actions have been taken",
|
|
"related": [],
|
|
"uuid": "d73f261e-876e-518b-9941-1f1c5731f763",
|
|
"value": "Determine if appropriate threat mitigation actions have been taken - T1317"
|
|
},
|
|
{
|
|
"description": "Manage computing environment system operations",
|
|
"related": [],
|
|
"uuid": "bbfd4d39-8a7c-5c5d-a0ee-40b1e746c69f",
|
|
"value": "Manage computing environment system operations - T1321"
|
|
},
|
|
{
|
|
"description": "Determine organizational compliance",
|
|
"related": [],
|
|
"uuid": "6ad35dcc-3737-5e6e-a275-7c497439476b",
|
|
"value": "Determine organizational compliance - T1373"
|
|
},
|
|
{
|
|
"description": "Forecast ongoing service demands",
|
|
"related": [],
|
|
"uuid": "41532ba8-7f0c-5e6b-81bd-051a52c6749a",
|
|
"value": "Forecast ongoing service demands - T1374"
|
|
},
|
|
{
|
|
"description": "Conduct periodic reviews of security assumptions",
|
|
"related": [],
|
|
"uuid": "ed3d2c53-865c-56f0-915d-d731dee504e6",
|
|
"value": "Conduct periodic reviews of security assumptions - T1375"
|
|
}
|
|
],
|
|
"version": 1
|
|
}
|