More Fun with MITRE ATT&CK Navigator and NIST SP 800-53

Part 2

Author Elaine Harrison-Neukirch

In part 1 of Fun with MITRE ATT&CK Navigator and NIST SP 800-53, I introduced MITRE ATT&CK, ATT&CK Navigator, NIST SP 800-53 R5 and the Attack-Control-Framework-Mappings GitHub project.

This integration of MITRE's ATT&CK Navigator and the NIST 800-53 security controls gives Blue Teamers the ability to visualize the techniques used by attackers and the security controls that mitigate those attacks.

In this blog, you will learn how to use the online version of MITRE’s ATT&CK Navigator and The Center for Threat Informed Defense’s NIST 800-53 R5 Security Control Framework Mappings. This tool is useful for Blue Teams trying to close gaps in defenses and for anyone who works with NIST risk assessments.

How to get started

At first glance, the Github page for the Security Control Framework Mappings to ATT&CK may seem overwhelming. There are several components to this page. The first step is to read the README.md.

The first section of the README.md contains a NIST 800-53 R5 mappings spreadsheet. This document lists the NIST 800-53 controls and maps them to the associated MITRE ATT&CK techniques. The spreadsheet can be a useful tool as a quick reference. The NIST 800-53 R5 spreadsheet can be downloaded here.

The README.md contains a summary of the repository contents:

  • Frameworks

  • Mapping Methodology

  • Tooling

  • Use Cases

  • STIX Format

  • Visualizations

  • Contributing

  • Changelog

When I first came upon this Github project, I made it a point to read everything. The information gave me a better understanding of the project and how it can be used. I will not go over every section of the README.md but do want to highlight the Use Cases Section.

Use Cases

The Use Cases section presents scenarios to facilitate the use of the ATT&CK Navigator and the NIST 800-53 R5 mappings. For my example, I am using use case scenario #4. In an attempt to keep my example simple, I will be selecting a Threat G