Mapping OSCAL to Attack Techniques

[xee5ch]

I discovered another interesting research project out of MITRE, CICAT:

CICAT is a modeling and simulation tool for evaluating how an adversary might conduct a cyber attack. CICAT uses a threat model that leverages open source cyber threat data provided by MITRE Enterprise ATT&CK™ and ATT&CK for ICS.

It would be wonderful to 1) expand this beyond applications beyond ICS and 2) most importantly map attacks and defenses from ATT&CK mapping to structured system data about its defenses written in OSCAL.

Anyone agree? Thoughts?

[iMichaela]

@xee5ch - I discussed this mapping idea long ago (1-1.5 years ago) with the D3FENSE tech lead. I wanted to use OSCAL for the mapping by generating the D3FENSE capabilities in OSCAL CDef with links to the ATT&CK threats mapped by MITRE. The answer I received was positive only under the condition of being funded to do so. There might be other ways of representing the information but research would be needed and the best approach will depend on the use case.