ATT&CK-v9.0 Update (#71)

* Update navigator layers (#66). closes #65

* update layers property "navigator" to version 4.3

* update layers property "layer" to version 4.2

* update CHANGELOG.md

* Update mappingsToHeatmaps.py

"layer": "4.2" and "navigator": "4.3"

* Update CHANGELOG.md

* ATT&CK-v9.0 Update (#70)

* Update README.md

* Fixed typo

* Bump urllib3 from 1.25.9 to 1.26.5

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.9 to 1.26.5.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.25.9...1.26.5)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* rename folder /util to /src and reflect the change in the documentation

moved make.py into /src

* code quality refactor

* create requirements directory and move requirements.txt

* add new tests and GitHub Action workflow

* update .gitignore

* apply more findings from `flake8`, documentation updates, code tweaks

* add tests for the repo, add codecov badge, make config_location configurable

* some README updates

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* apply typo fix from @nickamon

* minor docs changes

* update repo requirements.txt

* Place control families in order, update hyperlinks

* update mappings with provided master copies, fix typos

* code quality updates

* script changes for new directory structure

* move base directory under `ATT&CK-v9.0/`

* fixes to scripts/code quality

* Update README.md

* Update README.md

* updates to mappings TSV for v9.0

* new layers for R4 v9.0 mappings

* new layers for R5 v9.0 mappings

* new stix data for R5 v9.0 mappings

* new stix data for R4 v9.0 mappings

* add ATT&CK-v8.2 directory

* update README.md

* flake8 changes

* fix for R4 layer README.md

* fix for R5 layer README.md

* update navigator layers and mappings for ATT&CK v8.2 R4

* update navigator layers and mappings for ATT&CK v8.2 R5

* add ATT&CK-v9.0 R4/R5 mappings xlsx

* changes to support new spreadsheet output format, support multi-version in make.py, tweak in mappings_to_heatmaps.py to support new repo structure

* update test_scripts.py with new repo structure

* ATT&CK-v8.2 parse code update

* update CONTRIBUTING.md

* update CHANGELOG.md

* update README.md

* update layer data for ATT&CK-v8.2 directory

* flake8 issues

* README.md update

* update other dependencies

* Update tox.ini

fix cov arguments to pytest

* Update README.md

* Update tox.ini

Co-authored-by: Isabel Tuson <[email protected]>
Co-authored-by: Jon Baker <[email protected]>
Co-authored-by: Ashaman MC <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mark Davidson <[email protected]>
Co-authored-by: Tiffany Bergeron <[email protected]>

* Update README.md

* Update README.md

* Update README.md

* Update README.md (#73)

Co-authored-by: Isabel Tuson <[email protected]>
Co-authored-by: Jon Baker <[email protected]>
Co-authored-by: Ashaman MC <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mark Davidson <[email protected]>
Co-authored-by: Tiffany Bergeron <[email protected]>

.github/workflows/ci-tests.yml

@@ -0,0 +1,29 @@
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Test Mappings
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Control Framework Tests
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v2
+        with:
+          # Semantic version range syntax or exact Python version
+          python-version: '3.8'
+      - name: Install and update essential dependencies
+        run: |
+          pip install -U pip setuptools
+          pip install tox-gh-actions
+      - name: Run tests
+        run: |
+          tox
+      - name: Upload Coverage to Codecov
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: coverage.xml
+          verbose: true

.gitignore

@@ -78,6 +78,9 @@ target/
 # Jupyter Notebook
 .ipynb_checkpoints
 
+# PyCharm
+.idea/
+
 # IPython
 profile_default/
 ipython_config.py

CHANGELOG.md

@@ -14,6 +14,20 @@
 <!--    ### Improvements                                                -->
 <!--    ### Fixes                                                       -->
 
+# 19 July 2021
+## nist800-53-r4 v2.0 and nist800-53-r5 v2.0
+### Fixes
+- Release of the security control mappings and tools updated with ATT&CK-v9.0, including layers and stix data
+- Update project structure to hold prior mappings created for this repo (ATT&CK-v8.2)
+- Update project structure and scripts, code quality updates, tests, coverage
+
+
+# 18 May 2021
+### Fixes
+- NIST 800-53 R4 layers updated with attack-navigator 4.3. See issue [#65](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/issues/65).
+- NIST 800-53 R5 layers updated with attack-navigator 4.3. See issue [#65](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/issues/65).
+- mappingsToHeatmaps.py also updated to indicate attack-navigator version 4.3.
+
 # 5 April 2021
 ## nist800-53-r5 v1.3
 ### Fixes
@@ -34,4 +48,4 @@
 ## nist800-53-r4 v1.0 and nist800-53-r5 v1.0
 - Initial release of security control framework mapping methodology and tools. 
 - Initial release of NIST 800-53 R4 mappings to ATT&CK version 8.1.
-- Initial release of NIST 800-53 R5 mappings to ATT&CK version 8.1.
+- Initial release of NIST 800-53 R5 mappings to ATT&CK version 8.1.

CONTRIBUTING.md

@@ -33,7 +33,7 @@ You're welcome to contribute improvements to the existing framework parsers. Suc
 
 ### New Framework-Agnostic Tools or Utilities
 
-Framework-agnostic tools and utilities may be added within the `util/` folder. 
+Framework-agnostic tools and utilities may be added within the `src/` folder. 
 - Such contributions should be framework agnostic: avoid hardcoded assumptions about which `x_mitre_` fields exist on the input framework since new frameworks may be added which don't implement common fields such as `x_mitre_family`.
 - If your utility is only relevant to certain control frameworks, you should instead put it in the framework directory next to the parser for the framework.
 

README.md

@@ -1,10 +1,21 @@
+[![codecov](https://codecov.io/gh/center-for-threat-informed-defense/attack-control-framework-mappings/branch/master/graph/badge.svg?token=PLVBGOUWMC)](https://codecov.io/gh/center-for-threat-informed-defense/attack-control-framework-mappings)
+
 # Security Control Framework Mappings to ATT&CK
 This repository contains security control framework mappings to MITRE ATT&CK® with supporting documentation and resources. These mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process. This work was developed by the [Center for Threat-Informed Defense](https://mitre-engenuity.org/center-for-threat-informed-defense/) in collaboration with our participants.
 
-| Security Control Framework | Mappings as XLSX | ATT&CK Navigator Layers | STIX Data |
-|------|------|------|--|
-| [NIST 800-53 Revision 4](/frameworks/nist800-53-r4/) | [Spreadsheet](/frameworks/nist800-53-r4/nist800-53-r4-mappings.xlsx) | [Navigator Layers](/frameworks/nist800-53-r4/layers) | [STIX](/frameworks/nist800-53-r4/stix) |
-| [NIST 800-53 Revision 5](/frameworks/nist800-53-r5/) | [Spreadsheet](/frameworks/nist800-53-r5/nist800-53-r5-mappings.xlsx) | [Navigator Layers](/frameworks/nist800-53-r5/layers) | [STIX](/frameworks/nist800-53-r5/stix) |
+**NIST 800-53 Revision 4 Security Control Mappings**
+
+| ATT&CK Version | Mappings as XLSX (download) | ATT&CK Navigator Layers | STIX Data |
+|---|---|---|---|
+| [ATT&CK-v9.0](/frameworks/ATT&CK-v9.0/nist800-53-r4/) | [Spreadsheet](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/raw/master/frameworks/ATT%26CK-v9.0/nist800-53-r4/nist800-53-r4-mappings.xlsx) | [Navigator Layers](/frameworks/ATT&CK-v9.0/nist800-53-r4/layers) | [STIX](/frameworks/ATT&CK-v9.0/nist800-53-r4/stix) |
+| [ATT&CK-v8.2](/frameworks/ATT&CK-v8.2/nist800-53-r4/) | [Spreadsheet](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/raw/master/frameworks/ATT%26CK-v8.2/nist800-53-r4/nist800-53-r4-mappings.xlsx) | [Navigator Layers](/frameworks/ATT&CK-v8.2/nist800-53-r4/layers) | [STIX](/frameworks/ATT&CK-v8.2/nist800-53-r4/stix) |
+
+**NIST 800-53 Revision 5 Security Control Mappings**
+
+| ATT&CK Version | Mappings as XLSX (download) | ATT&CK Navigator Layers | STIX Data |
+|---|---|---|---|
+| [ATT&CK-v9.0](/frameworks/ATT&CK-v9.0/nist800-53-r5/) | [Spreadsheet](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/raw/master/frameworks/ATT%26CK-v9.0/nist800-53-r5/nist800-53-r5-mappings.xlsx) | [Navigator Layers](/frameworks/ATT&CK-v9.0/nist800-53-r5/layers) | [STIX](/frameworks/ATT&CK-v9.0/nist800-53-r5/stix) |
+| [ATT&CK-v8.2](/frameworks/ATT&CK-v8.2/nist800-53-r5/) | [Spreadsheet](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/raw/master/frameworks/ATT%26CK-v8.2/nist800-53-r5/nist800-53-r5-mappings.xlsx) | [Navigator Layers](/frameworks/ATT&CK-v8.2/nist800-53-r5/layers) | [STIX](/frameworks/ATT&CK-v8.2/nist800-53-r5/stix) |
 
 ## A Collaborative Approach
 

docs/mapping_methodology.md

@@ -42,7 +42,7 @@ The previous three steps of the methodology provide the analytical context to id
 To continue with the example, further review and analysis confirms the identified control selection and the mappings can be created for the technique T1003 OS Credential Dumping and sub-technique T1003.001 LSASS Memory. The resultant mappings are listed below: 
 
 | Technique | Control(s) |
-| ---------- | -------- |
+|---|---|
 | T1003 | AC-3, AC-4 |
 | T1003	| CM-2, CM-6 |
 | T1003	| RA-5 |

docs/tooling.md

@@ -11,26 +11,26 @@ This document describes the python tools supplied to support the creation of new
 
 From the root directory of this repository:
 1. Create a virtual environment: 
-    - macOS and Linux: `python3 -m venv env`
+    - macOS and Linux: `python -m venv env`
     - Windows: `py -m venv env`
 2. Activate the virtual environment: 
     - macOS and Linux: `source env/bin/activate`
     - Windows: `env/Scripts/activate.bat`
-3. Install requirement packages: `pip3 install -r requirements.txt`
+3. Install requirement packages: `pip install -r requirements/requirements.txt`
 
 ## Usage
 
 ## Rebuilding the STIX data
 
-To rebuild all the data in the repository based on the most up-to-date input data, run `python3 make.py` within the root directory of the repository.
+To rebuild all the data in the repository based on the most up-to-date input data, run `python make.py` within the [src](/src/) directory of the repository.
 
 To rebuild the STIX data for a specific control framework:
-1. run `python3 parser.py` from within the folder of the given control framework. This will rebuild the raw STIX data from the input spreadsheets.
-2. Then use the scripts in [util](/util/) to regenerate the ancillary control data such as ATT&CK Navigator layers.
+1. run `python parser.py` from within the folder of the given control framework. This will rebuild the raw STIX data from the input spreadsheets.
+2. Then use the scripts in [src](/src/) to regenerate the ancillary control data such as ATT&CK Navigator layers.
 
 ## Utility scripts
 
-The [/util/](/util/) folder includes utility scripts designed to work with generic control frameworks and mappings that implement the format described in [the STIX format document](/docs/STIX_format.md). Please see the readme in the util folder for more details of the functionality of these scripts. The output of these scripts is already present within the framework folders; the scripts are provided for users who wish to extend or otherwise modify the defined mappings and need to rebuild the artifacts provided by this repository.
+The [/src/](/src/) folder includes utility scripts designed to work with generic control frameworks and mappings that implement the format described in [the STIX format document](/docs/STIX_format.md). Please see the readme in the util folder for more details of the functionality of these scripts. The output of these scripts is already present within the framework folders; the scripts are provided for users who wish to extend or otherwise modify the defined mappings and need to rebuild the artifacts provided by this repository.
 
 ## Tooling Architecture 
 If you wish to extend or otherwise modify the mappings provided in this repository, the data in the `/input/` folder of the framework may be modified. The python scripts provided in this repository transform this input data into the various output formats listed above. Please see the [install](#install) section for more on how to set up this repository for local use if you intend to extend the defined mappings. 

docs/use-cases.md

@@ -44,7 +44,7 @@ _The following use cases are intended to capture the operational context of user
 - Support the Security Engineer, system developers, and information system owner’s selection and implementation of security controls most appropriate in mitigating cyber attacks.
 - Support the CISO/ISSM in reviewing the adequacy of risk and gaps in overall threat defense; and identify which additional security controls are needed to mitigate cyber attacks.  
 - Determine security control suitability and participate in the selection of security controls for securing information systems against cyber attacks.
-- Validate NIST 800-53 (or other framework) compliance and maintain/achieve ongoing Approval to Opperate (ATO).
+- Validate NIST 800-53 (or other framework) compliance and maintain/achieve ongoing Approval to Operate (ATO).
 
 ### 6. As a Security Engineer, I want to (but not limited to)
 

docs/visualization.md

@@ -13,15 +13,15 @@ An excel spreadsheet is provided listing all of the mappings for each framework
 - [NIST 800-53 Revision 4 Mappings Spreadsheet](/frameworks/nist800-53-r4/nist800-53-r4-mappings.xlsx)
 - [NIST 800-53 Revision 5 Mappings Spreadsheet](/frameworks/nist800-53-r5/nist800-53-r5-mappings.xlsx)
 
-The [listMappings](/util/) script can be used to generate this same information in additional formats:
+The [listMappings](/src/) script can be used to generate this same information in additional formats:
 - Excel spreadsheet
 - CSV
 - HTML table
 - Markdown table
 
 ## Substituting Controls for ATT&CK Mitigations
 
-The [substitute.py](/util/substitute.py) utility script builds ATT&CK STIX bundles where controls and mappings take the place of ATT&CK mitigations, thereby enabling construction of the ATT&CK Website and ATT&CK Navigator with controls taking the place of mitigations. This section describes the usage of these specialty bundles, which can be found on this repo alongside their data in the framework `stix` folders:
+The [substitute.py](/src/substitute.py) utility script builds ATT&CK STIX bundles where controls and mappings take the place of ATT&CK mitigations, thereby enabling construction of the ATT&CK Website and ATT&CK Navigator with controls taking the place of mitigations. This section describes the usage of these specialty bundles, which can be found on this repo alongside their data in the framework `stix` folders:
 - [NIST 800-53 Revision 4 Substituted STIX bundle](/frameworks/nist800-53-r4/stix/nist800-53-r4-enterprise-attack.json)
 - [NIST 800-53 Revision 5 Substituted STIX bundle](/frameworks/nist800-53-r5/stix/nist800-53-r5-enterprise-attack.json)
 

frameworks/nist800-53-r4/README.md → frameworks/ATT&CK-v8.2/nist800-53-r4/README.md

@@ -1,10 +1,10 @@
 # NIST Special Publication 800-53 Revision 4 Control Mappings
 
-This folder contains mappings of NIST Special Publication (SP) 800-53 Revision 4 to MITRE ATT&CK along with parsers and supporting data.
+This folder contains mappings of NIST Special Publication (SP) 800-53 Revision 4 to MITRE ATT&CK v8.2 along with parsers and supporting data.
 
 | Mappings Version | Last Updated      | ATT&CK Version | ATT&CK Domain |
 |------------------|-------------------|----------------|---------------|
-| 1.2              | 3 February 2021  | [ATT&CK v8.1](https://attack.mitre.org/resources/versions/) | Enterprise |
+| 1.3              | 3 February 2021  | [ATT&CK v8.2](https://attack.mitre.org/resources/versions/) | Enterprise |
 
 | Data ||
 |------|------|

frameworks/nist800-53-r4/input/config.json → frameworks/ATT&CK-v8.2/nist800-53-r4/input/config.json

@@ -1,6 +1,6 @@
 {
     "framework_id": "NIST 800-53 Revision 4",
     "attack_domain": "enterprise-attack",
-    "attack_version": "v8.1",
-    "mappings_version": "v1.2"
+    "attack_version": "v8.2",
+    "mappings_version": "v1.3"
 }