This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Watch a long video overview | Watch short video
View Framework in Google Sheets format (find most up to date copy at NIST)
MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. MITRE started this project in 2013 to document common tactics, techniques, and procedures (TTPs) that advanced persistent threats use against Windows enterprise networks.
The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Watch video shown right to learn more.
Listen and Learn about MITRE's ATT&CK "CyberThreat Encyclopedia"