mukul975
3.8 KiB
Security Framework Mappings
This directory maps the 607+ cybersecurity skills in this repository to industry-standard security frameworks, enabling practitioners and AI agents to discover relevant skills through the lens of established security models.
Supported Frameworks
MITRE ATT&CK v15
The MITRE ATT&CK framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Skills are mapped to:
- Tactics (TA00xx) -- the adversary's tactical goals during an operation
- Techniques (T1xxx) -- the specific methods used to achieve those goals
- Sub-techniques (T1xxx.xxx) -- more granular variations of techniques
See mitre-attack/ for the full mapping and coverage analysis.
NIST Cybersecurity Framework 2.0
The NIST CSF 2.0 provides a taxonomy of high-level cybersecurity outcomes organized into 6 core functions:
| Function | Code | Description |
|---|---|---|
| Govern | GV | Establishing and monitoring cybersecurity risk management strategy |
| Identify | ID | Understanding organizational cybersecurity risk |
| Protect | PR | Safeguarding assets through security controls |
| Detect | DE | Finding and analyzing cybersecurity events |
| Respond | RS | Taking action regarding detected incidents |
| Recover | RC | Restoring capabilities after an incident |
See nist-csf/ for the full alignment and category mapping.
OWASP Top 10 (2025)
The OWASP Top 10 represents the most critical security risks to web applications. Skills are mapped to each risk category to provide hands-on remediation and testing capabilities.
See owasp/ for the full mapping.
How Mappings Work
Each skill in this repository has YAML frontmatter with domain, subdomain, and tags fields. Framework mappings aggregate skills by subdomain relevance and tag correlation:
Skill YAML frontmatter
-> subdomain (e.g., "penetration-testing")
-> tags (e.g., ["mitre-attack", "privilege-escalation"])
-> Framework mapping (e.g., ATT&CK TA0004 Privilege Escalation)
Mappings are maintained at the subdomain level for scalability. Individual skills may also carry framework-specific tags in their frontmatter for precise lookups.
Subdomain Distribution (607 skills)
| Subdomain | Skills | Primary Frameworks |
|---|---|---|
| cloud-security | 48 | ATT&CK, NIST CSF |
| threat-intelligence | 43 | ATT&CK, NIST CSF |
| web-application-security | 41 | ATT&CK, OWASP |
| threat-hunting | 35 | ATT&CK, NIST CSF |
| digital-forensics | 34 | ATT&CK, NIST CSF |
| malware-analysis | 34 | ATT&CK, NIST CSF |
| identity-access-management | 33 | ATT&CK, NIST CSF |
| network-security | 33 | ATT&CK, NIST CSF |
| soc-operations | 33 | ATT&CK, NIST CSF |
| api-security | 28 | OWASP, ATT&CK |
| ot-ics-security | 28 | ATT&CK (ICS), NIST CSF |
| container-security | 26 | ATT&CK, NIST CSF |
| incident-response | 24 | ATT&CK, NIST CSF |
| vulnerability-management | 24 | ATT&CK, NIST CSF, OWASP |
| penetration-testing | 23 | ATT&CK |
| red-teaming | 24 | ATT&CK |
| devsecops | 16 | NIST CSF, OWASP |
| endpoint-security | 16 | ATT&CK, NIST CSF |
| phishing-defense | 16 | ATT&CK, NIST CSF |
| cryptography | 13 | NIST CSF |
| zero-trust-architecture | 13 | NIST CSF |
| mobile-security | 12 | ATT&CK (Mobile), OWASP |
| compliance-governance | 5 | NIST CSF |
| ransomware-defense | 5 | ATT&CK, NIST CSF |
Contributing
To add or update a framework mapping:
- Identify the skill subdomain and relevant framework category
- Update the corresponding mapping file in the framework directory
- Ensure the skill's YAML frontmatter tags reflect the mapping
- Submit a pull request with the mapping justification