mirror of
https://github.com/cisagov/ScubaGoggles.git
synced 2026-07-17 00:47:28 +02:00
Add MITRE ATT&CK TTP mapping (Oct 2025 Update) (#909)
* scuba_constants: change OPA_VERSION from "v1.0.1" to "v1.13.1" (#885) * branch baseline updates * needed for branch updates * deleted extra space after TTP names * Update .gitignore Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> --------- Co-authored-by: Roy Lane <rlane@mitre.org> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com>
This commit is contained in:
+1
-1
@@ -27,4 +27,4 @@ scubagoggles.egg-info
|
||||
opa
|
||||
opa_windows_amd64.exe
|
||||
opa_darwin_amd64
|
||||
opa_linux_amd64_static
|
||||
opa_linux_amd64_static
|
||||
|
||||
@@ -180,6 +180,7 @@ External chat messaging SHALL be restricted to allowlisted domains only.
|
||||
- _NIST SP 800-53 Rev. 5 FedRAMP High Baseline Mapping:_ AC-3
|
||||
- MITRE ATT&CK TTP Mapping
|
||||
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
|
||||
- [T1213.005: Data from Information Repositories: Messaging Applications](https://attack.mitre.org/techniques/T1213/005/)
|
||||
|
||||
### Resources
|
||||
|
||||
|
||||
@@ -113,6 +113,7 @@ DKIM SHOULD be enabled for all domains.
|
||||
- [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
|
||||
- [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)
|
||||
- [T1434: Internal Spear Phishing](https://attack.mitre.org/techniques/T1434/)
|
||||
- [T1672: Email Spoofing](https://attack.mitre.org/techniques/T1672/)
|
||||
|
||||
### Resources
|
||||
|
||||
@@ -166,6 +167,9 @@ An SPF policy SHALL be published for each domain that fails all non-approved sen
|
||||
- [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
|
||||
- [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)
|
||||
- [T1566:003: Phishing: Spearphishing via Service](https://attack.mitre.org/techniques/T1566/003/)
|
||||
- [T1672: Email Spoofing](https://attack.mitre.org/techniques/T1672/)
|
||||
- [T1598: Phishing for Information](https://attack.mitre.org/techniques/T1598/)
|
||||
- [T1598.003: Phishing for Information: Spearphishing Link](https://attack.mitre.org/techniques/T1598/003/)
|
||||
|
||||
### Resources
|
||||
|
||||
@@ -211,7 +215,9 @@ A DMARC policy SHALL be published at the full domain or the second-level domain
|
||||
- User alias domains provide an alternative email address to send or receive email and therefore must have a DMARC policy in place.
|
||||
- _NIST SP 800-53 Rev. 5 FedRAMP High Baseline Mapping:_ SI-8
|
||||
- MITRE ATT&CK TTP Mapping
|
||||
- None
|
||||
- [T1672: Email Spoofing](https://attack.mitre.org/techniques/T1672/)
|
||||
- [T1598: Phishing for Information](https://attack.mitre.org/techniques/T1598/)
|
||||
- [T1598.003: Phishing for Information: Spearphishing Link](https://attack.mitre.org/techniques/T1598/003/)
|
||||
|
||||
#### GWS.GMAIL.4.2v0.6
|
||||
The DMARC message rejection option SHALL be p=reject.
|
||||
@@ -229,6 +235,7 @@ The DMARC message rejection option SHALL be p=reject.
|
||||
- [T1566:003: Phishing: Spearphishing via Service](https://attack.mitre.org/techniques/T1566/003/)
|
||||
- [T1586:002: Compromise Accounts](https://attack.mitre.org/techniques/T1586/)
|
||||
- [T1586:002: Compromise Accounts: Email Accounts](https://attack.mitre.org/techniques/T1586/002/)
|
||||
- [T1672: Email Spoofing](https://attack.mitre.org/techniques/T1672/)
|
||||
|
||||
#### GWS.GMAIL.4.3v0.6
|
||||
The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cyber.dhs.gov`.
|
||||
|
||||
Reference in New Issue
Block a user