{ "authors": [ "NIST", "Jean-Louis Huynen" ], "category": "workforce", "description": "Tasks based on the NIST NICE framework", "name": "NICE Tasks", "source": "https://csrc.nist.gov/pubs/sp/800/181/r1/final", "type": "nice-framework-tasks", "uuid": "6bcf78de-a3fb-4636-90bc-95a86817ad65", "values": [ { "description": "Employ secure configuration management processes", "related": [], "uuid": "8bff1e4a-7d09-535e-b272-79e281e6bb09", "value": "Employ secure configuration management processes - T0084" }, { "description": "Translate proposed capabilities into technical requirements", "related": [], "uuid": "4aea85ca-bd37-5da8-92bd-82db9a0f0653", "value": "Translate proposed capabilities into technical requirements - T0542" }, { "description": "Communicate enterprise information technology architecture", "related": [], "uuid": "79b8aadb-ecf8-5b4f-b14e-077e5dd17ed6", "value": "Communicate enterprise information technology architecture - T1010" }, { "description": "Determine special needs of cyber-physical systems", "related": [], "uuid": "27fde591-3d44-596d-9e7d-1ff60fb963ba", "value": "Determine special needs of cyber-physical systems - T1019" }, { "description": "Determine the operational and safety impacts of cybersecurity lapses", "related": [], "uuid": "07879643-ce6e-5cab-af2d-975e0569136e", "value": "Determine the operational and safety impacts of cybersecurity lapses - T1020" }, { "description": "Integrate organizational goals and objectives into security architecture", "related": [], "uuid": "c3664a7c-b611-547f-a5d6-226889bb8ca8", "value": "Integrate organizational goals and objectives into security architecture - T1027" }, { "description": "Implement organizational evaluation and validation criteria", "related": [], "uuid": "788c9ac6-444e-535d-90d5-b14208e0b886", "value": "Implement organizational evaluation and validation criteria - T1029" }, { "description": "Assess the organization's cybersecurity architecture", "related": [], "uuid": "6ee18892-5c36-5337-827c-0dfe76ebbf09", "value": "Assess the organization's cybersecurity architecture - T1077" }, { "description": "Perform privacy impact assessments (PIAs)", "related": [], "uuid": "300a86c1-b6fc-52ed-9220-eafa6fab4fe7", "value": "Perform privacy impact assessments (PIAs) - T1096" }, { "description": "Configure network hubs, routers, and switches", "related": [], "uuid": "490a578a-31a2-51ff-a4e1-99eed0faa06f", "value": "Configure network hubs, routers, and switches - T1100" }, { "description": "Optimize network hubs, routers, and switches", "related": [], "uuid": "60cd5453-4482-5bd6-ad31-429d67f94c23", "value": "Optimize network hubs, routers, and switches - T1101" }, { "description": "Determine essential system capabilities and business functions", "related": [], "uuid": "a0895c62-c4d5-5692-b16f-846d49e5a9e4", "value": "Determine essential system capabilities and business functions - T1122" }, { "description": "Prioritize essential system capabilities and business functions", "related": [], "uuid": "e803b7cf-e285-5f4d-9076-9834081e7923", "value": "Prioritize essential system capabilities and business functions - T1123" }, { "description": "Restore essential system capabilities and business functions after catastrophic failure events", "related": [], "uuid": "a5d8ac07-7f8a-5cbd-b73f-c7600f4711dc", "value": "Restore essential system capabilities and business functions after catastrophic failure events - T1124" }, { "description": "Define system availability levels", "related": [], "uuid": "34a31ddd-f2ac-5d3c-8cb6-9c437ee385fd", "value": "Define system availability levels - T1125" }, { "description": "Determine disaster recovery and continuity of operations system requirements", "related": [], "uuid": "cbcef3ff-e4b5-573e-b36d-146ea0321c56", "value": "Determine disaster recovery and continuity of operations system requirements - T1126" }, { "description": "Develop cybersecurity designs for systems and networks with multilevel security requirements", "related": [], "uuid": "36615262-d3e9-52b0-bf78-92d9afb77291", "value": "Develop cybersecurity designs for systems and networks with multilevel security requirements - T1151" }, { "description": "Develop cybersecurity designs for systems and networks that require processing of multiple data classification levels", "related": [], "uuid": "cd020251-8bef-522b-823d-96b048fef3c1", "value": "Develop cybersecurity designs for systems and networks that require processing of multiple data classification levels - T1152" }, { "description": "Integrate cybersecurity designs for systems and networks", "related": [], "uuid": "650ca951-cd7e-52e7-8fff-4ecf222e3531", "value": "Integrate cybersecurity designs for systems and networks - T1153" }, { "description": "Define acquisition life cycle cybersecurity architecture requirements", "related": [], "uuid": "cfb20094-eee6-5938-9a90-db99898aa484", "value": "Define acquisition life cycle cybersecurity architecture requirements - T1168" }, { "description": "Define acquisition life cycle systems security engineering requirements", "related": [], "uuid": "cbf0a112-8d72-52dd-baf4-b3da927477d2", "value": "Define acquisition life cycle systems security engineering requirements - T1169" }, { "description": "Determine if systems and architecture are consistent with cybersecurity architecture guidelines", "related": [], "uuid": "9171a0bb-97cb-5bad-b41b-f6dd3d2738da", "value": "Determine if systems and architecture are consistent with cybersecurity architecture guidelines - T1179" }, { "description": "Perform security reviews", "related": [], "uuid": "251537f0-b0c6-5cb4-86d4-8c4a8543d487", "value": "Perform security reviews - T1263" }, { "description": "Identify gaps in security architecture", "related": [], "uuid": "98c25dc1-b432-59ab-a874-f4db9700d41a", "value": "Identify gaps in security architecture - T1264" }, { "description": "Develop a cybersecurity risk management plan", "related": [], "uuid": "1421c3bc-1ef2-5b98-a145-a3414159540e", "value": "Develop a cybersecurity risk management plan - T1265" }, { "description": "Advise on security requirements to be included in statements of work", "related": [], "uuid": "287ed80e-7a8e-5e43-a002-404748cd6584", "value": "Advise on security requirements to be included in statements of work - T1293" }, { "description": "Advise on Risk Management Framework process activities and documentation", "related": [], "uuid": "49c1c17e-57ad-5c65-aa7a-a3e6e13c1f93", "value": "Advise on Risk Management Framework process activities and documentation - T1294" }, { "description": "Determine the impact of new system and interface implementations on organization's cybersecurity posture", "related": [], "uuid": "18caf8b7-c76a-59b5-9347-75111625c8a5", "value": "Determine the impact of new system and interface implementations on organization's cybersecurity posture - T1361" }, { "description": "Document impact of new system and interface implementations on organization's cybersecurity posture", "related": [], "uuid": "0d724994-72ac-5db1-9a6f-14ddf1ef3be9", "value": "Document impact of new system and interface implementations on organization's cybersecurity posture - T1362" }, { "description": "Plan system security development", "related": [], "uuid": "c5253504-a6bd-5dd7-b980-1718988fd0b3", "value": "Plan system security development - T1363" }, { "description": "Conduct system security development", "related": [], "uuid": "1e4d797b-bc66-5a02-bf93-dbffc6214df4", "value": "Conduct system security development - T1364" }, { "description": "Allocate cybersecurity services", "related": [], "uuid": "65609788-de4d-5f53-bb70-15a3af880ea2", "value": "Allocate cybersecurity services - T1403" }, { "description": "Select cybersecurity mechanisms", "related": [], "uuid": "f11a20a0-6644-568e-954d-507d323b4809", "value": "Select cybersecurity mechanisms - T1404" }, { "description": "Develop system security contexts", "related": [], "uuid": "8f2ab070-5a93-5208-b276-7ad369c16388", "value": "Develop system security contexts - T1410" }, { "description": "Create system security concept of operations (ConOps) documents", "related": [], "uuid": "b9cd61d9-2b23-535a-9c03-ecdd7fc24ec6", "value": "Create system security concept of operations (ConOps) documents - T1423" }, { "description": "Determine cybersecurity design and architecture effectiveness", "related": [], "uuid": "f910abad-e99b-524c-88a6-e34eea1cc78d", "value": "Determine cybersecurity design and architecture effectiveness - T1426" }, { "description": "Create cybersecurity architecture functional specifications", "related": [], "uuid": "acfb1e58-03fd-5b9d-81cc-014ff74782cb", "value": "Create cybersecurity architecture functional specifications - T1434" }, { "description": "Determine user requirements", "related": [], "uuid": "a190d419-307e-56fe-90ce-3d931015a8f9", "value": "Determine user requirements - T1507" }, { "description": "Plan cybersecurity architecture", "related": [], "uuid": "1b39be56-1dd9-51c6-bc23-c48e1e797358", "value": "Plan cybersecurity architecture - T1508" }, { "description": "Design system security measures", "related": [], "uuid": "490f0d80-caa1-520a-86c4-7653264f0a93", "value": "Design system security measures - T1519" }, { "description": "Update system security measures", "related": [], "uuid": "14585968-7335-5774-ace2-72968e1177ae", "value": "Update system security measures - T1520" }, { "description": "Develop enterprise architecture", "related": [], "uuid": "cdff3f8b-53d7-5d76-8326-6b5c915c8923", "value": "Develop enterprise architecture - T1521" }, { "description": "Define baseline system security requirements", "related": [], "uuid": "192155ab-745f-5a31-a344-11866a12cb7c", "value": "Define baseline system security requirements - T1527" }, { "description": "Create definition activity documentation", "related": [], "uuid": "9517f98b-acc6-50f8-a83c-c1c670409633", "value": "Create definition activity documentation - T1544" }, { "description": "Create architecture activity documentation", "related": [], "uuid": "04d896ee-93a3-50d3-b602-be01a54de8ed", "value": "Create architecture activity documentation - T1545" }, { "description": "Identify system and network protection needs", "related": [], "uuid": "cc09f262-6665-55e7-b29f-571a11cded34", "value": "Identify system and network protection needs - T1556" }, { "description": "Implement system security measures", "related": [], "uuid": "1d2d0316-1a7f-58e0-aa34-74af6bbb0fa1", "value": "Implement system security measures - T1563" }, { "description": "Determine effectiveness of system implementation and testing processes", "related": [], "uuid": "1b805d0c-a1f1-54c5-ba3d-d47f4d0932df", "value": "Determine effectiveness of system implementation and testing processes - T1583" }, { "description": "Conduct cybersecurity management assessments", "related": [], "uuid": "b74990a9-e7aa-5d56-8afe-051e2d59ee2a", "value": "Conduct cybersecurity management assessments - T1627" }, { "description": "Design cybersecurity management functions", "related": [], "uuid": "1efdc40a-9299-5631-8b54-01dc8c8cab10", "value": "Design cybersecurity management functions - T1628" }, { "description": "Develop secure code and error handling", "related": [], "uuid": "ec37e9c0-93f9-57cd-960b-13305a8f6f07", "value": "Develop secure code and error handling - T0077" }, { "description": "Consult with customers about software system design and maintenance", "related": [], "uuid": "46b964d0-baf8-532a-8a06-4f101fe8b93a", "value": "Consult with customers about software system design and maintenance - T0311" }, { "description": "Recommend development of new applications or modification of existing applications", "related": [], "uuid": "ecc44267-9faa-5200-90e1-2831f25b0866", "value": "Recommend development of new applications or modification of existing applications - T1067" }, { "description": "Create development plans for new applications or modification of existing applications", "related": [], "uuid": "edd41447-5602-53d0-b21d-51e67e6d4d3e", "value": "Create development plans for new applications or modification of existing applications - T1068" }, { "description": "Evaluate software design plan timelines and cost estimates", "related": [], "uuid": "84904ac3-42a0-5bb6-8aa2-0c29036c04aa", "value": "Evaluate software design plan timelines and cost estimates - T1071" }, { "description": "Perform code reviews", "related": [], "uuid": "9bbf5002-e1c7-551c-92ea-a1440f382780", "value": "Perform code reviews - T1073" }, { "description": "Prepare secure code documentation", "related": [], "uuid": "df759ece-26d6-5664-a64f-bf767c94fd96", "value": "Prepare secure code documentation - T1074" }, { "description": "Integrate software cybersecurity objectives into project plans and schedules", "related": [], "uuid": "a9612328-263c-5246-8bad-7c802f3086cc", "value": "Integrate software cybersecurity objectives into project plans and schedules - T1082" }, { "description": "Determine project security controls", "related": [], "uuid": "2a51ad41-46b8-5b4d-bd2e-d75f7dd1da54", "value": "Determine project security controls - T1083" }, { "description": "Create program documentation during initial development and subsequent revision phases", "related": [], "uuid": "764caf3d-cbe8-55a0-8bc0-9b5826d4f3c1", "value": "Create program documentation during initial development and subsequent revision phases - T1089" }, { "description": "Determine system performance requirements", "related": [], "uuid": "4d74e300-d2d5-522c-9024-122f5e432c06", "value": "Determine system performance requirements - T1098" }, { "description": "Design application interfaces", "related": [], "uuid": "c7d83380-cfa4-5414-870b-76484415b307", "value": "Design application interfaces - T1099" }, { "description": "Evaluate interfaces between hardware and software", "related": [], "uuid": "4a467bfd-8d27-56c3-930d-4ad1d6b0bf74", "value": "Evaluate interfaces between hardware and software - T1108" }, { "description": "Correct program errors", "related": [], "uuid": "d30c0988-25bf-559e-b4da-1b3b3d3b1392", "value": "Correct program errors - T1116" }, { "description": "Determine if desired program results are produced", "related": [], "uuid": "e7f315c7-6794-5050-b718-a14182a492f1", "value": "Determine if desired program results are produced - T1117" }, { "description": "Design and develop software systems", "related": [], "uuid": "f987ca42-85ba-580d-9517-a1522b0e6c66", "value": "Design and develop software systems - T1135" }, { "description": "Determine hardware configuration", "related": [], "uuid": "9344929b-ec05-56f3-96ed-6b28ae920c00", "value": "Determine hardware configuration - T1190" }, { "description": "Identify common coding flaws", "related": [], "uuid": "a5f5c44c-6daa-5b0d-8c65-199f0d6a62af", "value": "Identify common coding flaws - T1197" }, { "description": "Determine software development security implications within centralized and decentralized environments across the enterprise", "related": [], "uuid": "69330ddf-ba43-5367-88fd-cc35c360c419", "value": "Determine software development security implications within centralized and decentralized environments across the enterprise - T1202" }, { "description": "Implement software development cybersecurity methodologies within centralized and decentralized environments across the enterprise", "related": [], "uuid": "7fefaea9-336e-5b42-82ae-8e4484d0e9d9", "value": "Implement software development cybersecurity methodologies within centralized and decentralized environments across the enterprise - T1203" }, { "description": "Determine cybersecurity measures for steady state operation and management of software", "related": [], "uuid": "65807c8d-911e-5ed9-867b-4f5b54ee5920", "value": "Determine cybersecurity measures for steady state operation and management of software - T1204" }, { "description": "Incorporate product end-of-life cybersecurity measures", "related": [], "uuid": "92da1e6c-8993-502a-8595-ed844aad239f", "value": "Incorporate product end-of-life cybersecurity measures - T1205" }, { "description": "Perform integrated quality assurance testing", "related": [], "uuid": "7e66254f-6329-5b56-9067-ae1be9a0bf24", "value": "Perform integrated quality assurance testing - T1258" }, { "description": "Mitigate programming vulnerabilities", "related": [], "uuid": "336a9223-8700-57d7-9067-e8a2c2f0632a", "value": "Mitigate programming vulnerabilities - T1261" }, { "description": "Identify programming code flaws", "related": [], "uuid": "173e60f3-e1c9-511b-b762-d884605aa326", "value": "Identify programming code flaws - T1262" }, { "description": "Conduct risk analysis of applications and systems undergoing major changes", "related": [], "uuid": "0e459f4d-cc70-5d3f-8996-7e1e34f2959a", "value": "Conduct risk analysis of applications and systems undergoing major changes - T1269" }, { "description": "Develop workflow charts and diagrams", "related": [], "uuid": "a0937b5b-56e7-5d65-8253-2c7772337cee", "value": "Develop workflow charts and diagrams - T1280" }, { "description": "Convert workflow charts and diagrams into coded computer language instructions", "related": [], "uuid": "bac4b901-cc7f-5bd5-88a2-3e0f07b8d47a", "value": "Convert workflow charts and diagrams into coded computer language instructions - T1281" }, { "description": "Address security implications in the software acceptance phase", "related": [], "uuid": "250675b2-a6d3-5546-898e-93e1ae23f062", "value": "Address security implications in the software acceptance phase - T1302" }, { "description": "Analyze system capabilities and requirements", "related": [], "uuid": "5b5b9de6-b7ae-51cd-bba4-556645d97396", "value": "Analyze system capabilities and requirements - T1309" }, { "description": "Integrate security requirements into application design elements", "related": [], "uuid": "b05fcffb-f088-54b0-86b9-e11665517205", "value": "Integrate security requirements into application design elements - T1318" }, { "description": "Document software attack surface elements", "related": [], "uuid": "1c32acd1-c147-547b-9688-1e2b5220c68e", "value": "Document software attack surface elements - T1319" }, { "description": "Conduct threat modeling", "related": [], "uuid": "aa97e4e7-fd42-5fd5-a17c-d521a68fc806", "value": "Conduct threat modeling - T1320" }, { "description": "Design programming language exploitation countermeasures and mitigations", "related": [], "uuid": "654331c4-ad47-54f4-a8d1-7bcb63e2cfa3", "value": "Design programming language exploitation countermeasures and mitigations - T1360" }, { "description": "Design and develop secure applications", "related": [], "uuid": "97693b72-e88d-5440-a6f9-91b03817a826", "value": "Design and develop secure applications - T1400" }, { "description": "Develop software documentation", "related": [], "uuid": "cae77688-6c0a-5a2b-b403-433388aec6f2", "value": "Develop software documentation - T1422" }, { "description": "Integrate public key cryptography into applications", "related": [], "uuid": "52d9d8fc-8695-5f8d-920e-858162e11afe", "value": "Integrate public key cryptography into applications - T1499" }, { "description": "Analyze feasibility of software design within time and cost constraints", "related": [], "uuid": "00658566-ae9e-5693-9ee5-511b59c940ef", "value": "Analyze feasibility of software design within time and cost constraints - T1509" }, { "description": "Conduct trial runs of programs and software applications", "related": [], "uuid": "f1ebb069-18e1-5cf4-9b79-bf7b1ba04854", "value": "Conduct trial runs of programs and software applications - T1513" }, { "description": "Develop software system testing and validation procedures", "related": [], "uuid": "eb68e74d-710c-5ff3-ae06-67341341a318", "value": "Develop software system testing and validation procedures - T1528" }, { "description": "Create software system documentation", "related": [], "uuid": "5634da1b-ee4f-5dce-9cf9-2c5f97693347", "value": "Create software system documentation - T1529" }, { "description": "Adapt software to new hardware", "related": [], "uuid": "8b8a5569-4c2a-54bc-b9a6-c6d9c914b99e", "value": "Adapt software to new hardware - T1575" }, { "description": "Upgrade software interfaces", "related": [], "uuid": "2bf6b9f5-8e25-588d-a621-1e126930a9ec", "value": "Upgrade software interfaces - T1576" }, { "description": "Improve software performance", "related": [], "uuid": "b0d6b05b-0bbb-55a4-a52d-6b5b4884f34b", "value": "Improve software performance - T1577" }, { "description": "Conduct vulnerability analysis of software patches and updates", "related": [], "uuid": "8379d0da-4089-5d0c-af82-b115e1cd2be2", "value": "Conduct vulnerability analysis of software patches and updates - T1624" }, { "description": "Prepare vulnerability analysis reports", "related": [], "uuid": "a4902834-2c15-5b32-99a9-43662d3d42bf", "value": "Prepare vulnerability analysis reports - T1625" }, { "description": "Implement security designs for new or existing systems", "related": [], "uuid": "7f7444cd-9bb9-50ee-b93d-271a7d913b6c", "value": "Implement security designs for new or existing systems - T0122" }, { "description": "Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts)", "related": [], "uuid": "577de367-3b46-5a99-a35d-a35bdd322ebf", "value": "Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts) - T0124" }, { "description": "Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information)", "related": [], "uuid": "e6b60872-96c1-5552-a505-2d3ae9b4a153", "value": "Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked o - T0271" }, { "description": "Review enterprise information technology (IT) goals and objectives", "related": [], "uuid": "97a2f7f9-9983-55c0-80c6-f2d7a731f0c5", "value": "Review enterprise information technology (IT) goals and objectives - T1022" }, { "description": "Determine procurement requirements", "related": [], "uuid": "ac1dd0d4-6aa4-5919-aff0-72f69d8688cc", "value": "Determine procurement requirements - T1026" }, { "description": "Estimate the impact of collateral damage", "related": [], "uuid": "874d14a7-1d03-56fc-8d05-1019dafe4438", "value": "Estimate the impact of collateral damage - T1030" }, { "description": "Determine impact of software configurations", "related": [], "uuid": "a005dabf-636d-5c78-8097-9e4760d727f2", "value": "Determine impact of software configurations - T1041" }, { "description": "Assess operation performance", "related": [], "uuid": "5914a140-8cb5-558f-a74b-423c783948fd", "value": "Assess operation performance - T1046" }, { "description": "Assess operation impact", "related": [], "uuid": "ab618206-2df2-57ff-916a-0b7fa016d2c2", "value": "Assess operation impact - T1047" }, { "description": "Determine life cycle support requirements", "related": [], "uuid": "02471da1-f2f4-5dba-96e5-a344ce8b907e", "value": "Determine life cycle support requirements - T1072" }, { "description": "Implement application cybersecurity policies", "related": [], "uuid": "1777cc43-de1e-50ed-a5aa-e8602bdf6edc", "value": "Implement application cybersecurity policies - T1075" }, { "description": "Determine effectiveness of system cybersecurity measures", "related": [], "uuid": "f1fe2918-eb75-5651-af04-ab672a4ee366", "value": "Determine effectiveness of system cybersecurity measures - T1078" }, { "description": "Develop cybersecurity risk profiles", "related": [], "uuid": "66f62ba1-a9cd-5b8d-90a8-4e29f8300ef6", "value": "Develop cybersecurity risk profiles - T1079" }, { "description": "Create product prototypes using working and theoretical models", "related": [], "uuid": "8ea14df6-0096-58af-82bc-f93a0cf42c1e", "value": "Create product prototypes using working and theoretical models - T1081" }, { "description": "Identify anomalous network activity", "related": [], "uuid": "980e2118-5472-53f1-804c-0a7aa9c0e17b", "value": "Identify anomalous network activity - T1084" }, { "description": "Identify vulnerabilities", "related": [], "uuid": "b3c5f1ed-1cb6-5c0b-a000-304fbfa4ae92", "value": "Identify vulnerabilities - T1118" }, { "description": "Recommend vulnerability remediation strategies", "related": [], "uuid": "dd6f8009-5e6e-5a14-97b8-e5855499e9ab", "value": "Recommend vulnerability remediation strategies - T1119" }, { "description": "Design cybersecurity or cybersecurity-enabled products", "related": [], "uuid": "d6cb403f-ead4-545d-9689-8841c8b2fe97", "value": "Design cybersecurity or cybersecurity-enabled products - T1128" }, { "description": "Develop cybersecurity or cybersecurity-enabled products", "related": [], "uuid": "905c7fcb-c67a-5bc0-97e4-e3684d94a2a6", "value": "Develop cybersecurity or cybersecurity-enabled products - T1129" }, { "description": "Determine if hardware, operating systems, and software applications adequately address cybersecurity requirements", "related": [], "uuid": "b7ad35bc-c67e-5c1f-ac28-e2f934362352", "value": "Determine if hardware, operating systems, and software applications adequately address cybersecurity requirements - T1131" }, { "description": "Design system data backup capabilities", "related": [], "uuid": "0ba17638-c767-537c-82a9-8b1fd8a202a4", "value": "Design system data backup capabilities - T1132" }, { "description": "Develop technical and procedural processes for integrity of stored backup data", "related": [], "uuid": "54f8dc5e-895f-5986-bdbd-f22c2259dd16", "value": "Develop technical and procedural processes for integrity of stored backup data - T1133" }, { "description": "Develop technical and procedural processes for backup data storage", "related": [], "uuid": "e378d2d6-f996-5f15-9068-ca5c64838f60", "value": "Develop technical and procedural processes for backup data storage - T1134" }, { "description": "Create system testing and validation procedures and documentation", "related": [], "uuid": "25ac4e48-3e3e-55fb-9721-cab061787c74", "value": "Create system testing and validation procedures and documentation - T1138" }, { "description": "Develop systems security design documentation", "related": [], "uuid": "dbfda627-7eb8-57ec-b742-992f546df64b", "value": "Develop systems security design documentation - T1148" }, { "description": "Develop disaster recovery and continuity of operations plans for systems under development", "related": [], "uuid": "75e2ca42-6b93-5737-9955-0590016f66e1", "value": "Develop disaster recovery and continuity of operations plans for systems under development - T1149" }, { "description": "Test disaster recovery and continuity of operations plans for systems prior to deployment", "related": [], "uuid": "b4a23e68-13ac-58b1-92e5-0be6c5fd444a", "value": "Test disaster recovery and continuity of operations plans for systems prior to deployment - T1150" }, { "description": "Develop risk mitigation strategies", "related": [], "uuid": "fb812192-c46f-5105-9ac9-a8819db78fa0", "value": "Develop risk mitigation strategies - T1160" }, { "description": "Resolve system vulnerabilities", "related": [], "uuid": "2c71ba4c-c711-5e6b-9249-42987222be79", "value": "Resolve system vulnerabilities - T1161" }, { "description": "Recommend security changes to systems and system components", "related": [], "uuid": "dde08582-93bb-5438-95ef-e2301652abb3", "value": "Recommend security changes to systems and system components - T1162" }, { "description": "Develop cybersecurity countermeasures for systems and applications", "related": [], "uuid": "025ada71-5163-5dc4-891d-81eb1fc0bcb5", "value": "Develop cybersecurity countermeasures for systems and applications - T1163" }, { "description": "Develop risk mitigation strategies for systems and applications", "related": [], "uuid": "752c4994-b144-58f6-be14-f7d06d0be8ec", "value": "Develop risk mitigation strategies for systems and applications - T1164" }, { "description": "Allocate security functions to components and elements", "related": [], "uuid": "2d6a4f2f-4e35-55a2-be89-f716dfbe90c5", "value": "Allocate security functions to components and elements - T1193" }, { "description": "Remediate technical problems encountered during system testing and implementation", "related": [], "uuid": "3e1bf749-619d-58ce-a587-7d6b18a5868f", "value": "Remediate technical problems encountered during system testing and implementation - T1194" }, { "description": "Direct the remediation of technical problems encountered during system testing and implementation", "related": [], "uuid": "d550b52f-b320-5619-a868-19f0a713fe3e", "value": "Direct the remediation of technical problems encountered during system testing and implementation - T1195" }, { "description": "Recommend cybersecurity or cybersecurity-enabled products for use within a system", "related": [], "uuid": "bdd276c2-0a31-57d1-a041-74e5285e313c", "value": "Recommend cybersecurity or cybersecurity-enabled products for use within a system - T1206" }, { "description": "Develop guidelines for implementing developed systems for customers and installation teams", "related": [], "uuid": "1470fe09-8825-5c10-93cd-b3773a97ecc8", "value": "Develop guidelines for implementing developed systems for customers and installation teams - T1292" }, { "description": "Conduct test and evaluation activities", "related": [], "uuid": "c7be2ee2-460c-50b3-aa41-f3326bf4d06f", "value": "Conduct test and evaluation activities - T1312" }, { "description": "Develop system performance predictions for various operating conditions", "related": [], "uuid": "c51c054c-3703-576d-861a-ae19e896740b", "value": "Develop system performance predictions for various operating conditions - T1326" }, { "description": "Document cybersecurity design and development activities", "related": [], "uuid": "cad00481-419e-591a-b68c-4db362f7c4fd", "value": "Document cybersecurity design and development activities - T1365" }, { "description": "Integrate system development life cycle methodologies into development environment", "related": [], "uuid": "49638374-1606-5ca4-ad4d-3fc93ac31c67", "value": "Integrate system development life cycle methodologies into development environment - T1401" }, { "description": "Design secure interfaces between information systems, physical systems, and embedded technologies", "related": [], "uuid": "aff7aa41-28eb-5463-be93-e6ca79fbaf25", "value": "Design secure interfaces between information systems, physical systems, and embedded technologies - T1454" }, { "description": "Implement secure interfaces between information systems, physical systems, and embedded technologies", "related": [], "uuid": "b01ffb32-405b-5c70-bacb-aeab237eceee", "value": "Implement secure interfaces between information systems, physical systems, and embedded technologies - T1455" }, { "description": "Correlate incident data", "related": [], "uuid": "2e107712-cf80-5126-8d77-c21424dd520b", "value": "Correlate incident data - T1489" }, { "description": "Determine if systems meet minimum security requirements", "related": [], "uuid": "63411911-77e8-5acf-b962-a95cec818a53", "value": "Determine if systems meet minimum security requirements - T1522" }, { "description": "Establish minimum security requirements for applications", "related": [], "uuid": "17758d5c-b55c-5688-9dc8-95925ebaa1b9", "value": "Establish minimum security requirements for applications - T1584" }, { "description": "Determine if applications meet minimum security requirements", "related": [], "uuid": "a2658343-7b53-58e5-bf97-a252092997ac", "value": "Determine if applications meet minimum security requirements - T1585" }, { "description": "Conduct cybersecurity risk assessments", "related": [], "uuid": "7513ee80-5a15-56da-b89f-bba8f49573bb", "value": "Conduct cybersecurity risk assessments - T1586" }, { "description": "Conduct cybersecurity reviews", "related": [], "uuid": "a366dcfa-c212-5bce-afea-7360b48478cf", "value": "Conduct cybersecurity reviews - T1592" }, { "description": "Identify cybersecurity gaps in enterprise architecture", "related": [], "uuid": "451398c1-b1de-579a-9103-d7a948c0fbbf", "value": "Identify cybersecurity gaps in enterprise architecture - T1593" }, { "description": "Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials", "related": [], "uuid": "e1b79ab7-9e63-5097-8cf2-dd9d60247711", "value": "Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials - T1604" }, { "description": "Determine if design components meet system requirements", "related": [], "uuid": "4cc17b60-cb62-5b13-a33b-548d0e4520fd", "value": "Determine if design components meet system requirements - T1613" }, { "description": "Determine scalability of system architecture", "related": [], "uuid": "a3e9880f-65fb-5c75-9373-57f48e93770a", "value": "Determine scalability of system architecture - T1614" }, { "description": "Incorporate intelligence equities into the overall design of cyber operations plans", "related": [], "uuid": "bfed2c5a-890a-5987-b410-c337c95bfac3", "value": "Incorporate intelligence equities into the overall design of cyber operations plans - T0630" }, { "description": "Incorporate cyber operations and communications security support plans into organization objectives", "related": [], "uuid": "a7b7112b-e535-5db1-8a0d-d863f3086293", "value": "Incorporate cyber operations and communications security support plans into organization objectives - T0704" }, { "description": "Identify intelligence gaps and shortfalls", "related": [], "uuid": "b7aea31b-eb44-55ff-a91b-34df13a0d109", "value": "Identify intelligence gaps and shortfalls - T0718" }, { "description": "Issue requests for information", "related": [], "uuid": "c0ca98a4-cc21-54be-9455-6d8aee79f0a3", "value": "Issue requests for information - T0734" }, { "description": "Maintain situational awareness of cyber-related intelligence requirements and associated tasking", "related": [], "uuid": "e52d8d24-e58f-5d8d-986a-ef95e756c5db", "value": "Maintain situational awareness of cyber-related intelligence requirements and associated tasking - T0741" }, { "description": "Maintain situational awareness of partner capabilities and activities", "related": [], "uuid": "bfa7f8c2-6c39-5f0a-bb18-5238eed7619a", "value": "Maintain situational awareness of partner capabilities and activities - T0742" }, { "description": "Support cyber operations", "related": [], "uuid": "76b01c60-8307-5bea-9dfa-6d6ae9d81add", "value": "Support cyber operations - T1033" }, { "description": "Integrate leadership priorities", "related": [], "uuid": "e0e59457-f684-5fc8-9506-af30ac7d4db9", "value": "Integrate leadership priorities - T1036" }, { "description": "Develop operations strategies", "related": [], "uuid": "e686347d-a042-562d-84d4-faf0d8e12aa0", "value": "Develop operations strategies - T1037" }, { "description": "Integrate organization objectives in intelligence collection", "related": [], "uuid": "b0bf43e5-63bc-5df5-9608-8b142c03334a", "value": "Integrate organization objectives in intelligence collection - T1038" }, { "description": "Determine staffing needs", "related": [], "uuid": "5b7970fd-f4c8-5a8a-988c-cf400ed64ad7", "value": "Determine staffing needs - T1043" }, { "description": "Review course of action analysis results", "related": [], "uuid": "67b09d8f-4e7e-5749-a8fc-1c132ce0e2a3", "value": "Review course of action analysis results - T1044" }, { "description": "Review exercise analysis results", "related": [], "uuid": "7679a8ce-683f-5c34-b96b-6b68021d237f", "value": "Review exercise analysis results - T1045" }, { "description": "Synchronize operational assessment procedures and critical information requirement processes", "related": [], "uuid": "a3255b89-1448-521d-bff1-47c559addf1e", "value": "Synchronize operational assessment procedures and critical information requirement processes - T1048" }, { "description": "Scope analysis reports to various audiences that accounts for data sharing classification restrictions", "related": [], "uuid": "1cccdce7-c1c5-57a8-827b-d19561080f94", "value": "Scope analysis reports to various audiences that accounts for data sharing classification restrictions - T1054" }, { "description": "Determine if priority information requirements are satisfied", "related": [], "uuid": "7ccb96da-6709-5ca0-bccd-cd88b90a0900", "value": "Determine if priority information requirements are satisfied - T1055" }, { "description": "Determine the impact of threats on cybersecurity", "related": [], "uuid": "dfe9eaff-1d14-5f69-966c-04a86ba7e408", "value": "Determine the impact of threats on cybersecurity - T1456" }, { "description": "Implement threat countermeasures", "related": [], "uuid": "1ff236ba-aea0-5172-85be-e7036174ccae", "value": "Implement threat countermeasures - T1457" }, { "description": "Assess target vulnerabilities and operational capabilities", "related": [], "uuid": "37c391d9-042b-5d27-830e-d33b4d2f6978", "value": "Assess target vulnerabilities and operational capabilities - T1639" }, { "description": "Develop cyber operations indicators", "related": [], "uuid": "799bd6a9-36fa-5842-9680-d68f915bd9a3", "value": "Develop cyber operations indicators - T1644" }, { "description": "Develop cybersecurity success metrics", "related": [], "uuid": "a23adc88-7dcb-50d7-a0bd-12428c907982", "value": "Develop cybersecurity success metrics - T1650" }, { "description": "Develop cyber operations crisis action plans", "related": [], "uuid": "29ec3d2f-a1f7-5942-bd98-c2d4888d8d47", "value": "Develop cyber operations crisis action plans - T1678" }, { "description": "Develop organizational decision support tools", "related": [], "uuid": "cfe41e01-6679-5ce3-817a-27c8d986ee25", "value": "Develop organizational decision support tools - T1679" }, { "description": "Identify strategies to counter potential target actions", "related": [], "uuid": "e4b590fe-b5da-5816-a04d-3c76f2111c7a", "value": "Identify strategies to counter potential target actions - T1688" }, { "description": "Develop crisis plans", "related": [], "uuid": "3071fba4-b746-50f7-b26d-043c07df6337", "value": "Develop crisis plans - T1699" }, { "description": "Maintain crisis plans", "related": [], "uuid": "5309155f-9276-57ca-8b69-599a39a04e05", "value": "Maintain crisis plans - T1700" }, { "description": "Integrate cyber operations guidance into broader planning activities", "related": [], "uuid": "0801ddf7-f0f4-59d9-b72f-e69d4eddb430", "value": "Integrate cyber operations guidance into broader planning activities - T1701" }, { "description": "Develop intelligence operations plans", "related": [], "uuid": "2ff765c4-b15c-5b2b-815f-974195e9c015", "value": "Develop intelligence operations plans - T1704" }, { "description": "Develop policies for providing and obtaining cyber operations support from external partners", "related": [], "uuid": "e23a93ca-e901-581d-897a-c9364ca8b6b8", "value": "Develop policies for providing and obtaining cyber operations support from external partners - T1710" }, { "description": "Recommend potential courses of action", "related": [], "uuid": "f0db05c4-8b74-57f7-9964-a83c1a7f0256", "value": "Recommend potential courses of action - T1712" }, { "description": "Recommend changes to planning policies and procedures", "related": [], "uuid": "44c7a827-dd02-55df-a29d-3f778f7b6392", "value": "Recommend changes to planning policies and procedures - T1717" }, { "description": "Implement changes to planning policies and procedures", "related": [], "uuid": "2805d34e-19fb-553e-9d49-2c393f34a555", "value": "Implement changes to planning policies and procedures - T1718" }, { "description": "Prepare cyber operation strategy and planning documents", "related": [], "uuid": "9ac4380c-3007-5be3-bd2c-263d23d4b862", "value": "Prepare cyber operation strategy and planning documents - T1722" }, { "description": "Implement collection operation plans", "related": [], "uuid": "95bd5a00-6629-514c-add6-52b0d7ef3e2d", "value": "Implement collection operation plans - T1728" }, { "description": "Synchronize intelligence planning activities with operational planning timelines", "related": [], "uuid": "df80dac9-407d-5b25-bcd0-2a47ad8f0883", "value": "Synchronize intelligence planning activities with operational planning timelines - T1729" }, { "description": "Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action", "related": [], "uuid": "964ae70e-76c0-5c25-b888-a46a28bb293a", "value": "Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action - T1735" }, { "description": "Develop courses of action based on threat factors", "related": [], "uuid": "216cf673-0da1-51bc-8726-e40a48451b09", "value": "Develop courses of action based on threat factors - T1752" }, { "description": "Integrate cyber planning and targeting efforts", "related": [], "uuid": "8be04c91-fb94-5132-a6af-9230e1941262", "value": "Integrate cyber planning and targeting efforts - T1755" }, { "description": "Interpret environment preparation assessments", "related": [], "uuid": "eefabf44-a550-5042-832f-bd890f7600d4", "value": "Interpret environment preparation assessments - T1756" }, { "description": "Determine if changes to the operating environment require review of the plan", "related": [], "uuid": "ebbbfe04-f607-57be-9bda-8b39e98e9f5e", "value": "Determine if changes to the operating environment require review of the plan - T1761" }, { "description": "Asssess effectiveness of integrated cyber operations", "related": [], "uuid": "5f2ed733-bc1f-54cb-9e3f-0846844b2512", "value": "Asssess effectiveness of integrated cyber operations - T1764" }, { "description": "Coordinate strategic planning efforts with internal and external partners", "related": [], "uuid": "ad15e783-298d-513c-8c85-5861d059daff", "value": "Coordinate strategic planning efforts with internal and external partners - T1779" }, { "description": "Develop cyber operations strategies", "related": [], "uuid": "5b0a01dc-606b-58d1-ad4a-e1964a7834c1", "value": "Develop cyber operations strategies - T1794" }, { "description": "Advise stakeholders on administrative and logistical elements of operational support plans", "related": [], "uuid": "38de0717-d59f-58eb-908d-55b88026c768", "value": "Advise stakeholders on administrative and logistical elements of operational support plans - T1797" }, { "description": "Recommend changes to operational plans", "related": [], "uuid": "d51287fd-ecc8-56bb-9f0c-4c9a761695e4", "value": "Recommend changes to operational plans - T1800" }, { "description": "Approve operational requirements for research, development, and acquisition of cyber capabilities", "related": [], "uuid": "476d4288-69f6-5f52-b754-b8d9e949578e", "value": "Approve operational requirements for research, development, and acquisition of cyber capabilities - T1810" }, { "description": "Prioritize operational requirements for research, development, and acquisition of cyber capabilities", "related": [], "uuid": "e6707346-5493-53e6-9d24-e8cf20aa9ff8", "value": "Prioritize operational requirements for research, development, and acquisition of cyber capabilities - T1811" }, { "description": "Submit operational requirements for research, development, and acquisition of cyber capabilities", "related": [], "uuid": "ec5c04a6-87a0-50e5-ad88-11add497a950", "value": "Submit operational requirements for research, development, and acquisition of cyber capabilities - T1812" }, { "description": "Submit requests for deconfliction of cyber operations", "related": [], "uuid": "415fb9bc-29a7-5153-b758-c9b6d412f395", "value": "Submit requests for deconfliction of cyber operations - T1822" }, { "description": "Respond to requests for deconfliction of cyber operations", "related": [], "uuid": "a1c6778a-69a8-5dec-9fae-43d3e444c469", "value": "Respond to requests for deconfliction of cyber operations - T1823" }, { "description": "Determine if intelligence requirements and collection plans are accurate and up-to-date", "related": [], "uuid": "665f97c9-79b3-5ac1-bf6c-248c870d9c23", "value": "Determine if intelligence requirements and collection plans are accurate and up-to-date - T1835" }, { "description": "Document lessons learned during events and exercises", "related": [], "uuid": "9f385901-5687-5d2d-9289-499ea605c146", "value": "Document lessons learned during events and exercises - T1836" }, { "description": "Develop test plans to address specifications and requirements", "related": [], "uuid": "afff7856-01ac-5647-96ac-72715dcc77ea", "value": "Develop test plans to address specifications and requirements - T0080" }, { "description": "Create auditable evidence of security measures", "related": [], "uuid": "57a8ad4c-f428-5ecb-ba8d-4d250fe9ff6e", "value": "Create auditable evidence of security measures - T0274" }, { "description": "Perform interoperability testing on systems exchanging electronic information with other systems", "related": [], "uuid": "7526e08b-5ae4-5f5f-9126-3bf307b11a13", "value": "Perform interoperability testing on systems exchanging electronic information with other systems - T0512" }, { "description": "Perform operational testing", "related": [], "uuid": "9f64d7de-1d4b-54c7-8f62-297c46384d72", "value": "Perform operational testing - T0513" }, { "description": "Determine appropriate level of test rigor for a given system", "related": [], "uuid": "a2bf2dde-455e-55f8-a597-9486157e5635", "value": "Determine appropriate level of test rigor for a given system - T1049" }, { "description": "Determine level of assurance of developed capabilities", "related": [], "uuid": "b34b7899-e087-58d0-99a2-273924b1bd54", "value": "Determine level of assurance of developed capabilities - T1136" }, { "description": "Implement new system design procedures", "related": [], "uuid": "b1cf2f31-6438-5de4-8a1c-7fe066be9202", "value": "Implement new system design procedures - T1208" }, { "description": "Implement new system test procedures", "related": [], "uuid": "ab55b93d-33ee-54bb-80cb-790dea19cff7", "value": "Implement new system test procedures - T1209" }, { "description": "Implement new system quality standards", "related": [], "uuid": "1e12758f-c082-5a47-bdb2-41ff6b2f2a1f", "value": "Implement new system quality standards - T1210" }, { "description": "Install network infrastructure device operating system software", "related": [], "uuid": "541cf35d-a9dc-5099-b64d-084e3682add8", "value": "Install network infrastructure device operating system software - T1214" }, { "description": "Maintain network infrastructure device operating system software", "related": [], "uuid": "4cad1980-07a9-5b10-936d-16f4af684e52", "value": "Maintain network infrastructure device operating system software - T1215" }, { "description": "Perform cybersecurity testing of developed applications and systems", "related": [], "uuid": "09447af0-0ec6-5d11-92d3-1d6b989a2f9e", "value": "Perform cybersecurity testing of developed applications and systems - T1255" }, { "description": "Determine if system requirements are adequately demonstrated in data samples", "related": [], "uuid": "698c833d-25da-5ac6-ac72-f1b5d4c237e2", "value": "Determine if system requirements are adequately demonstrated in data samples - T1346" }, { "description": "Establish testing specifications and requirements", "related": [], "uuid": "907a21df-90fc-5b5e-b715-256dbccb291c", "value": "Establish testing specifications and requirements - T1484" }, { "description": "Analyze software and hardware testing results", "related": [], "uuid": "6c0d42eb-6e34-5944-a317-59f233984329", "value": "Analyze software and hardware testing results - T1506" }, { "description": "Perform cybersecurity testing on systems in development", "related": [], "uuid": "f0eb3592-6908-5858-bae8-0ec53f88a955", "value": "Perform cybersecurity testing on systems in development - T1587" }, { "description": "Determine if hardware and software complies with defined specifications and requirements", "related": [], "uuid": "b45bf16d-8792-5584-b2d7-f56ab12c5826", "value": "Determine if hardware and software complies with defined specifications and requirements - T1610" }, { "description": "Record test data", "related": [], "uuid": "1021d800-48d8-5f20-b3c3-ac953948a3e6", "value": "Record test data - T1611" }, { "description": "Manage test data", "related": [], "uuid": "2aa89bd8-de1c-5d9d-aadc-5a6f23b5dc7c", "value": "Manage test data - T1612" }, { "description": "Evaluate locally developed tools", "related": [], "uuid": "3a73ab17-fdc1-55a7-8451-58a2a9e75b1e", "value": "Evaluate locally developed tools - T1829" }, { "description": "Validate data mining and data warehousing programs, processes, and requirements", "related": [], "uuid": "88964d71-65e4-5b25-a148-57b13c33c1bb", "value": "Validate data mining and data warehousing programs, processes, and requirements - T1142" }, { "description": "Identify system and network capabilities", "related": [], "uuid": "a3433026-b61e-5dbe-a572-0f42710db203", "value": "Identify system and network capabilities - T1337" }, { "description": "Develop cybersecurity capability strategies for custom hardware and software development", "related": [], "uuid": "7333e12c-81c5-5513-867b-7e0ff8e05074", "value": "Develop cybersecurity capability strategies for custom hardware and software development - T1338" }, { "description": "Identify cybersecurity solutions tools and technologies", "related": [], "uuid": "33ee3a62-a037-51f9-81a3-cd1df6261b13", "value": "Identify cybersecurity solutions tools and technologies - T1378" }, { "description": "Design cybersecurity tools and technologies", "related": [], "uuid": "d192b7b2-8238-5eac-9e81-7ee5d49faa4c", "value": "Design cybersecurity tools and technologies - T1379" }, { "description": "Develop cybersecurity tools and technologies", "related": [], "uuid": "313a49e7-8cb6-51a7-a19c-932bc01fc0f9", "value": "Develop cybersecurity tools and technologies - T1380" }, { "description": "Evaluate network infrastructure vulnerabilities", "related": [], "uuid": "74394e31-3e88-5ee1-919d-492da207a79b", "value": "Evaluate network infrastructure vulnerabilities - T1424" }, { "description": "Recommend network infrastructure enhancements", "related": [], "uuid": "aa54ebc7-2fa4-5562-8239-87f930150c26", "value": "Recommend network infrastructure enhancements - T1425" }, { "description": "Design data management systems", "related": [], "uuid": "c1f80ace-fb10-544d-bc9f-bbc3ca97eb4a", "value": "Design data management systems - T1491" }, { "description": "Troubleshoot prototype design and process issues", "related": [], "uuid": "d5a0fa7d-c524-51d4-9609-59d00ebfc426", "value": "Troubleshoot prototype design and process issues - T1493" }, { "description": "Recommend vulnerability exploitation functional and security-related features", "related": [], "uuid": "d512c359-91a0-5ce2-9a85-8790abe40da2", "value": "Recommend vulnerability exploitation functional and security-related features - T1494" }, { "description": "Recommend vulnerability mitigation functional- and security-related features", "related": [], "uuid": "0b6edc60-bd8f-548e-bb82-602960005f58", "value": "Recommend vulnerability mitigation functional- and security-related features - T1495" }, { "description": "Develop reverse engineering tools", "related": [], "uuid": "4a7958fc-1ca7-5ca3-979c-9015b0dfae36", "value": "Develop reverse engineering tools - T1496" }, { "description": "Translate functional requirements into technical solutions", "related": [], "uuid": "7a9d2b37-2f5e-58d2-881e-0bf6cb708d31", "value": "Translate functional requirements into technical solutions - T0235" }, { "description": "Identify critical technology procurement requirements", "related": [], "uuid": "02bc86a7-0ecc-5df6-9abc-1ab619ccede6", "value": "Identify critical technology procurement requirements - T1023" }, { "description": "Implement intelligence collection requirements", "related": [], "uuid": "f197772f-455e-588e-966a-32001ff75141", "value": "Implement intelligence collection requirements - T1031" }, { "description": "Determine functional requirements and specifications", "related": [], "uuid": "26d375c3-4d46-5673-bf8d-10d772a49ca0", "value": "Determine functional requirements and specifications - T1097" }, { "description": "Evaluate functional requirements", "related": [], "uuid": "d69d04f3-5c2e-5ebf-b571-9f04407c69a5", "value": "Evaluate functional requirements - T1107" }, { "description": "Oversee the development of design solutions", "related": [], "uuid": "2bd28eca-d043-528e-be8e-ccbf685bdab8", "value": "Oversee the development of design solutions - T1115" }, { "description": "Define project scope and objectives", "related": [], "uuid": "627017be-a010-511e-8d7a-8306f45094d8", "value": "Define project scope and objectives - T1127" }, { "description": "Develop systems design procedures and processes", "related": [], "uuid": "2a72f717-2bfd-52e1-895b-76a73e8c7dff", "value": "Develop systems design procedures and processes - T1139" }, { "description": "Determine if system analysis meets cybersecurity requirements", "related": [], "uuid": "f73f32d8-a8bf-59ed-83a1-ced19a733dd0", "value": "Determine if system analysis meets cybersecurity requirements - T1217" }, { "description": "Oversee configuration management", "related": [], "uuid": "32da4bd8-319f-53ae-82f3-44479fa8d51c", "value": "Oversee configuration management - T1243" }, { "description": "Develop configuration management recommendations", "related": [], "uuid": "8f2e01bd-8f06-55b0-9396-1b244586b514", "value": "Develop configuration management recommendations - T1244" }, { "description": "Identify opportunities for new and improved business process solutions", "related": [], "uuid": "54d2bfe0-4ec7-5764-b7d7-a115bd075e66", "value": "Identify opportunities for new and improved business process solutions - T1259" }, { "description": "Develop cybersecurity use cases", "related": [], "uuid": "84bc9016-a3b2-53fa-8539-e2ab1caf1c37", "value": "Develop cybersecurity use cases - T1283" }, { "description": "Identify supply chain risks for critical system elements", "related": [], "uuid": "09dacb07-6293-526f-bc1b-95b19bf405a6", "value": "Identify supply chain risks for critical system elements - T1366" }, { "description": "Document supply chain risks for critical system elements", "related": [], "uuid": "2fed5e88-64f4-504b-ae73-7e3d3585a2ff", "value": "Document supply chain risks for critical system elements - T1367" }, { "description": "Develop user experience requirements", "related": [], "uuid": "fa4e106d-5693-5148-a6a9-0497b5119d5e", "value": "Develop user experience requirements - T1392" }, { "description": "Document user experience requirements", "related": [], "uuid": "cca7eb1f-4533-58b6-a7a0-81fb30c6e916", "value": "Document user experience requirements - T1393" }, { "description": "Develop quality standards", "related": [], "uuid": "7bd4a325-a41b-535d-8729-5e004d85c21f", "value": "Develop quality standards - T1408" }, { "description": "Document quality standards", "related": [], "uuid": "a0d3cb7c-cbae-5950-89c6-61ed877483ae", "value": "Document quality standards - T1409" }, { "description": "Determine if system components can be aligned", "related": [], "uuid": "f47ab754-98ce-542b-8194-2ad9d2dea658", "value": "Determine if system components can be aligned - T1430" }, { "description": "Integrate system components", "related": [], "uuid": "91b594dd-7b56-5ccd-b47e-fae0fb766bac", "value": "Integrate system components - T1431" }, { "description": "Develop cost estimates for new or modified systems", "related": [], "uuid": "8326e1fd-df54-539c-b000-0d89915ea39e", "value": "Develop cost estimates for new or modified systems - T1534" }, { "description": "Determine if developed solutions meet customer requirements", "related": [], "uuid": "2341ef4d-a462-5066-a2f7-6b35b837518b", "value": "Determine if developed solutions meet customer requirements - T1573" }, { "description": "Prepare trend analysis reports", "related": [], "uuid": "99af4dfc-d246-5697-9486-4f98cfda94ab", "value": "Prepare trend analysis reports - T1429" }, { "description": "Address security architecture gaps", "related": [], "uuid": "774c4caf-560b-50ea-a47b-da9afb0590d2", "value": "Address security architecture gaps - T1591" }, { "description": "Plan implementation strategies", "related": [], "uuid": "7acd0983-3139-55f1-8099-89e27bf6277d", "value": "Plan implementation strategies - T1597" }, { "description": "Assess the integration and alignment capabilities of enterprise components", "related": [], "uuid": "2051a9f6-e308-59f3-986a-736e685f18d2", "value": "Assess the integration and alignment capabilities of enterprise components - T1598" }, { "description": "Prepare impact reports", "related": [], "uuid": "e6c29d30-bef3-5c9d-8b5f-4bb623e6495f", "value": "Prepare impact reports - T1606" }, { "description": "Determine impact of new systems and system interfaces on current and target environments", "related": [], "uuid": "9c58951e-7f17-5a29-a8f2-3dfef0a50eaa", "value": "Determine impact of new systems and system interfaces on current and target environments - T1626" }, { "description": "Integrate black-box security testing tools into quality assurance processes", "related": [], "uuid": "71f0a8ee-8711-5c35-b94e-02c52635b523", "value": "Integrate black-box security testing tools into quality assurance processes - T1052" }, { "description": "Develop threat models", "related": [], "uuid": "4eacea9c-8f03-5b07-a075-1c8f8479fcff", "value": "Develop threat models - T1106" }, { "description": "Determine security requirements for new information technologies", "related": [], "uuid": "12198ead-b6f6-522e-a521-0024fd7d68b7", "value": "Determine security requirements for new information technologies - T1222" }, { "description": "Determine security requirements for new operational technologies", "related": [], "uuid": "9e9df84a-ed49-5b0d-8022-ff12be8901ad", "value": "Determine security requirements for new operational technologies - T1223" }, { "description": "Identify system cybersecurity requirements", "related": [], "uuid": "79215424-dd31-5b37-bb35-0333f241206d", "value": "Identify system cybersecurity requirements - T1354" }, { "description": "Perform penetration testing", "related": [], "uuid": "2fd00be8-7f03-5df4-99d4-dbcd89f9b0f7", "value": "Perform penetration testing - T1359" }, { "description": "Identify programming flaws", "related": [], "uuid": "086bc2a8-5186-5477-917f-e4a680bf8448", "value": "Identify programming flaws - T1590" }, { "description": "Determine customer requirements", "related": [], "uuid": "c2497566-0c53-5561-a0c9-a3e105f975a8", "value": "Determine customer requirements - T1658" }, { "description": "Identify system security requirements", "related": [], "uuid": "6a9b9466-1fdd-5214-a5eb-614591d9734b", "value": "Identify system security requirements - T1913" }, { "description": "Provide real-time actionable geolocation information", "related": [], "uuid": "15234af3-79d9-51a6-8ac4-4c197fb54140", "value": "Provide real-time actionable geolocation information - T0796" }, { "description": "Prepare deconfliction report", "related": [], "uuid": "13149ee1-3d6d-5d52-9544-824db616ac4e", "value": "Prepare deconfliction report - T1034" }, { "description": "Determine how threat activity groups employ encryption to support their operations", "related": [], "uuid": "e25c9788-f1ef-54fc-b8e8-aa605bae7df3", "value": "Determine how threat activity groups employ encryption to support their operations - T1035" }, { "description": "Identify network artifacts from hardware and software options", "related": [], "uuid": "e2bf007f-9712-5f30-bafb-7633775b9ff7", "value": "Identify network artifacts from hardware and software options - T1039" }, { "description": "Identify impact of network artifacts on exploitation", "related": [], "uuid": "d992bcbd-c38b-52f0-8141-1c352bdbbe1e", "value": "Identify impact of network artifacts on exploitation - T1040" }, { "description": "Identify target operational architecture vulnerabilities", "related": [], "uuid": "d362b6eb-7f36-5566-a85c-f76ca822d243", "value": "Identify target operational architecture vulnerabilities - T1633" }, { "description": "Identify potential avenues of access in digital technologies", "related": [], "uuid": "3d2c01b2-c325-5b07-9770-20e98b747030", "value": "Identify potential avenues of access in digital technologies - T1663" }, { "description": "Access wireless computer and digital networks", "related": [], "uuid": "7507cca0-4a05-58c4-9b26-b5e7483dce26", "value": "Access wireless computer and digital networks - T1664" }, { "description": "Process intelligence collection data", "related": [], "uuid": "1c45c3d1-9195-5fcc-997f-014021d2b8de", "value": "Process intelligence collection data - T1665" }, { "description": "Exploit wireless computer and digital networks", "related": [], "uuid": "00e4c4a7-7d4a-5815-913a-999f4d2f65d4", "value": "Exploit wireless computer and digital networks - T1666" }, { "description": "Conduct network scouting", "related": [], "uuid": "3640a52a-b364-5127-9167-db8c5c3ce683", "value": "Conduct network scouting - T1668" }, { "description": "Analyze system vulnerabilities within a network", "related": [], "uuid": "6543b434-f2e1-5150-bc50-17534107bbe3", "value": "Analyze system vulnerabilities within a network - T1669" }, { "description": "Conduct on-net activities", "related": [], "uuid": "ee703879-0816-5961-a0a7-b6ec167cab5b", "value": "Conduct on-net activities - T1670" }, { "description": "Exfiltrate data from deployed technologies", "related": [], "uuid": "2d8ed6ac-b055-5280-b719-42177fada9e8", "value": "Exfiltrate data from deployed technologies - T1671" }, { "description": "Conduct off-net activities", "related": [], "uuid": "1b6d6913-9072-596c-bd31-b7fd55615575", "value": "Conduct off-net activities - T1672" }, { "description": "Exfiltrate data from automated technologies", "related": [], "uuid": "bbfe37dd-ef81-5b0a-bc4c-13328c4af737", "value": "Exfiltrate data from automated technologies - T1673" }, { "description": "Perform open source data collection", "related": [], "uuid": "764c8b56-a93f-5025-ae9b-84ac201a2058", "value": "Perform open source data collection - T1674" }, { "description": "Survey computer and digital networks", "related": [], "uuid": "33b0c99f-d6bc-5346-a928-2912520f73ce", "value": "Survey computer and digital networks - T1676" }, { "description": "Detect exploits against targeted networks and hosts", "related": [], "uuid": "0b7678be-7474-5384-9240-a154a7514f64", "value": "Detect exploits against targeted networks and hosts - T1691" }, { "description": "Counter exploits against targeted networks and hosts", "related": [], "uuid": "ae3298bd-092a-5b62-95f7-8295d640071a", "value": "Counter exploits against targeted networks and hosts - T1692" }, { "description": "Develop new techniques for accessing target systems", "related": [], "uuid": "077a9932-61be-5117-8b49-34451a12ccdc", "value": "Develop new techniques for accessing target systems - T1709" }, { "description": "Exploit network devices and terminals", "related": [], "uuid": "f01a5726-8410-5206-bd06-c317ab9d7b4b", "value": "Exploit network devices and terminals - T1734" }, { "description": "Identify system vulnerabilities within a network", "related": [], "uuid": "7ed10d32-8059-5593-8876-c123b4e61015", "value": "Identify system vulnerabilities within a network - T1747" }, { "description": "Maintain situational awareness of organic operational infrastructure", "related": [], "uuid": "41b7e63a-f4e8-5bb7-8db3-8d299a5b0517", "value": "Maintain situational awareness of organic operational infrastructure - T1759" }, { "description": "Maintain functionality of organic operational infrastructure", "related": [], "uuid": "d00ef54a-4487-5cc9-bfbc-13c4ea54dea8", "value": "Maintain functionality of organic operational infrastructure - T1760" }, { "description": "Gain and maintain access to target systems", "related": [], "uuid": "aac2231f-713d-5cca-9be9-4222514380c2", "value": "Gain and maintain access to target systems - T1774" }, { "description": "Degrade or remove data from networks and computers", "related": [], "uuid": "11333f3d-92f0-5a51-a9d6-3ba9a31b4f80", "value": "Degrade or remove data from networks and computers - T1781" }, { "description": "Process exfiltrated data", "related": [], "uuid": "b235b5b4-81d5-5d08-8971-05150ac824da", "value": "Process exfiltrated data - T1784" }, { "description": "Document information collection and environment activities", "related": [], "uuid": "7086b15e-37df-56b1-9296-1afbeccbf5f3", "value": "Document information collection and environment activities - T1803" }, { "description": "Test internally developed software", "related": [], "uuid": "a8a77882-6915-57be-a5ba-5b4eb59c5a86", "value": "Test internally developed software - T1830" }, { "description": "Perform analysis for target infrastructure exploitation activities", "related": [], "uuid": "22ed9a33-856b-5695-bb52-b53e0cc542dd", "value": "Perform analysis for target infrastructure exploitation activities - T0591" }, { "description": "Produce network reconstructions", "related": [], "uuid": "3e4e405e-8ec1-5eb8-b0dd-e099a8eab54c", "value": "Produce network reconstructions - T0775" }, { "description": "Expand network access", "related": [], "uuid": "486fb33f-3755-507c-8f0f-4143bd9babee", "value": "Expand network access - T1012" }, { "description": "Conduct technical exploitation of a target", "related": [], "uuid": "3fdcd630-293e-5b9e-8d52-ad430498ec2c", "value": "Conduct technical exploitation of a target - T1013" }, { "description": "Perform authorized penetration testing on enterprise network assets", "related": [], "uuid": "f9cd8902-8dd1-5375-87ed-5f23a0d5f083", "value": "Perform authorized penetration testing on enterprise network assets - T1091" }, { "description": "Track targets", "related": [], "uuid": "bf749634-d5e7-5156-a08c-442a83fb0ae8", "value": "Track targets - T1211" }, { "description": "Access targeted networks", "related": [], "uuid": "d10c612a-6c27-564e-84a6-60e296e9a01d", "value": "Access targeted networks - T1635" }, { "description": "Conduct independent in-depth target and technical analysis", "related": [], "uuid": "0a9c6fa6-c4a2-58c4-9633-e9e1f2821898", "value": "Conduct independent in-depth target and technical analysis - T1667" }, { "description": "Develop intelligence collection plans", "related": [], "uuid": "8be0e6f6-5507-54dd-b317-2c8d12e7c102", "value": "Develop intelligence collection plans - T1677" }, { "description": "Create comprehensive exploitation strategies", "related": [], "uuid": "a827386b-cae6-5855-a8af-3946c4d228ab", "value": "Create comprehensive exploitation strategies - T1689" }, { "description": "Identify exploitable technical or operational vulnerabilities", "related": [], "uuid": "08defb38-b806-554e-abd6-8b3c07052a54", "value": "Identify exploitable technical or operational vulnerabilities - T1690" }, { "description": "Communicate tool requirements to developers", "related": [], "uuid": "711cb661-643a-5bf8-bc49-16d2fa2f60f4", "value": "Communicate tool requirements to developers - T1736" }, { "description": "Identify gaps in understanding of target technology", "related": [], "uuid": "6192884b-528a-5d52-820a-51f865727b8a", "value": "Identify gaps in understanding of target technology - T1745" }, { "description": "Locate targets", "related": [], "uuid": "467a7af1-3735-54b4-b5b9-d55d01dfca47", "value": "Locate targets - T1751" }, { "description": "Coordinate exploitation operations", "related": [], "uuid": "f608cff6-db2f-572a-8e9f-397f9892ac5c", "value": "Coordinate exploitation operations - T1757" }, { "description": "Determine potential implications of new and emerging hardware and software technologies", "related": [], "uuid": "0ffd6e26-f9a8-5661-a2a9-1885a2ea86b9", "value": "Determine potential implications of new and emerging hardware and software technologies - T1758" }, { "description": "Identify indications and warnings of target communication changes or processing failures", "related": [], "uuid": "9b09bbbe-917d-5474-8de7-879e983c9ce0", "value": "Identify indications and warnings of target communication changes or processing failures - T1772" }, { "description": "Profile network administrators and their activities", "related": [], "uuid": "25916f83-d0f3-5584-8084-575cf7ca6f98", "value": "Profile network administrators and their activities - T1785" }, { "description": "Conduct end-of-operations assessments", "related": [], "uuid": "6c853798-0749-541e-95c1-f74a5444675b", "value": "Conduct end-of-operations assessments - T0611" }, { "description": "Conduct target research and analysis", "related": [], "uuid": "c1124d7e-c252-54d0-9aa2-aa2d6a71ac51", "value": "Conduct target research and analysis - T0624" }, { "description": "Estimate operational effects generated through cyber activities", "related": [], "uuid": "145258f9-1888-5cb8-bb0d-663c33b61dc0", "value": "Estimate operational effects generated through cyber activities - T0684" }, { "description": "Evaluate threat decision-making processes", "related": [], "uuid": "2a7f891a-5272-5629-9b2c-90004146c5b4", "value": "Evaluate threat decision-making processes - T0685" }, { "description": "Identify threat vulnerabilities", "related": [], "uuid": "b5208175-351a-586b-87b0-d184e5ff19e3", "value": "Identify threat vulnerabilities - T0686" }, { "description": "Generate requests for information", "related": [], "uuid": "b9cefab5-986d-5975-9fa6-a874ad76730c", "value": "Generate requests for information - T0707" }, { "description": "Identify and characterize intrusion activities against a victim or target", "related": [], "uuid": "d45e11d5-0825-5e5d-9725-2a74a90f4305", "value": "Identify and characterize intrusion activities against a victim or target - T1053" }, { "description": "Recommend cyber operation targets", "related": [], "uuid": "bdd31360-cb81-55c4-ae03-b4fb5aa3ebd3", "value": "Recommend cyber operation targets - T1638" }, { "description": "Determine effectiveness of intelligence collection operations", "related": [], "uuid": "e412f5a8-31cd-5a76-90b9-27f7f99d7e61", "value": "Determine effectiveness of intelligence collection operations - T1640" }, { "description": "Recommend adjustments to intelligence collection strategies", "related": [], "uuid": "567d4878-307b-554f-8202-be78199e1a57", "value": "Recommend adjustments to intelligence collection strategies - T1641" }, { "description": "Advise stakeholders on course of action development", "related": [], "uuid": "dc55a787-dcca-5b70-bf1a-e225d4246de3", "value": "Advise stakeholders on course of action development - T1642" }, { "description": "Develop common operational pictures", "related": [], "uuid": "cc4d292d-993b-5e34-8935-fcd32151ac08", "value": "Develop common operational pictures - T1643" }, { "description": "Coordinate all-source collection activities", "related": [], "uuid": "62e70a80-afe7-5286-8323-6cb0f0f8fc65", "value": "Coordinate all-source collection activities - T1645" }, { "description": "Validate all-source collection requirements and plans", "related": [], "uuid": "a6474d1e-e143-5d4b-94b6-f72ddf31a77e", "value": "Validate all-source collection requirements and plans - T1646" }, { "description": "Develop priority information requirements", "related": [], "uuid": "9ddeeeb8-e984-5190-b3cd-78bd016b2c3e", "value": "Develop priority information requirements - T1647" }, { "description": "Develop performance success metrics", "related": [], "uuid": "b4dd52a4-c47c-513d-8c43-ed8a30273f34", "value": "Develop performance success metrics - T1648" }, { "description": "Prepare threat and target briefings", "related": [], "uuid": "7269fe64-033d-5792-843b-686044fc7155", "value": "Prepare threat and target briefings - T1651" }, { "description": "Prepare threat and target situational updates", "related": [], "uuid": "454291bc-9ebf-5b72-8819-b91d7b573e7b", "value": "Prepare threat and target situational updates - T1652" }, { "description": "Assess all-source data for intelligence or vulnerability value", "related": [], "uuid": "41d50cd9-e470-5740-963c-61050cbfb090", "value": "Assess all-source data for intelligence or vulnerability value - T1661" }, { "description": "Identify intelligence requirements", "related": [], "uuid": "3663220e-eaa7-54ea-a446-6c3d32561999", "value": "Identify intelligence requirements - T1686" }, { "description": "Prepare munitions effectiveness assessment reports", "related": [], "uuid": "f8454b9a-3d7a-5a7f-8c1d-b6e5af1e8fae", "value": "Prepare munitions effectiveness assessment reports - T1707" }, { "description": "Modify collection requirements", "related": [], "uuid": "921f00bc-5f36-5d8d-82c2-4a504cd15bee", "value": "Modify collection requirements - T1762" }, { "description": "Determine effectiveness of collection requirements", "related": [], "uuid": "61ff7844-8334-54dc-b4f9-79359a38aba7", "value": "Determine effectiveness of collection requirements - T1763" }, { "description": "Monitor changes to designated cyber operations warning problem sets", "related": [], "uuid": "9e64ba7b-de6a-5413-b3ff-05d2914a92b9", "value": "Monitor changes to designated cyber operations warning problem sets - T1765" }, { "description": "Prepare change reports for designated cyber operations warning problem sets", "related": [], "uuid": "dcad3071-0e88-595d-9e2f-f8d850eedcfc", "value": "Prepare change reports for designated cyber operations warning problem sets - T1766" }, { "description": "Monitor threat activities", "related": [], "uuid": "9b6c0e2f-904a-5586-a34a-2b8c198345cb", "value": "Monitor threat activities - T1767" }, { "description": "Prepare threat activity reports", "related": [], "uuid": "a8f34ff7-25df-514b-917d-0115ce5d0119", "value": "Prepare threat activity reports - T1768" }, { "description": "Report on adversarial activities that fulfill priority information requirements", "related": [], "uuid": "68faede0-3e57-50bd-ad8c-40118ff7aab5", "value": "Report on adversarial activities that fulfill priority information requirements - T1770" }, { "description": "Prepare cyber operations intelligence reports", "related": [], "uuid": "2622c158-72ec-5189-824e-eb4bb888b8fe", "value": "Prepare cyber operations intelligence reports - T1775" }, { "description": "Prepare indications and warnings intelligence reports", "related": [], "uuid": "95c3ad36-25dc-57a9-be57-4526f810dc2f", "value": "Prepare indications and warnings intelligence reports - T1776" }, { "description": "Asssess effectiveness of intelligence production", "related": [], "uuid": "34828e9b-e043-542a-bf5f-56c43c321601", "value": "Asssess effectiveness of intelligence production - T1792" }, { "description": "Asssess effectiveness of intelligence reporting", "related": [], "uuid": "92fb6238-1b13-54aa-a55b-6ff8c0612b64", "value": "Asssess effectiveness of intelligence reporting - T1793" }, { "description": "Conduct post-action effectiveness assessments", "related": [], "uuid": "43c19e7f-636e-5949-af79-439140511f4d", "value": "Conduct post-action effectiveness assessments - T1795" }, { "description": "Determine what technologies are used by a given target", "related": [], "uuid": "6eb4dcf9-a0af-5508-bd34-9aae2bc90646", "value": "Determine what technologies are used by a given target - T0650" }, { "description": "Identify critical target elements", "related": [], "uuid": "206d0c7b-59cf-5eed-926f-229da71a437a", "value": "Identify critical target elements - T0717" }, { "description": "Maintain target lists (i.e., RTL, JTL, CTL, etc.)", "related": [], "uuid": "f5f2447c-b8bb-5f25-8a15-5b87b272d92b", "value": "Maintain target lists (i.e., RTL, JTL, CTL, etc.) - T0744" }, { "description": "Perform targeting automation activities", "related": [], "uuid": "c9edf231-1a61-5922-b04d-3e2d1cb1fd2a", "value": "Perform targeting automation activities - T0769" }, { "description": "Produce target system analysis products", "related": [], "uuid": "962dd976-ba04-5c57-9232-cad106778e2d", "value": "Produce target system analysis products - T0776" }, { "description": "Profile targets and their activities", "related": [], "uuid": "622be037-09b9-50e3-bf38-066534b07f01", "value": "Profile targets and their activities - T0778" }, { "description": "Determine cyber operation objectives", "related": [], "uuid": "668d82ff-71bd-50b7-951f-0b89370d04f9", "value": "Determine cyber operation objectives - T1032" }, { "description": "Acquire target identifiers", "related": [], "uuid": "56e0af3a-e20c-55dd-b131-988201a868ab", "value": "Acquire target identifiers - T1042" }, { "description": "Identify potential threats to network resources", "related": [], "uuid": "88e48743-61dd-5470-b6df-db49353c740d", "value": "Identify potential threats to network resources - T1085" }, { "description": "Prepare target analysis reports", "related": [], "uuid": "fc0e015c-766a-5038-bcdc-9f3bb8fcbfcf", "value": "Prepare target analysis reports - T1629" }, { "description": "Build electronic target folders", "related": [], "uuid": "b7f544e5-5cc7-5cc7-aca6-6c56d291afb9", "value": "Build electronic target folders - T1653" }, { "description": "Maintain electronic target folders", "related": [], "uuid": "e542d744-8c72-5c3d-b3d2-4c974626833d", "value": "Maintain electronic target folders - T1654" }, { "description": "Vet targets with partners", "related": [], "uuid": "4315e457-48f0-50a2-96a2-2a96cbe4e87a", "value": "Vet targets with partners - T1683" }, { "description": "Prepare all-source intelligence targeting reports", "related": [], "uuid": "12664582-fa78-5d87-954f-82623e3e09c1", "value": "Prepare all-source intelligence targeting reports - T1697" }, { "description": "Initiate requests to guide tasking", "related": [], "uuid": "5dd4c108-1bc2-5b8e-8103-e06d8bc4955a", "value": "Initiate requests to guide tasking - T1754" }, { "description": "Develop website characterizations", "related": [], "uuid": "cbd7bc8c-b6c6-53cc-b5c6-e52c718238fd", "value": "Develop website characterizations - T1782" }, { "description": "Provide aim point recommendations for targets", "related": [], "uuid": "44a36e03-b61c-5695-b088-2902fb17a943", "value": "Provide aim point recommendations for targets - T1789" }, { "description": "Provide reengagement recommendations", "related": [], "uuid": "a6e91ab8-45fd-5d9b-80fb-64d01182ede9", "value": "Provide reengagement recommendations - T1790" }, { "description": "Determine effectiveness of targeting activities", "related": [], "uuid": "194cac11-3872-5d64-9605-5dd05bdc7892", "value": "Determine effectiveness of targeting activities - T1796" }, { "description": "Determine validity and relevance of information", "related": [], "uuid": "845a3e87-eae0-53ce-bfb3-18d2d03f6484", "value": "Determine validity and relevance of information - T1801" }, { "description": "Protect information sources and methods", "related": [], "uuid": "eedf250d-3fbb-5097-a3c4-e07267a2dafa", "value": "Protect information sources and methods - T1814" }, { "description": "Identify cyber collateral damage", "related": [], "uuid": "65a48d69-a961-52fe-98fd-56d1e0cfd68d", "value": "Identify cyber collateral damage - T1824" }, { "description": "Document cyber collateral damage", "related": [], "uuid": "b9b02072-0314-5d90-b8bc-29e2015bece3", "value": "Document cyber collateral damage - T1825" }, { "description": "Classify documents", "related": [], "uuid": "4a9bd980-9e4f-5968-b91a-055ebeb3c793", "value": "Classify documents - T1655" }, { "description": "Identify information essential to intelligence collection operations", "related": [], "uuid": "4120df85-a41f-5755-ad23-af65fe7023e1", "value": "Identify information essential to intelligence collection operations - T1662" }, { "description": "Determine validity and relevance of information gathered about networks", "related": [], "uuid": "051da4ed-fdd3-5f0f-b5ad-137c66d35b10", "value": "Determine validity and relevance of information gathered about networks - T1675" }, { "description": "Collect target information", "related": [], "uuid": "3530f309-7406-5941-8642-ce4f32d535e4", "value": "Collect target information - T1698" }, { "description": "Determine effectiveness of network analysis strategies", "related": [], "uuid": "0e575416-8242-5362-b3c7-c4cb3082fc51", "value": "Determine effectiveness of network analysis strategies - T1732" }, { "description": "Develop intelligence collection strategies", "related": [], "uuid": "9b614cce-3b07-5330-9405-75312a339a41", "value": "Develop intelligence collection strategies - T1737" }, { "description": "Identify information collection gaps", "related": [], "uuid": "df76b185-2b6d-51db-a0f0-4a934c8be038", "value": "Identify information collection gaps - T1743" }, { "description": "Prepare network reports", "related": [], "uuid": "993214af-b87e-5826-ad86-210c37d69675", "value": "Prepare network reports - T1802" }, { "description": "Research communications trends in emerging technologies", "related": [], "uuid": "c194e50d-8b79-5094-a295-8fac7389e117", "value": "Research communications trends in emerging technologies - T1806" }, { "description": "Analyze target communications", "related": [], "uuid": "60e6e3b5-a69e-5818-8629-31ce5078bc1b", "value": "Analyze target communications - T1840" }, { "description": "Inform external partners of the potential effects of new or revised policy and guidance on cyber operations partnering activities", "related": [], "uuid": "95f80d0e-efba-50d6-82b5-ac0e67a1faa3", "value": "Inform external partners of the potential effects of new or revised policy and guidance on cyber operations partnering activities - T0729" }, { "description": "Serve as a liaison with external partners", "related": [], "uuid": "18562385-8da2-5518-afc1-488dc9fb9013", "value": "Serve as a liaison with external partners - T0818" }, { "description": "Synchronize intelligence support plans across partner organizations", "related": [], "uuid": "de09d44c-2322-54ad-89be-b143d3a8ec39", "value": "Synchronize intelligence support plans across partner organizations - T1649" }, { "description": "Develop a diverse program of information materials", "related": [], "uuid": "4d489af4-9c66-5b65-b808-d4164e10c798", "value": "Develop a diverse program of information materials - T1657" }, { "description": "Develop cyber operations staffing policies", "related": [], "uuid": "c445cf93-6e1c-5c99-9746-a2ec0c972f12", "value": "Develop cyber operations staffing policies - T1680" }, { "description": "Develop international cybersecurity strategies, policies, and activities to meet organizational objectives", "related": [], "uuid": "77e26df1-e657-5846-a872-6a229b1f4bd6", "value": "Develop international cybersecurity strategies, policies, and activities to meet organizational objectives - T1711" }, { "description": "Develop partner planning strategies and processes", "related": [], "uuid": "0f5aa9aa-b460-5d03-b314-c300b168190a", "value": "Develop partner planning strategies and processes - T1714" }, { "description": "Develop operations strategies and processes", "related": [], "uuid": "7cb65ffa-fe8e-52ee-add8-2562656badcd", "value": "Develop operations strategies and processes - T1715" }, { "description": "Develop capability development strategies and processes", "related": [], "uuid": "0837f69d-0c67-5e2f-993f-4eae5da1183d", "value": "Develop capability development strategies and processes - T1716" }, { "description": "Develop cybersecurity cooperation agreements with external partners", "related": [], "uuid": "39ed7b98-0a3e-58fd-b8ab-10157759b71a", "value": "Develop cybersecurity cooperation agreements with external partners - T1719" }, { "description": "Maintain cybersecurity cooperation agreements with external partners", "related": [], "uuid": "55b00a03-981d-5536-91de-a0e1fe6a836a", "value": "Maintain cybersecurity cooperation agreements with external partners - T1720" }, { "description": "Assess cybersecurity cooperation agreements with external partners", "related": [], "uuid": "4b21586e-e94b-5a97-b049-c69e9fc81a39", "value": "Assess cybersecurity cooperation agreements with external partners - T1721" }, { "description": "Identify security cooperation priorities", "related": [], "uuid": "3633d621-b1f5-5969-9ed3-fd4ccb9f5c61", "value": "Identify security cooperation priorities - T1740" }, { "description": "Conduct policy reviews", "related": [], "uuid": "90a11b80-ec55-56ab-ae93-c9cebfca8ab3", "value": "Conduct policy reviews - T1777" }, { "description": "Assess the consequences of endorsing or not endorsing policies", "related": [], "uuid": "0f088f71-8f88-5003-824f-5f3e84b27287", "value": "Assess the consequences of endorsing or not endorsing policies - T1778" }, { "description": "Develop external coordination policies", "related": [], "uuid": "bbb7da85-6dd4-59b0-a727-49d427a62cb4", "value": "Develop external coordination policies - T1780" }, { "description": "Provide cyber recommendations to intelligence support planning", "related": [], "uuid": "cd2bc21d-179c-515a-b77e-a2d9b46442bb", "value": "Provide cyber recommendations to intelligence support planning - T1791" }, { "description": "Recommend subject matter experts who can assist in the investigation of complex or unusual situations", "related": [], "uuid": "ab71d18c-602d-54b4-aa0e-8ce5c038efc0", "value": "Recommend subject matter experts who can assist in the investigation of complex or unusual situations - T1816" }, { "description": "Synchronize intelligence engagement activities across partner organizations", "related": [], "uuid": "7dd160d1-b066-59c6-a04a-09b29f40387f", "value": "Synchronize intelligence engagement activities across partner organizations - T1826" }, { "description": "Synchronize cybersecurity cooperation plans", "related": [], "uuid": "73ffd846-389c-5fcc-b2e7-0a9ed5cf0c57", "value": "Synchronize cybersecurity cooperation plans - T1827" }, { "description": "Develop content for cyber defense tools", "related": [], "uuid": "33bcd47d-e2e5-5778-9dc2-bc226f70f3ca", "value": "Develop content for cyber defense tools - T0020" }, { "description": "Perform cyber defense trend analysis and reporting", "related": [], "uuid": "a0dc31ce-ad69-5267-ae9c-7d353995c594", "value": "Perform cyber defense trend analysis and reporting - T0164" }, { "description": "Recommend computing environment vulnerability corrections", "related": [], "uuid": "da8a1d8d-e930-5e48-9245-e2da5d243ed8", "value": "Recommend computing environment vulnerability corrections - T0292" }, { "description": "Identify network mapping and operating system (OS) fingerprinting activities", "related": [], "uuid": "f6c4a897-8c68-5d3e-9258-36fc4adfdebb", "value": "Identify network mapping and operating system (OS) fingerprinting activities - T0299" }, { "description": "Review cyber defense service provider reporting structure", "related": [], "uuid": "534a99a6-5965-5271-9e46-7afa161c8f1a", "value": "Review cyber defense service provider reporting structure - T1021" }, { "description": "Validate network alerts", "related": [], "uuid": "d5ba1b6b-47cb-5c84-af51-fdf6768fdb85", "value": "Validate network alerts - T1112" }, { "description": "Determine if cybersecurity-enabled products reduce identified risk to acceptable levels", "related": [], "uuid": "1e659b4b-2618-5b10-a186-b6c1ed320305", "value": "Determine if cybersecurity-enabled products reduce identified risk to acceptable levels - T1176" }, { "description": "Determine if security control technologies reduce identified risk to acceptable levels", "related": [], "uuid": "b7dce8e0-38dc-52b4-a9b1-fd483fc111a2", "value": "Determine if security control technologies reduce identified risk to acceptable levels - T1177" }, { "description": "Document cybersecurity incidents", "related": [], "uuid": "69733475-9af5-58cc-8916-4809bf3bf623", "value": "Document cybersecurity incidents - T1241" }, { "description": "Escalate incidents that may cause ongoing and immediate impact to the environment", "related": [], "uuid": "cec577bf-46ee-58ce-ab82-7cea53f49170", "value": "Escalate incidents that may cause ongoing and immediate impact to the environment - T1242" }, { "description": "Determine the effectiveness of an observed attack", "related": [], "uuid": "b021b52d-113c-5229-b129-cb50d00b07f9", "value": "Determine the effectiveness of an observed attack - T1254" }, { "description": "Recommend risk mitigation strategies", "related": [], "uuid": "40f22405-6194-585b-aa8d-fc636da25c56", "value": "Recommend risk mitigation strategies - T1266" }, { "description": "Recommend system modifications", "related": [], "uuid": "164dc3a9-d4ad-5dcc-892a-3ed7f0fe7c3d", "value": "Recommend system modifications - T1278" }, { "description": "Communicate daily network event and activity reports", "related": [], "uuid": "ddb5734f-8ca2-5ad2-ab99-2024bd4ab381", "value": "Communicate daily network event and activity reports - T1290" }, { "description": "Determine causes of network alerts", "related": [], "uuid": "f7b20d98-001d-5abc-a287-cee8faddfc19", "value": "Determine causes of network alerts - T1299" }, { "description": "Detect cybersecurity attacks and intrusions", "related": [], "uuid": "871880fe-6619-578c-8967-2d8fd436a338", "value": "Detect cybersecurity attacks and intrusions - T1347" }, { "description": "Distinguish between benign and potentially malicious cybersecurity attacks and intrusions", "related": [], "uuid": "2fa69541-18c9-548e-95dd-d258d245f386", "value": "Distinguish between benign and potentially malicious cybersecurity attacks and intrusions - T1348" }, { "description": "Communicate cybersecurity attacks and intrusions alerts", "related": [], "uuid": "b1ccb3f8-8710-5790-aa1c-73740280b5e3", "value": "Communicate cybersecurity attacks and intrusions alerts - T1349" }, { "description": "Perform continuous monitoring of system activity", "related": [], "uuid": "3631da3e-bd6c-51fd-a1ee-fda390f0e2de", "value": "Perform continuous monitoring of system activity - T1350" }, { "description": "Determine impact of malicious activity on systems and information", "related": [], "uuid": "c939d9e0-5315-53eb-9644-7270cc7d67f8", "value": "Determine impact of malicious activity on systems and information - T1351" }, { "description": "Establish intrusion set procedures", "related": [], "uuid": "b5826203-8612-5aab-8ab3-5eaec9eba0d3", "value": "Establish intrusion set procedures - T1384" }, { "description": "Identify network traffic anomalies", "related": [], "uuid": "0103e49b-5867-508d-b398-304f37a1154e", "value": "Identify network traffic anomalies - T1385" }, { "description": "Analyze network traffic anomalies", "related": [], "uuid": "614d6990-d329-5438-abc9-e0cf7fe933cb", "value": "Analyze network traffic anomalies - T1386" }, { "description": "Validate intrusion detection system alerts", "related": [], "uuid": "c25b7f4d-bd47-5364-b802-b9e5ae44fbfc", "value": "Validate intrusion detection system alerts - T1387" }, { "description": "Isolate malware", "related": [], "uuid": "7de73a90-57a7-571c-9d40-3bdf2de17cb9", "value": "Isolate malware - T1388" }, { "description": "Remove malware", "related": [], "uuid": "fbc305d9-5bdb-5bb1-b0b6-1be667d14de9", "value": "Remove malware - T1389" }, { "description": "Identify network device applications and operating systems", "related": [], "uuid": "2796f239-566d-54d8-8930-8270224d17d5", "value": "Identify network device applications and operating systems - T1390" }, { "description": "Reconstruct malicious attacks", "related": [], "uuid": "d7acd3a1-59b4-5808-8729-0317f1807702", "value": "Reconstruct malicious attacks - T1391" }, { "description": "Construct cyber defense network tool signatures", "related": [], "uuid": "104f4e7d-f3c8-5f53-ae1c-f3ff52d4f3d7", "value": "Construct cyber defense network tool signatures - T1406" }, { "description": "Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents", "related": [], "uuid": "d7bcbad3-3191-5951-acda-87e1f34ab62c", "value": "Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents - T1428" }, { "description": "Analyze organizational cybrersecurity posture trends", "related": [], "uuid": "416ffd71-8209-5862-848e-c2d02d989457", "value": "Analyze organizational cybrersecurity posture trends - T1539" }, { "description": "Develop organizational cybersecurity posture trend reports", "related": [], "uuid": "cb312db7-cd73-5139-a7de-756ff5a62cda", "value": "Develop organizational cybersecurity posture trend reports - T1540" }, { "description": "Develop system security posture trend reports", "related": [], "uuid": "8067a32a-08dc-5e52-9176-5022d4e663be", "value": "Develop system security posture trend reports - T1541" }, { "description": "Determine adequacy of access controls", "related": [], "uuid": "8e7f19d7-03a6-5741-bc7a-a3dfbbc45585", "value": "Determine adequacy of access controls - T1548" }, { "description": "Maintain currency of cyber defense threat conditions", "related": [], "uuid": "895ed93f-fdf4-5ef8-a7c2-8cba3c79514c", "value": "Maintain currency of cyber defense threat conditions - T1582" }, { "description": "Recommend threat and vulnerability risk mitigation strategies", "related": [], "uuid": "c002bb23-3cdb-5569-bbc7-425eceee21db", "value": "Recommend threat and vulnerability risk mitigation strategies - T1603" }, { "description": "Advise stakeholders on vulnerability compliance", "related": [], "uuid": "823dd43b-a0c0-5b56-8cdb-7ccf20db6ef3", "value": "Advise stakeholders on vulnerability compliance - T1615" }, { "description": "Resolve computer security incidents", "related": [], "uuid": "434c2757-1e74-597b-b106-668ac23cd445", "value": "Resolve computer security incidents - T1616" }, { "description": "Advise stakeholders on disaster recovery, contingency, and continuity of operations plans", "related": [], "uuid": "3cea9eff-9af7-5e22-aa98-acec65891010", "value": "Advise stakeholders on disaster recovery, contingency, and continuity of operations plans - T1618" }, { "description": "Perform file signature analysis", "related": [], "uuid": "3794b25d-7cc9-5df7-b490-6baad4040a55", "value": "Perform file signature analysis - T0167" }, { "description": "Perform data comparison against established database", "related": [], "uuid": "fd264229-f501-581e-9172-9b571becb1ac", "value": "Perform data comparison against established database - T0168" }, { "description": "Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)", "related": [], "uuid": "82e62093-5064-5b9c-bcc9-eb35e2925caa", "value": "Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView) - T0172" }, { "description": "Perform timeline analysis", "related": [], "uuid": "c9226c46-9bca-5727-a909-cde013fe753d", "value": "Perform timeline analysis - T0173" }, { "description": "Perform static media analysis", "related": [], "uuid": "f25f6448-2d33-53cb-87cc-651f8da23298", "value": "Perform static media analysis - T0179" }, { "description": "Perform tier 1, 2, and 3 malware analysis", "related": [], "uuid": "7e7de38a-cf5d-5ea0-95b4-76819d281a9c", "value": "Perform tier 1, 2, and 3 malware analysis - T0182" }, { "description": "Perform Windows registry analysis", "related": [], "uuid": "98ae9224-371b-58b0-b062-1664438c557e", "value": "Perform Windows registry analysis - T0397" }, { "description": "Set up a forensic workstation", "related": [], "uuid": "3c8847ab-940b-584d-bfda-b09664b347ea", "value": "Set up a forensic workstation - T1051" }, { "description": "Determine best methods for identifying the perpetrator(s) of a network intrusion", "related": [], "uuid": "438afae4-472d-510e-bc8b-5e6a22129c5a", "value": "Determine best methods for identifying the perpetrator(s) of a network intrusion - T1090" }, { "description": "Identify instrusions", "related": [], "uuid": "943675b1-f3f2-5475-9767-8254498e2037", "value": "Identify instrusions - T1102" }, { "description": "Analyze intrusions", "related": [], "uuid": "cac17a2e-8497-59c8-81d6-d285bd310f9a", "value": "Analyze intrusions - T1103" }, { "description": "Document what is known about intrusions", "related": [], "uuid": "39af33df-ca6b-5766-9a2b-bd7d961f5e21", "value": "Document what is known about intrusions - T1104" }, { "description": "Create forensically sound duplicates of evidence", "related": [], "uuid": "7f468f5b-8445-5712-82c4-6a343263abc9", "value": "Create forensically sound duplicates of evidence - T1120" }, { "description": "Decrypt seized data", "related": [], "uuid": "b48bd62f-957c-5cc0-a27d-521bc624b56c", "value": "Decrypt seized data - T1121" }, { "description": "Create technical summary of findings reports", "related": [], "uuid": "6e7b470c-cdbb-569b-8196-68e53e38fc28", "value": "Create technical summary of findings reports - T1159" }, { "description": "Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements", "related": [], "uuid": "c62a0c79-afc1-51c7-a5a3-5e96e56cd4b7", "value": "Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements - T1175" }, { "description": "Determine relevance of recovered data", "related": [], "uuid": "cc671298-a97d-5908-a8c2-abf53167072f", "value": "Determine relevance of recovered data - T1191" }, { "description": "Identify digital evidence for analysis", "related": [], "uuid": "8e24b906-d536-5572-a280-89c12508c7b9", "value": "Identify digital evidence for analysis - T1199" }, { "description": "Perform dynamic analysis on drives", "related": [], "uuid": "9970b3cc-d89b-51a2-83e2-53192ef23454", "value": "Perform dynamic analysis on drives - T1253" }, { "description": "Perform real-time cyber defense incident handling", "related": [], "uuid": "bf46f973-093d-5343-92a3-9b29fdf79949", "value": "Perform real-time cyber defense incident handling - T1260" }, { "description": "Prepare digital media for imaging", "related": [], "uuid": "f131ff07-0b0f-5ba9-90a2-0510665f8b20", "value": "Prepare digital media for imaging - T1282" }, { "description": "Report forensic artifacts indicative of a particular operating system", "related": [], "uuid": "3fdd0703-ff2f-564a-a34e-0eef6b6d97c9", "value": "Report forensic artifacts indicative of a particular operating system - T1301" }, { "description": "Capture network traffic associated with malicious activities", "related": [], "uuid": "9ae253f1-7366-5a28-97de-fe417f44e0d2", "value": "Capture network traffic associated with malicious activities - T1322" }, { "description": "Analyze network traffic associated with malicious activities", "related": [], "uuid": "ead0e582-0a29-5e73-bf7b-f27adf9f91bc", "value": "Analyze network traffic associated with malicious activities - T1323" }, { "description": "Process digital evidence", "related": [], "uuid": "982526d5-534e-53ef-bba5-3d0d1514fdac", "value": "Process digital evidence - T1324" }, { "description": "Document digital evidence", "related": [], "uuid": "ae0ff15b-b1a6-5ec9-a7b2-3914b9117041", "value": "Document digital evidence - T1325" }, { "description": "Collect intrusion artifacts", "related": [], "uuid": "cd88870f-52cf-50d5-855a-ad9219b78e4c", "value": "Collect intrusion artifacts - T1370" }, { "description": "Mitigate potential cyber defense incidents", "related": [], "uuid": "3ce65cd4-7ec1-590b-9e5c-d2ccffc70782", "value": "Mitigate potential cyber defense incidents - T1371" }, { "description": "Advise law enforcement personnel as technical expert", "related": [], "uuid": "0e0c7418-9074-543a-9de6-153f8e327563", "value": "Advise law enforcement personnel as technical expert - T1372" }, { "description": "Scan digital media for viruses", "related": [], "uuid": "535c2334-8bf2-5eba-8670-176fcc7f258e", "value": "Scan digital media for viruses - T1381" }, { "description": "Mount a drive image", "related": [], "uuid": "1fbd8387-bcc6-5df7-909f-318dbd83908f", "value": "Mount a drive image - T1382" }, { "description": "Utilize deployable forensics toolkit", "related": [], "uuid": "a94d3e40-5462-5811-8ff8-b315c15a1a17", "value": "Utilize deployable forensics toolkit - T1383" }, { "description": "Correlate threat assessment data", "related": [], "uuid": "075e4bdf-0218-57c5-b807-03a90a5b8e43", "value": "Correlate threat assessment data - T1407" }, { "description": "Process forensic images", "related": [], "uuid": "3f7ee4ba-6011-556c-ba26-978a87c72712", "value": "Process forensic images - T1486" }, { "description": "Perform file and registry monitoring on running systems", "related": [], "uuid": "75ad025e-52e0-5cc8-b646-6ad447e03862", "value": "Perform file and registry monitoring on running systems - T1487" }, { "description": "Enter digital media information into tracking databases", "related": [], "uuid": "12f7e697-9b8e-560e-816f-4b89b2fbf0ea", "value": "Enter digital media information into tracking databases - T1488" }, { "description": "Prepare cyber defense toolkits", "related": [], "uuid": "76aa6a8f-f51b-5a98-9927-e8206d19ba77", "value": "Prepare cyber defense toolkits - T1490" }, { "description": "Preserve digital evidence", "related": [], "uuid": "5f0bcb3e-98c3-5637-b411-55c58d4dc2b0", "value": "Preserve digital evidence - T1510" }, { "description": "Recover information from forensic data sources", "related": [], "uuid": "1d47c389-8087-56c8-aeff-128a0ff006ba", "value": "Recover information from forensic data sources - T1607" }, { "description": "Prepare cyber defense reports", "related": [], "uuid": "e48ba5d6-fb27-577b-94dc-225d95145b12", "value": "Prepare cyber defense reports - T1617" }, { "description": "Acquire resources to support cybersecurity program goals and objectives", "related": [], "uuid": "7ebf1128-18d6-502e-990d-65cd47c20437", "value": "Acquire resources to support cybersecurity program goals and objectives - T1056" }, { "description": "Conduct an effective enterprise continuity of operations program", "related": [], "uuid": "b29c250b-efaf-5fc9-8cc0-948e6a061498", "value": "Conduct an effective enterprise continuity of operations program - T1057" }, { "description": "Contribute insider threat expertise to organizational cybersecurity awareness program", "related": [], "uuid": "5fb8b032-7fbd-5996-864c-711c354bfc33", "value": "Contribute insider threat expertise to organizational cybersecurity awareness program - T1062" }, { "description": "Manage cybersecurity budget, staffing, and contracting", "related": [], "uuid": "3db4d294-9d90-59b6-99aa-106c94679173", "value": "Manage cybersecurity budget, staffing, and contracting - T1227" }, { "description": "Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations", "related": [], "uuid": "bdbd12ca-99af-5db6-89b2-603798a409f2", "value": "Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations - T1439" }, { "description": "Notify appropriate personnel of imminent hostile intentions or activities", "related": [], "uuid": "a8a5a2f0-4873-5d88-bf0f-0b94bcc25e31", "value": "Notify appropriate personnel of imminent hostile intentions or activities - T1799" }, { "description": "Document system alerts", "related": [], "uuid": "816e898b-c4f0-5bae-8151-41ed44078370", "value": "Document system alerts - T1969" }, { "description": "Escalate system alerts that may indicate risks", "related": [], "uuid": "fc519c49-afd7-5f0e-8881-f5a39a4151fc", "value": "Escalate system alerts that may indicate risks - T1970" }, { "description": "Disseminate anomalous activity reports to the insider threat hub", "related": [], "uuid": "ad30757e-2be3-5795-861f-b1f99183f862", "value": "Disseminate anomalous activity reports to the insider threat hub - T1971" }, { "description": "Conduct independent comprehensive assessments of target-specific information", "related": [], "uuid": "4e9b0b29-040c-5cda-903e-da2648301251", "value": "Conduct independent comprehensive assessments of target-specific information - T1973" }, { "description": "Conduct insider threat risk assessments", "related": [], "uuid": "be1b9e72-48f7-58e7-b474-868b07377513", "value": "Conduct insider threat risk assessments - T1974" }, { "description": "Prepare insider threat briefings", "related": [], "uuid": "a041bfc3-a757-578f-8803-eea1004182db", "value": "Prepare insider threat briefings - T1975" }, { "description": "Recommend risk mitigation courses of action (CoA)", "related": [], "uuid": "475e7c4f-b834-5a50-ae97-15d121bc46df", "value": "Recommend risk mitigation courses of action (CoA) - T1976" }, { "description": "Coordinate with internal and external incident management partners across jurisdictions", "related": [], "uuid": "209b8bef-6e71-5883-afa1-cd09433e890a", "value": "Coordinate with internal and external incident management partners across jurisdictions - T1977" }, { "description": "Recommend improvements to insider threat detection processes", "related": [], "uuid": "0b75b667-16f9-5f2f-aba2-e489e3e15eb8", "value": "Recommend improvements to insider threat detection processes - T1978" }, { "description": "Determine digital evidence priority intelligence requirements", "related": [], "uuid": "381f7b0f-9138-5912-948a-a97822443d79", "value": "Determine digital evidence priority intelligence requirements - T1979" }, { "description": "Develop digital evidence reports for internal and external partners", "related": [], "uuid": "00ba6f94-f75d-5a96-adb2-dabef9d0a20b", "value": "Develop digital evidence reports for internal and external partners - T1980" }, { "description": "Develop elicitation indicators", "related": [], "uuid": "58c930ba-6888-5714-8888-917dc1b2924c", "value": "Develop elicitation indicators - T1981" }, { "description": "Identify high value assets", "related": [], "uuid": "02f47504-74f6-500c-9419-3f5390000535", "value": "Identify high value assets - T1982" }, { "description": "Identify potential insider threats", "related": [], "uuid": "275cdbf4-8314-5ce5-acf5-2582cd8cd62f", "value": "Identify potential insider threats - T1983" }, { "description": "Identify imminent or hostile intentions or activities", "related": [], "uuid": "7dec0594-2980-5a70-8601-faf8a8b4227b", "value": "Identify imminent or hostile intentions or activities - T1985" }, { "description": "Develop a continuously updated overview of an incident throughout the incident's life cycle", "related": [], "uuid": "f4087091-c94a-5485-9c43-3f34d89ef00e", "value": "Develop a continuously updated overview of an incident throughout the incident's life cycle - T1986" }, { "description": "Develop insider threat cyber operations indicators", "related": [], "uuid": "84f7b8ac-979e-5516-824e-b5597240edf5", "value": "Develop insider threat cyber operations indicators - T1987" }, { "description": "Integrate information from cyber resources, internal partners, and external partners", "related": [], "uuid": "c9fab1b2-afda-5f4f-82c2-2e91d32f649d", "value": "Integrate information from cyber resources, internal partners, and external partners - T1988" }, { "description": "Advise insider threat hub inquiries", "related": [], "uuid": "3e1f71a3-d3ee-5c43-bd88-cc65ec0c9fbc", "value": "Advise insider threat hub inquiries - T1989" }, { "description": "Conduct cybersecurity insider threat inquiries", "related": [], "uuid": "9fda9bcc-85a5-55e3-890a-2889776c54a4", "value": "Conduct cybersecurity insider threat inquiries - T1990" }, { "description": "Deliver all-source cyber operations and intelligence indications and warnings", "related": [], "uuid": "85503aaa-034c-5288-b85d-2bbe34473481", "value": "Deliver all-source cyber operations and intelligence indications and warnings - T1991" }, { "description": "Interpret network activity for intelligence value", "related": [], "uuid": "e807d4f3-1268-54db-bef0-544a05051c72", "value": "Interpret network activity for intelligence value - T1992" }, { "description": "Monitor network activity for vulnerabilities", "related": [], "uuid": "656c4002-beca-5607-a114-443cbee7879c", "value": "Monitor network activity for vulnerabilities - T1993" }, { "description": "Identify potential insider risks to networks", "related": [], "uuid": "3db81136-966b-5f97-9798-5e1b9606353c", "value": "Identify potential insider risks to networks - T1994" }, { "description": "Document potential insider risks to networks", "related": [], "uuid": "f4067a1e-afae-5743-b44d-386f24c19f6c", "value": "Document potential insider risks to networks - T1995" }, { "description": "Report network vulnerabilities", "related": [], "uuid": "f7ef72e0-7e59-50dd-a9f2-72481d05a485", "value": "Report network vulnerabilities - T1996" }, { "description": "Develop insider threat investigation plans", "related": [], "uuid": "8e20b466-9a49-550b-a9cd-523b934bd73e", "value": "Develop insider threat investigation plans - T1997" }, { "description": "Investigate alleged insider threat cybersecurity policy violations", "related": [], "uuid": "b0dff356-3268-53af-b518-b98e74f87be1", "value": "Investigate alleged insider threat cybersecurity policy violations - T1998" }, { "description": "Refer cases on active insider threat activities to law enforcement investigators", "related": [], "uuid": "292dc15a-dab1-5f77-ac96-f7ff9834539a", "value": "Refer cases on active insider threat activities to law enforcement investigators - T1999" }, { "description": "Establish an insider threat risk management assessment program", "related": [], "uuid": "c10c6198-ac92-51db-ade6-13fbb7b3caa3", "value": "Establish an insider threat risk management assessment program - T2001" }, { "description": "Evaluate organizational insider risk response capabilities", "related": [], "uuid": "ae5bdd7c-3d5e-5c71-8907-c5c9b2ba6269", "value": "Evaluate organizational insider risk response capabilities - T2003" }, { "description": "Document insider threat information sources", "related": [], "uuid": "44616dcc-2972-51ea-846b-8f2fad1d071d", "value": "Document insider threat information sources - T2004" }, { "description": "Conduct insider threat studies", "related": [], "uuid": "26d8be86-6f8f-5706-80e5-21490f6b9353", "value": "Conduct insider threat studies - T2005" }, { "description": "Identify potential targets for exploitation", "related": [], "uuid": "01ead95e-28f8-5e4a-8de8-cad5aed4817b", "value": "Identify potential targets for exploitation - T2006" }, { "description": "Analyze potential targets for exploitation", "related": [], "uuid": "e9c7eae2-6212-5263-9d55-e66f9b477034", "value": "Analyze potential targets for exploitation - T2007" }, { "description": "Vet insider threat targeting with law enforcement and intelligence partners", "related": [], "uuid": "9bfb92f7-b5c9-5118-b98e-6a094471ce8e", "value": "Vet insider threat targeting with law enforcement and intelligence partners - T2008" }, { "description": "Develop insider threat targets", "related": [], "uuid": "222e57c3-d4d5-58b8-83ec-8c5493a963b3", "value": "Develop insider threat targets - T2009" }, { "description": "Maintain User Activity Monitoring (UAM) tools", "related": [], "uuid": "013c9094-9747-563d-92dd-c91673c6cfa9", "value": "Maintain User Activity Monitoring (UAM) tools - T2010" }, { "description": "Monitor the output from User Activity Monitoring (UAM) tools", "related": [], "uuid": "c3f28acb-609d-53b0-ae7f-c85ff7a216f9", "value": "Monitor the output from User Activity Monitoring (UAM) tools - T2011" }, { "description": "Administer rule and signature updates for specialized cyber defense applications", "related": [], "uuid": "fd8be546-6dae-5586-9292-613c7e2b5538", "value": "Administer rule and signature updates for specialized cyber defense applications - T1111" }, { "description": "Perform system administration on specialized cyber defense applications and systems", "related": [], "uuid": "7ecebab5-c169-523e-a770-5e8ec31b4951", "value": "Perform system administration on specialized cyber defense applications and systems - T1267" }, { "description": "Administer Virtual Private Network (VPN) devices", "related": [], "uuid": "bad89339-0a8d-5a2a-8f8a-bcadd4ae2971", "value": "Administer Virtual Private Network (VPN) devices - T1268" }, { "description": "Coordinate critical cyber defense infrastructure protection measures", "related": [], "uuid": "615d0ed7-5d8b-59ea-9351-3dfee45461ec", "value": "Coordinate critical cyber defense infrastructure protection measures - T1352" }, { "description": "Prioritize critical cyber defense infrastructure resources", "related": [], "uuid": "dce09b59-7135-5793-9cbc-441b9444cee4", "value": "Prioritize critical cyber defense infrastructure resources - T1353" }, { "description": "Build dedicated cyber defense hardware", "related": [], "uuid": "45105fe8-2d7e-56c4-9f11-11078e0bc17b", "value": "Build dedicated cyber defense hardware - T1432" }, { "description": "Install dedicated cyber defense hardware", "related": [], "uuid": "eea08ebb-e51a-5aa0-ae3d-704cbc31cc82", "value": "Install dedicated cyber defense hardware - T1433" }, { "description": "Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure", "related": [], "uuid": "012738b1-6df6-50cd-aceb-9df8a8496dd5", "value": "Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure - T1442" }, { "description": "Evaluate platforms managed by service providers", "related": [], "uuid": "5d6fa192-3102-533d-a736-577ce903d41e", "value": "Evaluate platforms managed by service providers - T1503" }, { "description": "Manage network access control lists on specialized cyber defense systems", "related": [], "uuid": "440b88ac-457d-5cc2-a8f3-3b74edddbc99", "value": "Manage network access control lists on specialized cyber defense systems - T1515" }, { "description": "Implement cyber defense tools", "related": [], "uuid": "1f4d2c36-9bfe-537e-9ef6-9cefc7af3854", "value": "Implement cyber defense tools - T1555" }, { "description": "Implement dedicated cyber defense systems", "related": [], "uuid": "c8cfe917-3849-5f87-955d-e570e465b2ca", "value": "Implement dedicated cyber defense systems - T1561" }, { "description": "Document system requirements", "related": [], "uuid": "c8cd5e13-f1b0-5cf1-b421-75a792b7693c", "value": "Document system requirements - T1562" }, { "description": "Evaluate organizational cybersecurity policy regulatory compliance", "related": [], "uuid": "e91a2973-3b1a-5b17-ad4f-8893b91661ea", "value": "Evaluate organizational cybersecurity policy regulatory compliance - T1069" }, { "description": "Evaluate organizational cybersecurity policy alignment with organizational directives", "related": [], "uuid": "96b8c2ef-2e66-5abd-8137-5ab45c42aa11", "value": "Evaluate organizational cybersecurity policy alignment with organizational directives - T1070" }, { "description": "Maintain deployable cyber defense audit toolkits", "related": [], "uuid": "6ee656b2-87eb-52a3-b67f-7ad2810b2c0a", "value": "Maintain deployable cyber defense audit toolkits - T1229" }, { "description": "Prepare audit reports", "related": [], "uuid": "280a7759-dea8-5698-b500-35c3fea9fd75", "value": "Prepare audit reports - T1279" }, { "description": "Perform required reviews", "related": [], "uuid": "99bebf2b-648d-52af-93bf-da3bdd986f89", "value": "Perform required reviews - T1341" }, { "description": "Perform risk and vulnerability assessments", "related": [], "uuid": "6b451c30-7241-53a3-87fa-800905962232", "value": "Perform risk and vulnerability assessments - T1619" }, { "description": "Recommend cost-effective security controls", "related": [], "uuid": "5e9778ec-ff00-5d14-8b20-692c8eb0e3af", "value": "Recommend cost-effective security controls - T1620" }, { "description": "Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)", "related": [], "uuid": "7bda1d4a-a579-522f-85b6-0cc13d6514a8", "value": "Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness) - T0262" }, { "description": "Coordinate incident response functions", "related": [], "uuid": "3bf52572-eda6-5a74-97ae-c4eb9c700c5b", "value": "Coordinate incident response functions - T0510" }, { "description": "Resolve cyber defense incidents", "related": [], "uuid": "43af23b1-56ab-5564-86b2-9529f68090c3", "value": "Resolve cyber defense incidents - T1109" }, { "description": "Coordinate technical support to enterprise-wide cybersecurity defense technicians", "related": [], "uuid": "4522376d-15cb-51b5-950f-323407b0a1c7", "value": "Coordinate technical support to enterprise-wide cybersecurity defense technicians - T1110" }, { "description": "Perform cyber defense incident triage", "related": [], "uuid": "bf78d7ae-eb45-594b-b8c2-38a12417af5c", "value": "Perform cyber defense incident triage - T1250" }, { "description": "Recommend incident remediation strategies", "related": [], "uuid": "ab9c9eae-5827-5aed-b166-96615c36bfa5", "value": "Recommend incident remediation strategies - T1251" }, { "description": "Determine the scope, urgency, and impact of cyber defense incidents", "related": [], "uuid": "7a3e6974-0178-59af-8ec2-7fa2e3c5cf2e", "value": "Determine the scope, urgency, and impact of cyber defense incidents - T1252" }, { "description": "Perform forensically sound image collection", "related": [], "uuid": "54e1a562-92c6-5c90-9f4a-94b28942f6a1", "value": "Perform forensically sound image collection - T1256" }, { "description": "Recommend mitigation and remediation strategies for enterprise systems", "related": [], "uuid": "fe4d5582-0608-5965-8c00-52e250911fdc", "value": "Recommend mitigation and remediation strategies for enterprise systems - T1257" }, { "description": "Track cyber defense incidents from initial detection through final resolution", "related": [], "uuid": "456b9f65-73a5-571f-bffc-49d6e05da9c4", "value": "Track cyber defense incidents from initial detection through final resolution - T1315" }, { "description": "Document cyber defense incidents from initial detection through final resolution", "related": [], "uuid": "3a08645a-e6d2-5b1f-97d2-0b0dca5635ff", "value": "Document cyber defense incidents from initial detection through final resolution - T1316" }, { "description": "Produce incident findings reports", "related": [], "uuid": "a345bd13-3404-5ba3-8f11-5dcdee17496a", "value": "Produce incident findings reports - T1332" }, { "description": "Communicate incident findings to appropriate constituencies", "related": [], "uuid": "a3f3a846-94e4-570e-ad9a-c17e269a0d3c", "value": "Communicate incident findings to appropriate constituencies - T1333" }, { "description": "Prepare after action reviews (AARs)", "related": [], "uuid": "f4d1270c-748a-560a-b192-2c901a2a0868", "value": "Prepare after action reviews (AARs) - T1485" }, { "description": "Maintain database management systems software", "related": [], "uuid": "f834d550-8b2c-518e-8587-bd1a8fd7e394", "value": "Maintain database management systems software - T0137" }, { "description": "Maintain assured message delivery systems", "related": [], "uuid": "cbff7989-c4d6-5705-85c0-6ac06ade93d1", "value": "Maintain assured message delivery systems - T0330" }, { "description": "Implement data management standards, requirements, and specifications", "related": [], "uuid": "24eb8912-ecd7-5ab9-8609-9e0bc924ef2d", "value": "Implement data management standards, requirements, and specifications - T0422" }, { "description": "Implement data mining and data warehousing applications", "related": [], "uuid": "4b637d05-ff87-5459-bd74-25289e1562c7", "value": "Implement data mining and data warehousing applications - T0459" }, { "description": "Maintain directory replication services", "related": [], "uuid": "e5b954e9-6fe3-55e6-a09d-e7159b2c802b", "value": "Maintain directory replication services - T1230" }, { "description": "Maintain information exchanges through publish, subscribe, and alert functions", "related": [], "uuid": "60eac195-527a-5016-b4f4-15b5ae310feb", "value": "Maintain information exchanges through publish, subscribe, and alert functions - T1231" }, { "description": "Perform backup and recovery of databases", "related": [], "uuid": "e125c410-c289-5d94-bd0f-cf5f1abe3112", "value": "Perform backup and recovery of databases - T1249" }, { "description": "Manage databases and data management systems", "related": [], "uuid": "dbda1e3b-af0d-5a00-8f6c-d7f29d5dbce8", "value": "Manage databases and data management systems - T1402" }, { "description": "Install database management systems and software", "related": [], "uuid": "16d343da-8ce7-5c30-baf9-9697cab0b45d", "value": "Install database management systems and software - T1564" }, { "description": "Configure database management systems and software", "related": [], "uuid": "5df973e7-8191-506d-b437-9422b715f59b", "value": "Configure database management systems and software - T1565" }, { "description": "Construct access paths to suites of information", "related": [], "uuid": "c88f19e4-1dd5-53ab-ac06-e94d7f0645e9", "value": "Construct access paths to suites of information - T1105" }, { "description": "Monitor the usage of knowledge management assets and resources", "related": [], "uuid": "00cf0ea9-90a0-58a6-bd14-c43ec480d95c", "value": "Monitor the usage of knowledge management assets and resources - T1239" }, { "description": "Create knowledge management assets and resources usage reports", "related": [], "uuid": "97656d8a-336c-548c-8783-24db4e911b34", "value": "Create knowledge management assets and resources usage reports - T1240" }, { "description": "Plan knowledge management projects", "related": [], "uuid": "56326b7c-a2d6-540c-a0ad-b5bae8a6dc9e", "value": "Plan knowledge management projects - T1273" }, { "description": "Deliver knowledge management projects", "related": [], "uuid": "67ab82c1-3ea2-5a67-add3-9adb5815d550", "value": "Deliver knowledge management projects - T1274" }, { "description": "Recommend data structures for use in the production of reports", "related": [], "uuid": "a75fbcb8-1815-5c74-844f-ee60ef1f3712", "value": "Recommend data structures for use in the production of reports - T1296" }, { "description": "Manage organizational knowledge repositories", "related": [], "uuid": "d75fd246-93c3-5cf4-b680-e9a7f35f001d", "value": "Manage organizational knowledge repositories - T1504" }, { "description": "Design organizational knowledge management frameworks", "related": [], "uuid": "41fd4186-8bbe-5384-8b0c-bc07c098d1ca", "value": "Design organizational knowledge management frameworks - T1523" }, { "description": "Implement organizational knowledge management frameworks", "related": [], "uuid": "94eaf660-d5d2-5138-83c6-2e700e846faa", "value": "Implement organizational knowledge management frameworks - T1524" }, { "description": "Maintain organizational knowledge management frameworks", "related": [], "uuid": "295c10d9-edca-50f0-a447-64cbedb19800", "value": "Maintain organizational knowledge management frameworks - T1525" }, { "description": "Check system hardware availability, functionality, integrity, and efficiency", "related": [], "uuid": "553c4543-054d-5312-878e-28ce2a841508", "value": "Check system hardware availability, functionality, integrity, and efficiency - T0431" }, { "description": "Troubleshoot hardware/software interface and interoperability problems", "related": [], "uuid": "b1898523-e494-5404-b4e8-08755850c237", "value": "Troubleshoot hardware/software interface and interoperability problems - T0531" }, { "description": "Conduct functional and connectivity testing", "related": [], "uuid": "8fc96987-ad58-55e0-b9d5-d161da328b16", "value": "Conduct functional and connectivity testing - T1092" }, { "description": "Develop group policies and access control lists", "related": [], "uuid": "5d849e3b-bb8c-54a3-b87a-4d197b74086c", "value": "Develop group policies and access control lists - T1130" }, { "description": "Develop systems administration standard operating procedures", "related": [], "uuid": "463fa2af-fb89-509f-8d0c-83ef1b50395c", "value": "Develop systems administration standard operating procedures - T1140" }, { "description": "Document systems administration standard operating procedures", "related": [], "uuid": "ed9174db-6396-5fc7-844e-4a9e05c28fbb", "value": "Document systems administration standard operating procedures - T1141" }, { "description": "Maintain baseline system security", "related": [], "uuid": "2699d799-a048-59bc-9213-24b6d094203c", "value": "Maintain baseline system security - T1228" }, { "description": "Determine the effectiveness of data redundancy and system recovery procedures", "related": [], "uuid": "7f7d7ac5-4a70-5887-8f81-1f89ca2d7b9a", "value": "Determine the effectiveness of data redundancy and system recovery procedures - T1275" }, { "description": "Develop data redundancy and system recovery procedures", "related": [], "uuid": "1b279867-d702-5d77-becf-0d78fe33c3c5", "value": "Develop data redundancy and system recovery procedures - T1276" }, { "description": "Execute data redundancy and system recovery procedures", "related": [], "uuid": "1539e5ea-bf06-5309-abf5-e9b4d3dbd5fa", "value": "Execute data redundancy and system recovery procedures - T1277" }, { "description": "Produce cybersecurity instructional materials", "related": [], "uuid": "63775672-f93d-5dee-90d6-8e97a97ad771", "value": "Produce cybersecurity instructional materials - T1334" }, { "description": "Install systems and servers", "related": [], "uuid": "87e412b9-e23c-5a54-875d-efc368b9a9e7", "value": "Install systems and servers - T1500" }, { "description": "Update systems and servers", "related": [], "uuid": "c46d4b49-375a-5cfa-bba1-600cebd5187f", "value": "Update systems and servers - T1501" }, { "description": "Troubleshoot systems and servers", "related": [], "uuid": "c3706b36-e92a-5cab-9e54-604696aa4de5", "value": "Troubleshoot systems and servers - T1502" }, { "description": "Perform periodic system maintenance", "related": [], "uuid": "d35d5d44-000b-560b-80d3-e5c8eec97d35", "value": "Perform periodic system maintenance - T1512" }, { "description": "Develop local network usage policies and procedures", "related": [], "uuid": "0351ba75-7944-5b8a-ab13-b6ca3f5955fc", "value": "Develop local network usage policies and procedures - T1530" }, { "description": "Determine compliance with local network usage policies and procedures", "related": [], "uuid": "f21405b5-0246-5308-bb97-532e446ac4f0", "value": "Determine compliance with local network usage policies and procedures - T1531" }, { "description": "Administer system and network user accounts", "related": [], "uuid": "d3cd6956-3133-5e63-9058-c62ab8d2641c", "value": "Administer system and network user accounts - T1569" }, { "description": "Establish system and network rights processes and procedures", "related": [], "uuid": "b8341c45-f6bf-5c84-83a9-1fa4402db545", "value": "Establish system and network rights processes and procedures - T1570" }, { "description": "Establish systems and equipment access protocols", "related": [], "uuid": "54592f5e-9ff9-531b-b90f-f11e5ca35fa6", "value": "Establish systems and equipment access protocols - T1571" }, { "description": "Monitor system and server configurations", "related": [], "uuid": "6cf00c3c-aea0-5807-9a56-2b1278d29b33", "value": "Monitor system and server configurations - T1578" }, { "description": "Maintain system and server configurations", "related": [], "uuid": "7f5fba86-fc93-5522-81f0-8649c7492c68", "value": "Maintain system and server configurations - T1579" }, { "description": "Diagnose faulty system and server hardware", "related": [], "uuid": "bf03fa36-c84a-5b91-9a21-060804b517dc", "value": "Diagnose faulty system and server hardware - T1588" }, { "description": "Repair faulty system and server hardware", "related": [], "uuid": "ea7a9ca4-cc95-5094-b283-60045c7c9983", "value": "Repair faulty system and server hardware - T1589" }, { "description": "Develop data standards, policies, and procedures", "related": [], "uuid": "945215b0-8307-5500-b908-bf172e779bfe", "value": "Develop data standards, policies, and procedures - T0068" }, { "description": "Collect metrics and trending data", "related": [], "uuid": "8798520b-33d9-5753-90d2-d103b8dec4f6", "value": "Collect metrics and trending data - T0349" }, { "description": "Program custom algorithms", "related": [], "uuid": "f55e4c33-ac86-58da-964f-53f350d8e16f", "value": "Program custom algorithms - T0383" }, { "description": "Develop and implement data mining and data warehousing programs", "related": [], "uuid": "a74a56f1-3923-5963-b895-b433347c6a06", "value": "Develop and implement data mining and data warehousing programs - T0460" }, { "description": "Determine data requirements", "related": [], "uuid": "636016fd-53fb-52a0-bef7-fddeed2969d7", "value": "Determine data requirements - T1063" }, { "description": "Determine data specifications", "related": [], "uuid": "2b78acbf-3775-5244-bc9a-358280432fe3", "value": "Determine data specifications - T1064" }, { "description": "Determine data capacity requirements", "related": [], "uuid": "1cff678a-6549-56a1-b849-14880821a17a", "value": "Determine data capacity requirements - T1065" }, { "description": "Plan for anticipated changes in data capacity requirements", "related": [], "uuid": "b7e12787-1ed3-5818-840a-b20836017b52", "value": "Plan for anticipated changes in data capacity requirements - T1066" }, { "description": "Recommend new database technologies and architectures", "related": [], "uuid": "c76d09e1-82dc-5596-a2a7-607d4bfeae59", "value": "Recommend new database technologies and architectures - T1297" }, { "description": "Assess the validity of source data", "related": [], "uuid": "56463962-db96-5cbc-9b21-15f6542bb080", "value": "Assess the validity of source data - T1440" }, { "description": "Conduct hypothesis testing", "related": [], "uuid": "74d13743-8c88-56a1-92eb-9b81181a84fd", "value": "Conduct hypothesis testing - T1445" }, { "description": "Develop data gathering processes", "related": [], "uuid": "25717e37-6472-56f5-9aa6-f17c9b014480", "value": "Develop data gathering processes - T1458" }, { "description": "Process crime scenes", "related": [], "uuid": "694a060b-fe1a-566e-8ad8-4f4c43e872e2", "value": "Process crime scenes - T0193" }, { "description": "Conduct victim and witness interviews", "related": [], "uuid": "e79833e9-2f77-5e17-88a6-6c61eb57b6ac", "value": "Conduct victim and witness interviews - T1094" }, { "description": "Conduct suspect interrogations", "related": [], "uuid": "96a8592f-31b9-517b-af8f-e3b0212080eb", "value": "Conduct suspect interrogations - T1095" }, { "description": "Investigate suspicious activity and alleged digital crimes", "related": [], "uuid": "7b3ca8a3-cac7-5848-b333-21ed7fe5f77a", "value": "Investigate suspicious activity and alleged digital crimes - T1137" }, { "description": "Establish internal and external cross-team relationships", "related": [], "uuid": "e90d7e57-2a72-5d35-bb77-05f4c53953eb", "value": "Establish internal and external cross-team relationships - T1187" }, { "description": "Conduct analysis of computer network attacks", "related": [], "uuid": "a467b562-638f-5591-a892-e4378be7d8d5", "value": "Conduct analysis of computer network attacks - T1192" }, { "description": "Determine if security incidents are indicative of a violation of law that requires specific legal action", "related": [], "uuid": "738b57c1-a62a-5d0c-89e8-08eeafed21d4", "value": "Determine if security incidents are indicative of a violation of law that requires specific legal action - T1196" }, { "description": "Identify data or intelligence of evidentiary value", "related": [], "uuid": "40efc18c-433a-519e-acb8-6cc5f54ee601", "value": "Identify data or intelligence of evidentiary value - T1198" }, { "description": "Identify elements of proof of cybersecurity crimes", "related": [], "uuid": "5e07e47d-511e-534c-8e00-545260a0c949", "value": "Identify elements of proof of cybersecurity crimes - T1200" }, { "description": "Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations", "related": [], "uuid": "6d8cf8ba-d71b-5f2c-9c43-6bb44a6fafe9", "value": "Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations - T1207" }, { "description": "Advise trial counsel as technical expert", "related": [], "uuid": "f40c6935-07d2-5c4b-819e-c000534aaf84", "value": "Advise trial counsel as technical expert - T1477" }, { "description": "Analyze cybersecurity threats for counter intelligence or criminal activity", "related": [], "uuid": "2cd7a566-4faf-51c2-a585-c2c2ad9387fb", "value": "Analyze cybersecurity threats for counter intelligence or criminal activity - T1505" }, { "description": "Identify responsible parties for intrusions and other crimes", "related": [], "uuid": "0a7d4b8c-f6b2-5dea-ab37-a15021ee419a", "value": "Identify responsible parties for intrusions and other crimes - T1526" }, { "description": "Document original condition of digital evidence", "related": [], "uuid": "fc2e71fe-b1e0-5f63-b3cd-3f95341934ad", "value": "Document original condition of digital evidence - T1542" }, { "description": "Prosecute cybercrimes and fraud committed against people and property", "related": [], "uuid": "f186dcb8-e333-525a-a1ee-8c6f5ee4ab38", "value": "Prosecute cybercrimes and fraud committed against people and property - T1551" }, { "description": "Prepare investigative reports", "related": [], "uuid": "b7afa541-d808-58ff-8c98-fb78feb802ec", "value": "Prepare investigative reports - T1600" }, { "description": "Detect concealed data", "related": [], "uuid": "2c73f0d5-9982-5f71-b710-aa976d6234cb", "value": "Detect concealed data - T1516" }, { "description": "Answer requests for information", "related": [], "uuid": "c89d008b-8dc4-5632-bd1d-b3661ffd4305", "value": "Answer requests for information - T0569" }, { "description": "Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers", "related": [], "uuid": "4ea95041-3bd2-5fe1-b7ed-ec2f45956327", "value": "Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers - T0698" }, { "description": "Monitor open source websites for hostile content directed towards organizational or partner interests", "related": [], "uuid": "062c6d1b-ec0b-557e-9da7-aef718ddb5fb", "value": "Monitor open source websites for hostile content directed towards organizational or partner interests - T0751" }, { "description": "Identify cyber threat tactics and methodologies", "related": [], "uuid": "d1dcbf94-4992-5178-95de-b5f68d56d845", "value": "Identify cyber threat tactics and methodologies - T0845" }, { "description": "Provide intelligence analysis and support", "related": [], "uuid": "9f3aee02-8f33-5fdd-8e2c-993a6217fbaf", "value": "Provide intelligence analysis and support - T1798" }, { "description": "Prepare network intrusion reports", "related": [], "uuid": "6723748d-037c-5a91-8d48-5ea206f01e43", "value": "Prepare network intrusion reports - T1804" }, { "description": "Assess performance of collection assets against prescribed specifications", "related": [], "uuid": "d9bffb53-e9f9-549d-8629-9f920a0186ee", "value": "Assess performance of collection assets against prescribed specifications - T0578" }, { "description": "Determine course of action for addressing changes to objectives, guidance, and operational environment", "related": [], "uuid": "31639e78-fcb0-559a-9e2f-8d768e360c96", "value": "Determine course of action for addressing changes to objectives, guidance, and operational environment - T0645" }, { "description": "Identify potential collection disciplines for application against priority information requirements", "related": [], "uuid": "05131755-ce83-5284-8ab0-e4e160a60740", "value": "Identify potential collection disciplines for application against priority information requirements - T0723" }, { "description": "Link priority collection requirements to optimal assets and resources", "related": [], "uuid": "1385be4d-b616-5101-83c7-a13a7b705d89", "value": "Link priority collection requirements to optimal assets and resources - T0737" }, { "description": "Address identified issues in collection operations and collection plans", "related": [], "uuid": "35ea3b95-db7c-5ffd-b723-748d5a0d81c1", "value": "Address identified issues in collection operations and collection plans - T1630" }, { "description": "Synchronize collections with operational requirements", "related": [], "uuid": "97c6665b-afa2-534a-a323-bf6393780e79", "value": "Synchronize collections with operational requirements - T1631" }, { "description": "Determine if collection products and services meet requirements", "related": [], "uuid": "03616396-94ac-587b-a675-69b6042d82df", "value": "Determine if collection products and services meet requirements - T1632" }, { "description": "Determine impacts on collection management operational structure and requirements", "related": [], "uuid": "3764d8e5-06c9-5c05-a9fc-d9b965835c4c", "value": "Determine impacts on collection management operational structure and requirements - T1634" }, { "description": "Develop intelligence collection management processes", "related": [], "uuid": "2ee2fa0a-eff1-5730-8ca0-42f73a3d353f", "value": "Develop intelligence collection management processes - T1636" }, { "description": "Compare allocated and available assets to collection demand", "related": [], "uuid": "b794d291-7a81-58ae-b948-6cabb679e450", "value": "Compare allocated and available assets to collection demand - T1659" }, { "description": "Prepare intelligence collection reports", "related": [], "uuid": "40a3e6c4-420f-542b-9a6a-47142852b3b4", "value": "Prepare intelligence collection reports - T1660" }, { "description": "Coordinate resource allocation of collection assets with collection discipline leads", "related": [], "uuid": "4179881f-e178-58f0-a3cf-15b80073cc11", "value": "Coordinate resource allocation of collection assets with collection discipline leads - T1681" }, { "description": "Prepare collection plan documentation", "related": [], "uuid": "ead0fcb2-6e7b-527d-a48b-237c447d3ec4", "value": "Prepare collection plan documentation - T1682" }, { "description": "Inventory existing collection management webpage databases, libraries, and storehouses", "related": [], "uuid": "ee7958a7-9961-5c2c-a433-c96e60137f00", "value": "Inventory existing collection management webpage databases, libraries, and storehouses - T1693" }, { "description": "Determine organizations with collection authority over predefined accessible collection assets", "related": [], "uuid": "7e9e7fdd-a5d8-5877-98e9-74b2c8298ed2", "value": "Determine organizations with collection authority over predefined accessible collection assets - T1695" }, { "description": "Develop intelligence collection report analysis processes", "related": [], "uuid": "201f61d3-b0d8-57c7-b370-a7bc141a0c41", "value": "Develop intelligence collection report analysis processes - T1696" }, { "description": "Prepare collections operation instructions", "related": [], "uuid": "4c4e2064-5874-536c-822f-0a376a03502d", "value": "Prepare collections operation instructions - T1703" }, { "description": "Allocate collection assets", "related": [], "uuid": "5ca31d8c-bbca-5f9c-ac35-9d7709ba1513", "value": "Allocate collection assets - T1706" }, { "description": "Disseminate tasking messages", "related": [], "uuid": "c4d24078-75b0-5a0a-bca6-ad666ec93a1a", "value": "Disseminate tasking messages - T1723" }, { "description": "Disseminate collection plans", "related": [], "uuid": "b82db822-9721-5391-a111-daeb22975d6e", "value": "Disseminate collection plans - T1724" }, { "description": "Select collaboration platforms", "related": [], "uuid": "a8fb6ed8-dcec-5684-a5b0-9e243be565e8", "value": "Select collaboration platforms - T1742" }, { "description": "Develop coordination requirements and procedures", "related": [], "uuid": "d27da991-9550-5d73-bd77-f386c067b8c9", "value": "Develop coordination requirements and procedures - T1744" }, { "description": "Determine effectiveness of processing, exploitation, and dissemination architecture", "related": [], "uuid": "ec57796a-e8ee-5de7-9f8e-41771e67f3a3", "value": "Determine effectiveness of processing, exploitation, and dissemination architecture - T1746" }, { "description": "Identify collection management risks", "related": [], "uuid": "21109e37-1b62-5d8a-b844-bb2c19fe19fe", "value": "Identify collection management risks - T1748" }, { "description": "Mitigate collection management risks", "related": [], "uuid": "6bb4d33f-fb04-5b76-8d2e-617425448b0b", "value": "Mitigate collection management risks - T1749" }, { "description": "Determine when reallocated collection efforts are completed", "related": [], "uuid": "7b04201b-ebdc-57df-82d8-b094a50243e3", "value": "Determine when reallocated collection efforts are completed - T1769" }, { "description": "Determine effectiveness of the processing, exploitation, and dissemination architecture", "related": [], "uuid": "a7e4587e-cfe6-58cd-96c3-2a645a33556a", "value": "Determine effectiveness of the processing, exploitation, and dissemination architecture - T1771" }, { "description": "Identify collection operational management process risks", "related": [], "uuid": "a54e7b67-5fb8-5e51-b1de-43312b264eb4", "value": "Identify collection operational management process risks - T1773" }, { "description": "Prioritize collection requirements for collection platforms", "related": [], "uuid": "42be42da-a91a-5851-bead-ff1974f782e6", "value": "Prioritize collection requirements for collection platforms - T1783" }, { "description": "Reassign collection assets and resources in response to dynamic operational situations", "related": [], "uuid": "0d3567e1-ded5-518d-83cd-938ad15fca41", "value": "Reassign collection assets and resources in response to dynamic operational situations - T1787" }, { "description": "Request discipline-specific processing, exploitation, and dissemination information", "related": [], "uuid": "87642b0c-f70a-51c5-a2ed-38b224752739", "value": "Request discipline-specific processing, exploitation, and dissemination information - T1805" }, { "description": "Determine intelligence collection asset capabilities", "related": [], "uuid": "aa0027f0-a2a6-5c94-b1ae-b4f2de9755f9", "value": "Determine intelligence collection asset capabilities - T1807" }, { "description": "Determine accuracy of intelligence collection guidance", "related": [], "uuid": "97926717-8943-53d7-874d-8f81f6ade104", "value": "Determine accuracy of intelligence collection guidance - T1808" }, { "description": "Update collection plans", "related": [], "uuid": "278e5873-9ef3-5ba5-8a68-d927f8db2674", "value": "Update collection plans - T1809" }, { "description": "Update collection matrices", "related": [], "uuid": "9bc939d2-c397-5297-accd-c35eabc14c67", "value": "Update collection matrices - T1813" }, { "description": "Recommend changes to collection plans", "related": [], "uuid": "5da69117-1ed7-5237-be9b-e1a6cf4a61da", "value": "Recommend changes to collection plans - T1818" }, { "description": "Recommend changes to operational environment", "related": [], "uuid": "d5655938-29b4-52bc-af40-014f17b15f76", "value": "Recommend changes to operational environment - T1819" }, { "description": "Specify discipline-specific taskings", "related": [], "uuid": "4394dbc0-a63c-5829-80f6-111a2f08e87e", "value": "Specify discipline-specific taskings - T1820" }, { "description": "Synchronize the integrated employment of organic and partner intelligence collection assets", "related": [], "uuid": "b188e3e1-78a7-5c12-91ac-468113ded78c", "value": "Synchronize the integrated employment of organic and partner intelligence collection assets - T1828" }, { "description": "Diagnose network connectivity problems", "related": [], "uuid": "0fe8d244-1fb7-59a0-a4b3-9066aa179387", "value": "Diagnose network connectivity problems - T0081" }, { "description": "Install or replace network hubs, routers, and switches", "related": [], "uuid": "d74d7fda-ef40-56cf-a12a-85660ca8d1db", "value": "Install or replace network hubs, routers, and switches - T0126" }, { "description": "Integrate new systems into existing network architecture", "related": [], "uuid": "db0b5f0e-3ae0-5940-ad44-ba2386d4a48f", "value": "Integrate new systems into existing network architecture - T0129" }, { "description": "Monitor network capacity and performance", "related": [], "uuid": "b7db7052-1cc0-5285-a447-dc60764b8eb1", "value": "Monitor network capacity and performance - T0153" }, { "description": "Improve network security practices", "related": [], "uuid": "d7ae7bcb-9e16-592b-9dd3-11d22b5f8974", "value": "Improve network security practices - T1050" }, { "description": "Develop network backup and recovery procedures", "related": [], "uuid": "1d36c87c-61db-5b68-ae33-2658b8c8a2cc", "value": "Develop network backup and recovery procedures - T1143" }, { "description": "Implement network backup and recovery procedures", "related": [], "uuid": "dfaafba2-8033-56e5-acd9-5cbfbc01bbbf", "value": "Implement network backup and recovery procedures - T1144" }, { "description": "Patch network vulnerabilities", "related": [], "uuid": "c43d7ca8-8042-59f1-83a7-399e1e1f66da", "value": "Patch network vulnerabilities - T1248" }, { "description": "Test network infrastructure, including software and hardware devices", "related": [], "uuid": "7212f353-74ab-5851-8175-8190718380ec", "value": "Test network infrastructure, including software and hardware devices - T1313" }, { "description": "Maintain network infrastructure, including software and hardware devices", "related": [], "uuid": "2466be6f-216e-564c-9d45-e86f025b611b", "value": "Maintain network infrastructure, including software and hardware devices - T1314" }, { "description": "Assess the effectiveness of security controls", "related": [], "uuid": "fe596108-64f4-565f-bbce-887d1b90c791", "value": "Assess the effectiveness of security controls - T0309" }, { "description": "Implement system cybersecurity policies", "related": [], "uuid": "366c3570-b382-5412-88f1-ac268e3845f7", "value": "Implement system cybersecurity policies - T1076" }, { "description": "Determine if systems security operations and maintenance activities are property documented and updated", "related": [], "uuid": "e391f0b2-f582-5c9c-b514-5b86f78d37a2", "value": "Determine if systems security operations and maintenance activities are property documented and updated - T1172" }, { "description": "Determine that the application of security patches for commercial products meets timeline requirements", "related": [], "uuid": "de9a16c6-290c-51c7-9b4b-274af9d85f05", "value": "Determine that the application of security patches for commercial products meets timeline requirements - T1173" }, { "description": "Document commercial product timeline requirements dictated by the management authority for intended operational environments", "related": [], "uuid": "646b352d-c0bc-579b-8406-a5ea827299ef", "value": "Document commercial product timeline requirements dictated by the management authority for intended operational environments - T1174" }, { "description": "Implement cybersecurity countermeasures for systems and applications", "related": [], "uuid": "d6cd4087-1edf-5db7-a355-9fdf4d5e78fd", "value": "Implement cybersecurity countermeasures for systems and applications - T1212" }, { "description": "Integrate automated capabilities for updating or patching system software", "related": [], "uuid": "3359363d-1108-5825-a1d0-ef4643871c89", "value": "Integrate automated capabilities for updating or patching system software - T1218" }, { "description": "Develop processes and procedures for manual updating and patching of system software", "related": [], "uuid": "3dfca7d1-186d-59bd-a93d-8a1d2908afb5", "value": "Develop processes and procedures for manual updating and patching of system software - T1219" }, { "description": "Document systems security activities", "related": [], "uuid": "680cb5e4-61bc-5444-a813-63110e0d9f8e", "value": "Document systems security activities - T1287" }, { "description": "Update security documentation to reflect current application and system security design features", "related": [], "uuid": "1106c978-28bd-5ca1-92bd-c17b7ab6a6d9", "value": "Update security documentation to reflect current application and system security design features - T1327" }, { "description": "Determine effectiveness of configuration management processes", "related": [], "uuid": "f8601b7f-7874-5043-bcf7-24f92fcf15b0", "value": "Determine effectiveness of configuration management processes - T1437" }, { "description": "Develop procedures for system operations transfer to alternate sites", "related": [], "uuid": "f337c8a1-65f7-56d5-8d68-3973cd836aa3", "value": "Develop procedures for system operations transfer to alternate sites - T1532" }, { "description": "Test failover for system operations transfer to alternative sites", "related": [], "uuid": "a56935b9-4ac1-5b78-a309-31f1c4f52b85", "value": "Test failover for system operations transfer to alternative sites - T1533" }, { "description": "Execute disaster recovery and continuity of operations processes", "related": [], "uuid": "4d554725-979d-58bb-bc7e-1f8e74b4f3cc", "value": "Execute disaster recovery and continuity of operations processes - T1550" }, { "description": "Implement security measures for systems and system components", "related": [], "uuid": "b5310b09-ef6b-5de7-a3ca-d019996c861f", "value": "Implement security measures for systems and system components - T1557" }, { "description": "Resolve vulnerabilities in systems and system components", "related": [], "uuid": "0060977d-0aab-56de-87c3-7a39982ca97f", "value": "Resolve vulnerabilities in systems and system components - T1559" }, { "description": "Mitigate risks in systems and system components", "related": [], "uuid": "017620db-704f-591b-a754-dea829d2bafb", "value": "Mitigate risks in systems and system components - T1560" }, { "description": "Implement cross-domain solutions", "related": [], "uuid": "951a6129-cd5a-5e34-87d5-ed91699859d9", "value": "Implement cross-domain solutions - T1568" }, { "description": "Develop risk acceptance documentation for senior leaders and authorized representatives", "related": [], "uuid": "77d9d581-80c6-5889-a6bb-3057e272f955", "value": "Develop risk acceptance documentation for senior leaders and authorized representatives - T1574" }, { "description": "Troubleshoot system hardware and software", "related": [], "uuid": "1e2e8e40-5951-5b31-b5cf-4b73eb951566", "value": "Troubleshoot system hardware and software - T0237" }, { "description": "Implement organizational security policies and procedures", "related": [], "uuid": "1aacc00b-97d5-583f-a364-7df4fc69aa09", "value": "Implement organizational security policies and procedures - T1024" }, { "description": "Identify emerging incident trends", "related": [], "uuid": "7c9fabfe-8664-5b45-8a2b-e767c93ac8b7", "value": "Identify emerging incident trends - T1405" }, { "description": "Develop technical training curriculum and resources", "related": [], "uuid": "f57f7bc5-f72d-5c56-9699-e21503c9f6b6", "value": "Develop technical training curriculum and resources - T1411" }, { "description": "Deliver technical training to customers", "related": [], "uuid": "c827a452-c29f-57d8-98a1-821178909eac", "value": "Deliver technical training to customers - T1412" }, { "description": "Maintain incident tracking and solution databases", "related": [], "uuid": "c433219d-d95d-5d88-b182-d702ef68954e", "value": "Maintain incident tracking and solution databases - T1427" }, { "description": "Resolve customer-reported system incidents and events", "related": [], "uuid": "ef2b9e2b-7b27-51aa-94bd-2ef2de61d3d9", "value": "Resolve customer-reported system incidents and events - T1538" }, { "description": "Recommend enhancements to software and hardware solutions", "related": [], "uuid": "bd711988-1a2e-56bd-a86a-08679265b094", "value": "Recommend enhancements to software and hardware solutions - T1554" }, { "description": "Install system hardware, software, and peripheral equipment", "related": [], "uuid": "a12dbe26-8691-5d1d-8e21-3866f660c0a5", "value": "Install system hardware, software, and peripheral equipment - T1566" }, { "description": "Configure system hardware, software, and peripheral equipment", "related": [], "uuid": "1a3cdbdd-d174-50ea-b30c-22659bc8cb8e", "value": "Configure system hardware, software, and peripheral equipment - T1567" }, { "description": "Inventory technology resources", "related": [], "uuid": "c290aaca-c31b-5e74-bb33-c6e40389d8c7", "value": "Inventory technology resources - T1572" }, { "description": "Monitor client-level computer system performance", "related": [], "uuid": "a4a36047-33b9-515e-9ed6-9456d90f933f", "value": "Monitor client-level computer system performance - T1580" }, { "description": "Create client-level computer system performance reports", "related": [], "uuid": "d1b36586-bf27-5d70-83c8-8b407a9ee3b4", "value": "Create client-level computer system performance reports - T1581" }, { "description": "Develop intelligence collection requirements", "related": [], "uuid": "25d5377c-a1a2-548a-8802-5e05cd3419a5", "value": "Develop intelligence collection requirements - T1739" }, { "description": "Designate priority information requirements", "related": [], "uuid": "541754b7-00c3-5b13-b3a9-6cf70fd7e26d", "value": "Designate priority information requirements - T1741" }, { "description": "Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel", "related": [], "uuid": "9ff08964-2616-5560-b6cc-020ee08e9b6b", "value": "Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel - T1015" }, { "description": "Identify Communications Security (COMSEC) incidents", "related": [], "uuid": "840727d7-192c-5be2-b782-bf5faca62314", "value": "Identify Communications Security (COMSEC) incidents - T1016" }, { "description": "Report Communications Security (COMSEC) incidents", "related": [], "uuid": "0443959e-0c69-51f7-b11c-73282c869eb7", "value": "Report Communications Security (COMSEC) incidents - T1017" }, { "description": "Identify in-process accounting requirements for Communications Security (COMSEC)", "related": [], "uuid": "4f2da212-0c4b-5e79-9ace-2cbec84431cd", "value": "Identify in-process accounting requirements for Communications Security (COMSEC) - T1018" }, { "description": "Advise senior management on risk levels and security posture", "related": [], "uuid": "53d76bf2-c366-54bd-a2ab-abbbf3f1bd4c", "value": "Advise senior management on risk levels and security posture - T1058" }, { "description": "Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements", "related": [], "uuid": "a131d1ed-7c7b-5469-8deb-ae973093fc13", "value": "Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements - T1059" }, { "description": "Advise senior management on organizational cybersecurity efforts", "related": [], "uuid": "360bb565-b827-58d5-ba5e-66d108251332", "value": "Advise senior management on organizational cybersecurity efforts - T1060" }, { "description": "Communicate the value of cybersecurity to organizational stakeholders", "related": [], "uuid": "15596869-68b1-5495-9d23-a33dc64ce34b", "value": "Communicate the value of cybersecurity to organizational stakeholders - T1088" }, { "description": "Develop the enterprise continuity of operations strategy", "related": [], "uuid": "e325af53-af60-50f4-9c1d-31e2a0ea9137", "value": "Develop the enterprise continuity of operations strategy - T1113" }, { "description": "Establish the enterprise continuity of operations program", "related": [], "uuid": "e3ad8ef4-563b-5616-a487-06bf5b572ae2", "value": "Establish the enterprise continuity of operations program - T1114" }, { "description": "Determine if security improvement actions are evaluated, validated, and implemented as required", "related": [], "uuid": "64d98688-1305-5fca-8287-91c3ff8c53ba", "value": "Determine if security improvement actions are evaluated, validated, and implemented as required - T1178" }, { "description": "Establish enterprise information security architecture", "related": [], "uuid": "8e242239-d8ca-582a-8b18-c5a514df0ebb", "value": "Establish enterprise information security architecture - T1186" }, { "description": "Report cybersecurity incidents", "related": [], "uuid": "45045b65-6c2c-5424-a0cb-c2411bc46775", "value": "Report cybersecurity incidents - T1300" }, { "description": "Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered", "related": [], "uuid": "036483f3-161f-55f6-8618-eb1713376a84", "value": "Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered - T1310" }, { "description": "Serve on agency and interagency policy boards", "related": [], "uuid": "24190d36-37ae-5598-9ca7-b45342f0dad5", "value": "Serve on agency and interagency policy boards - T0226" }, { "description": "Research new vulnerabilities in emerging technologies", "related": [], "uuid": "9b322392-b56d-5ed5-b894-f65fe1e59e70", "value": "Research new vulnerabilities in emerging technologies - T1028" }, { "description": "Develop cybersecurity implementation policies and guidelines", "related": [], "uuid": "90a87b48-dcea-5342-97c5-8f062eed9d66", "value": "Develop cybersecurity implementation policies and guidelines - T1158" }, { "description": "Establish stakeholder communication channels", "related": [], "uuid": "011558a6-5cea-55cf-8346-2cb63c5f1014", "value": "Establish stakeholder communication channels - T1184" }, { "description": "Maintain stakeholder communication channels", "related": [], "uuid": "2dd2cfcb-aa79-58a8-986e-03e6b1be308a", "value": "Maintain stakeholder communication channels - T1185" }, { "description": "Conduct technology program and project audits", "related": [], "uuid": "7f56616d-51e2-5870-9f58-1cffd03c58e1", "value": "Conduct technology program and project audits - T1306" }, { "description": "Promote cybersecurity awareness to management", "related": [], "uuid": "054fab7d-b7bf-5361-9c73-6cebe7048ffe", "value": "Promote cybersecurity awareness to management - T1335" }, { "description": "Verify the inclusion of sound cybersecurity principles in the organization's vision and goals", "related": [], "uuid": "5928df95-0ed5-5f12-af2a-5a8395791f2a", "value": "Verify the inclusion of sound cybersecurity principles in the organization's vision and goals - T1336" }, { "description": "Determine if cybersecurity requirements have been successfully implemented", "related": [], "uuid": "4f8978f9-a8d0-5d0f-bdf8-d8cd8d0a24f9", "value": "Determine if cybersecurity requirements have been successfully implemented - T1357" }, { "description": "Determine the effectiveness of organizational cybersecurity policies and procedures", "related": [], "uuid": "8ee0971c-145a-5af7-a489-8038cab473b2", "value": "Determine the effectiveness of organizational cybersecurity policies and procedures - T1358" }, { "description": "Develop independent cybersecurity audit processes for application software, networks, and systems", "related": [], "uuid": "c055770c-e5ac-562f-b481-e1df3056f09e", "value": "Develop independent cybersecurity audit processes for application software, networks, and systems - T1394" }, { "description": "Implement independent cybersecurity audit processes for application software, networks, and systems", "related": [], "uuid": "8f8433c1-623c-57a5-a825-ee8b5d2d76b1", "value": "Implement independent cybersecurity audit processes for application software, networks, and systems - T1395" }, { "description": "Oversee independent cybersecurity audits", "related": [], "uuid": "d591f5a4-2eee-592c-8990-28ba766ca8d8", "value": "Oversee independent cybersecurity audits - T1396" }, { "description": "Determine if research and design processes and procedures are in compliance with cybersecurity requirements", "related": [], "uuid": "ecf7cbfe-066e-5298-b37f-70747cebd2f3", "value": "Determine if research and design processes and procedures are in compliance with cybersecurity requirements - T1397" }, { "description": "Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities", "related": [], "uuid": "8bdec8bf-fd86-5dbc-b8c0-e9c9afe5f236", "value": "Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities - T1398" }, { "description": "Acquire adequate funding for cybersecurity training", "related": [], "uuid": "980c22b7-a05b-5b6a-b9b5-a0f6b6c39ac8", "value": "Acquire adequate funding for cybersecurity training - T1436" }, { "description": "Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements", "related": [], "uuid": "f4a11ea6-f8dd-5b78-8fcf-d6c547613327", "value": "Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements - T1464" }, { "description": "Promote awareness of cybersecurity policy and strategy among management", "related": [], "uuid": "ebf28778-29d0-532e-a1cf-7db9d7e26529", "value": "Promote awareness of cybersecurity policy and strategy among management - T1476" }, { "description": "Conduct cybersecurity workforce assessments", "related": [], "uuid": "ab7eea94-011c-52c6-86e4-b777feb66029", "value": "Conduct cybersecurity workforce assessments - T1482" }, { "description": "Integrate laws and regulations into policy", "related": [], "uuid": "655013e0-cf99-5d7c-91fe-6a7c705da2d5", "value": "Integrate laws and regulations into policy - T1492" }, { "description": "Develop organizational cybersecurity strategy", "related": [], "uuid": "4ec2f1dc-83ab-5dbd-8d1f-70ceed0c3d3a", "value": "Develop organizational cybersecurity strategy - T1518" }, { "description": "Develop cybersecurity policies and procedures", "related": [], "uuid": "51656ebc-8526-5850-84bc-4c671f023b80", "value": "Develop cybersecurity policies and procedures - T1543" }, { "description": "Advise management, staff, and users on cybersecurity policy", "related": [], "uuid": "a467ebe7-0ec6-5139-b023-6ae881980946", "value": "Advise management, staff, and users on cybersecurity policy - T1605" }, { "description": "Identify organizational policy stakeholders", "related": [], "uuid": "60681908-bcfb-5fa5-af6d-b8bad05b6fdf", "value": "Identify organizational policy stakeholders - T0116" }, { "description": "Correlate training and learning to business or mission requirements", "related": [], "uuid": "9290752f-a1c4-5696-b917-da83835ec23b", "value": "Correlate training and learning to business or mission requirements - T0437" }, { "description": "Implement organizational training and education policies and procedures", "related": [], "uuid": "0ab7ed8b-941d-5e4e-bdaa-c8dab6365497", "value": "Implement organizational training and education policies and procedures - T1025" }, { "description": "Conduct learning needs assessments", "related": [], "uuid": "32af5272-86dd-5336-9904-7f7b26175516", "value": "Conduct learning needs assessments - T1446" }, { "description": "Identify training requirements", "related": [], "uuid": "939faeae-80a8-55d6-a50b-00cc8685536b", "value": "Identify training requirements - T1447" }, { "description": "Determine if qualification standards meet organizational functional requirements and comply with industry standards", "related": [], "uuid": "e58b3cac-ecfc-53a7-8587-20acb8140213", "value": "Determine if qualification standards meet organizational functional requirements and comply with industry standards - T1449" }, { "description": "Allocate and distribute human capital assets", "related": [], "uuid": "ae85af4f-a626-5587-a20f-5a85e24a113b", "value": "Allocate and distribute human capital assets - T1450" }, { "description": "Develop standardized cybersecurity position descriptions using the NICE Framework", "related": [], "uuid": "f7c5e1d1-d1b4-53ab-8b1c-10ca7d114612", "value": "Develop standardized cybersecurity position descriptions using the NICE Framework - T1459" }, { "description": "Develop recruiting, hiring, and retention processes", "related": [], "uuid": "9f8bcae9-7ead-5dc9-9088-8ad0adcd7b09", "value": "Develop recruiting, hiring, and retention processes - T1460" }, { "description": "Determine cybersecurity position requirements", "related": [], "uuid": "8e053ae5-1187-5303-b36e-37ae836b02f3", "value": "Determine cybersecurity position requirements - T1461" }, { "description": "Develop cybersecurity training policies and procedures", "related": [], "uuid": "99853bb3-f9b7-5a98-bca3-509307f4ae74", "value": "Develop cybersecurity training policies and procedures - T1462" }, { "description": "Establish cybersecurity workforce readiness metrics", "related": [], "uuid": "543988f4-60a7-5ace-9034-b324b042ac18", "value": "Establish cybersecurity workforce readiness metrics - T1466" }, { "description": "Establish waiver processes for cybersecurity career field entry and training qualification requirements", "related": [], "uuid": "57a732b2-4349-553d-8338-0b7aca798f57", "value": "Establish waiver processes for cybersecurity career field entry and training qualification requirements - T1467" }, { "description": "Establish organizational cybersecurity career pathways", "related": [], "uuid": "228381c0-3f11-5684-a80e-ee07694fc3fc", "value": "Establish organizational cybersecurity career pathways - T1468" }, { "description": "Develop cybersecurity workforce reporting requirements", "related": [], "uuid": "8152d762-f054-5c7c-b8b6-47ff9c4cb00e", "value": "Develop cybersecurity workforce reporting requirements - T1469" }, { "description": "Establish cybersecurity workforce management programs", "related": [], "uuid": "ab707f8b-c94f-5340-89fd-30f309a48d7b", "value": "Establish cybersecurity workforce management programs - T1470" }, { "description": "Assess cybersecurity workforce management programs", "related": [], "uuid": "1e820944-9c95-5115-89f5-2612affd2e3a", "value": "Assess cybersecurity workforce management programs - T1471" }, { "description": "Determine cybersecurity career field qualification requirements", "related": [], "uuid": "55103ba1-d695-5faa-9270-d34529bf431c", "value": "Determine cybersecurity career field qualification requirements - T1478" }, { "description": "Determine organizational policies related to or influencing the cyber workforce", "related": [], "uuid": "ad4c56fb-1c93-5eda-935d-3696a699bd17", "value": "Determine organizational policies related to or influencing the cyber workforce - T1479" }, { "description": "Integrate cybersecurity workforce personnel into information systems life cycle development processes", "related": [], "uuid": "3ad7c834-fdcd-5be2-8524-1732c6461ade", "value": "Integrate cybersecurity workforce personnel into information systems life cycle development processes - T1483" }, { "description": "Identify cyber workforce planning and management issues", "related": [], "uuid": "91f4188d-c3af-5fb6-a5c7-71e6b35dcf23", "value": "Identify cyber workforce planning and management issues - T1552" }, { "description": "Address cyber workforce planning and management issues", "related": [], "uuid": "ea8ec361-7d7a-5acd-9cff-32abdb89a78f", "value": "Address cyber workforce planning and management issues - T1553" }, { "description": "Develop supply chain cybersecurity risk management policy", "related": [], "uuid": "1d6217cc-fd9b-56b7-b93e-de7533e8585e", "value": "Develop supply chain cybersecurity risk management policy - T1623" }, { "description": "Identify foreign language terminology within computer programs (e.g., comments, variable names)", "related": [], "uuid": "d955b2b5-2194-56cd-8ce7-13fdb143ffbd", "value": "Identify foreign language terminology within computer programs (e.g., comments, variable names) - T0858" }, { "description": "Advise managers and operators on language and cultural issues", "related": [], "uuid": "58310912-66d2-5ff3-b84f-a9104fe2b6cd", "value": "Advise managers and operators on language and cultural issues - T1837" }, { "description": "Assess target motivation", "related": [], "uuid": "bfb3d7f8-5302-5f5e-ad6e-94eedf0820cc", "value": "Assess target motivation - T1838" }, { "description": "Conduct all-source target research", "related": [], "uuid": "825e3de1-3fc4-52ad-9185-53b434a1afb2", "value": "Conduct all-source target research - T1839" }, { "description": "Conduct quality reviews of transcribed or translated materials", "related": [], "uuid": "371cea83-d797-5df1-920e-809683bb8231", "value": "Conduct quality reviews of transcribed or translated materials - T1841" }, { "description": "Identify metadata patterns", "related": [], "uuid": "07bfdb40-538d-583a-ab8f-beb5435f751d", "value": "Identify metadata patterns - T1842" }, { "description": "Identify metadata anomalies", "related": [], "uuid": "4da360d3-9603-5067-84c7-759aa75b930d", "value": "Identify metadata anomalies - T1843" }, { "description": "Identify metadata events", "related": [], "uuid": "a542686b-c6ff-54e7-8706-08dafd5dce0b", "value": "Identify metadata events - T1844" }, { "description": "Identify foreign languages and dialects in initial source data", "related": [], "uuid": "a42d87ad-bc41-5c11-a75b-1c6aa31a6807", "value": "Identify foreign languages and dialects in initial source data - T1845" }, { "description": "Develop language processing tools", "related": [], "uuid": "9f085f8c-f48f-584f-b7ff-075523769e4b", "value": "Develop language processing tools - T1846" }, { "description": "Prepare social network analysis documents", "related": [], "uuid": "3bca1d14-a50f-5639-98d3-c9401883b5b2", "value": "Prepare social network analysis documents - T1847" }, { "description": "Scan target graphic and audio language materials", "related": [], "uuid": "f6c277ec-b947-5fa8-94bb-ae7e8805b6cd", "value": "Scan target graphic and audio language materials - T1848" }, { "description": "Communicate critical or time-sensitive information", "related": [], "uuid": "fffe38bc-28af-5b7b-aa91-4a7840c569e8", "value": "Communicate critical or time-sensitive information - T1849" }, { "description": "Transcribe target audio language materials", "related": [], "uuid": "7116b3e7-3676-50e9-89f6-6c0714d99495", "value": "Transcribe target audio language materials - T1850" }, { "description": "Translate target graphic language materials", "related": [], "uuid": "9e061631-c313-524c-a72a-6064120c7478", "value": "Translate target graphic language materials - T1851" }, { "description": "Translate target audio language materials", "related": [], "uuid": "bc1e10bd-5b2e-51ef-8a4f-4d4ef22aea5c", "value": "Translate target audio language materials - T1852" }, { "description": "Coordinate intelligence support to operational planning", "related": [], "uuid": "a2e21160-b99d-5614-88b6-193136abd888", "value": "Coordinate intelligence support to operational planning - T1637" }, { "description": "Communicate information requirements to collection managers", "related": [], "uuid": "4e1013e0-f610-5e00-b766-017a9fe00040", "value": "Communicate information requirements to collection managers - T1684" }, { "description": "Assess capability to satisfy assigned intelligence tasks", "related": [], "uuid": "e636c115-2b0f-598d-9288-48be8ddd86e3", "value": "Assess capability to satisfy assigned intelligence tasks - T1685" }, { "description": "Draft intelligence sections of cyber operations plans", "related": [], "uuid": "05e7ed30-8ee4-5d15-9dd9-1fcc40dff5ce", "value": "Draft intelligence sections of cyber operations plans - T1687" }, { "description": "Integrate intelligence guidance into cyber operations planning activities", "related": [], "uuid": "67a7b9a4-9f53-5c81-810d-821935ee50bb", "value": "Integrate intelligence guidance into cyber operations planning activities - T1702" }, { "description": "Provide intelligence guidance to cyber operations requirements", "related": [], "uuid": "e00cb80b-7093-59d4-b7b9-72035f0153c1", "value": "Provide intelligence guidance to cyber operations requirements - T1705" }, { "description": "Develop cyber intelligence collection and production requirements", "related": [], "uuid": "4c98b25d-3cf7-5af9-a68b-09da31aaad65", "value": "Develop cyber intelligence collection and production requirements - T1727" }, { "description": "Determine cyber operations partner intelligence capabilities and limitations", "related": [], "uuid": "cd731282-61fb-5f8f-a40a-b865e8ca5d9f", "value": "Determine cyber operations partner intelligence capabilities and limitations - T1738" }, { "description": "Identify intelligence environment preparation derived production needs", "related": [], "uuid": "5873a628-9c9f-58f5-a914-7b2ca110bacb", "value": "Identify intelligence environment preparation derived production needs - T1750" }, { "description": "Develop cyber intelligence plans", "related": [], "uuid": "28f6190e-95a8-512b-b3b3-e22d117d80ee", "value": "Develop cyber intelligence plans - T1815" }, { "description": "Analyze incoming collection requests", "related": [], "uuid": "5804790a-e297-57be-afdf-e7164f8b1ecc", "value": "Analyze incoming collection requests - T0565" }, { "description": "Assess efficiency of existing information exchange and management systems", "related": [], "uuid": "e9ef898a-2664-5db0-b164-55b1bd069e95", "value": "Assess efficiency of existing information exchange and management systems - T0577" }, { "description": "Manage request for information (RFI) processes", "related": [], "uuid": "46681098-b86b-50d5-aae5-4bedd3916df8", "value": "Manage request for information (RFI) processes - T1656" }, { "description": "Develop feedback procedures", "related": [], "uuid": "3640058c-aaba-57c2-9fa6-f7f0188b8227", "value": "Develop feedback procedures - T1713" }, { "description": "Assess intelligence collection results", "related": [], "uuid": "66d3d604-2534-5ac8-9f91-3c10e44a3286", "value": "Assess intelligence collection results - T1725" }, { "description": "Document intelligence collection assessment findings", "related": [], "uuid": "a1a89814-1001-5074-a24b-89f87fe8908f", "value": "Document intelligence collection assessment findings - T1726" }, { "description": "Determine if collection requests meet priority intelligence requirements", "related": [], "uuid": "5c745f71-f6ec-57b4-b0ce-554e90316772", "value": "Determine if collection requests meet priority intelligence requirements - T1730" }, { "description": "Determine if information collected satisfies intelligence requests", "related": [], "uuid": "4018e710-563f-53d8-b55e-63f1f40c2019", "value": "Determine if information collected satisfies intelligence requests - T1731" }, { "description": "Determine if collection operations meet operational requirements", "related": [], "uuid": "e58d6b48-4837-502b-b0e2-ff7727e240f1", "value": "Determine if collection operations meet operational requirements - T1733" }, { "description": "Inform stakeholders of evaluation results", "related": [], "uuid": "59202ee0-2d55-5a48-bc2a-1fb684a422a2", "value": "Inform stakeholders of evaluation results - T1753" }, { "description": "Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans", "related": [], "uuid": "a9f3871e-8c06-535a-82a2-48435d3e4180", "value": "Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans - T1788" }, { "description": "Submit information requests to collection requirement management section", "related": [], "uuid": "fde11526-08f5-5cf8-a1e6-a52569331ea1", "value": "Submit information requests to collection requirement management section - T1821" }, { "description": "Track status of information requests", "related": [], "uuid": "a74d9358-7c3c-580f-a81b-9e384f17ee16", "value": "Track status of information requests - T1831" }, { "description": "Translate collection requests for discipline-specific collection requirements", "related": [], "uuid": "ff474753-7c53-5f00-902b-1146c265e7a8", "value": "Translate collection requests for discipline-specific collection requirements - T1832" }, { "description": "Identify opportunities to improve collection management efficiency and effectiveness", "related": [], "uuid": "0d4b8e9d-100b-5353-b9f7-01401ea078c5", "value": "Identify opportunities to improve collection management efficiency and effectiveness - T1833" }, { "description": "Validate information requests", "related": [], "uuid": "d73f275e-090a-53cc-b764-6e940b5784c7", "value": "Validate information requests - T1834" }, { "description": "Establish an internal privacy audit program", "related": [], "uuid": "a73925b6-d992-5ad4-ae47-d6f8ece2662b", "value": "Establish an internal privacy audit program - T0898" }, { "description": "Determine if security incidents require legal action", "related": [], "uuid": "63810b6b-a77e-5916-ad57-27153ef6a210", "value": "Determine if security incidents require legal action - T1014" }, { "description": "Determine impact of noncompliance on organizational risk levels", "related": [], "uuid": "2fba135a-0b76-5e9a-afb5-ed3dffeef36f", "value": "Determine impact of noncompliance on organizational risk levels - T1224" }, { "description": "Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program", "related": [], "uuid": "13819653-e355-593a-b67e-3bcf0ac80017", "value": "Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program - T1225" }, { "description": "Determine if new and existing services comply with privacy and data security obligations", "related": [], "uuid": "63e7b395-0c0b-5f5b-93a4-2dce1285cce6", "value": "Determine if new and existing services comply with privacy and data security obligations - T1853" }, { "description": "Develop and maintain privacy and confidentiality consent forms", "related": [], "uuid": "a7d9a401-4c82-5469-a6ef-453aee1b55ee", "value": "Develop and maintain privacy and confidentiality consent forms - T1854" }, { "description": "Develop and maintain privacy and confidentiality authorization forms", "related": [], "uuid": "eb9f787a-17eb-55b4-8fb0-1be8d4fa250b", "value": "Develop and maintain privacy and confidentiality authorization forms - T1855" }, { "description": "Integrate civil rights and civil liberties in organizational programs, policies, and procedures", "related": [], "uuid": "c65b3799-8aa8-5862-8c36-4832fa983f43", "value": "Integrate civil rights and civil liberties in organizational programs, policies, and procedures - T1856" }, { "description": "Integrate privacy considerations in organizational programs, policies, and procedures", "related": [], "uuid": "8bf3bc16-3db2-5db4-ac7a-0c1888f50732", "value": "Integrate privacy considerations in organizational programs, policies, and procedures - T1857" }, { "description": "Serve as liaison to regulatory and accrediting bodies", "related": [], "uuid": "a0df6b57-7618-5e95-86b3-e2eb45097849", "value": "Serve as liaison to regulatory and accrediting bodies - T1858" }, { "description": "Register databases with local privacy and data protection authorities", "related": [], "uuid": "84b4a3f1-4e14-58c9-a911-3faeaac3bd03", "value": "Register databases with local privacy and data protection authorities - T1859" }, { "description": "Promote privacy awareness to management", "related": [], "uuid": "1e811e5b-5c2c-5177-a6c4-03fc3c5a69a2", "value": "Promote privacy awareness to management - T1860" }, { "description": "Establish organizational Privacy Oversight Committee", "related": [], "uuid": "512b2485-86ce-5ab0-b1ba-00d81ab3895f", "value": "Establish organizational Privacy Oversight Committee - T1861" }, { "description": "Develop information sharing strategic plans", "related": [], "uuid": "3afc5155-f929-5979-98dd-e4dfe0578bea", "value": "Develop information sharing strategic plans - T1863" }, { "description": "Develop organizational information infrastructure", "related": [], "uuid": "a86d39b1-16e2-5db4-9ea6-8d37e24f93f3", "value": "Develop organizational information infrastructure - T1864" }, { "description": "Implement organizational information infrastructure", "related": [], "uuid": "5b2c8112-8659-5d0b-b1b0-80362a3a3788", "value": "Implement organizational information infrastructure - T1865" }, { "description": "Develop self-disclosure policies and procedures", "related": [], "uuid": "80a3a421-43a1-5e44-bde0-d9c0cd1a1c78", "value": "Develop self-disclosure policies and procedures - T1866" }, { "description": "Oversee consumer information access rights", "related": [], "uuid": "8711dd51-6668-55e1-9e26-0e2af793e4d3", "value": "Oversee consumer information access rights - T1867" }, { "description": "Serve as information privacy liaison to technology system users", "related": [], "uuid": "ddf083f9-3f3f-544a-8e05-5f8448c8718f", "value": "Serve as information privacy liaison to technology system users - T1868" }, { "description": "Serve as liaison to information systems department", "related": [], "uuid": "232c267a-280e-59fc-98eb-a154134cad34", "value": "Serve as liaison to information systems department - T1869" }, { "description": "Deliver privacy awareness orientations", "related": [], "uuid": "24da009c-c613-510c-b0b0-2957d6cd5f40", "value": "Deliver privacy awareness orientations - T1872" }, { "description": "Manage organizational participation in public privacy and cybersecurity events", "related": [], "uuid": "69e96ec4-84d7-50f5-accf-ccd4d8245d50", "value": "Manage organizational participation in public privacy and cybersecurity events - T1874" }, { "description": "Prepare privacy program status reports", "related": [], "uuid": "d8198b6d-88d4-57e3-abbd-ba0dd4563f00", "value": "Prepare privacy program status reports - T1875" }, { "description": "Respond to press and other public data security inquiries", "related": [], "uuid": "98c4bb05-bcd2-5d49-941f-28a85847b6d3", "value": "Respond to press and other public data security inquiries - T1876" }, { "description": "Develop organizational privacy program", "related": [], "uuid": "ef4da5cf-a39e-5de5-aaf9-94b41cd3bcfd", "value": "Develop organizational privacy program - T1877" }, { "description": "Apply sanctions for failure to comply with privacy policies", "related": [], "uuid": "d388071c-1164-5ee1-b44b-15fd5d126964", "value": "Apply sanctions for failure to comply with privacy policies - T1878" }, { "description": "Develop sanctions for failure to comply with privacy policies", "related": [], "uuid": "8605bc5f-bca9-570c-8678-e7b6ec9d7f63", "value": "Develop sanctions for failure to comply with privacy policies - T1879" }, { "description": "Resolve allegations of noncompliance with privacy policies and notice of information practices", "related": [], "uuid": "64c0154a-9d17-5297-b35f-4786cf11791a", "value": "Resolve allegations of noncompliance with privacy policies and notice of information practices - T1880" }, { "description": "Develop a risk management and compliance framework for privacy", "related": [], "uuid": "963dc78b-7e72-5da1-988e-e7ec5b1933c4", "value": "Develop a risk management and compliance framework for privacy - T1881" }, { "description": "Determine if projects comply with organizational privacy and data security policies", "related": [], "uuid": "2101105f-fe0c-5d3b-9497-e25b2ca950b9", "value": "Determine if projects comply with organizational privacy and data security policies - T1882" }, { "description": "Develop organizational privacy policies and procedures", "related": [], "uuid": "4dfaecec-41ef-54dd-976f-149677d5e3fd", "value": "Develop organizational privacy policies and procedures - T1883" }, { "description": "Establish complaint processes", "related": [], "uuid": "4e21bf51-21d2-56a1-bc3d-691f289f8df7", "value": "Establish complaint processes - T1884" }, { "description": "Establish mechanisms to track access to protected health information", "related": [], "uuid": "a8d2a966-f265-58ef-808d-457ad53dd0a8", "value": "Establish mechanisms to track access to protected health information - T1885" }, { "description": "Maintain the organizational policy program", "related": [], "uuid": "b4cd1ea2-0069-5c54-9821-120041f34ec7", "value": "Maintain the organizational policy program - T1886" }, { "description": "Conduct privacy impact assessments", "related": [], "uuid": "116f092f-9f27-5e51-be11-568ad20b780d", "value": "Conduct privacy impact assessments - T1887" }, { "description": "Conduct privacy compliance monitoring", "related": [], "uuid": "13690135-7fa4-5cfc-9f14-97cb8e874b5d", "value": "Conduct privacy compliance monitoring - T1888" }, { "description": "Align cybersecurity and privacy practices in system information security plans", "related": [], "uuid": "0faaa2c1-f8b4-5e17-aa86-8da62a66b767", "value": "Align cybersecurity and privacy practices in system information security plans - T1889" }, { "description": "Determine if protected information releases comply with organizational policies and procedures", "related": [], "uuid": "dc935284-f647-5228-b36a-48abbe047174", "value": "Determine if protected information releases comply with organizational policies and procedures - T1890" }, { "description": "Administer requests for release or disclosure of protected information", "related": [], "uuid": "d80f9d42-59c0-525f-8b6a-bf33419f7f71", "value": "Administer requests for release or disclosure of protected information - T1891" }, { "description": "Develop vendor review procedures", "related": [], "uuid": "9f8a4ce7-38e2-5c06-b432-30513225a8ed", "value": "Develop vendor review procedures - T1892" }, { "description": "Develop vendor auditing procedures", "related": [], "uuid": "fba6d041-42e1-573d-a56d-3acbefae3357", "value": "Develop vendor auditing procedures - T1893" }, { "description": "Determine if partner and business agreements address privacy requirements and responsibilities", "related": [], "uuid": "e348c63a-c9d6-5280-b1d0-9d95754c6123", "value": "Determine if partner and business agreements address privacy requirements and responsibilities - T1894" }, { "description": "Provide legal advice for business partner contracts", "related": [], "uuid": "fe2d8317-da16-5eb3-a3cd-6c31e1325a91", "value": "Provide legal advice for business partner contracts - T1895" }, { "description": "Mitigate Personal Identifiable Information (PII) breaches", "related": [], "uuid": "1cdcac9d-e932-54ce-9fec-d6003501b0fe", "value": "Mitigate Personal Identifiable Information (PII) breaches - T1896" }, { "description": "Administer action on organizational privacy complaints", "related": [], "uuid": "af04603f-b738-5a1f-9f6c-a4524fa1bbcb", "value": "Administer action on organizational privacy complaints - T1897" }, { "description": "Determine if the organization's privacy program complies with federal and state privacy laws and regulations", "related": [], "uuid": "5fef375d-430d-5e77-86bd-4973ea50dded", "value": "Determine if the organization's privacy program complies with federal and state privacy laws and regulations - T1898" }, { "description": "Identify organizational privacy compliance gaps", "related": [], "uuid": "522a4570-d974-5cdd-b2f0-da3adef27332", "value": "Identify organizational privacy compliance gaps - T1899" }, { "description": "Correct organizational privacy compliance gaps", "related": [], "uuid": "7615bffb-b7ee-521f-803f-a5fcd81a0452", "value": "Correct organizational privacy compliance gaps - T1900" }, { "description": "Manage privacy breaches", "related": [], "uuid": "cd43654b-d6aa-590e-b8bf-813396d85853", "value": "Manage privacy breaches - T1901" }, { "description": "Implement and maintain organizational privacy policies and procedures", "related": [], "uuid": "843a86ca-e238-5c16-b246-5216d97cac89", "value": "Implement and maintain organizational privacy policies and procedures - T1902" }, { "description": "Develop and maintain privacy and confidentiality information notices", "related": [], "uuid": "160d917b-0efd-5088-87bc-a89b2f51837f", "value": "Develop and maintain privacy and confidentiality information notices - T1903" }, { "description": "Monitor advancements in information privacy technologies", "related": [], "uuid": "301b74b0-e64b-50f6-a19e-d5b81f6780de", "value": "Monitor advancements in information privacy technologies - T1905" }, { "description": "Establish organizational risk management strategies", "related": [], "uuid": "809ccbda-dfad-542a-83c3-405b2fb918ab", "value": "Establish organizational risk management strategies - T1907" }, { "description": "Design and execute exercise scenarios", "related": [], "uuid": "6eb87bb7-62f4-5f97-bcd1-3f3b93bb86ef", "value": "Design and execute exercise scenarios - T1311" }, { "description": "Develop training modules and classes", "related": [], "uuid": "c3c4cf75-7cfa-5cb0-8c4e-0c34be3afe64", "value": "Develop training modules and classes - T1413" }, { "description": "Develop training assignments", "related": [], "uuid": "dab56451-5e29-5670-ac8d-e157709bd6d5", "value": "Develop training assignments - T1414" }, { "description": "Develop training evaluations", "related": [], "uuid": "a2dc6048-b066-5038-a64a-447441dc12a8", "value": "Develop training evaluations - T1415" }, { "description": "Develop grading and proficiency standards", "related": [], "uuid": "2d20b4cb-9193-5367-bd98-a3d972813c01", "value": "Develop grading and proficiency standards - T1416" }, { "description": "Create learner development, training, and remediation plans", "related": [], "uuid": "2dab189a-5db1-5fd9-811a-4b6dcd25795c", "value": "Create learner development, training, and remediation plans - T1417" }, { "description": "Determine effectiveness of instruction and training", "related": [], "uuid": "33b7a521-7f91-552d-8eba-0b332f9ae657", "value": "Determine effectiveness of instruction and training - T1438" }, { "description": "Create interactive learning exercises", "related": [], "uuid": "ce05ec70-cca0-52a0-8453-eec8cd049ea2", "value": "Create interactive learning exercises - T1451" }, { "description": "Develop cybersecurity curriculum goals and objectives", "related": [], "uuid": "cd91d3aa-3e2f-5965-a458-b67337257961", "value": "Develop cybersecurity curriculum goals and objectives - T1463" }, { "description": "Develop instructional strategies", "related": [], "uuid": "4ad86ee5-affd-5348-9f5f-89062d568f3e", "value": "Develop instructional strategies - T1475" }, { "description": "Perform periodic reviews of learning materials and courses for accuracy and currency", "related": [], "uuid": "2e08a048-f9c3-5c58-bdc6-aefe68011278", "value": "Perform periodic reviews of learning materials and courses for accuracy and currency - T1608" }, { "description": "Create privacy training materials", "related": [], "uuid": "01085bcf-c5cc-574c-a1be-d0969a65ee89", "value": "Create privacy training materials - T1870" }, { "description": "Prepare privacy awareness communications", "related": [], "uuid": "5d998c7c-dc9d-53b6-aa5a-b842dd1f0684", "value": "Prepare privacy awareness communications - T1871" }, { "description": "Deliver privacy awareness trainings", "related": [], "uuid": "24b38137-d702-5bec-b31e-b7d838013fba", "value": "Deliver privacy awareness trainings - T1873" }, { "description": "Evaluate the effectiveness and comprehensiveness of existing training programs", "related": [], "uuid": "f56e731b-68f3-52da-9b39-c496c02f6809", "value": "Evaluate the effectiveness and comprehensiveness of existing training programs - T0101" }, { "description": "Prepare and deliver education and awareness briefings", "related": [], "uuid": "a39c2a8a-4f88-55f6-9459-70062bb15dd2", "value": "Prepare and deliver education and awareness briefings - T1008" }, { "description": "Create a cybersecurity awareness program", "related": [], "uuid": "827ff809-4f0f-580e-a329-5f7ff23be8cf", "value": "Create a cybersecurity awareness program - T1009" }, { "description": "Conduct interactive training exercises", "related": [], "uuid": "b81ea632-3ddd-5e96-b278-e1e653b715fa", "value": "Conduct interactive training exercises - T1093" }, { "description": "Develop awareness and training materials", "related": [], "uuid": "205eb7ca-460c-5f00-bb33-f1e8df38176e", "value": "Develop awareness and training materials - T1156" }, { "description": "Identify pertinent awareness and training materials", "related": [], "uuid": "6baee639-51c3-526c-93f5-28c632ea947a", "value": "Identify pertinent awareness and training materials - T1157" }, { "description": "Develop learning objectives and goals", "related": [], "uuid": "b4858edf-eec5-5783-910c-6cab199edcae", "value": "Develop learning objectives and goals - T1418" }, { "description": "Develop organizational training materials", "related": [], "uuid": "05029d8d-f0f6-535c-8e52-1a5f9c3e422f", "value": "Develop organizational training materials - T1419" }, { "description": "Develop proficiency assessments", "related": [], "uuid": "26990a81-8d78-5dbe-9942-6b46f48c2c0b", "value": "Develop proficiency assessments - T1421" }, { "description": "Deliver training courses", "related": [], "uuid": "e379fe80-cda2-53c8-9b94-68e250a95ea1", "value": "Deliver training courses - T1517" }, { "description": "Determine if cybersecurity training, education, and awareness meet established goals", "related": [], "uuid": "ae5eb8ef-c36e-5f04-8b0c-0df7aebf7b5f", "value": "Determine if cybersecurity training, education, and awareness meet established goals - T1537" }, { "description": "Plan classroom learning sessions", "related": [], "uuid": "d7b1b5a1-820f-5634-a7ce-ef2338e09319", "value": "Plan classroom learning sessions - T1594" }, { "description": "Coordinate training and education", "related": [], "uuid": "b1bad081-b133-53bf-9195-a7b05140dc6f", "value": "Coordinate training and education - T1595" }, { "description": "Plan delivery of non-classroom learning", "related": [], "uuid": "c4de2cc7-307c-52ef-b25c-15042c197ced", "value": "Plan delivery of non-classroom learning - T1596" }, { "description": "Recommend revisions to learning materials and curriculum", "related": [], "uuid": "367ce606-ebc0-5e7b-8f31-df0a99b4d278", "value": "Recommend revisions to learning materials and curriculum - T1609" }, { "description": "Advocate organization's official position in legal and legislative proceedings", "related": [], "uuid": "8552b522-afb2-5588-996a-7c8efce909be", "value": "Advocate organization's official position in legal and legislative proceedings - T0006" }, { "description": "Resolve conflicts in laws, regulations, policies, standards, or procedures", "related": [], "uuid": "e4cc3202-2828-5e55-b1fd-028f261da477", "value": "Resolve conflicts in laws, regulations, policies, standards, or procedures - T0220" }, { "description": "Determine if contracts comply with funding, legal, and program requirements", "related": [], "uuid": "78c3ebde-6f1f-5b50-90fe-a05dbfe308de", "value": "Determine if contracts comply with funding, legal, and program requirements - T1189" }, { "description": "Identify alleged violations of law, regulations, policy, or guidance", "related": [], "uuid": "82502b46-e186-5814-8f42-c3587c37b565", "value": "Identify alleged violations of law, regulations, policy, or guidance - T1511" }, { "description": "Develop implementation guidelines", "related": [], "uuid": "15f9b944-6494-5ac9-9f7d-24dc0d4499a5", "value": "Develop implementation guidelines - T1535" }, { "description": "Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions", "related": [], "uuid": "8c69b698-bec4-5bd0-8c57-f9395148139e", "value": "Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions - T1546" }, { "description": "Evaluate the impact of legal, regulatory, policy, standard, or procedural changes", "related": [], "uuid": "722a1227-830f-502c-a49f-9d0f947e3aed", "value": "Evaluate the impact of legal, regulatory, policy, standard, or procedural changes - T1549" }, { "description": "Prepare legal documents", "related": [], "uuid": "5a5baf33-50ca-5163-bbbc-8233e900d88f", "value": "Prepare legal documents - T1599" }, { "description": "Implement access control processes for continuous monitoring tools and technologies", "related": [], "uuid": "98970934-9292-514f-8c63-cf8d86ff0c4e", "value": "Implement access control processes for continuous monitoring tools and technologies - T1959" }, { "description": "Manage the continuous monitoring program", "related": [], "uuid": "435b66da-f934-53ba-8931-3427df1a06e1", "value": "Manage the continuous monitoring program - T1950" }, { "description": "Verify currency of software application, network, and system accreditation and assurance documentation", "related": [], "uuid": "8dba34b7-458e-5738-8722-3fa9aee525ce", "value": "Verify currency of software application, network, and system accreditation and assurance documentation - T1331" }, { "description": "Develop architectures or system components consistent with technical specifications", "related": [], "uuid": "2d2e4944-699e-55ce-93ea-3ee36aec0b3f", "value": "Develop architectures or system components consistent with technical specifications - T0067" }, { "description": "Determine if systems comply with security, resilience, and dependability requirements", "related": [], "uuid": "f1d4d26d-232b-56ce-8251-af0da36f1c69", "value": "Determine if systems comply with security, resilience, and dependability requirements - T1237" }, { "description": "Determine compliance with cybersecurity policies and legal and regulatory requirements", "related": [], "uuid": "809679dc-bcb6-5424-af36-0531ed7e81fa", "value": "Determine compliance with cybersecurity policies and legal and regulatory requirements - T1547" }, { "description": "Establish technical help processes for continuous monitoring mitigators", "related": [], "uuid": "a36973e7-bcec-5a56-aaad-28f73c0d0c72", "value": "Establish technical help processes for continuous monitoring mitigators - T1960" }, { "description": "Communicate continuous monitoring reporting requirements", "related": [], "uuid": "8a85c58b-634a-5d8a-a1bb-70a0bad18031", "value": "Communicate continuous monitoring reporting requirements - T1961" }, { "description": "Implement risk mitigation strategies", "related": [], "uuid": "7d2e136c-64a3-5c84-954c-938fad8195de", "value": "Implement risk mitigation strategies - T1968" }, { "description": "Assess continuous monitoring performance", "related": [], "uuid": "dfdba75d-804c-5fcb-b746-ac00f72943f8", "value": "Assess continuous monitoring performance - T1966" }, { "description": "Coordinate responses to issues flagged during continuous monitoring", "related": [], "uuid": "5033d3b5-9679-52ad-93d4-d36995e89c88", "value": "Coordinate responses to issues flagged during continuous monitoring - T1967" }, { "description": "Establish risk management processes", "related": [], "uuid": "9eaa3efb-85cb-5f27-b3f9-c8eea0cdd9f7", "value": "Establish risk management processes - T1964" }, { "description": "Establish performance measurement requirements for continuous monitoring tools and technologies", "related": [], "uuid": "5005c5c4-3bf7-5c64-b803-ce3c32961337", "value": "Establish performance measurement requirements for continuous monitoring tools and technologies - T1965" }, { "description": "Define responsibilities for implementing continuous monitoring tools or technologies", "related": [], "uuid": "264f2bd4-acfd-5ae4-b2f6-dd7ffccf17a9", "value": "Define responsibilities for implementing continuous monitoring tools or technologies - T1962" }, { "description": "Establish liaison to scoring and metrics working group", "related": [], "uuid": "48828261-e8a2-5587-b7aa-eebe5cd3c874", "value": "Establish liaison to scoring and metrics working group - T1963" }, { "description": "Implement system disposal processes", "related": [], "uuid": "11e70f69-4bf8-5f55-be65-4c7cbb008021", "value": "Implement system disposal processes - T1939" }, { "description": "Determine if system security meets acceptable risk levels", "related": [], "uuid": "ed03d4e2-7c03-5177-b031-ea6707bb7ee7", "value": "Determine if system security meets acceptable risk levels - T1937" }, { "description": "Establish system disposal processes", "related": [], "uuid": "4339de40-71ab-5bf9-8a05-07a329b1eb00", "value": "Establish system disposal processes - T1938" }, { "description": "Update cybersecurity action plans", "related": [], "uuid": "19fc5fb8-cb11-5b7d-ac8a-0ac494f57746", "value": "Update cybersecurity action plans - T1935" }, { "description": "Report system security status to authorizing officials", "related": [], "uuid": "c3a3e89a-c7c0-5840-bdff-a7e1d0360046", "value": "Report system security status to authorizing officials - T1936" }, { "description": "Determine if system security risks are acceptable", "related": [], "uuid": "3bb72c26-90fe-5bb0-b08b-1d04aa47a689", "value": "Determine if system security risks are acceptable - T1933" }, { "description": "Determine if common control risks are acceptable", "related": [], "uuid": "e7503696-2da5-58e7-8462-467421a5edf2", "value": "Determine if common control risks are acceptable - T1934" }, { "description": "Determine risks of using common controls", "related": [], "uuid": "d3339bdd-c6b2-53f5-b2a0-cf912f363953", "value": "Determine risks of using common controls - T1931" }, { "description": "Implement cybersecurity action plans", "related": [], "uuid": "4282689b-08b9-5b0f-ae53-c2efae1af12c", "value": "Implement cybersecurity action plans - T1932" }, { "description": "Determine risks of operating or using a system", "related": [], "uuid": "01873b22-65f1-51c8-a2c3-e532b1394599", "value": "Determine risks of operating or using a system - T1930" }, { "description": "Prepare authorization packages", "related": [], "uuid": "f097f969-ba17-5b76-82fc-b49f5aba0635", "value": "Prepare authorization packages - T1928" }, { "description": "Submit authorization packages to authorizing officials for adjudication", "related": [], "uuid": "aad8c087-d1fe-58fd-bce5-31be347cf64d", "value": "Submit authorization packages to authorizing officials for adjudication - T1929" }, { "description": "Conduct security control remediations", "related": [], "uuid": "49d2c0bf-456e-598e-9493-ad3a2df199b0", "value": "Conduct security control remediations - T1926" }, { "description": "Develop cybersecurity action plans and milestones", "related": [], "uuid": "c5522880-6f6d-5e30-92fe-2e74e1b85faf", "value": "Develop cybersecurity action plans and milestones - T1927" }, { "description": "Determine accurate security levels in programs and software applications", "related": [], "uuid": "2dc60022-b0f2-56b0-9020-4da073c1dbe3", "value": "Determine accurate security levels in programs and software applications - T1514" }, { "description": "Document software application, system, and network security postures, capabilities, and vulnerabilities", "related": [], "uuid": "794660e8-1aac-56c0-8ee4-c4de752c19d9", "value": "Document software application, system, and network security postures, capabilities, and vulnerabilities - T1289" }, { "description": "Prepare technical evaluations of software applications, systems, and networks", "related": [], "uuid": "953cd638-f1ce-5e9c-8dac-2b4ce198f452", "value": "Prepare technical evaluations of software applications, systems, and networks - T1288" }, { "description": "Determine effectiveness of security controls", "related": [], "uuid": "cefafab7-98e7-5625-a1db-31ec687af93b", "value": "Determine effectiveness of security controls - T1924" }, { "description": "Prepare security control assessment reports", "related": [], "uuid": "10df8c3f-e999-5160-850f-7bac72d1896f", "value": "Prepare security control assessment reports - T1925" }, { "description": "Develop system security control assessment plans", "related": [], "uuid": "11045597-5e31-57fa-980a-99ebebbf18fa", "value": "Develop system security control assessment plans - T1922" }, { "description": "Approve system security control assessment plans", "related": [], "uuid": "0365912c-4eaa-57d0-8f9e-30cb9f59c9ad", "value": "Approve system security control assessment plans - T1923" }, { "description": "Establish system configuration baselines", "related": [], "uuid": "3c543e3e-d02d-58a9-81c5-69f0ccc9489f", "value": "Establish system configuration baselines - T1920" }, { "description": "Document changes to planned system control implementations", "related": [], "uuid": "02d5ac10-1518-5013-9a52-1751f848af00", "value": "Document changes to planned system control implementations - T1921" }, { "description": "Implement system security controls", "related": [], "uuid": "d22bba9f-f20f-59bf-8304-19b397709bb1", "value": "Implement system security controls - T1919" }, { "description": "Establish security control monitoring strategies", "related": [], "uuid": "e68deaa9-ac01-59c6-b2a6-7ddb90a92c11", "value": "Establish security control monitoring strategies - T1917" }, { "description": "Review and approve System Security Plans (SSPs)", "related": [], "uuid": "5598113f-85a6-598d-a22e-c1e01d62cecf", "value": "Review and approve System Security Plans (SSPs) - T1918" }, { "description": "Identify required system security controls", "related": [], "uuid": "349cf77c-6bf1-5c62-8b91-f48bb5c4aec7", "value": "Identify required system security controls - T1915" }, { "description": "Document planned system security control implementations", "related": [], "uuid": "13e6037d-ae88-5dc9-948a-22e4b8e9e6ea", "value": "Document planned system security control implementations - T1916" }, { "description": "Register systems with organizational program management offices", "related": [], "uuid": "36ac6d68-b50c-58a5-9f21-5751b49a469e", "value": "Register systems with organizational program management offices - T1914" }, { "description": "Determine the security categorization for organizational systems", "related": [], "uuid": "fac6e06a-58df-5be3-beda-ad007f89900e", "value": "Determine the security categorization for organizational systems - T1911" }, { "description": "Determine system boundaries", "related": [], "uuid": "1b2fc7c0-d66b-5d62-829f-99ef6431fe66", "value": "Determine system boundaries - T1912" }, { "description": "Identify common controls available for inheritance by organizational systems", "related": [], "uuid": "aac9d54c-589a-55c3-90d6-c2ed8968a5a3", "value": "Identify common controls available for inheritance by organizational systems - T1910" }, { "description": "Determine which business functions a system supports", "related": [], "uuid": "7050ffba-32ba-53cc-b0a0-9bf6e04eca04", "value": "Determine which business functions a system supports - T1908" }, { "description": "Determine system stakeholders", "related": [], "uuid": "1604728c-64cf-56ba-a8f0-f6d37a790f31", "value": "Determine system stakeholders - T1909" }, { "description": "Determine business partner requirements", "related": [], "uuid": "ab945b0e-1f2f-556c-9ee9-5c0e5071bf01", "value": "Determine business partner requirements - T1904" }, { "description": "Determine if risk metrics support continuous monitoring", "related": [], "uuid": "286280cd-19a1-546f-b54c-cbe0ec263378", "value": "Determine if risk metrics support continuous monitoring - T1946" }, { "description": "Determine if continuous monitoring data provides situational awareness of risk levels", "related": [], "uuid": "fefc4c61-38da-5a60-9f80-96f84d952092", "value": "Determine if continuous monitoring data provides situational awareness of risk levels - T1947" }, { "description": "Provide training and resources to continuous monitoring staff", "related": [], "uuid": "e07cebd4-67ef-5509-9ccc-fc12d08d6e9c", "value": "Provide training and resources to continuous monitoring staff - T1944" }, { "description": "Prepare continuous monitoring reports", "related": [], "uuid": "b33b57e3-269e-576b-8a87-196c03a2b4ec", "value": "Prepare continuous monitoring reports - T1945" }, { "description": "Integrate a continuous monitoring program into organizational security governance structures and policies", "related": [], "uuid": "ad27211c-a62a-5137-bd4c-af04e756a059", "value": "Integrate a continuous monitoring program into organizational security governance structures and policies - T1942" }, { "description": "Make cybersecurity investment decisions to address persistent issues", "related": [], "uuid": "538aa4a3-b7c1-58ef-936c-9a78a44ffc30", "value": "Make cybersecurity investment decisions to address persistent issues - T1943" }, { "description": "Form continuous monitoring working groups", "related": [], "uuid": "86dfdd40-1884-5dcd-9dee-f9495293b581", "value": "Form continuous monitoring working groups - T1940" }, { "description": "Establish continous monitoring scoring and grading metrics", "related": [], "uuid": "ab89fc0b-0ce2-5cc5-870f-09dd0ce9e29a", "value": "Establish continous monitoring scoring and grading metrics - T1941" }, { "description": "Profile system administrators and their activities", "related": [], "uuid": "b078443b-98b9-56e9-9efb-4a89ddaa8e00", "value": "Profile system administrators and their activities - T1786" }, { "description": "Recommend new or revised security, resilience, and dependability measures", "related": [], "uuid": "8e2d45b7-52ff-53a1-ad63-f02cec3a59fb", "value": "Recommend new or revised security, resilience, and dependability measures - T1303" }, { "description": "Prepare operational assessment reports", "related": [], "uuid": "d93c6fce-7452-5563-bfd3-e3f04ffa4377", "value": "Prepare operational assessment reports - T1708" }, { "description": "Intergrate continuous monitoring results in ongoing authorizations", "related": [], "uuid": "c5949f16-b0b1-5600-9864-32bfab45a928", "value": "Intergrate continuous monitoring results in ongoing authorizations - T1957" }, { "description": "Establish access control processes for continuous monitoring tools and technologies", "related": [], "uuid": "579db313-02dd-5a17-b287-0aee611c06e0", "value": "Establish access control processes for continuous monitoring tools and technologies - T1958" }, { "description": "Establish automated control assessment reporting requirements", "related": [], "uuid": "ca9f77d5-e4ae-5d02-9db5-5e33caa6ccf8", "value": "Establish automated control assessment reporting requirements - T1955" }, { "description": "Conduct continuous monitoring data assessments", "related": [], "uuid": "9348b833-7a49-5d8e-a858-ab3bf310a344", "value": "Conduct continuous monitoring data assessments - T1956" }, { "description": "Establish continuous monitoring reporting requirements", "related": [], "uuid": "a7f58976-6eff-5d32-adab-773cc5d5b113", "value": "Establish continuous monitoring reporting requirements - T1953" }, { "description": "Perform continuous monitoring", "related": [], "uuid": "d950fffa-7d8f-5a3b-a3a6-afdd8471cd9a", "value": "Perform continuous monitoring - T1954" }, { "description": "Establish continuous monitoring communication processes", "related": [], "uuid": "690860b1-c37a-5a16-b4a6-8da3c4165fb4", "value": "Establish continuous monitoring communication processes - T1951" }, { "description": "Identify reporting requirements that are fulfilled by the continous monitoring program", "related": [], "uuid": "9b5cc632-dfe1-533e-8dcd-1f9497c1ce6f", "value": "Identify reporting requirements that are fulfilled by the continous monitoring program - T1952" }, { "description": "Define unacceptable risk threshold triggers for continuous monitoring data", "related": [], "uuid": "65905fb1-b4f7-54eb-8011-95f44f81ccbf", "value": "Define unacceptable risk threshold triggers for continuous monitoring data - T1948" }, { "description": "Establish system-level reporting categories", "related": [], "uuid": "96c2a79b-6c14-5d55-8910-70ff34cdbba5", "value": "Establish system-level reporting categories - T1949" }, { "description": "Notify appropriate personnel of imminent of imminent hostile intentions or activities", "related": [], "uuid": "eb6c19ac-66d6-5cd8-87d9-0dee9b85a9c9", "value": "Notify appropriate personnel of imminent of imminent hostile intentions or activities - T1984" }, { "description": "Document security, resilience, and dependability requirements", "related": [], "uuid": "a43b8c62-8ece-5fdd-9690-4d5c7be2ed02", "value": "Document security, resilience, and dependability requirements - T1166" }, { "description": "Develop risk, compliance, and assurance specifications", "related": [], "uuid": "6e6b806e-7829-52af-bac2-6f888603aba5", "value": "Develop risk, compliance, and assurance specifications - T1165" }, { "description": "Recommend courses of action or countermeasures to mitigate risks", "related": [], "uuid": "1e3714db-1c97-53ae-b0fb-fbb0811d9953", "value": "Recommend courses of action or countermeasures to mitigate risks - T2002" }, { "description": "Perform cybersecurity reviews", "related": [], "uuid": "4eae6448-1146-576c-9993-d3d25e38ad30", "value": "Perform cybersecurity reviews - T2000" }, { "description": "Document preliminary or residual security risks for system operation", "related": [], "uuid": "7de4b51a-eef5-5446-b1c0-92833ea1e9c3", "value": "Document preliminary or residual security risks for system operation - T1170" }, { "description": "Identify anomalous activity", "related": [], "uuid": "c2edf5bf-8375-55d0-9722-03632ab505c3", "value": "Identify anomalous activity - T1972" }, { "description": "Conduct import/export reviews for acquiring systems and software", "related": [], "uuid": "a62c323e-5f68-53a5-81d7-0f0bb43d2c10", "value": "Conduct import/export reviews for acquiring systems and software - T0412" }, { "description": "Apply standards to identify safety risk and protect cyber-physical functions", "related": [], "uuid": "c8c3529c-3f3f-5e21-85ce-d82efed0e292", "value": "Apply standards to identify safety risk and protect cyber-physical functions - T1011" }, { "description": "Develop risk, compliance, and assurance monitoring strategies", "related": [], "uuid": "126fb55c-0447-59f0-9a1f-d493b50e4a1f", "value": "Develop risk, compliance, and assurance monitoring strategies - T1154" }, { "description": "Develop risk, compliance, and assurance measurement strategies", "related": [], "uuid": "a95bc104-c4fa-55a1-b34d-05531f6c7050", "value": "Develop risk, compliance, and assurance measurement strategies - T1155" }, { "description": "Advise stakeholders on the development of continuity of operations plans", "related": [], "uuid": "b401f8f9-3156-56b3-b983-f419a47d7a75", "value": "Advise stakeholders on the development of continuity of operations plans - T1291" }, { "description": "Determine if procurement activities sufficiently address supply chain risks", "related": [], "uuid": "ad50a90c-3fa7-510d-aa8a-40a61c3e4800", "value": "Determine if procurement activities sufficiently address supply chain risks - T1344" }, { "description": "Recommend improvements to procurement activities to address cybersecurity requirements", "related": [], "uuid": "ee2847bd-ed45-556e-9215-04f9fcf75124", "value": "Recommend improvements to procurement activities to address cybersecurity requirements - T1345" }, { "description": "Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements", "related": [], "uuid": "5f195360-53b6-55e8-9e66-6a58f36c706d", "value": "Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements - T1369" }, { "description": "Develop supply chain, system, network, and operational security contract language", "related": [], "uuid": "a81340bc-48a3-5400-a423-4749f02b7f62", "value": "Develop supply chain, system, network, and operational security contract language - T1399" }, { "description": "Determine if technology services are delivered successfully", "related": [], "uuid": "878d2df0-c60e-5d8f-8e5a-0ccd14a6d86e", "value": "Determine if technology services are delivered successfully - T1435" }, { "description": "Manage customer services", "related": [], "uuid": "e859c316-ce3b-528c-8b63-cef82a849851", "value": "Manage customer services - T1448" }, { "description": "Define service-level agreements (SLAs)", "related": [], "uuid": "e2448671-8260-5681-bb3d-0fbbde5d535a", "value": "Define service-level agreements (SLAs) - T1465" }, { "description": "Gather customer satisfaction and service performance feedback", "related": [], "uuid": "90c77abb-6727-5c4f-a3cd-f2b87a53e92f", "value": "Gather customer satisfaction and service performance feedback - T1472" }, { "description": "Examine service performance reports for issues and variances", "related": [], "uuid": "08ee8a78-273e-5bfa-bd03-f0a205ba8ef1", "value": "Examine service performance reports for issues and variances - T1480" }, { "description": "Initiate corrective actions to service performance issues and variances", "related": [], "uuid": "7bdab8b5-e7cf-5df4-b5d2-bd1130b4cd5d", "value": "Initiate corrective actions to service performance issues and variances - T1481" }, { "description": "Determine supply chain cybersecurity requirements", "related": [], "uuid": "39fa1447-7b0f-535f-9eea-f9bcaba12079", "value": "Determine supply chain cybersecurity requirements - T1497" }, { "description": "Advise stakeholders on enterprise cybersecurity risk management", "related": [], "uuid": "c61cd761-5ba7-5ce4-8b92-168df58cbc83", "value": "Advise stakeholders on enterprise cybersecurity risk management - T1601" }, { "description": "Advise stakeholders on supply chain risk management", "related": [], "uuid": "a710305e-2bdb-5c2f-817c-6664daacd504", "value": "Advise stakeholders on supply chain risk management - T1602" }, { "description": "Prepare supply chain security reports", "related": [], "uuid": "d151126f-d0fd-5ad2-a777-d63f20194bbb", "value": "Prepare supply chain security reports - T1621" }, { "description": "Prepare risk management reports", "related": [], "uuid": "b23ae4b2-eb12-5f8a-a532-cdf96f6cbf10", "value": "Prepare risk management reports - T1622" }, { "description": "Develop strategic plans", "related": [], "uuid": "fb1071ea-ee82-5e78-9b93-e290eb068f56", "value": "Develop strategic plans - T1145" }, { "description": "Maintain strategic plans", "related": [], "uuid": "9b73a84a-3b99-5186-8780-82e150087575", "value": "Maintain strategic plans - T1146" }, { "description": "Disseminate incident and other Computer Network Defense (CND) information", "related": [], "uuid": "c4af8513-0e23-55d3-991a-1a9014b77ee2", "value": "Disseminate incident and other Computer Network Defense (CND) information - T1221" }, { "description": "Align cybersecurity priorities with organizational security strategy", "related": [], "uuid": "923355db-860e-5feb-a4aa-9a8c88a7e37c", "value": "Align cybersecurity priorities with organizational security strategy - T1226" }, { "description": "Develop Computer Network Defense (CND) guidance for organizational stakeholders", "related": [], "uuid": "3720f464-48fa-5aa5-b63a-5ee6203722c3", "value": "Develop Computer Network Defense (CND) guidance for organizational stakeholders - T1234" }, { "description": "Determine the effectiveness of enterprise cybersecurity safeguards", "related": [], "uuid": "893e78e4-96dd-5834-ab24-cc5b86a37fa5", "value": "Determine the effectiveness of enterprise cybersecurity safeguards - T1238" }, { "description": "Develop cybersecurity policy recommendations", "related": [], "uuid": "6d88900c-0d4b-5b6f-9eb4-bf9349e79370", "value": "Develop cybersecurity policy recommendations - T1307" }, { "description": "Coordinate cybersecurity policy review and approval processes", "related": [], "uuid": "4c87c1aa-3172-52ac-95e4-f6b052cad7ef", "value": "Coordinate cybersecurity policy review and approval processes - T1308" }, { "description": "Oversee policy standards and implementation strategy development", "related": [], "uuid": "e41565b1-3633-59ec-b583-aaba8eec440b", "value": "Oversee policy standards and implementation strategy development - T1342" }, { "description": "Determine if vulnerability remediation plans are in place", "related": [], "uuid": "27bc66fb-5e7e-5c21-b9eb-ce7d9b9f31e0", "value": "Determine if vulnerability remediation plans are in place - T1355" }, { "description": "Develop vulnerability remediation plans", "related": [], "uuid": "1f285a50-4d50-5c81-ab16-7f050b7a8453", "value": "Develop vulnerability remediation plans - T1356" }, { "description": "Develop critical infrastructure protection policies and procedures", "related": [], "uuid": "f25ab376-df53-558c-8cfe-823ee47ba281", "value": "Develop critical infrastructure protection policies and procedures - T1376" }, { "description": "Implement critical infrastructure protection policies and procedures", "related": [], "uuid": "353a3dd5-d516-51a6-8f15-65df62f680c7", "value": "Implement critical infrastructure protection policies and procedures - T1377" }, { "description": "Establish cybersecurity risk assessment processes", "related": [], "uuid": "e97c6e21-a51e-50b4-9c11-3917b7e2b6a0", "value": "Establish cybersecurity risk assessment processes - T1862" }, { "description": "Establish a cybersecurity risk management program", "related": [], "uuid": "f3d707a3-fe9c-55cd-b782-e454220a1b00", "value": "Establish a cybersecurity risk management program - T1906" }, { "description": "Manage Accreditation Packages (e.g., ISO/IEC 15026-2)", "related": [], "uuid": "eeae1f33-c50c-5686-bb8b-964a72ff97d1", "value": "Manage Accreditation Packages (e.g., ISO/IEC 15026-2) - T0495" }, { "description": "Approve accreditation packages", "related": [], "uuid": "952aa9dd-ef80-5a67-8c3c-fd08422414b2", "value": "Approve accreditation packages - T1232" }, { "description": "Plan security authorization reviews for system and network installations", "related": [], "uuid": "58f5f01b-c1ee-5e9d-86b0-c26ce6c1ac61", "value": "Plan security authorization reviews for system and network installations - T1270" }, { "description": "Conduct security authorization reviews for system and network installations", "related": [], "uuid": "21686556-93a1-5c34-b82f-fb4e0db1baf4", "value": "Conduct security authorization reviews for system and network installations - T1271" }, { "description": "Develop security assurance cases for system and network installations", "related": [], "uuid": "ae2e04eb-340e-548b-a7f5-a15ed91861da", "value": "Develop security assurance cases for system and network installations - T1272" }, { "description": "Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks", "related": [], "uuid": "e0652cdf-751a-57c5-aaeb-1f836ae7323f", "value": "Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks - T1305" }, { "description": "Verify implementation of software, network, and system cybersecurity postures", "related": [], "uuid": "b4a0542b-c08b-5648-a8e0-37b12436c2c7", "value": "Verify implementation of software, network, and system cybersecurity postures - T1328" }, { "description": "Document software, network, and system deviations from implemented security postures", "related": [], "uuid": "1a4b4162-46e4-5eeb-8e07-27701402dddc", "value": "Document software, network, and system deviations from implemented security postures - T1329" }, { "description": "Recommend required actions to correct software, network, and system deviations from implemented security postures", "related": [], "uuid": "759e85ec-6a42-51c3-aa52-518591929cd2", "value": "Recommend required actions to correct software, network, and system deviations from implemented security postures - T1330" }, { "description": "Develop cybersecurity compliance processes for external services", "related": [], "uuid": "924f55e7-5ce2-5f91-84bb-e9efd5cb4019", "value": "Develop cybersecurity compliance processes for external services - T1339" }, { "description": "Develop cybersecurity audit processes for external services", "related": [], "uuid": "ed89471e-2751-5352-a869-fd4fe9f3fe88", "value": "Develop cybersecurity audit processes for external services - T1340" }, { "description": "Provide cybersecurity guidance to organizational risk governance processes", "related": [], "uuid": "7819c599-61f4-52b4-9fca-34a69ee4aa48", "value": "Provide cybersecurity guidance to organizational risk governance processes - T1343" }, { "description": "Support cybersecurity compliance activities", "related": [], "uuid": "da3b2ae0-6b20-52e6-acae-cb46f639c3b7", "value": "Support cybersecurity compliance activities - T1368" }, { "description": "Monitor changes to a system and its environment of operation", "related": [], "uuid": "67b82a25-09d7-59e7-b49e-db51b9dee1f9", "value": "Monitor changes to a system and its environment of operation - T0960" }, { "description": "Identify stakeholder assets that require protection", "related": [], "uuid": "2555f5ca-db5c-54ad-aec5-6c032dcc3cfe", "value": "Identify stakeholder assets that require protection - T0934" }, { "description": "Develop organizational training programs", "related": [], "uuid": "0aca33e8-45ea-5c6d-b6c0-12a443f51473", "value": "Develop organizational training programs - T1420" }, { "description": "Identify the types of information to be processed, stored, or transmitted by a system", "related": [], "uuid": "b45fbb29-d076-52cb-8d83-57ea0434b1d9", "value": "Identify the types of information to be processed, stored, or transmitted by a system - T0942" }, { "description": "Recommend commercial, government off-the-shelf, or open source products for use within a system", "related": [], "uuid": "70daf9da-bdbe-5aad-a585-af81d97e957d", "value": "Recommend commercial, government off-the-shelf, or open source products for use within a system - T1443" }, { "description": "Determine if products comply with cybersecurity requirements", "related": [], "uuid": "8f7b847e-daa9-5e52-a1d5-3d49088823fc", "value": "Determine if products comply with cybersecurity requirements - T1444" }, { "description": "Determine the validity of findings", "related": [], "uuid": "2640b685-b553-5594-8295-dcec627c6e91", "value": "Determine the validity of findings - T1441" }, { "description": "Design system administration and management functionality for privileged access users", "related": [], "uuid": "9f73a829-9545-5bde-8a18-eb25352b514b", "value": "Design system administration and management functionality for privileged access users - T1452" }, { "description": "Develop system administration and management functionality for privileged access users", "related": [], "uuid": "40e45418-3f4b-55eb-8346-8a5d7dad9af9", "value": "Develop system administration and management functionality for privileged access users - T1453" }, { "description": "Create risk-driven systems maintenance and updates processes", "related": [], "uuid": "0f7b400a-c9ef-56b3-ab0a-0dd306bce8a3", "value": "Create risk-driven systems maintenance and updates processes - T1473" }, { "description": "Determine the placement of a system within the enterprise architecture", "related": [], "uuid": "e8df63e0-5a6d-50d6-b081-bae677bc69e6", "value": "Determine the placement of a system within the enterprise architecture - T0937" }, { "description": "Maintain information systems assurance and accreditation materials", "related": [], "uuid": "c0f10584-fa5f-5394-bc27-d2a7e31e08cd", "value": "Maintain information systems assurance and accreditation materials - T0141" }, { "description": "Define operating level agreements (OLAs)", "related": [], "uuid": "6f7056ae-13e9-5c40-b240-7ede551817e8", "value": "Define operating level agreements (OLAs) - T1474" }, { "description": "Determine if cybersecurity requirements included in contracts are delivered", "related": [], "uuid": "59567c61-1e46-5665-8546-d8d8d8d74924", "value": "Determine if cybersecurity requirements included in contracts are delivered - T1498" }, { "description": "Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture", "related": [], "uuid": "c7196969-022f-5246-8673-b423d2f81334", "value": "Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture - T1061" }, { "description": "Collect and maintain system cybersecurity report data", "related": [], "uuid": "6d2c71b1-9418-52fb-a298-63d178f0c3e9", "value": "Collect and maintain system cybersecurity report data - T1086" }, { "description": "Create system cybersecurity reports", "related": [], "uuid": "98b043d2-a9a9-54bf-b8e2-b55029cfb6c9", "value": "Create system cybersecurity reports - T1087" }, { "description": "Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment", "related": [], "uuid": "882d2ea6-5510-5ec0-8769-9a28a4127ecf", "value": "Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment - T1180" }, { "description": "Determine if cybersecurity requirements are integrated into continuity planning", "related": [], "uuid": "204792a0-0f19-5699-a665-1d8ce75abc87", "value": "Determine if cybersecurity requirements are integrated into continuity planning - T1181" }, { "description": "Determine if security engineering is used when acquiring or developing protection and detection capabilities", "related": [], "uuid": "06dd8d64-13f4-5208-a044-af5bdb5e0e7b", "value": "Determine if security engineering is used when acquiring or developing protection and detection capabilities - T1182" }, { "description": "Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture", "related": [], "uuid": "242b4ce0-fb42-5bfe-b9da-b734c4c1580d", "value": "Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture - T1183" }, { "description": "Determine if baseline security safeguards are appropriately installed", "related": [], "uuid": "5b317a1c-29b9-5a2f-ba79-e18ffda2f34f", "value": "Determine if baseline security safeguards are appropriately installed - T1188" }, { "description": "Determine implications of new and upgraded technologies to the cybersecurity program", "related": [], "uuid": "3c5b8a9a-6adf-5e38-86b8-3c28169bc7b8", "value": "Determine implications of new and upgraded technologies to the cybersecurity program - T1201" }, { "description": "Monitor cybersecurity data sources", "related": [], "uuid": "73b17469-b876-5815-be75-114c3f1184a3", "value": "Monitor cybersecurity data sources - T1233" }, { "description": "Manage threat and target analysis", "related": [], "uuid": "18304935-a000-5d68-8c45-5eba7ed21edb", "value": "Manage threat and target analysis - T1235" }, { "description": "Manage the production of threat information", "related": [], "uuid": "22282dc1-58b9-5e94-8d40-0d6de50e4a64", "value": "Manage the production of threat information - T1236" }, { "description": "Oversee the cybersecurity training and awareness program", "related": [], "uuid": "e76cb8b1-490f-55ca-be2c-644994365068", "value": "Oversee the cybersecurity training and awareness program - T1245" }, { "description": "Establish Security Assessment and Authorization processes", "related": [], "uuid": "4dfdaa8c-4014-583e-b35f-2e59a443a9c0", "value": "Establish Security Assessment and Authorization processes - T1246" }, { "description": "Develop computer environment cybersecurity plans and requirements", "related": [], "uuid": "08f062bb-5b52-5243-a4de-ec67ce7b1723", "value": "Develop computer environment cybersecurity plans and requirements - T1247" }, { "description": "Develop standard operating procedures for secure network system operations", "related": [], "uuid": "d4a58c55-d3f9-5433-8cbb-a21b387bb4a5", "value": "Develop standard operating procedures for secure network system operations - T1284" }, { "description": "Distribute standard operating procedures", "related": [], "uuid": "9fa62b19-fc92-5ea1-a80f-cfefb1400a3f", "value": "Distribute standard operating procedures - T1285" }, { "description": "Maintain standard operating procedures", "related": [], "uuid": "1d336e09-315e-5dc3-8cfc-b65a95b0955c", "value": "Maintain standard operating procedures - T1286" }, { "description": "Provide cybersecurity awareness and training", "related": [], "uuid": "f415cee9-4d54-544e-b0b2-21cd84c983b5", "value": "Provide cybersecurity awareness and training - T1295" }, { "description": "Communicate situational awareness information to leadership", "related": [], "uuid": "49db9745-6646-5d80-bf32-531e26baa900", "value": "Communicate situational awareness information to leadership - T1298" }, { "description": "Recommend organizational cybersecurity resource allocations", "related": [], "uuid": "5bf737b7-f39e-5d6d-b8d4-82ef2b112dff", "value": "Recommend organizational cybersecurity resource allocations - T1304" }, { "description": "Determine if appropriate threat mitigation actions have been taken", "related": [], "uuid": "d73f261e-876e-518b-9941-1f1c5731f763", "value": "Determine if appropriate threat mitigation actions have been taken - T1317" }, { "description": "Manage computing environment system operations", "related": [], "uuid": "bbfd4d39-8a7c-5c5d-a0ee-40b1e746c69f", "value": "Manage computing environment system operations - T1321" }, { "description": "Determine organizational compliance", "related": [], "uuid": "6ad35dcc-3737-5e6e-a275-7c497439476b", "value": "Determine organizational compliance - T1373" }, { "description": "Forecast ongoing service demands", "related": [], "uuid": "41532ba8-7f0c-5e6b-81bd-051a52c6749a", "value": "Forecast ongoing service demands - T1374" }, { "description": "Conduct periodic reviews of security assumptions", "related": [], "uuid": "ed3d2c53-865c-56f0-915d-d731dee504e6", "value": "Conduct periodic reviews of security assumptions - T1375" } ], "version": 1 }