You are a security analyst working on a Department of Defense contract. Since your organization supports a government agency, you are required to use the NIST Risk Management Framework. Your supervisor wants to prioritize implementation of security controls based on threat capabilities as identified in the MITRE ATT&CK Framework. This way you can prioritize mitigation of the most serious threats as you work to attain compliance.

Goa

You must use the MITRE ATT&CK Navigator tool, to develop a prioritized list of adversary techniques that should inform the implementation of countermeasures per NIST SP $800-53$ r$5.$

Tasks:

$1.$ Go to Groups $|$ MITRE ATT&CK$$ and select three Advanced Persistent Threat groups $($APT$)$

a$.$ The groups must be based in Russia, China, Iran, or North Korea.

b$.$ They must be known to target the defense industry or the US Government from the Threat Groups option.

c$.$ Be sure to select APT groups from at least two different countries.

$2.$ Using MITRE ATT&CK Navigator, create three individual ATT&CK Navigator layers $($one for each APT$).$

Hint: See MITRE ATT&CK Navigator Demo for a quick tutorial.

Recommendation: Using Version $12$ will make Project$-$Part $2$ easier.

$3.$ Create a consolidated ATT&CK Navigator layer that aggregates the techniques of all three selected APTs. Your final ATT&CK Navigator build should have four layers: three with one APT each, and one that combines the other three.

$4.$ Export your layers to an Excel spreadsheet and upload to the Project $1$ assignment in D$2$L$.$ The spreadsheet you submit should have four worksheets $($tabs$),$ three showing $1$ APT each, and one showing the combined highlighted techniques. Hint: If you export a JSON file as well, it may make Part $2$ of this project easier.

$5.$ Using the report template, create an executive summary level report that includes the following sections:

a$.$ Provide an overview of each APT and rationale for selection.

b$.$ Separate the techniques used by the three selected APTs into three risk categories $($high$,$ moderate, and low$).$

c$.$ Focus on the techniques identified in Task $5$b as being High Risk. Place them in order according to priority of mitigating them. Using information from Techniques $-$ Enterprise $|$ MITRE ATT&CK$,$ rationalize your choice.