Curated references
Threat Intelligence & Frameworks
Defensive frameworks and taxonomies used to understand adversary behavior and reduce risk.
34 references
| Reference | URL |
|---|---|
| MITRE ATT&CK | https://attack.mitre.org/ |
| MITRE D3FEND | https://d3fend.mitre.org/ |
| MITRE CWE | https://cwe.mitre.org/ |
| NIST Cybersecurity Framework (CSF) | https://www.nist.gov/cyberframework |
| NIST CSRC (Computer Security Resource Center) | https://csrc.nist.gov/ |
| NIST SP 800-53 | https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final |
| NIST SP 800-61 (Incident Handling) | https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final |
| NIST SP 800-207 (Zero Trust) | https://csrc.nist.gov/publications/detail/sp/800-207/final |
| CIS Critical Security Controls | https://www.cisecurity.org/controls |
| CIS Benchmarks | https://www.cisecurity.org/cis-benchmarks |
| OWASP Cheat Sheet Series | https://cheatsheetseries.owasp.org/ |
| OWASP ASVS | https://owasp.org/www-project-application-security-verification-standard/ |
| OWASP API Security Top 10 | https://owasp.org/www-project-api-security/ |
| OpenSSF Best Practices | https://bestpractices.coreinfrastructure.org/ |
| OpenSSF Scorecard | https://securityscorecards.dev/ |
| SLSA (Supply-chain security) | https://slsa.dev/ |
| SBOM (CISA) | https://www.cisa.gov/sbom |
| FIRST EPSS | https://www.first.org/epss/ |
| ATT&CK Evaluations | https://attackevals.mitre-engenuity.org/ |
| CISA Secure by Design | https://www.cisa.gov/securebydesign |
| CISA Cybersecurity Performance Goals (CPGs) | https://www.cisa.gov/cpg |
| NCSC 10 Steps to Cyber Security | https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security |
| CISA Stop Ransomware | https://www.cisa.gov/stopransomware |
| CISA Zero Trust Maturity Model | https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model |
| NIST SP 800-30 (Risk Assessments) | https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final |
| NIST SP 800-40 (Patch Management) | https://csrc.nist.gov/publications/detail/sp/800-40/rev-3/final |
| NIST SP 800-92 (Log Management) | https://csrc.nist.gov/publications/detail/sp/800-92/1/final |
| NIST SP 800-137 (ISCM) | https://csrc.nist.gov/publications/detail/sp/800-137/final |
| OWASP Secure Headers Project | https://owasp.org/www-project-secure-headers/ |
| CISA Ransomware Guide | https://www.cisa.gov/stopransomware/ransomware-guide |
| Have I Been Pwned FAQ | https://haveibeenpwned.com/FAQs |
| CIS Benchmarks (list) | https://www.cisecurity.org/cis-benchmarks |
| NVD CVSS | https://nvd.nist.gov/vuln-metrics/cvss |
| FIRST CVSS guide | https://www.first.org/cvss/ |