A common approach allows for a collective response to cybersecurity threats.
Standards make daily life go a lot more smoothly. When you plug in a power cord in the U.S., you can count on the plug and socket to match, regardless of manufacturer or location. If you need gas in your car, you know the nozzle will fit your tank.
Towards a similar end, MITRE works with industry and government on common approaches to cybersecurity.
Our focus is to develop and expand the use of common terminology and structures to allow for collaboration and communication across the entire community. These efforts include providing registries of baseline security data, establishing standardized languages for accurately communicating cybersecurity information, defining proper use of cybersecurity concepts, and supporting community approaches for commonly accepted cybersecurity processes. We describe several of them here.
The CVE® List
The Common Vulnerabilities and Exposures (CVE®) list was one of MITRE’s earliest attempts to systematically name security vulnerabilities.
Recognized as the standard for naming vulnerabilities, CVE enables correlation among security products, services, and organizations. Well over 100 products and services from more than 75 vendors have achieved CVE compatibility.
Under Department of Homeland Security sponsorship and in collaboration with the CVE Editorial Board, MITRE works as the independent third party to advance CVE, maintain the CVE list, and ensure CVE serves the public interest.
TAXII and STIX
MITRE is working on two new initiatives for sharing cyber threat information: the Trusted Automated eXchange of Indicator Information (TAXII™) and the Structured Threat Information eXpression (STIX™), both sponsored by the Department of Homeland Security.
TAXII defines a set of protocols for securely exchanging cyber threat information for real-time detection, prevention, and mitigation of cyber threats. STIX provides a common format for cyber threat information, including cyber observables, indicators of compromise, incidents, TTPs (techniques, tactics, and procedures), and campaigns.
Together, TAXII and STIX will enable threat-sharing communities to exchange actionable, structured threat intelligence to promote collective defense.
We also collaborate in similar community efforts for vulnerability management, software assurance, application security, asset management, enterprise reporting, malware protection, configuration management, event management, remediation, and threat information sharing.
In addition to CVE, these efforts include:
- Common Platform Enumeration (CPE): archive (MITRE), dictionary and specifications (NIST)—common platform identifiers
- Common Configuration Enumeration (CCE): archive (MITRE), ongoing development and maintenance (NIST)—common system configuration
- Common Attack Pattern Enumeration and Classification (CAPEC™)—common attack patterns
- Common Weakness Enumeration (CWE™)—software weakness types
Cybersecurity Languages/Formats & Protocols
- Open Vulnerability and Assessment Language (OVAL®)—language for determining vulnerability and configuration issues
- Trusted Automated eXchange of Indicator Information (TAXII™)—protocols and formats for secure automated exchange of cyber threat information
- Structured Threat Information eXpression (STIX™)—language for representing structured threat information
- Cyber Observable Expression (CybOX™)—language for cyber observables
- Malware Attribute Enumeration and Characterization (MAEC™)—language for attribute-based malware characterization
- Common Event Expression (CEE): (MITRE archive) — the way in which computer events are described, logged, and exchanged
- Common Weakness Scoring System (CWSS™)—scoring of weakness severity to help determine urgency and priority
- Common Weakness Risk Analysis Framework (CWRAF™)—framework for applying CWSS, customized to the specific needs of an organization’s business or mission
Learn more by visiting MITRE’s Making Security Measurable website.