Merge branch 'bugs/#56-regex-fix' into develop

CHANGELOG.md

@@ -13,7 +13,10 @@
 <!--    ### New Features                                                -->
 <!--    ### Improvements                                                -->
 <!--    ### Fixes                                                       -->
-
+# 7 January 2021
+## nist800-53-r4 v1.1 and nist800-53-r5 v1.1
+### Fixes
+- Fixed broken regex which was leading to erroneous mappings, in particular mappings to control enhancements. See issue [#56](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/issues/56).
 
 # 15 December 2020
 ### New Features

docs/STIX_format.md

@@ -6,6 +6,8 @@ This document describes the formatting of the control frameworks and mappings in
 ## STIX
 Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. To find out more about STIX, please see [the STIX 2.0 website](https://oasis-open.github.io/cti-documentation/stix/intro). 
 
+<img src="/docs/controls_in_stix.png" width="900px">
+
 ## Format
 The control and mapping data in this repository follows the STIX 2.0 format as follows:
 - Both controls and mappings are represented in STIX2.0 JSON.
@@ -18,4 +20,4 @@ The control and mapping data in this repository follows the STIX 2.0 format as f
 
 ## See also
 - [Tooling](/docs/tooling.md) for more information about how the STIX data was created.
-- [Visualization](/docs/visualization.md) for more information about how to visualize the mappings.
+- [Visualization](/docs/visualization.md) for more information about how to visualize the mappings.

frameworks/nist800-53-r4/README.md

@@ -4,7 +4,7 @@ This folder contains mappings of NIST Special Publication (SP) 800-53 Revision 4
 
 | Mappings Version | Last Updated      | ATT&CK Version | ATT&CK Domain |
 |------------------|-------------------|----------------|---------------|
-| 1.0              | 15 December 2020  | [ATT&CK v8](https://attack.mitre.org/resources/versions/) | Enterprise |
+| 1.1              | 7 January 2021  | [ATT&CK v8](https://attack.mitre.org/resources/versions/) | Enterprise |
 
 | Data ||
 |------|------|

frameworks/nist800-53-r4/input/nist800-53-r4-mappings.tsv

@@ -1065,7 +1065,7 @@ date delivered	mitigationID	techniqueID	controlID	description
 11/13/20	M1046	T1601(\.(001|002))?	(CA-8|CM-(3|5|8)|SA-10|SA-11|SA-14|SI-(2|7)|IA-7|SC-34)	
 7/20/20	M1047	T1021(\.005|\.001)	(CA-8|RA-5|AC-(2|6|17)|IA-(2|4|6)|SI-4)	
 7/20/20	M1047	T1053(\.001|\.004|\.003)	(CA-8|RA-5|SI-4)	
-7/20/20	M1047	T1053(\.002|\.005)?	(CA-8|RA-5|AC-(2|6)|IA-(2|4)|SI-4)|CM-(2|6|7|8)	
+7/20/20	M1047	T1053(\.002|\.005)?	(CA-8|RA-5|AC-(2|6)|IA-(2|4)|SI-4|CM-(2|6|7|8))	
 7/20/20	M1047	T1059	(CA-8|CM-(2|6|7|8|11)|RA-5|SI-4)	
 7/20/20	M1047	T1114(\.003)?	(AC-4|SC-7|SI-4)	
 7/20/20	M1047	T1176	(CA-8|SC-7|CM-2|RA-5|SI-(3|4))	
@@ -1202,33 +1202,33 @@ date delivered	mitigationID	techniqueID	controlID	description
 10/30/20	M1052	T1548(\.002)	IA-2	Identification and authentication (organizational users)
 10/30/20	M1052	T1550(\.002)	CM-6	Configuration settings
 10/30/20	M1052	T1574	AC-4	Information flow enforcement
-11/2/20	M1052	T1574(\.005)	CM-2|AC-4	"baseline configuration, information flow enforcement"
-11/2/20	M1052	T1574(\.010)	CM-2|AC-4	"baseline configuration, information flow enforcement"
+11/2/20	M1052	T1574(\.005)	(CM-2|AC-4)	"baseline configuration, information flow enforcement"
+11/2/20	M1052	T1574(\.010)	(CM-2|AC-4)	"baseline configuration, information flow enforcement"
 10/27/20	M1054	T1137	AC-(10|17)	"concurrent session control, remote access"
 10/27/20	M1054	T1137	CM-2	baseline configuration
 10/27/20	M1054	T1137(\.002)	AC-(6|10|14|17)	"least privilege, concurrent session control, permitted actions without identification or authentication, remote access"
 10/27/20	M1054	T1137(\.002)	CM-(2|5)	"baseline configuration, access restrictions for change"
 10/27/20	M1054	T1535	SC-23	session authenticity
 10/27/20	M1054	T1539	CM-6	configuration settings
 10/26/20	M1054	T1546(\.013)	CM-10	User-installed software
-10/27/20	M1054	T1550(\.004)	SI-7|SC-(8|23)	"software firmware and information integrity, transmission confidentiality and integrity, session authenticity"
+10/27/20	M1054	T1550(\.004)	(SI-7|SC-(8|23))	"software firmware and information integrity, transmission confidentiality and integrity, session authenticity"
 10/27/20	M1054	T1553	CM-10	Software usage restrictions
 10/27/20	M1054	T1553	IA-9	Service identification and authentication
-10/27/20	M1054	T1553(\.004)	IA-9|SC-20|CM-10	"Service identification and authentication, Secure name/address resolution service (authoritative source), software usage restrictions"
+10/27/20	M1054	T1553(\.004)	(IA-9|SC-20|CM-10)	"Service identification and authentication, Secure name/address resolution service (authoritative source), software usage restrictions"
 10/26/20	M1054	T1559	CM-(6|7|10)	"Configuration settings, least functionality, software usage restrictions"
-10/26/20	M1054	T1559(\.002)	AC-6|CM-(6|7|10)	"least privilege, Configuration settings, least functionality, software usage restrictions"
+10/26/20	M1054	T1559(\.002)	(AC-6|CM-(6|7|10))	"least privilege, Configuration settings, least functionality, software usage restrictions"
 10/26/20	M1054	T1562(\.006)	SC-8	Transmission Confidentiality and Integrity
-11/4/20	M1024	T1037	AC-17|CM-7	"Remote Access, Least funtionality"
-11/4/20	M1024	T1037(\.001)	AC-17|CM-7	"Remote Access, Least funtionality"
-11/4/20	M1024	T1112	AC-6|CM-7	"Least privilege, Least funtionality"
-11/24/20	M1024	T1553\.003	AC-6|SI-7	"Least privilege, software firmware and information integrity"
-11/4/20	M1024	T1489	AC-6|CM-5	"Least privilege, Access Restrictions for Change"
-11/4/20	M1024	T1547(\.003)	AC-(3|4)|CM-5	
-11/4/20	M1024	T1553	AC-6|SI-7	"Least privilege, software firmware and information integrity"
-11/4/20	M1024	T1562	AC-6|CM-(5|7)	"Least privilege, Access Restrictions for Change, Least funtionality"
-11/4/20	M1024	T1562(\.001)	AC-6|CM-(5|7)	"Least privilege, Access Restrictions for Change, Least funtionality"
-11/4/20	M1024	T1562(\.002)	AC-6|CM-(5|7)	"Least privilege, Access Restrictions for Change, Least funtionality"
-11/4/20	M1024	T1562(\.004)	AC-6|CM-(5|7)	"Least privilege, Access Restrictions for Change, Least funtionality"
+11/4/20	M1024	T1037	(AC-17|CM-7)	"Remote Access, Least funtionality"
+11/4/20	M1024	T1037(\.001)	(AC-17|CM-7)	"Remote Access, Least funtionality"
+11/4/20	M1024	T1112	(AC-6|CM-7)	"Least privilege, Least funtionality"
+11/24/20	M1024	T1553\.003	(AC-6|SI-7)	"Least privilege, software firmware and information integrity"
+11/4/20	M1024	T1489	(AC-6|CM-5)	"Least privilege, Access Restrictions for Change"
+11/4/20	M1024	T1547(\.003)	(AC-(3|4)|CM-5)	
+11/4/20	M1024	T1553	(AC-6|SI-7)	"Least privilege, software firmware and information integrity"
+11/4/20	M1024	T1562	(AC-6|CM-(5|7))	"Least privilege, Access Restrictions for Change, Least funtionality"
+11/4/20	M1024	T1562(\.001)	(AC-6|CM-(5|7))	"Least privilege, Access Restrictions for Change, Least funtionality"
+11/4/20	M1024	T1562(\.002)	(AC-6|CM-(5|7))	"Least privilege, Access Restrictions for Change, Least funtionality"
+11/4/20	M1024	T1562(\.004)	(AC-6|CM-(5|7))	"Least privilege, Access Restrictions for Change, Least funtionality"
 11/4/20	M1024	T1574	AC-(4|6)	"Information flow enforcement, Least privilege"
-11/4/20	M1024	T1574(\.011)	AC-6|CM-5	"Least privilege, Access Restrictions for Change"
-11/4/20	M1024	T1574(\.012)	AC-6|CM-5	"Least privilege, Access Restrictions for Change"
+11/4/20	M1024	T1574(\.011)	(AC-6|CM-5)	"Least privilege, Access Restrictions for Change"
+11/4/20	M1024	T1574(\.012)	(AC-6|CM-5)	"Least privilege, Access Restrictions for Change"