Standards

A common approach allows for a collective response to cybersecurity threats.

Standards make daily life go a lot more smoothly. When you plug in a power cord in the U.S., you can count on the plug and socket to match, regardless of manufacturer or location. If you need gas in your car, you know the nozzle will fit your tank.

Towards a similar end, MITRE works with industry and government on common approaches to cybersecurity.

Our focus is to develop and expand the use of common terminology and structures to allow for collaboration and communication across the entire community. These efforts include providing registries of baseline security data, establishing standardized languages for accurately communicating cybersecurity information, defining proper use of cybersecurity concepts, and supporting community approaches for commonly accepted cybersecurity processes. We describe several of them here.

The CVE® List

The (CVE®) list was one of MITRE’s earliest attempts to systematically name security vulnerabilities.

Recognized as the standard for naming vulnerabilities, CVE enables correlation among security products, services, and organizations. Well over 100 products and services from more than 75 vendors have achieved CVE compatibility.

Under Department of Homeland Security sponsorship and in collaboration with the CVE Editorial Board, MITRE works as the independent third party to advance CVE, maintain the CVE list, and ensure CVE serves the public interest.

TAXII and STIX

MITRE is working on two new initiatives for sharing cyber threat information: the and the , both sponsored by the Department of Homeland Security.

TAXII defines a set of protocols for securely exchanging cyber threat information for real-time detection, prevention, and mitigation of cyber threats. STIX provides a common format for cyber threat information, including cyber observables, indicators of compromise, incidents, TTPs (techniques, tactics, and procedures), and campaigns.

Together, TAXII and STIX will enable threat-sharing communities to exchange actionable, structured threat intelligence to promote collective defense.

We also collaborate in similar community efforts for vulnerability management, software assurance, application security, asset management, enterprise reporting, malware protection, configuration management, event management, remediation, and threat information sharing.

In addition to CVE, these efforts include:

Cybersecurity Registries

  • Common Platform Enumeration (CPE): , and (NIST)—common platform identifiers
  • Common Configuration Enumeration (CCE): , —common system configuration
  • —common attack patterns
  • —software weakness types

Cybersecurity Languages/Formats & Protocols

  • —language for determining vulnerability and configuration issues
  • —protocols and formats for secure automated exchange of cyber threat information
  • —language for representing structured threat information
  • —language for cyber observables
  • —language for attribute-based malware characterization
  • — the way in which computer events are described, logged, and exchanged
  • —scoring of weakness severity to help determine urgency and priority
  • —framework for applying CWSS, customized to the specific needs of an organization’s business or mission

Learn more by visiting MITRE’s .