NCSC CAF to MITRE ATTACK Mappings
The NCSC's Cyber Assessment Framework (CAF) was developed to help critical national infrastructure (CNI) and government organisationsto effectively manage cyber security risk.The table below details Ofgem mappings to MITRE ATT&CK framework mitigations. To see related MITRE ATT&CK techniques, click through to that outcome for a full list as well as mappings to other control frameworks.
| CAF ID | CAF Outcome | ATT&CK Mitigations |
|---|---|---|
| A1.a | Board Direction | |
| A1.b | Roles and Responsibilities | |
| A1.c | Decision-making | |
| A2.a | Risk Management Process | M1019 |
| A2.b | Assurance | |
| A3.a | Asset Management | |
| A4.a | Supply Chain | M1052 |
| B1.a | Policy and Process Development | M1028, M1019, M1027 |
| B1.b | Policy and Process Implementation | M1027 |
| B2.a | Identity Verification, Authentication and Authorisation | M1018, M1022, M1032, M1039, M1047, M1028, M1024 |
| B2.b | Device Management | M1034, M1028 |
| B2.c | Privileged User Management | M1032, M1047, M1018, M1022, M1026, M1052, M1024 |
| B2.d | Identity and Access Management (IdAM) | M1047, M1015 |
| B3.a | Understanding Data | |
| B3.b | Data in Transit | M1041 |
| B3.c | Stored Data | M1029, M1041, M1022, M1053 |
| B3.d | Mobile Data | |
| B3.e | Media Equipment Sanitisation | |
| B4.a | Secure by Design | M1029, M1037, M1035, M1030, M1045 |
| B4.b | Secure Configuration | M1041, M1022, M1047, M1021, M1018, M1035, M1040, M1043, M1052, M1036, M1015, M1046, M1028, M1042, M1027, M1045, M1033, M1044, M1048, M1030, M1025, M1039 |
| B4.c | Secure Management | M1050, M1033, M1040, M1029, M1022, M1021, M1038, M1044, M1049 |
| B4.d | Vulnerability Management | M1028, M1015, M1042, M1016, M1048, M1049, M1047, M1046, M1051 |
| B5.a | Resilience Preparation | M1029, M1019 |
| B5.b | Design for Resilience | M1030, M1037 |
| B5.c | Backups | M1029, M1053, M1041 |
| B6.a | Cyber Security Culture | |
| B6.b | Cyber Security Training | M1013, M1017 |
| C1.a | Monitoring Coverage | M1050, M1020, M1031, M1049, M1047 |
| C1.b | Securing Logs | M1022, M1036 |
| C1.c | Generating Alerts | M1031, M1049, M1020 |
| C1.d | Identifying Security Incidents | M1049, M1019, M1031 |
| C1.e | Monitoring Tools and Skills | |
| C2.a | System Abnormalities for Attack Detection | M1019 |
| C2.b | Proactive Attack Discovery | M1049 |
| D1.a | Response Plan | |
| D1.b | Response and Recovery Capability | M1053 |
| D1.c | Testing and Exercising | M1019 |
| D2.a | Incident Root Cause Analysis | |
| D2.b | Using Incidents to Drive Improvements |