CISA publishes Best Practices for MITRE ATT&CK® Mapping document. Download it here.
CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. ATT&CK provides details on 100+ threat actor groups, including the techniques and software they are known to use. ATT&CK can be used to identify defensive gaps, assess security tool capabilities, organize detections, hunt for threats, engage in red team activities, or validate mitigation controls.
