TY - UNPB
T1 - An Alignment Between the CRA's Essential Requirements and the ATT&CK's Mitigations
AU - Ruohonen, Jukka
AU - Kang, Eun-Young
AU - Ramadan, Qusai
N1 - Submitted to ESPRE@RE
PY - 2025/5/19
Y1 - 2025/5/19
N2 - The paper presents an alignment evaluation between the mitigations present in the MITRE's ATT&CK framework and the essential cyber security requirements of the recently introduced Cyber Resilience Act (CRA) in the European Union. In overall, the two align well with each other. With respect to the CRA, there are notable gaps only in terms of data minimization, data erasure, and vulnerability coordination. In terms of the ATT&CK framework, gaps are present only in terms of threat intelligence, training, out-of-band communication channels, and residual risks. The evaluation presented contributes to narrowing of a common disparity between law and technical frameworks.
AB - The paper presents an alignment evaluation between the mitigations present in the MITRE's ATT&CK framework and the essential cyber security requirements of the recently introduced Cyber Resilience Act (CRA) in the European Union. In overall, the two align well with each other. With respect to the CRA, there are notable gaps only in terms of data minimization, data erasure, and vulnerability coordination. In terms of the ATT&CK framework, gaps are present only in terms of threat intelligence, training, out-of-band communication channels, and residual risks. The evaluation presented contributes to narrowing of a common disparity between law and technical frameworks.
KW - cs.CR
KW - cs.SE
M3 - Working paper
BT - An Alignment Between the CRA's Essential Requirements and the ATT&CK's Mitigations
ER -