Related papers: An Alignment Between the CRA's Essential Requirements and the ATT&CK's Mitigations

An Alignment Between the CRA's Essential Requirements and the ATT&CK's Mitigations

URL: http://arxiv.org/abs/2505.13641v1
Date: Mon, 19 May 2025 18:29:00 GMT
Title: An Alignment Between the CRA's Essential Requirements and the ATT&CK's Mitigations
Authors: Jukka Ruohonen, Eun-Young Kang, Qusai Ramadan,
Abstract summary: The paper presents an alignment evaluation between the mitigations present in the MITRE's ATT&CK framework and the essential cyber security requirements of the recently introduced Cyber Resilience Act (CRA) in the European Union.<n>With respect to the CRA, there are notable gaps only in terms of data minimization, data erasure, and vulnerability coordination.<n>The evaluation presented contributes to narrowing of a common disparity between law and technical frameworks.
Score: 0.30586855806896046
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The paper presents an alignment evaluation between the mitigations present in the MITRE's ATT&CK framework and the essential cyber security requirements of the recently introduced Cyber Resilience Act (CRA) in the European Union. In overall, the two align well with each other. With respect to the CRA, there are notable gaps only in terms of data minimization, data erasure, and vulnerability coordination. In terms of the ATT&CK framework, gaps are present only in terms of threat intelligence, training, out-of-band communication channels, and residual risks. The evaluation presented contributes to narrowing of a common disparity between law and technical frameworks.

Related papers

A Mapping Analysis of Requirements Between the CRA and the GDPR [0.19116784879310028]
The Cyber Resilience Act (CRA) was recently agreed upon by the European Union (EU) Union.<n>This paper contributes to requirements engineering research specialized into legal requirements, demonstrating how new laws may affect existing requirements.
arXiv Detail & Related papers (2025-03-03T18:42:12Z)
AILuminate: Introducing v1.0 of the AI Risk and Reliability Benchmark from MLCommons [62.374792825813394]
This paper introduces AILuminate v1.0, the first comprehensive industry-standard benchmark for assessing AI-product risk and reliability.<n>The benchmark evaluates an AI system's resistance to prompts designed to elicit dangerous, illegal, or undesirable behavior in 12 hazard categories.
arXiv Detail & Related papers (2025-02-19T05:58:52Z)
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs [20.407534993667607]
This work introduces a graph-based framework for vulnerability patch prioritization.<n>It integrates diverse data sources and metrics into a universally applicable model.<n> refined risk metrics enable detailed assessments at the component, asset, and system levels.
arXiv Detail & Related papers (2025-02-16T14:21:52Z)
MITRE ATT&CK Applications in Cybersecurity and The Way Forward [18.339713576170396]
The MITRE ATT&CK framework is a widely adopted tool for enhancing cybersecurity, supporting threat intelligence, incident response, attack modeling, and vulnerability prioritization.<n>This paper synthesizes research on its application across these domains by analyzing 417 peer-reviewed publications.<n>We identify commonly used adversarial tactics, techniques, and procedures (TTPs) and examine the integration of natural language processing (NLP) and machine learning (ML) with ATT&CK to improve threat detection and response.
arXiv Detail & Related papers (2025-02-15T15:01:04Z)
Vulnerability Coordination Under the Cyber Resilience Act [0.21485350418225244]
The Cyber Resilience Act (CRA) was recently agreed upon in the European Union (EU)<n>It imposes many new cyber security requirements practically to all information technology products.<n>The paper examines and elaborates the CRA's new requirements for vulnerability coordination, including vulnerability disclosure.
arXiv Detail & Related papers (2024-12-09T07:19:30Z)
ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
Certifiably Byzantine-Robust Federated Conformal Prediction [49.23374238798428]
We introduce a novel framework Rob-FCP, which executes robust federated conformal prediction effectively countering malicious clients. We empirically demonstrate the robustness of Rob-FCP against diverse proportions of malicious clients under a variety of Byzantine attacks.
arXiv Detail & Related papers (2024-06-04T04:43:30Z)
Data Poisoning for In-context Learning [49.77204165250528]
In-context learning (ICL) has been recognized for its innovative ability to adapt to new tasks.<n>This paper delves into the critical issue of ICL's susceptibility to data poisoning attacks.<n>We introduce ICLPoison, a specialized attacking framework conceived to exploit the learning mechanisms of ICL.
arXiv Detail & Related papers (2024-02-03T14:20:20Z)
Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management. It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic. It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
arXiv Detail & Related papers (2024-01-31T12:33:41Z)
Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing [7.977316321387031]
Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. Current literature assumes access to centralized databases containing all the information, but this is not always feasible. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise.
arXiv Detail & Related papers (2022-09-06T17:44:20Z)
IBP Regularization for Verified Adversarial Robustness via Branch-and-Bound [85.6899802468343]
We present IBP-R, a novel verified training algorithm that is both simple effective. We also present UPB, a novel robustness based on $beta$-CROWN, that reduces the cost state-of-the-art branching algorithms.
arXiv Detail & Related papers (2022-06-29T17:13:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.