Resource Library
| Title | Summary | Last Modified | Role | Phase | Resource Type | Org | Org Type |
|---|---|---|---|---|---|---|---|
| Ransomware Techniques in ATT&CK | List of ransomware techniques, software, and groups that are presently documented in MITRE ATT&CK. | January 12, 2024 | IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect, Respond | Tool | MITRE | Non-Profit |
| Cyber Threat Intelligence | Resources that provide insight for organizations to the latest threats and understanding the adversary. | April 20, 2023 | IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect | Advisory, Document, Website Article(s) | CISA, MITRE, NIST | Government, Non-Profit |
| Incident Preparedness and Response | Incident preparedness and response considerations that can help health delivery organizations (HDOs) and other stakeholders understand the roles and responsibilities before, during, and after a cyber incident. | April 20, 2023 | Business Leader, Technical Leader | Detect, Identify, Protect, Recover, Respond | Document, Website Article(s) | MITRE | Non-Profit |
| #StopRansomware: Hive Ransomware | Cybersecurity & Infrastructure Security Agency (CISA) Alert (AA22-321A); Uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH). | November 30, 2022 | IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect, Respond | Advisory, Document | CISA | Government |
| 11 Strategies of a World-Class Cybersecurity Operations Center | MITRE’s Ten Strategies of a World-Class CSOC book, describing detailed strategies, including how they crosscut elements of people, process, and technology to build, manage, and improve the CSOC. | September 23, 2022 | IT/Cybersecurity Practitioner, Technical Leader | Detect, Identify, Protect, Respond | Best Practice, Document | MITRE | Non-Profit |
| Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients | Resources that provide Health Industry Cybersecurity Best Practices: Managing Threats and Protecting Patients (HICP). | September 23, 2022 | Technical Leader | Protect | Best Practice | HHS | Government |
| The MITRE Systems Engineering Guide | MITRE Systems Engineering Guide, or SEG, conveys The MITRE Corporation’s accumulated wisdom on a wide range of systems engineering subjects—sufficient for understanding the essentials of the discipline and for translating this knowledge into practice in your own work environment. | September 21, 2022 | IT/Cybersecurity Practitioner, Technical Leader | Best Practice, Book, Document | MITRE | Non-Profit | |
| CISA Fact Sheet Rising Ransomware Threat to OT Assets | Recommended actions and resources that critical infrastructure entities should implement to reduce the risk ransomware. | September 21, 2022 | IT/Cybersecurity Practitioner, Technical Leader | Protect, Respond | Fact Sheet | CISA | Government |
| Designing Cyber Resilient Systems (NIST SP 800-160 Vol. 2) | A Systems Security Engineering Approach; which defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. | September 21, 2022 | IT/Cybersecurity Practitioner, Technical Leader | Protect | Best Practice, Document | NIST | Government |
| HHS 405(d) Aligning Health Care Industry Security Approaches | Provides industry-led consensus-based guidelines, practices, and methodologies that aim to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the HPH sector | September 21, 2022 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Detect, Identify, Protect, Recover, Respond | Website | HHS | Government |
| Crown Jewels Analysis (CJA) | Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to achieve an organization’s key objectives and enable organizations to prioritize and apply limited resources effectively for cyber resiliency during a major cyber attack. | September 19, 2022 | Business Leader | Identify | Cybersecurity Assessment, Document, Tool | MITRE | Non-Profit |
| Hive Ransomware | Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. The Health Sector Cybersecurity Coordination Center (HC3) recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise. | May 17, 2022 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect | Analyst Note, Report | HHS | Government |
| NISTIR 8374- Ransomware Risk Management: A Cybersecurity Framework Profile | Incorporates feedback from earlier drafts and is based on the broader Cybersecurity Framework Version 1.1. It can be used as a guide to manage the risk of ransomware events—which includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events. | March 1, 2022 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Detect, Identify, Protect, Recover, Respond | Document | NIST | Non-Profit |
| Threat-Informed Cybersecurity Operations for Healthcare Delivery Organizations | A Guide to Maturing Cyber Defense Capabilities For HDO. | November 29, 2021 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Identify | Document | MITRE | Non-Profit |
| Cyber Operations Rapid Assessment (CORA) | A lightweight assessment tool used to evaluate your overall cybersecurity operations and infrastructure. | November 29, 2021 | Business Leader, Technical Leader | Identify | Document, Tool | MITRE | Non-Profit |
| Deploy Cyber Analytics | A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model. | November 5, 2021 | IT/Cybersecurity Practitioner | Detect | Document | MITRE | Non-Profit |
| Detect Cyber Events | An overview of how to set the scene for detection, and how to collect the right data points. | August 29, 2021 | IT/Cybersecurity Practitioner | Detect | Document | MITRE | Non-Profit |
| CISA Ransomware Resource Hub | A collection of CISA cybersecurity services can that help organization identify, protect and respond to the ransomware threat. | July 19, 2021 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect, Respond | Best Practice, Document, Training, Website Article(s) | CISA | Government |
| Design Defenses | NIST Reference designs that focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. | July 15, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Detect, Identify, Protect, Recover, Respond | Best Practice, Document, Website Article(s) | NIST | Government |
| Rubric for Applying CVSS to Medical Devices | The CVSS Rubric consists of a structured set of questions and corresponding decision flow diagrams, along with medical device specific examples and guidance, to help assess a medical device vulnerability in a consistent and standardized way. | July 7, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Identify | Document | MITRE | Non-Profit |
| Zero Trust Architecture (ZTA) | The ZTA Tech Watcher report explores the state of the technology today and provides background, applicability and benefits to organizations, outstanding challenges and issues, and recommendations. | July 6, 2021 | Business Leader, IT/Cybersecurity Practitioner, Technical Leader | Protect | Document | MITRE | Non-Profit |
| Data Integrity: Recovering from Ransomware and Other Destructive Events | Reference designs that uses commercially available technologies to develop solutions that could assist an organization in recovering from ransomware or other destructive events. | June 4, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Recover, Respond | Best Practice, Website Article(s) | NIST | Government |
| Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events | Reference designs that uses commercially available technologies to develop solutions that could assist an organization in identifying and protecting critical assets against ransomware or other destructive events. | June 4, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Identify, Protect | Best Practice | NIST | Government |
| Health Information Sharing and Analysis Center (H-ISAC) | H-ISAC, Health Information Sharing and Analysis Center, is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other. | June 4, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Protect | Information Sharing, Threat Intel, Website Article(s) | Health-ISAC | Non-Profit |
| Ransomware What It Is and What To Do About It | Cybersecurity & Infrastructure Security Agency (CISA) overview on ransomware, what it is and what to do about it. | June 4, 2021 | IT/Cybersecurity Practitioner, Technical Leader | Protect | Fact Sheet | CISA | Government |
