@blamejs/exceptd-skills 0.12.24 → 0.12.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +12 -4
- package/CHANGELOG.md +127 -0
- package/data/_indexes/_meta.json +44 -43
- package/data/_indexes/activity-feed.json +54 -47
- package/data/_indexes/catalog-summaries.json +20 -20
- package/data/_indexes/chains.json +561 -6
- package/data/_indexes/currency.json +19 -10
- package/data/_indexes/frequency.json +207 -55
- package/data/_indexes/handoff-dag.json +4 -0
- package/data/_indexes/jurisdiction-clocks.json +2 -2
- package/data/_indexes/jurisdiction-map.json +25 -12
- package/data/_indexes/section-offsets.json +490 -396
- package/data/_indexes/stale-content.json +14 -2
- package/data/_indexes/summary-cards.json +57 -3
- package/data/_indexes/token-budget.json +129 -74
- package/data/_indexes/trigger-table.json +66 -0
- package/data/_indexes/xref.json +58 -8
- package/data/atlas-ttps.json +528 -19
- package/data/attack-techniques.json +198 -84
- package/data/cve-catalog.json +1309 -9
- package/data/exploit-availability.json +300 -10
- package/data/framework-control-gaps.json +557 -1
- package/data/global-frameworks.json +44 -19
- package/data/rfc-references.json +94 -1
- package/data/zeroday-lessons.json +475 -13
- package/lib/schemas/cve-catalog.schema.json +24 -3
- package/manifest-snapshot.json +68 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +145 -59
- package/package.json +1 -1
- package/sbom.cdx.json +7 -7
- package/skills/ai-attack-surface/skill.md +11 -2
- package/skills/ai-c2-detection/skill.md +3 -1
- package/skills/ai-risk-management/skill.md +3 -1
- package/skills/api-security/skill.md +4 -0
- package/skills/attack-surface-pentest/skill.md +1 -0
- package/skills/container-runtime-security/skill.md +3 -1
- package/skills/dlp-gap-analysis/skill.md +1 -1
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +1 -1
- package/skills/kernel-lpe-triage/skill.md +6 -1
- package/skills/mcp-agent-trust/skill.md +7 -2
- package/skills/mlops-security/skill.md +1 -1
- package/skills/rag-pipeline-security/skill.md +4 -2
- package/skills/sector-financial/skill.md +1 -1
- package/skills/sector-telecom/skill.md +259 -0
- package/skills/skill-update-loop/skill.md +1 -1
- package/skills/supply-chain-integrity/skill.md +3 -1
- package/skills/threat-model-currency/skill.md +1 -1
- package/skills/webapp-security/skill.md +2 -0
- package/skills/zeroday-gap-learn/skill.md +2 -2
|
@@ -1834,6 +1834,326 @@
|
|
|
1834
1834
|
"rfc_refs": []
|
|
1835
1835
|
}
|
|
1836
1836
|
},
|
|
1837
|
+
"CVE-2024-21626": {
|
|
1838
|
+
"name": "runc /proc/self/fd leak (Leaky Vessels)",
|
|
1839
|
+
"rwep": 75,
|
|
1840
|
+
"cvss": 8.6,
|
|
1841
|
+
"cisa_kev": true,
|
|
1842
|
+
"epss_score": 0.65,
|
|
1843
|
+
"referencing_skills": [],
|
|
1844
|
+
"chain": {
|
|
1845
|
+
"cwes": [],
|
|
1846
|
+
"atlas": [],
|
|
1847
|
+
"d3fend": [],
|
|
1848
|
+
"framework_gaps": [],
|
|
1849
|
+
"attack_refs": [],
|
|
1850
|
+
"rfc_refs": []
|
|
1851
|
+
}
|
|
1852
|
+
},
|
|
1853
|
+
"CVE-2024-3094": {
|
|
1854
|
+
"name": "xz-utils liblzma backdoor",
|
|
1855
|
+
"rwep": 70,
|
|
1856
|
+
"cvss": 10,
|
|
1857
|
+
"cisa_kev": true,
|
|
1858
|
+
"epss_score": 0.86,
|
|
1859
|
+
"referencing_skills": [],
|
|
1860
|
+
"chain": {
|
|
1861
|
+
"cwes": [],
|
|
1862
|
+
"atlas": [],
|
|
1863
|
+
"d3fend": [],
|
|
1864
|
+
"framework_gaps": [],
|
|
1865
|
+
"attack_refs": [],
|
|
1866
|
+
"rfc_refs": []
|
|
1867
|
+
}
|
|
1868
|
+
},
|
|
1869
|
+
"CVE-2024-3154": {
|
|
1870
|
+
"name": "CRI-O arbitrary kernel-module load",
|
|
1871
|
+
"rwep": 30,
|
|
1872
|
+
"cvss": 8.1,
|
|
1873
|
+
"cisa_kev": false,
|
|
1874
|
+
"epss_score": 0.012,
|
|
1875
|
+
"referencing_skills": [],
|
|
1876
|
+
"chain": {
|
|
1877
|
+
"cwes": [],
|
|
1878
|
+
"atlas": [],
|
|
1879
|
+
"d3fend": [],
|
|
1880
|
+
"framework_gaps": [],
|
|
1881
|
+
"attack_refs": [],
|
|
1882
|
+
"rfc_refs": []
|
|
1883
|
+
}
|
|
1884
|
+
},
|
|
1885
|
+
"CVE-2023-43472": {
|
|
1886
|
+
"name": "MLflow path-traversal arbitrary file read",
|
|
1887
|
+
"rwep": 30,
|
|
1888
|
+
"cvss": 7.5,
|
|
1889
|
+
"cisa_kev": false,
|
|
1890
|
+
"epss_score": 0.014,
|
|
1891
|
+
"referencing_skills": [],
|
|
1892
|
+
"chain": {
|
|
1893
|
+
"cwes": [],
|
|
1894
|
+
"atlas": [],
|
|
1895
|
+
"d3fend": [],
|
|
1896
|
+
"framework_gaps": [],
|
|
1897
|
+
"attack_refs": [],
|
|
1898
|
+
"rfc_refs": []
|
|
1899
|
+
}
|
|
1900
|
+
},
|
|
1901
|
+
"CVE-2020-10148": {
|
|
1902
|
+
"name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
|
|
1903
|
+
"rwep": 75,
|
|
1904
|
+
"cvss": 9.8,
|
|
1905
|
+
"cisa_kev": true,
|
|
1906
|
+
"epss_score": 0.945,
|
|
1907
|
+
"referencing_skills": [],
|
|
1908
|
+
"chain": {
|
|
1909
|
+
"cwes": [],
|
|
1910
|
+
"atlas": [],
|
|
1911
|
+
"d3fend": [],
|
|
1912
|
+
"framework_gaps": [],
|
|
1913
|
+
"attack_refs": [],
|
|
1914
|
+
"rfc_refs": []
|
|
1915
|
+
}
|
|
1916
|
+
},
|
|
1917
|
+
"CVE-2023-3519": {
|
|
1918
|
+
"name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
|
|
1919
|
+
"rwep": 75,
|
|
1920
|
+
"cvss": 9.8,
|
|
1921
|
+
"cisa_kev": true,
|
|
1922
|
+
"epss_score": 0.967,
|
|
1923
|
+
"referencing_skills": [],
|
|
1924
|
+
"chain": {
|
|
1925
|
+
"cwes": [],
|
|
1926
|
+
"atlas": [],
|
|
1927
|
+
"d3fend": [],
|
|
1928
|
+
"framework_gaps": [],
|
|
1929
|
+
"attack_refs": [],
|
|
1930
|
+
"rfc_refs": []
|
|
1931
|
+
}
|
|
1932
|
+
},
|
|
1933
|
+
"CVE-2024-1709": {
|
|
1934
|
+
"name": "ConnectWise ScreenConnect auth-bypass",
|
|
1935
|
+
"rwep": 75,
|
|
1936
|
+
"cvss": 10,
|
|
1937
|
+
"cisa_kev": true,
|
|
1938
|
+
"epss_score": 0.973,
|
|
1939
|
+
"referencing_skills": [],
|
|
1940
|
+
"chain": {
|
|
1941
|
+
"cwes": [],
|
|
1942
|
+
"atlas": [],
|
|
1943
|
+
"d3fend": [],
|
|
1944
|
+
"framework_gaps": [],
|
|
1945
|
+
"attack_refs": [],
|
|
1946
|
+
"rfc_refs": []
|
|
1947
|
+
}
|
|
1948
|
+
},
|
|
1949
|
+
"CVE-2026-20182": {
|
|
1950
|
+
"name": "Cisco SD-WAN authentication bypass to admin",
|
|
1951
|
+
"rwep": 65,
|
|
1952
|
+
"cvss": 10,
|
|
1953
|
+
"cisa_kev": true,
|
|
1954
|
+
"epss_score": 0.5,
|
|
1955
|
+
"referencing_skills": [],
|
|
1956
|
+
"chain": {
|
|
1957
|
+
"cwes": [],
|
|
1958
|
+
"atlas": [],
|
|
1959
|
+
"d3fend": [],
|
|
1960
|
+
"framework_gaps": [],
|
|
1961
|
+
"attack_refs": [],
|
|
1962
|
+
"rfc_refs": []
|
|
1963
|
+
}
|
|
1964
|
+
},
|
|
1965
|
+
"CVE-2024-40635": {
|
|
1966
|
+
"name": "containerd integer overflow IP mask leak",
|
|
1967
|
+
"rwep": 30,
|
|
1968
|
+
"cvss": 5.9,
|
|
1969
|
+
"cisa_kev": false,
|
|
1970
|
+
"epss_score": 0.005,
|
|
1971
|
+
"referencing_skills": [],
|
|
1972
|
+
"chain": {
|
|
1973
|
+
"cwes": [],
|
|
1974
|
+
"atlas": [],
|
|
1975
|
+
"d3fend": [],
|
|
1976
|
+
"framework_gaps": [],
|
|
1977
|
+
"attack_refs": [],
|
|
1978
|
+
"rfc_refs": []
|
|
1979
|
+
}
|
|
1980
|
+
},
|
|
1981
|
+
"MAL-2026-TANSTACK-MINI": {
|
|
1982
|
+
"name": "Mini Shai-Hulud (TanStack worm)",
|
|
1983
|
+
"rwep": 55,
|
|
1984
|
+
"cvss": 9.8,
|
|
1985
|
+
"cisa_kev": false,
|
|
1986
|
+
"epss_score": null,
|
|
1987
|
+
"referencing_skills": [],
|
|
1988
|
+
"chain": {
|
|
1989
|
+
"cwes": [],
|
|
1990
|
+
"atlas": [],
|
|
1991
|
+
"d3fend": [],
|
|
1992
|
+
"framework_gaps": [],
|
|
1993
|
+
"attack_refs": [],
|
|
1994
|
+
"rfc_refs": []
|
|
1995
|
+
}
|
|
1996
|
+
},
|
|
1997
|
+
"MAL-2026-ANTHROPIC-MCP-STDIO": {
|
|
1998
|
+
"name": "Anthropic SDK MCP STDIO command-injection (embargoed)",
|
|
1999
|
+
"rwep": 25,
|
|
2000
|
+
"cvss": 9,
|
|
2001
|
+
"cisa_kev": false,
|
|
2002
|
+
"epss_score": null,
|
|
2003
|
+
"referencing_skills": [],
|
|
2004
|
+
"chain": {
|
|
2005
|
+
"cwes": [],
|
|
2006
|
+
"atlas": [],
|
|
2007
|
+
"d3fend": [],
|
|
2008
|
+
"framework_gaps": [],
|
|
2009
|
+
"attack_refs": [],
|
|
2010
|
+
"rfc_refs": []
|
|
2011
|
+
}
|
|
2012
|
+
},
|
|
2013
|
+
"CVE-2026-GTIG-AI-2FA": {
|
|
2014
|
+
"name": "GTIG-tracked AI-built 2FA-bypass zero-day (placeholder)",
|
|
2015
|
+
"rwep": 55,
|
|
2016
|
+
"cvss": 8.1,
|
|
2017
|
+
"cisa_kev": false,
|
|
2018
|
+
"epss_score": null,
|
|
2019
|
+
"referencing_skills": [],
|
|
2020
|
+
"chain": {
|
|
2021
|
+
"cwes": [],
|
|
2022
|
+
"atlas": [],
|
|
2023
|
+
"d3fend": [],
|
|
2024
|
+
"framework_gaps": [],
|
|
2025
|
+
"attack_refs": [],
|
|
2026
|
+
"rfc_refs": []
|
|
2027
|
+
}
|
|
2028
|
+
},
|
|
2029
|
+
"CVE-2026-30623": {
|
|
2030
|
+
"name": "Anthropic MCP SDK stdio command-injection",
|
|
2031
|
+
"rwep": 30,
|
|
2032
|
+
"cvss": 8.8,
|
|
2033
|
+
"cisa_kev": false,
|
|
2034
|
+
"epss_score": 0.02,
|
|
2035
|
+
"referencing_skills": [],
|
|
2036
|
+
"chain": {
|
|
2037
|
+
"cwes": [],
|
|
2038
|
+
"atlas": [],
|
|
2039
|
+
"d3fend": [],
|
|
2040
|
+
"framework_gaps": [],
|
|
2041
|
+
"attack_refs": [],
|
|
2042
|
+
"rfc_refs": []
|
|
2043
|
+
}
|
|
2044
|
+
},
|
|
2045
|
+
"CVE-2025-12686": {
|
|
2046
|
+
"name": "Synology BeeStation unauth RCE (Pwn2Own Ireland 2025)",
|
|
2047
|
+
"rwep": 50,
|
|
2048
|
+
"cvss": 9.8,
|
|
2049
|
+
"cisa_kev": false,
|
|
2050
|
+
"epss_score": 0.04,
|
|
2051
|
+
"referencing_skills": [],
|
|
2052
|
+
"chain": {
|
|
2053
|
+
"cwes": [],
|
|
2054
|
+
"atlas": [],
|
|
2055
|
+
"d3fend": [],
|
|
2056
|
+
"framework_gaps": [],
|
|
2057
|
+
"attack_refs": [],
|
|
2058
|
+
"rfc_refs": []
|
|
2059
|
+
}
|
|
2060
|
+
},
|
|
2061
|
+
"CVE-2025-62847": {
|
|
2062
|
+
"name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 1/3)",
|
|
2063
|
+
"rwep": 45,
|
|
2064
|
+
"cvss": 9.8,
|
|
2065
|
+
"cisa_kev": false,
|
|
2066
|
+
"epss_score": 0.03,
|
|
2067
|
+
"referencing_skills": [],
|
|
2068
|
+
"chain": {
|
|
2069
|
+
"cwes": [],
|
|
2070
|
+
"atlas": [],
|
|
2071
|
+
"d3fend": [],
|
|
2072
|
+
"framework_gaps": [],
|
|
2073
|
+
"attack_refs": [],
|
|
2074
|
+
"rfc_refs": []
|
|
2075
|
+
}
|
|
2076
|
+
},
|
|
2077
|
+
"CVE-2025-62848": {
|
|
2078
|
+
"name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 2/3)",
|
|
2079
|
+
"rwep": 45,
|
|
2080
|
+
"cvss": 9.8,
|
|
2081
|
+
"cisa_kev": false,
|
|
2082
|
+
"epss_score": 0.03,
|
|
2083
|
+
"referencing_skills": [],
|
|
2084
|
+
"chain": {
|
|
2085
|
+
"cwes": [],
|
|
2086
|
+
"atlas": [],
|
|
2087
|
+
"d3fend": [],
|
|
2088
|
+
"framework_gaps": [],
|
|
2089
|
+
"attack_refs": [],
|
|
2090
|
+
"rfc_refs": []
|
|
2091
|
+
}
|
|
2092
|
+
},
|
|
2093
|
+
"CVE-2025-62849": {
|
|
2094
|
+
"name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 3/3)",
|
|
2095
|
+
"rwep": 40,
|
|
2096
|
+
"cvss": 8.8,
|
|
2097
|
+
"cisa_kev": false,
|
|
2098
|
+
"epss_score": 0.02,
|
|
2099
|
+
"referencing_skills": [],
|
|
2100
|
+
"chain": {
|
|
2101
|
+
"cwes": [],
|
|
2102
|
+
"atlas": [],
|
|
2103
|
+
"d3fend": [],
|
|
2104
|
+
"framework_gaps": [],
|
|
2105
|
+
"attack_refs": [],
|
|
2106
|
+
"rfc_refs": []
|
|
2107
|
+
}
|
|
2108
|
+
},
|
|
2109
|
+
"CVE-2025-59389": {
|
|
2110
|
+
"name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
|
|
2111
|
+
"rwep": 45,
|
|
2112
|
+
"cvss": 9.8,
|
|
2113
|
+
"cisa_kev": false,
|
|
2114
|
+
"epss_score": 0.05,
|
|
2115
|
+
"referencing_skills": [],
|
|
2116
|
+
"chain": {
|
|
2117
|
+
"cwes": [],
|
|
2118
|
+
"atlas": [],
|
|
2119
|
+
"d3fend": [],
|
|
2120
|
+
"framework_gaps": [],
|
|
2121
|
+
"attack_refs": [],
|
|
2122
|
+
"rfc_refs": []
|
|
2123
|
+
}
|
|
2124
|
+
},
|
|
2125
|
+
"CVE-2025-11837": {
|
|
2126
|
+
"name": "QNAP Malware Remover code-injection",
|
|
2127
|
+
"rwep": 40,
|
|
2128
|
+
"cvss": 8,
|
|
2129
|
+
"cisa_kev": false,
|
|
2130
|
+
"epss_score": 0.025,
|
|
2131
|
+
"referencing_skills": [],
|
|
2132
|
+
"chain": {
|
|
2133
|
+
"cwes": [],
|
|
2134
|
+
"atlas": [],
|
|
2135
|
+
"d3fend": [],
|
|
2136
|
+
"framework_gaps": [],
|
|
2137
|
+
"attack_refs": [],
|
|
2138
|
+
"rfc_refs": []
|
|
2139
|
+
}
|
|
2140
|
+
},
|
|
2141
|
+
"CVE-2026-42945": {
|
|
2142
|
+
"name": "NGINX Rift",
|
|
2143
|
+
"rwep": 40,
|
|
2144
|
+
"cvss": 9.2,
|
|
2145
|
+
"cisa_kev": false,
|
|
2146
|
+
"epss_score": null,
|
|
2147
|
+
"referencing_skills": [],
|
|
2148
|
+
"chain": {
|
|
2149
|
+
"cwes": [],
|
|
2150
|
+
"atlas": [],
|
|
2151
|
+
"d3fend": [],
|
|
2152
|
+
"framework_gaps": [],
|
|
2153
|
+
"attack_refs": [],
|
|
2154
|
+
"rfc_refs": []
|
|
2155
|
+
}
|
|
2156
|
+
},
|
|
1837
2157
|
"CWE-20": {
|
|
1838
2158
|
"name": "Improper Input Validation",
|
|
1839
2159
|
"category": "Validation",
|
|
@@ -3484,11 +3804,12 @@
|
|
|
3484
3804
|
"sector-healthcare",
|
|
3485
3805
|
"sector-financial",
|
|
3486
3806
|
"sector-energy",
|
|
3807
|
+
"sector-telecom",
|
|
3487
3808
|
"api-security",
|
|
3488
3809
|
"cloud-security",
|
|
3489
3810
|
"age-gates-child-safety"
|
|
3490
3811
|
],
|
|
3491
|
-
"skill_count":
|
|
3812
|
+
"skill_count": 10,
|
|
3492
3813
|
"chain": {
|
|
3493
3814
|
"atlas": [
|
|
3494
3815
|
{
|
|
@@ -3501,6 +3822,11 @@
|
|
|
3501
3822
|
"name": "Discover ML Model Ontology",
|
|
3502
3823
|
"tactic": "Discovery"
|
|
3503
3824
|
},
|
|
3825
|
+
{
|
|
3826
|
+
"id": "AML.T0040",
|
|
3827
|
+
"name": "Tool / Plugin Compromise",
|
|
3828
|
+
"tactic": "Execution"
|
|
3829
|
+
},
|
|
3504
3830
|
{
|
|
3505
3831
|
"id": "AML.T0051",
|
|
3506
3832
|
"name": "LLM Prompt Injection",
|
|
@@ -3517,9 +3843,12 @@
|
|
|
3517
3843
|
"T0883",
|
|
3518
3844
|
"T1059",
|
|
3519
3845
|
"T1068",
|
|
3846
|
+
"T1071",
|
|
3520
3847
|
"T1078",
|
|
3848
|
+
"T1098",
|
|
3521
3849
|
"T1110",
|
|
3522
3850
|
"T1190",
|
|
3851
|
+
"T1199",
|
|
3523
3852
|
"T1486",
|
|
3524
3853
|
"T1505",
|
|
3525
3854
|
"T1530",
|
|
@@ -3528,11 +3857,41 @@
|
|
|
3528
3857
|
"T1567"
|
|
3529
3858
|
],
|
|
3530
3859
|
"framework_gaps": [
|
|
3860
|
+
{
|
|
3861
|
+
"id": "3GPP-TR-33.926",
|
|
3862
|
+
"framework": "3GPP",
|
|
3863
|
+
"control_name": "3GPP Security Assurance Specification (gNB / eNB)"
|
|
3864
|
+
},
|
|
3865
|
+
{
|
|
3866
|
+
"id": "AU-ISM-1556",
|
|
3867
|
+
"framework": "au-ism",
|
|
3868
|
+
"control_name": "Multi-factor authentication for privileged users (telecom NMS application)"
|
|
3869
|
+
},
|
|
3870
|
+
{
|
|
3871
|
+
"id": "DORA-Art-21-Telecom-ICT",
|
|
3872
|
+
"framework": "DORA",
|
|
3873
|
+
"control_name": "DORA Art. 21 — ICT third-party risk (telecom-adjacent application)"
|
|
3874
|
+
},
|
|
3875
|
+
{
|
|
3876
|
+
"id": "FCC-CPNI-4.1",
|
|
3877
|
+
"framework": "FCC-CPNI",
|
|
3878
|
+
"control_name": "CPNI Annual Certification + Operational Compliance"
|
|
3879
|
+
},
|
|
3880
|
+
{
|
|
3881
|
+
"id": "FCC-Cyber-Incident-Notification-2024",
|
|
3882
|
+
"framework": "FCC",
|
|
3883
|
+
"control_name": "FCC Cyber Incident Notification (4 business days)"
|
|
3884
|
+
},
|
|
3531
3885
|
{
|
|
3532
3886
|
"id": "FedRAMP-Rev5-Moderate",
|
|
3533
3887
|
"framework": "FedRAMP Rev 5 Moderate",
|
|
3534
3888
|
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
3535
3889
|
},
|
|
3890
|
+
{
|
|
3891
|
+
"id": "GSMA-NESAS-Deployment",
|
|
3892
|
+
"framework": "GSMA-NESAS",
|
|
3893
|
+
"control_name": "NESAS at-deployment posture"
|
|
3894
|
+
},
|
|
3536
3895
|
{
|
|
3537
3896
|
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
3538
3897
|
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
@@ -3558,11 +3917,21 @@
|
|
|
3558
3917
|
"framework": "ISO/IEC 27001:2022",
|
|
3559
3918
|
"control_name": "Outsourced development"
|
|
3560
3919
|
},
|
|
3920
|
+
{
|
|
3921
|
+
"id": "ITU-T-X.805",
|
|
3922
|
+
"framework": "ITU-T",
|
|
3923
|
+
"control_name": "ITU-T X.805 — 8-dimension security architecture for end-to-end communications"
|
|
3924
|
+
},
|
|
3561
3925
|
{
|
|
3562
3926
|
"id": "NERC-CIP-007-6-R4",
|
|
3563
3927
|
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
3564
3928
|
"control_name": "Security event monitoring"
|
|
3565
3929
|
},
|
|
3930
|
+
{
|
|
3931
|
+
"id": "NIS2-Annex-I-Telecom",
|
|
3932
|
+
"framework": "NIS2",
|
|
3933
|
+
"control_name": "NIS2 Annex I — telecommunications essential entities"
|
|
3934
|
+
},
|
|
3566
3935
|
{
|
|
3567
3936
|
"id": "NIS2-Art21-patch-management",
|
|
3568
3937
|
"framework": "EU NIS2 Directive",
|
|
@@ -3622,9 +3991,35 @@
|
|
|
3622
3991
|
"id": "SWIFT-CSCF-v2026-1.1",
|
|
3623
3992
|
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
3624
3993
|
"control_name": "SWIFT Environment Protection"
|
|
3994
|
+
},
|
|
3995
|
+
{
|
|
3996
|
+
"id": "UK-CAF-B5",
|
|
3997
|
+
"framework": "UK-CAF",
|
|
3998
|
+
"control_name": "Resilient networks and systems"
|
|
3999
|
+
}
|
|
4000
|
+
],
|
|
4001
|
+
"d3fend": [
|
|
4002
|
+
{
|
|
4003
|
+
"id": "D3-IOPR",
|
|
4004
|
+
"name": "Input/Output Profiling Resource",
|
|
4005
|
+
"tactic": "Detect"
|
|
4006
|
+
},
|
|
4007
|
+
{
|
|
4008
|
+
"id": "D3-NI",
|
|
4009
|
+
"name": "Network Isolation",
|
|
4010
|
+
"tactic": "Isolate"
|
|
4011
|
+
},
|
|
4012
|
+
{
|
|
4013
|
+
"id": "D3-NTA",
|
|
4014
|
+
"name": "Network Traffic Analysis",
|
|
4015
|
+
"tactic": "Detect"
|
|
4016
|
+
},
|
|
4017
|
+
{
|
|
4018
|
+
"id": "D3-NTPM",
|
|
4019
|
+
"name": "Network Traffic Policy Mapping",
|
|
4020
|
+
"tactic": "Model"
|
|
3625
4021
|
}
|
|
3626
4022
|
],
|
|
3627
|
-
"d3fend": [],
|
|
3628
4023
|
"rfc_refs": [
|
|
3629
4024
|
{
|
|
3630
4025
|
"id": "RFC-6749",
|
|
@@ -3666,6 +4061,11 @@
|
|
|
3666
4061
|
"title": "HTTP Message Signatures",
|
|
3667
4062
|
"status": "Proposed Standard"
|
|
3668
4063
|
},
|
|
4064
|
+
{
|
|
4065
|
+
"id": "RFC-9622",
|
|
4066
|
+
"title": "An Architecture for Transport Services",
|
|
4067
|
+
"status": "Proposed Standard"
|
|
4068
|
+
},
|
|
3669
4069
|
{
|
|
3670
4070
|
"id": "RFC-9700",
|
|
3671
4071
|
"title": "Best Current Practice for OAuth 2.0 Security",
|
|
@@ -3685,9 +4085,10 @@
|
|
|
3685
4085
|
"referencing_skills": [
|
|
3686
4086
|
"identity-assurance",
|
|
3687
4087
|
"ot-ics-security",
|
|
3688
|
-
"sector-energy"
|
|
4088
|
+
"sector-energy",
|
|
4089
|
+
"sector-telecom"
|
|
3689
4090
|
],
|
|
3690
|
-
"skill_count":
|
|
4091
|
+
"skill_count": 4,
|
|
3691
4092
|
"chain": {
|
|
3692
4093
|
"atlas": [
|
|
3693
4094
|
{
|
|
@@ -3695,6 +4096,11 @@
|
|
|
3695
4096
|
"name": "ML Supply Chain Compromise",
|
|
3696
4097
|
"tactic": "Initial Access"
|
|
3697
4098
|
},
|
|
4099
|
+
{
|
|
4100
|
+
"id": "AML.T0040",
|
|
4101
|
+
"name": "Tool / Plugin Compromise",
|
|
4102
|
+
"tactic": "Execution"
|
|
4103
|
+
},
|
|
3698
4104
|
{
|
|
3699
4105
|
"id": "AML.T0051",
|
|
3700
4106
|
"name": "LLM Prompt Injection",
|
|
@@ -3705,12 +4111,45 @@
|
|
|
3705
4111
|
"T0855",
|
|
3706
4112
|
"T0883",
|
|
3707
4113
|
"T1068",
|
|
4114
|
+
"T1071",
|
|
3708
4115
|
"T1078",
|
|
4116
|
+
"T1098",
|
|
3709
4117
|
"T1110",
|
|
3710
4118
|
"T1190",
|
|
4119
|
+
"T1199",
|
|
3711
4120
|
"T1556"
|
|
3712
4121
|
],
|
|
3713
4122
|
"framework_gaps": [
|
|
4123
|
+
{
|
|
4124
|
+
"id": "3GPP-TR-33.926",
|
|
4125
|
+
"framework": "3GPP",
|
|
4126
|
+
"control_name": "3GPP Security Assurance Specification (gNB / eNB)"
|
|
4127
|
+
},
|
|
4128
|
+
{
|
|
4129
|
+
"id": "AU-ISM-1556",
|
|
4130
|
+
"framework": "au-ism",
|
|
4131
|
+
"control_name": "Multi-factor authentication for privileged users (telecom NMS application)"
|
|
4132
|
+
},
|
|
4133
|
+
{
|
|
4134
|
+
"id": "DORA-Art-21-Telecom-ICT",
|
|
4135
|
+
"framework": "DORA",
|
|
4136
|
+
"control_name": "DORA Art. 21 — ICT third-party risk (telecom-adjacent application)"
|
|
4137
|
+
},
|
|
4138
|
+
{
|
|
4139
|
+
"id": "FCC-CPNI-4.1",
|
|
4140
|
+
"framework": "FCC-CPNI",
|
|
4141
|
+
"control_name": "CPNI Annual Certification + Operational Compliance"
|
|
4142
|
+
},
|
|
4143
|
+
{
|
|
4144
|
+
"id": "FCC-Cyber-Incident-Notification-2024",
|
|
4145
|
+
"framework": "FCC",
|
|
4146
|
+
"control_name": "FCC Cyber Incident Notification (4 business days)"
|
|
4147
|
+
},
|
|
4148
|
+
{
|
|
4149
|
+
"id": "GSMA-NESAS-Deployment",
|
|
4150
|
+
"framework": "GSMA-NESAS",
|
|
4151
|
+
"control_name": "NESAS at-deployment posture"
|
|
4152
|
+
},
|
|
3714
4153
|
{
|
|
3715
4154
|
"id": "IEC-62443-3-3",
|
|
3716
4155
|
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
@@ -3721,11 +4160,21 @@
|
|
|
3721
4160
|
"framework": "ISO/IEC 27001:2022",
|
|
3722
4161
|
"control_name": "Outsourced development"
|
|
3723
4162
|
},
|
|
4163
|
+
{
|
|
4164
|
+
"id": "ITU-T-X.805",
|
|
4165
|
+
"framework": "ITU-T",
|
|
4166
|
+
"control_name": "ITU-T X.805 — 8-dimension security architecture for end-to-end communications"
|
|
4167
|
+
},
|
|
3724
4168
|
{
|
|
3725
4169
|
"id": "NERC-CIP-007-6-R4",
|
|
3726
4170
|
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
3727
4171
|
"control_name": "Security event monitoring"
|
|
3728
4172
|
},
|
|
4173
|
+
{
|
|
4174
|
+
"id": "NIS2-Annex-I-Telecom",
|
|
4175
|
+
"framework": "NIS2",
|
|
4176
|
+
"control_name": "NIS2 Annex I — telecommunications essential entities"
|
|
4177
|
+
},
|
|
3729
4178
|
{
|
|
3730
4179
|
"id": "NIS2-Art21-patch-management",
|
|
3731
4180
|
"framework": "EU NIS2 Directive",
|
|
@@ -3755,9 +4204,35 @@
|
|
|
3755
4204
|
"id": "SOC2-CC6-logical-access",
|
|
3756
4205
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3757
4206
|
"control_name": "Logical and Physical Access Controls"
|
|
4207
|
+
},
|
|
4208
|
+
{
|
|
4209
|
+
"id": "UK-CAF-B5",
|
|
4210
|
+
"framework": "UK-CAF",
|
|
4211
|
+
"control_name": "Resilient networks and systems"
|
|
4212
|
+
}
|
|
4213
|
+
],
|
|
4214
|
+
"d3fend": [
|
|
4215
|
+
{
|
|
4216
|
+
"id": "D3-IOPR",
|
|
4217
|
+
"name": "Input/Output Profiling Resource",
|
|
4218
|
+
"tactic": "Detect"
|
|
4219
|
+
},
|
|
4220
|
+
{
|
|
4221
|
+
"id": "D3-NI",
|
|
4222
|
+
"name": "Network Isolation",
|
|
4223
|
+
"tactic": "Isolate"
|
|
4224
|
+
},
|
|
4225
|
+
{
|
|
4226
|
+
"id": "D3-NTA",
|
|
4227
|
+
"name": "Network Traffic Analysis",
|
|
4228
|
+
"tactic": "Detect"
|
|
4229
|
+
},
|
|
4230
|
+
{
|
|
4231
|
+
"id": "D3-NTPM",
|
|
4232
|
+
"name": "Network Traffic Policy Mapping",
|
|
4233
|
+
"tactic": "Model"
|
|
3758
4234
|
}
|
|
3759
4235
|
],
|
|
3760
|
-
"d3fend": [],
|
|
3761
4236
|
"rfc_refs": [
|
|
3762
4237
|
{
|
|
3763
4238
|
"id": "RFC-6749",
|
|
@@ -3779,6 +4254,11 @@
|
|
|
3779
4254
|
"title": "JSON Web Token Best Current Practices",
|
|
3780
4255
|
"status": "Best Current Practice"
|
|
3781
4256
|
},
|
|
4257
|
+
{
|
|
4258
|
+
"id": "RFC-9622",
|
|
4259
|
+
"title": "An Architecture for Transport Services",
|
|
4260
|
+
"status": "Proposed Standard"
|
|
4261
|
+
},
|
|
3782
4262
|
{
|
|
3783
4263
|
"id": "RFC-9700",
|
|
3784
4264
|
"title": "Best Current Practice for OAuth 2.0 Security",
|
|
@@ -6348,9 +6828,10 @@
|
|
|
6348
6828
|
"mcp-agent-trust",
|
|
6349
6829
|
"attack-surface-pentest",
|
|
6350
6830
|
"webapp-security",
|
|
6831
|
+
"sector-telecom",
|
|
6351
6832
|
"api-security"
|
|
6352
6833
|
],
|
|
6353
|
-
"skill_count":
|
|
6834
|
+
"skill_count": 5,
|
|
6354
6835
|
"chain": {
|
|
6355
6836
|
"atlas": [
|
|
6356
6837
|
{
|
|
@@ -6368,6 +6849,11 @@
|
|
|
6368
6849
|
"name": "Discover ML Model Ontology",
|
|
6369
6850
|
"tactic": "Discovery"
|
|
6370
6851
|
},
|
|
6852
|
+
{
|
|
6853
|
+
"id": "AML.T0040",
|
|
6854
|
+
"name": "Tool / Plugin Compromise",
|
|
6855
|
+
"tactic": "Execution"
|
|
6856
|
+
},
|
|
6371
6857
|
{
|
|
6372
6858
|
"id": "AML.T0043",
|
|
6373
6859
|
"name": "Craft Adversarial Data",
|
|
@@ -6386,19 +6872,53 @@
|
|
|
6386
6872
|
],
|
|
6387
6873
|
"attack_refs": [
|
|
6388
6874
|
"T1059",
|
|
6875
|
+
"T1071",
|
|
6389
6876
|
"T1078",
|
|
6877
|
+
"T1098",
|
|
6390
6878
|
"T1133",
|
|
6391
6879
|
"T1190",
|
|
6392
6880
|
"T1195.001",
|
|
6881
|
+
"T1199",
|
|
6393
6882
|
"T1505",
|
|
6883
|
+
"T1556",
|
|
6394
6884
|
"T1567"
|
|
6395
6885
|
],
|
|
6396
6886
|
"framework_gaps": [
|
|
6887
|
+
{
|
|
6888
|
+
"id": "3GPP-TR-33.926",
|
|
6889
|
+
"framework": "3GPP",
|
|
6890
|
+
"control_name": "3GPP Security Assurance Specification (gNB / eNB)"
|
|
6891
|
+
},
|
|
6397
6892
|
{
|
|
6398
6893
|
"id": "ALL-MCP-TOOL-TRUST",
|
|
6399
6894
|
"framework": "ALL",
|
|
6400
6895
|
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
6401
6896
|
},
|
|
6897
|
+
{
|
|
6898
|
+
"id": "AU-ISM-1556",
|
|
6899
|
+
"framework": "au-ism",
|
|
6900
|
+
"control_name": "Multi-factor authentication for privileged users (telecom NMS application)"
|
|
6901
|
+
},
|
|
6902
|
+
{
|
|
6903
|
+
"id": "DORA-Art-21-Telecom-ICT",
|
|
6904
|
+
"framework": "DORA",
|
|
6905
|
+
"control_name": "DORA Art. 21 — ICT third-party risk (telecom-adjacent application)"
|
|
6906
|
+
},
|
|
6907
|
+
{
|
|
6908
|
+
"id": "FCC-CPNI-4.1",
|
|
6909
|
+
"framework": "FCC-CPNI",
|
|
6910
|
+
"control_name": "CPNI Annual Certification + Operational Compliance"
|
|
6911
|
+
},
|
|
6912
|
+
{
|
|
6913
|
+
"id": "FCC-Cyber-Incident-Notification-2024",
|
|
6914
|
+
"framework": "FCC",
|
|
6915
|
+
"control_name": "FCC Cyber Incident Notification (4 business days)"
|
|
6916
|
+
},
|
|
6917
|
+
{
|
|
6918
|
+
"id": "GSMA-NESAS-Deployment",
|
|
6919
|
+
"framework": "GSMA-NESAS",
|
|
6920
|
+
"control_name": "NESAS at-deployment posture"
|
|
6921
|
+
},
|
|
6402
6922
|
{
|
|
6403
6923
|
"id": "ISO-27001-2022-A.8.28",
|
|
6404
6924
|
"framework": "ISO/IEC 27001:2022",
|
|
@@ -6409,6 +6929,16 @@
|
|
|
6409
6929
|
"framework": "ISO/IEC 27001:2022",
|
|
6410
6930
|
"control_name": "Outsourced development"
|
|
6411
6931
|
},
|
|
6932
|
+
{
|
|
6933
|
+
"id": "ITU-T-X.805",
|
|
6934
|
+
"framework": "ITU-T",
|
|
6935
|
+
"control_name": "ITU-T X.805 — 8-dimension security architecture for end-to-end communications"
|
|
6936
|
+
},
|
|
6937
|
+
{
|
|
6938
|
+
"id": "NIS2-Annex-I-Telecom",
|
|
6939
|
+
"framework": "NIS2",
|
|
6940
|
+
"control_name": "NIS2 Annex I — telecommunications essential entities"
|
|
6941
|
+
},
|
|
6412
6942
|
{
|
|
6413
6943
|
"id": "NIS2-Art21-patch-management",
|
|
6414
6944
|
"framework": "EU NIS2 Directive",
|
|
@@ -6473,6 +7003,11 @@
|
|
|
6473
7003
|
"id": "SWIFT-CSCF-v2026-1.1",
|
|
6474
7004
|
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
6475
7005
|
"control_name": "SWIFT Environment Protection"
|
|
7006
|
+
},
|
|
7007
|
+
{
|
|
7008
|
+
"id": "UK-CAF-B5",
|
|
7009
|
+
"framework": "UK-CAF",
|
|
7010
|
+
"control_name": "Resilient networks and systems"
|
|
6476
7011
|
}
|
|
6477
7012
|
],
|
|
6478
7013
|
"d3fend": [
|
|
@@ -6496,15 +7031,30 @@
|
|
|
6496
7031
|
"name": "Executable Hashbased Allowlist",
|
|
6497
7032
|
"tactic": "Harden"
|
|
6498
7033
|
},
|
|
7034
|
+
{
|
|
7035
|
+
"id": "D3-IOPR",
|
|
7036
|
+
"name": "Input/Output Profiling Resource",
|
|
7037
|
+
"tactic": "Detect"
|
|
7038
|
+
},
|
|
6499
7039
|
{
|
|
6500
7040
|
"id": "D3-MFA",
|
|
6501
7041
|
"name": "Multi-factor Authentication",
|
|
6502
7042
|
"tactic": "Harden"
|
|
6503
7043
|
},
|
|
7044
|
+
{
|
|
7045
|
+
"id": "D3-NI",
|
|
7046
|
+
"name": "Network Isolation",
|
|
7047
|
+
"tactic": "Isolate"
|
|
7048
|
+
},
|
|
6504
7049
|
{
|
|
6505
7050
|
"id": "D3-NTA",
|
|
6506
7051
|
"name": "Network Traffic Analysis",
|
|
6507
7052
|
"tactic": "Detect"
|
|
7053
|
+
},
|
|
7054
|
+
{
|
|
7055
|
+
"id": "D3-NTPM",
|
|
7056
|
+
"name": "Network Traffic Policy Mapping",
|
|
7057
|
+
"tactic": "Model"
|
|
6508
7058
|
}
|
|
6509
7059
|
],
|
|
6510
7060
|
"rfc_refs": [
|
|
@@ -6538,6 +7088,11 @@
|
|
|
6538
7088
|
"title": "HTTP Message Signatures",
|
|
6539
7089
|
"status": "Proposed Standard"
|
|
6540
7090
|
},
|
|
7091
|
+
{
|
|
7092
|
+
"id": "RFC-9622",
|
|
7093
|
+
"title": "An Architecture for Transport Services",
|
|
7094
|
+
"status": "Proposed Standard"
|
|
7095
|
+
},
|
|
6541
7096
|
{
|
|
6542
7097
|
"id": "RFC-9700",
|
|
6543
7098
|
"title": "Best Current Practice for OAuth 2.0 Security",
|