TheArtOfService
Back to Frameworks

MITRE D3FEND

Self-Assess
International
v1.1
8 domains
8 controls

MITRE D3FEND is a knowledge base/graph that catalogs cybersecurity countermeasures and maps them to ATT&CK techniques.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Deceive Tactic - MITRE D3FEND

1 controls
Controls in the Deceive Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Deceive-Tactic-Decoy-Environment-Decoy-Object-Honeypots-Honey-Tokens-Decoy-NetworkMITRE D3FEND Deceive Tactic + Decoy Environment + Decoy Object + Honeypots + Honey Tokens + Decoy Network

Detect Tactic - MITRE D3FEND

1 controls
Controls in the Detect Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Detect-Tactic-File-Process-Network-Identifier-Message-Platform-Analysis-SIEM-EDRMITRE D3FEND Detect Tactic + File + Process + Network + Identifier + Message + Platform Analysis + SIEM + EDR

Evict Tactic - MITRE D3FEND

1 controls
Controls in the Evict Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Evict-Tactic-Credential-Process-Eviction-Containment-Incident-Response-RecoveryMITRE D3FEND Evict Tactic + Credential + Process Eviction + Containment + Incident Response + Recovery

Harden Tactic - MITRE D3FEND

1 controls
Controls in the Harden Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Harden-Tactic-Application-Credential-Message-Platform-Hardening-MFA-Encryption-Secure-BootMITRE D3FEND Harden Tactic + Application + Credential + Message + Platform + MFA + Encryption + Secure Boot

Integration and Mapping - MITRE D3FEND

1 controls
Controls in the Integration and Mapping - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Integration-Mapping-ATTACK-CWE-CVE-CAPEC-NIST-CSF-CIS-ISO-27001-STIX-OpenC2MITRE D3FEND Integration + Mapping + ATT&CK + CWE + CVE + CAPEC + NIST CSF + CIS + ISO 27001 + STIX + OpenC2

Isolate Tactic - MITRE D3FEND

1 controls
Controls in the Isolate Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Isolate-Tactic-Execution-Network-Isolation-Sandboxing-Microsegmentation-DNS-FilteringMITRE D3FEND Isolate Tactic + Execution + Network Isolation + Sandboxing + Microsegmentation + DNS Filtering

Model Tactic - MITRE D3FEND

1 controls
Controls in the Model Tactic - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Model-Tactic-System-Inventory-Network-Mapping-Identity-Discovery-Asset-IdentificationMITRE D3FEND Model Tactic + System Inventory + Network Mapping + Identity Discovery + Asset Identification

Scope and Foundation - MITRE D3FEND

1 controls
Controls in the Scope and Foundation - MITRE D3FEND domain of MITRE D3FEND1 controls
CodeTitle
MITRE-D3FEND-Scope-MITRE-NSA-2021-CC-BY-4-0-Countermeasure-Knowledge-Graph-Companion-ATTACK-OntologyMITRE D3FEND Scope + MITRE + NSA 2021 + CC BY 4.0 + Countermeasure Knowledge Graph + Companion to ATT&CK + Ontology

Your Compliance Coverage

If you comply with MITRE D3FEND, you already cover:

ISMAP (Japan)

75%

6 controls mapped

Compare →

Azure Security Benchmark

75%

6 controls mapped

Compare →

OWASP ASVS

75%

6 controls mapped

Compare →

+ 169 more: MITRE ATT&CK (75%), AWS Well-Architected Security Pillar (75%)

See all 172 mapped frameworks ↓

Maps to 172 other frameworks

8 total controls
ISMAP (Japan)
6 source controls mapped|5 target controls covered
75%
Azure Security Benchmark
6 source controls mapped|10 target controls covered
75%
OWASP ASVS
6 source controls mapped|17 target controls covered
75%
MITRE ATT&CK
6 source controls mapped|6 target controls covered
75%
AWS Well-Architected Security Pillar
6 source controls mapped|10 target controls covered
75%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
5 source controls mapped|7 target controls covered
63%
IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems
5 source controls mapped|8 target controls covered
63%
ISO/IEC 27011:2024
5 source controls mapped|11 target controls covered
63%
APRA CPS 234
4 source controls mapped|4 target controls covered
50%
HKMA SPM
4 source controls mapped|3 target controls covered
50%
API 1164
4 source controls mapped|9 target controls covered
50%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
4 source controls mapped|19 target controls covered
50%
FedRAMP Rev 5
4 source controls mapped|4 target controls covered
50%
IEEE 1686
4 source controls mapped|5 target controls covered
50%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
4 source controls mapped|6 target controls covered
50%
GLBA
4 source controls mapped|2 target controls covered
50%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
4 source controls mapped|12 target controls covered
50%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
4 source controls mapped|11 target controls covered
50%
NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems
3 source controls mapped|4 target controls covered
38%
ASD Strategies to Mitigate Cyber Security Incidents
3 source controls mapped|12 target controls covered
38%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
3 source controls mapped|4 target controls covered
38%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
3 source controls mapped|4 target controls covered
38%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|5 target controls covered
38%
ISO/IEC 27010:2015
3 source controls mapped|7 target controls covered
38%
FISMA
3 source controls mapped|2 target controls covered
38%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|4 target controls covered
38%
Annex 11 to EU GMP - Computerised Systems
3 source controls mapped|5 target controls covered
38%
Ghana Cybersecurity Act
3 source controls mapped|5 target controls covered
38%
BSI IT-Grundschutz
3 source controls mapped|11 target controls covered
38%
IEC 62351 - Power Systems Communication Security
3 source controls mapped|4 target controls covered
38%
ISO/IEC 38500:2024 - Governance of IT
3 source controls mapped|4 target controls covered
38%
Japan FSA Cybersecurity Guidelines for Financial Institutions
2 source controls mapped|2 target controls covered
25%
ISO/IEC 27031:2011
2 source controls mapped|4 target controls covered
25%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
2 source controls mapped|2 target controls covered
25%
GAMP 5 - Good Automated Manufacturing Practice
2 source controls mapped|3 target controls covered
25%
APRA CPS 230 Operational Risk Management
2 source controls mapped|2 target controls covered
25%
ASIS SPC.1-2009 - Organizational Resilience Standard
2 source controls mapped|2 target controls covered
25%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
2 source controls mapped|2 target controls covered
25%
US Consumer Product Safety Commission (CPSC) - Connected Product Safety
2 source controls mapped|2 target controls covered
25%
OWASP Top 10:2025
2 source controls mapped|6 target controls covered
25%
FDA 21 CFR Part 11
2 source controls mapped|4 target controls covered
25%
HL7 FHIR Security Framework
2 source controls mapped|3 target controls covered
25%
MARS-E
2 source controls mapped|6 target controls covered
25%
MDS2 (Medical Device)
2 source controls mapped|4 target controls covered
25%
ICH E6(R3) - Good Clinical Practice
2 source controls mapped|2 target controls covered
25%
HITECH Act
2 source controls mapped|2 target controls covered
25%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
2 source controls mapped|5 target controls covered
25%
ISO/IEC 29147:2018
2 source controls mapped|6 target controls covered
25%
IATA Operational Safety Audit (IOSA) Standards Manual
2 source controls mapped|2 target controls covered
25%
South Korea PIPA
2 source controls mapped|2 target controls covered
25%
ISO/IEC 27400:2022
2 source controls mapped|5 target controls covered
25%
ISO 19011
2 source controls mapped|5 target controls covered
25%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
2 source controls mapped|5 target controls covered
25%
ISO 31000:2018
2 source controls mapped|2 target controls covered
25%
ISO/IEC 30111:2019
2 source controls mapped|5 target controls covered
25%
SWIFT CSCF
2 source controls mapped|3 target controls covered
25%
ISO 13485
2 source controls mapped|2 target controls covered
25%
SWIFT CSCF v2024
2 source controls mapped|4 target controls covered
25%
ITAR - International Traffic in Arms Regulations
2 source controls mapped|3 target controls covered
25%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
2 source controls mapped|2 target controls covered
25%
ISO 20000-1
2 source controls mapped|3 target controls covered
25%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
2 source controls mapped|5 target controls covered
25%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|7 target controls covered
25%
TEFCA - Trusted Exchange Framework and Common Agreement
2 source controls mapped|2 target controls covered
25%
NIST AI Risk Management Framework (AI RMF 1.0)
2 source controls mapped|3 target controls covered
25%
Illinois Biometric Information Privacy Act (BIPA)
2 source controls mapped|4 target controls covered
25%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|2 target controls covered
25%
GLI-33 - Gaming Laboratories International Event Wagering Systems
2 source controls mapped|2 target controls covered
25%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
2 source controls mapped|2 target controls covered
25%
ISO/IEC 29134:2023
2 source controls mapped|4 target controls covered
25%
21 CFR Part 211 - Current Good Manufacturing Practice
2 source controls mapped|4 target controls covered
25%
FDA Quality Management System Regulation (QMSR)
2 source controls mapped|2 target controls covered
25%
IEC 60601-1 - Medical Electrical Equipment Safety
2 source controls mapped|3 target controls covered
25%
FIRST CSIRT Services Framework and Standards
1 source controls mapped|1 target controls covered
13%
Laos Law on Prevention and Combating Cybercrime (2015)
1 source controls mapped|1 target controls covered
13%
India CERT-In Cyber Security Directions 2022
1 source controls mapped|1 target controls covered
13%
GHG Protocol
1 source controls mapped|1 target controls covered
13%
NIST SP 800-171
1 source controls mapped|1 target controls covered
13%
GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6
1 source controls mapped|1 target controls covered
13%
Bahrain PDPL
1 source controls mapped|2 target controls covered
13%
Indonesia PDP Law
1 source controls mapped|2 target controls covered
13%
US Automated Commercial Environment (ACE) - CBP Trade Data Requirements
1 source controls mapped|1 target controls covered
13%
Privacy Act 1988 (Australia)
1 source controls mapped|2 target controls covered
13%
Minnesota Consumer Data Privacy Act
1 source controls mapped|2 target controls covered
13%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|2 target controls covered
13%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
1 source controls mapped|2 target controls covered
13%
Jamaica Data Protection Act 2020
1 source controls mapped|2 target controls covered
13%
Ley Orgánica de Protección de Datos Personales (LOPDP)
1 source controls mapped|1 target controls covered
13%
ILO Declaration on Fundamental Principles and Rights at Work (Core Conventions)
1 source controls mapped|1 target controls covered
13%
OWASP API Security Top 10 - 2023
1 source controls mapped|5 target controls covered
13%
APPI
1 source controls mapped|2 target controls covered
13%
Malaysia PDPA 2010
1 source controls mapped|2 target controls covered
13%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
13%
Russia Federal Law on Personal Data (152-FZ)
1 source controls mapped|1 target controls covered
13%
ISO 27005
1 source controls mapped|1 target controls covered
13%
FIDO2 / WebAuthn
1 source controls mapped|2 target controls covered
13%
Liechtenstein DPA
1 source controls mapped|1 target controls covered
13%
Law No. 172-13 on the Protection of Personal Data
1 source controls mapped|1 target controls covered
13%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
13%
Maryland Online Data Privacy Act of 2024
1 source controls mapped|1 target controls covered
13%
India DPDP Act
1 source controls mapped|2 target controls covered
13%
Wisconsin Data Privacy Act (SB 670)
1 source controls mapped|1 target controls covered
13%
Tennessee Information Protection Act (TIPA)
1 source controls mapped|1 target controls covered
13%
Kentucky Consumer Data Protection Act
1 source controls mapped|2 target controls covered
13%
Iowa Consumer Data Protection Act
1 source controls mapped|2 target controls covered
13%
Switzerland FADP
1 source controls mapped|2 target controls covered
13%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
13%
Family Educational Rights and Privacy Act (FERPA)
1 source controls mapped|1 target controls covered
13%
Mexico LFPDPPP
1 source controls mapped|2 target controls covered
13%
FBI CJIS Security Policy
1 source controls mapped|3 target controls covered
13%
Mauritius DPA
1 source controls mapped|2 target controls covered
13%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
1 source controls mapped|1 target controls covered
13%
ICAO Annex 17 - Aviation Security (AVSEC)
1 source controls mapped|1 target controls covered
13%
Indiana Consumer Data Protection Act
1 source controls mapped|1 target controls covered
13%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
13%
LGPD
1 source controls mapped|1 target controls covered
13%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
1 source controls mapped|2 target controls covered
13%
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
1 source controls mapped|1 target controls covered
13%
Japan AI Guidelines
1 source controls mapped|1 target controls covered
13%
IEEE 7000
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27014:2020
1 source controls mapped|3 target controls covered
13%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|3 target controls covered
13%
Portugal Law No. 58/2019 - Data Protection Implementation Act
1 source controls mapped|3 target controls covered
13%
Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation)
1 source controls mapped|3 target controls covered
13%
Proposal for a Directive on improving working conditions in platform work (COM(2023) 491)
1 source controls mapped|3 target controls covered
13%
Uruguay Personal Data Protection Act (Law No. 18.331)
1 source controls mapped|3 target controls covered
13%
South Korea Credit Information Act
1 source controls mapped|1 target controls covered
13%
PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)
1 source controls mapped|3 target controls covered
13%
BRCGS Global Standard for Food Safety Issue 9
1 source controls mapped|3 target controls covered
13%
Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27004:2016
1 source controls mapped|3 target controls covered
13%
ISO 13485:2016
1 source controls mapped|1 target controls covered
13%
ISO 9001:2015
1 source controls mapped|2 target controls covered
13%
SQF Code Edition 9 - Safe Quality Food
1 source controls mapped|1 target controls covered
13%
Rwanda Law No. 058/2021 Relating to the Protection of Personal Data
1 source controls mapped|2 target controls covered
13%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|2 target controls covered
13%
ICH Q10 - Pharmaceutical Quality System
1 source controls mapped|2 target controls covered
13%
IATF 16949:2016 - Quality Management System for Automotive Production
1 source controls mapped|2 target controls covered
13%
Saudi PDPL
1 source controls mapped|1 target controls covered
13%
ISO/IEC 29100:2024
1 source controls mapped|3 target controls covered
13%
21 CFR Part 58 - Good Laboratory Practice (GLP)
1 source controls mapped|2 target controls covered
13%
FATF Recommendation 16 - Virtual Asset Travel Rule
1 source controls mapped|1 target controls covered
13%
TNFD Recommendations
1 source controls mapped|1 target controls covered
13%
AASB S2 Climate-related Disclosures
1 source controls mapped|1 target controls covered
13%
Azerbaijan Law on Personal Data (2010)
1 source controls mapped|1 target controls covered
13%
Regulation (EU) 2019/1239 on the Maritime Single Window (MSW)
1 source controls mapped|1 target controls covered
13%
Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD)
1 source controls mapped|1 target controls covered
13%
Turkey Personal Data Protection Law (KVKK - Law No. 6698)
1 source controls mapped|1 target controls covered
13%
Uzbekistan Law on Personal Data (No. ZRU-547)
1 source controls mapped|1 target controls covered
13%
Panama Law on Personal Data Protection (Law No. 81 of 2019)
1 source controls mapped|1 target controls covered
13%
Serbia Law on Personal Data Protection (2018)
1 source controls mapped|2 target controls covered
13%
Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016)
1 source controls mapped|1 target controls covered
13%
UNCITRAL Model Law on Electronic Commerce (1996, updated 2005)
1 source controls mapped|1 target controls covered
13%
Israel Protection of Privacy Law (5741-1981)
1 source controls mapped|2 target controls covered
13%
Science Based Targets initiative (SBTi) Corporate Standard
1 source controls mapped|2 target controls covered
13%
US Foreign Corrupt Practices Act (FCPA)
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27050 - Electronic Discovery (Parts 1-4)
1 source controls mapped|1 target controls covered
13%
Paraguay Law on Protection of Personal Data (Law No. 6534/2020)
1 source controls mapped|1 target controls covered
13%
ITU Radio Regulations and Space Security Standards
1 source controls mapped|1 target controls covered
13%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
1 source controls mapped|2 target controls covered
13%
ISO/IEC 27007:2020
1 source controls mapped|1 target controls covered
13%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|1 target controls covered
13%
COBIT 2019
1 source controls mapped|1 target controls covered
13%
Union Customs Code (UCC) - Regulation (EU) No 952/2013
1 source controls mapped|1 target controls covered
13%
FedRAMP High
1 source controls mapped|1 target controls covered
13%
NIST SP 800-53 Revision 5.1 HIGH
1 source controls mapped|1 target controls covered
13%
FedRAMP Moderate
1 source controls mapped|1 target controls covered
13%
NIST SP 800-53 Rev 5 MODERATE
1 source controls mapped|1 target controls covered
13%
NIST SP 800-53 Rev 5 LOW
1 source controls mapped|1 target controls covered
13%
ISO 14001
1 source controls mapped|1 target controls covered
13%
ISO 45001:2018
1 source controls mapped|1 target controls covered
13%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
13%
Compare MITRE D3FEND with ISMAP (Japan)

Frequently Asked Questions

What is MITRE D3FEND?

MITRE D3FEND is a compliance framework from International with 8 domains and 8 controls. MITRE D3FEND is a knowledge base/graph that catalogs cybersecurity countermeasures and maps them to ATT&CK techniques. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does MITRE D3FEND have?

MITRE D3FEND has 8 controls organised across 8 domains. The largest domains are Deceive Tactic - MITRE D3FEND (1 controls), Detect Tactic - MITRE D3FEND (1 controls), Evict Tactic - MITRE D3FEND (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does MITRE D3FEND map to?

MITRE D3FEND maps to 172 other compliance frameworks. The top mapping partners are ISMAP (Japan) (75% coverage), Azure Security Benchmark (75% coverage), OWASP ASVS (75% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with MITRE D3FEND compliance?

Start your MITRE D3FEND compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about MITRE D3FEND requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 701 frameworks.

Get Started Free →

Free forever — no credit card required