Specifications include, but are not limited to: Qualified vendors to provide MITRE ATT&CK assessments. SCDOR’s intent is to receive three (3) MITRE ATT&CK assessments throughout the life of the prospective contract. The South Carolina Department of Revenue (SCDOR) is interested in the threat-oriented approach of MITRE ATT&CK to identify cybersecurity gaps from the adversary’s perspective. The framework is designed to manage cyber risk through the identification of data required to mitigate and manage cyber threats. The MITRE Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK™) framework provides the comparative baseline for the evaluation and assessment for the protective, detective, and effectiveness assessment of information systems. SCDOR is interested in three primary outcomes: a) develop a framework and vocabulary for the SCDOR security team to frame and discuss information security threats b) to evaluate our SOC coverage, and c) to help inform our security architecture decisions.
