Framework Views¶
Frameworks are treated as views into the Cybersecurity Ontology.
The ontology is not meant to replace NIST, ISO, SOC 2, MITRE ATT&CK, OWASP, PCI DSS, HIPAA, GDPR, or other standards. It provides a common map that helps explain where each framework item belongs.
Mapping concept¶
| Framework type | Ontology emphasis |
|---|---|
| Control frameworks | Safeguards and Assurance |
| Governance frameworks | Leadership and Assurance |
| Threat frameworks | Threats and Weaknesses |
| Vulnerability catalogs | Weaknesses |
| Privacy regulations | Assets, Safeguards, Assurance, Leadership |
| Audit standards | Assurance |
Prototype approach¶
Each framework view should explain:
- What the framework is for.
- Which ontology classes it emphasizes.
- How to map framework items into the ontology.
- What the framework does not cover well.