D3FEND - Compound D3Codes

[dsdr0]

D3FEND is designed to be fairly atomic for countermeasures. This is good but I understand at times this may be difficult and resulted in some D3Codes that when decomposed can be looked at as being a combination of other D3Codes. This technically would result in that if xxx D3Code is met then automatically select yyy and zzz D3Codes.

If compound D3Codes are disallowed, there may be a formula-based approach that could be used within the descriptions to show relationships, which would be kind of really cool …basically search for a phrase and it will provide the related D3Codes or subcomponents possible and they select them.

A few examples:
a. Message Authentication (combination of Encrypted Traffic, Certificate-based Authentication, File Hashing)
b. MFA (combination of two or more authentication mechanisms).

_*** As an unrelated note...synonym style D3Codes such as Firmware Verification and System Firmware Verification that seem to be both File Hashing related. Should they be rolled into File Hashing.

[netfl0]

These compound relationships can be expressed using the ontology and a semantic graph, see the Procedure and Step classes for example. Naming the compound thing is another issue and probably out of scope.