Enhancing RMF and ATT&CK Mapping Accuracy through Sentence-BERT and Mitigation Parameters Integration

To minimize cybersecurity risks in weapon systems, the implementation of the Ko-rean Risk Management Framework (K-RMF) has become essential. However, a significant ‘strategic gap’ exists between high-level RMF controls and technical MITRE ATT&CK techniques, rendering manual mapping labor-intensive. This study proposes an automated mitigation-driven pipeline that integrates Sentence-BERT (SBERT) with the struc-tural defense relationships of the ATT&CK knowledge graph. To address the data cover-age limitations of the CTID silver standard, we introduce Recall@restricted as a calibrated performance metric. Experimental evaluation demonstrated that the proposed ensemble framework achieves a Recall@restricted of 0.74, significantly outperforming baseline SBERT-only models. These findings suggest that deterministic mitigation relationships effectively complement semantic representations, providing a robust framework for aligning RMF controls with adversarial behaviors.