docs: correct ARP table tactics + supersede stale MITRE design doc#308
Merged
Conversation
…7 consistency) F7-CV-001: README.md ARP detection table — D1 and D12 rows had "Adversary-in-the-Middle" in the Tactic column, which is the technique name not the tactic. T0830 (ICS) maps to Collection/TA0100; T1557.002 (Enterprise) maps to Credential Access/TA0006. Both rows now show "Collection (ICS), Credential Access". F7-CV-003: 2026-04-13 MITRE design spec — add SUPERSEDED banner (F5 ICS tactic-ID fix deprecated the single-Discovery-variant approach; T0855/T0856 were remapped in v19). Correct inline factual error TA0111 -> TA0102 for ICS Discovery with inline note.
Zious11
added a commit
that referenced
this pull request
Jun 23, 2026
Decision D-216 recorded: F7 delta-convergence APPROVED; docs PR #308 MERGED to develop (760b6ca); feature cycle feature-mitre-json-names CONVERGED across all 5 dimensions; human authorized close cycle + release v0.9.4; release prep in progress. Updates: - develop_head: 029725b → 760b6ca (PR #308 merge commit) - phase_status: F7 CONVERGED (D-216), cycle CONVERGED, v0.9.4 IN PROGRESS - Phase Progress F7 row: IN PROGRESS → COMPLETE/CONVERGED (D-216) - Decisions Log: D-216 added - GROUND-TRUTH HEADs block updated to D-216 - Status section: FEATURE CYCLE CONVERGED - current_wave, WARNING block, Notes section updated Count-propagation sweep: no artifact count changes in this burst; sweep not applicable (pure state/decision update).
Zious11
added a commit
that referenced
this pull request
Jun 24, 2026
…eased, pipeline quiesced Written durable SAFE-TO-CLEAR checkpoint (D-218). Session that delivered v0.9.4 (feature-mitre-json-names: issue #64 mitre_attack + ICS tactic-ID correctness fix) is complete and CLOSED. Ground truth: develop=0115d0e, main=96b49e8 (tag v0.9.4), 0 open PRs, worktrees=main+.factory only, pipeline quiesced. Stories delivered: 78. WARNING/DO-NOT-REDO section added for: feature-mitre-json-names cycle (PRs #306/#307/#308), v0.9.4 release, ICS tactic fix, issue-triage comments. OPEN ITEMS table expanded with INPUT-HASH-STALE, ENGINE-IMPROVEMENT-BACKLOG, ISSUE-TRIAGE-OPEN-9 rows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
docs: correct ARP table tactics + supersede stale MITRE design doc
Branch:
docs/f7-mitre-tactic-doc-fixesBase:
developSeverity: MINOR (documentation only)
Behavior change: None — documentation corrections only, no code touched
Summary
F7 consistency-audit follow-up for issue #64 / ICS-tactic-fix feature. Two documentation
corrections that reconcile ARP-detection user-facing docs and the now-superseded MITRE
design spec with the ICS-tactic corrections adopted during F5.
What Changed
README.mddocs/superpowers/specs/2026-04-13-mitre-attack-mapping-design.mdRoot Cause
The F5 phase adopted dedicated ICS-matrix
MitreTacticvariants with correct TA-IDs.Two documentation artefacts were not updated at that time:
Tactic column instead of the correct ICS tactic names "Collection (ICS), Credential
Access".
that was never corrected, and no supersession notice was added when the implementation
diverged from the design.
Architecture Changes
None. This PR touches only Markdown documentation files.
graph TD F5[F5: ICS tactic-ID correctness fix] --> README[README.md ARP table corrected] F5 --> DesignDoc[MITRE design doc superseded] F7[F7 consistency audit] --> README F7 --> DesignDocStory Dependencies
No story dependency. This is an ad-hoc F7 consistency-audit documentation fix.
graph LR Issue64[Issue #64 ICS-tactic-fix] --> ThisPR[docs/f7-mitre-tactic-doc-fixes] PR307[PR #307: fix ICS-matrix tactic IDs] --> ThisPRSpec Traceability
No behavioral contracts apply (docs-only change).
flowchart LR F5["F5: ICS tactic adoption"] --> BC["BC-2.16.004 (ARP/DNP3 ICS tactic)"] BC --> README_fix["README.md tactic column fix"] BC --> DesignDoc_fix["Design doc superseded"]Test Evidence
No tests required or modified. This is a documentation-only change.
cargo test --all-targets: not required to re-run (zero Rust source changes)cargo clippy --all-targets -- -D warnings: N/A (no Rust code changed)cargo fmt --check: N/A (no Rust code changed)Demo Evidence
Not applicable — no behavior change, no UI/CLI output change.
Security Review
Skipped — docs-only PR. No code, no secrets, no config changed. Diff verified:
2 Markdown files, 23 insertions, 3 deletions. No executable content.
Holdout Evaluation
N/A — evaluated at wave gate.
Adversarial Review
N/A — evaluated at Phase 5.
Risk Assessment
AI Pipeline Metadata
Pre-Merge Checklist
docs/f7-mitre-tactic-doc-fixes)docs)