The CIS Critical Security Controls (CIS Controls) are a set of more than 170 cybersecurity defensive measures, called safeguards. CIS wants to help enterprises select the appropriate safeguards. The Community Defense Model relies on the MITRE ATT&CK Framework. The CDM model has three steps: Identify the most prevalent and damaging attack patterns from current industry investigative reports on incidents and breaches. Normalize the attack patterns by expressing the techniques deployed to accomplish each tactic for each phase of an attack (some industry reports already do this for some attacks and CIS will use those when available.”]
Source: https://www.csoonline.com/article/3571798/center-for-internet-securitys-community-defense-model.html