SPARTA: Year One in Review (and v1.5 Updates)

The Aerospace Corporation
Aerospace TechBlog
Published in
5 min readNov 7, 2023

Authors: Brandon Bailey, Brad Roeher, and Randi Tinney

SPARTA turned one year old last month and, since the launch in October 2022, nine versions/releases of SPARTA have taken place. It is recommended to keep an eye on the most current updates frequently as we will provide new information and features in the Update section.

Some noteworthy highlights from SPARTA’s first year:

Several of the above updates were fostered by community input. As described on the Contribute Page, SPARTA solicits input from the community, which has been tremendous in year one. SPARTA has received input from the United States’ commercial and government sectors in addition to the international space community. SPARTA has also been showcased at conferences (e.g., CYSAT 2023, DEF CON 31), within news articles, as well as the CyberWire Podcast. Several of these are discussed on the General Information page within SPARTA.

Below are the specific updates for SPARTA version 1.5 which was released on October 17, 2023.

Version 1.5 Update #1: Control Mapper Tool

To further expand the mapping capabilities SPARTA provides, the team has created a Control Mapper tool. Similar to the Countermeasure Mapper, the Control Mapper allows users to select either NIST 800–53 Rev 5 control(s)/enhancement(s) or the ISO 27001 control(s) and generate visualizations of their coverage of SPARTA techniques/sub-techniques.

The Control Mapper tool allows users to build a security architecture, using familiar controls, for the spacecraft. Before selecting any control, all techniques/sub-techniques will appear in red. As the user selects a control, the colors will change based on the percent coverage for that particular TTP. The Green/Yellow/Orange indicates some level of coverage; Red indicates no coverage at all.

The control mapper provides a great tool to perform quick analysis across control baselines. For example, if a user was to compare TTP coverage when considering 800–53 controls listed in the NIST Cybersecurity Framework v1.1 to the NIST moderate baseline the below graphics would provide a quick visual indicator. The below graphics would indicate the necessity to generate custom spacecraft baselines for 800–53 versus the off the shelf control lists.

Similar to the Countermeasure Mapper, once done selecting controls, the user can export the data in a variety of ways, as several graphics, an Excel sheet, and as a JSON file for future use. The exported Excel workbook will report the selected controls, the TTPs covered, and the TTPs that are not covered in respective tabs. From a security engineering perspective, this coverage mapping will help ensure system designers can better understand where gaps and potential risk exists.

Version 1.5 Update #2: JSON Creator

To compliment the new mapper tool, the SPARTA team also included a JSON Creator tool. Rather than users meticulously clicking each technique/sub-technique in the Navigator tool, each countermeasure in the Countermeasure Mapper, or each control in the Control Mapper, the JSON Creator offers users the ability to copy and paste each option and get a resulting JSON file. These files can then be imported into the corresponding tool for visualization creation and coverage mapping.

Users can upload a variety of different types of lists with the JSON Creator. However, when pasting the various types of TTPs, countermeasures, and/or controls into the tool, they must use the same format that is utilized within SPARTA. The expected format of the controls MUST match the format within the Countermeasure section of SPARTA (NIST, ISO). For example, NIST controls must match control family-control number(enhancement number) with no leading zeros. This would look like AC-2(1) and not AC-02(1) or AC-02(01).

Version 1.5 Update #3: ESA Space Shield Mitigation Mapping

In SPARTA version 1.5, all SPARTA Countermeasures have been mapped to various ESA Space Shield Mitigations. These mappings allow for further definitions of countermeasures and mitigations that can be utilized to protect against various TTPs. Further, while these mitigations have been added to each Countermeasure information page, all Excel exports will also include these mappings for additional use.

Comments? Please visit the contribute page or email

New to SPARTA on Medium? Catch up on the Aerospace TechBlog.