D3FEND v1.0 Item - D3Code Testability

[dsdr0]

D3FEND will be used to determine how well a system is protected by the DODCAR Team. To determine compliance or scoring, each D3Code must be confirmed to be in place. While understanding all are valid D3Codes, if they are unlikely to be able to be tested within an environment, it would be nice to have a flag that states this, so they may be exempted (I believe ATT&CK does something similar). This would be helpful for those that use D3FEND for scoring environments in my opinion. Not saying to remove them, as they are valuable, but to just flag them if difficult to test against.

Possible examples of potentially not testable ones:
• Pointer Authentication
• Dead Code Elimination
• Exception Handler Pointer Validation (actions that occur before deployment and therefore may better fit within Model)

[netfl0]

related to #160