Original release date: May 19, 2022
CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21).
The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY21 RVAs. The infographic highlights the three most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework.
CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques. For information on CISA RVAs and additional services, visit the CISA Cyber Resource Hub.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released fourteen Industrial Control Systems (ICS) advisories on September 9, 2025. These advisories provide…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released five Industrial Control Systems (ICS) advisories on September 4, 2025. These advisories provide…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.