Original release date: June 2, 2021
As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned R&D center operated by MITRE, which worked with the MITRE ATT&CK team.
CISA and other organizations in the cybersecurity community use MITRE ATT&CK to identify and analyze threat actor behavior. This analysis enables them to produce a set of mappings to develop adversary profiles; conduct activity trend analyses; and detect, respond to, and mitigate threats. An increase in the number of organizations integrating the ATT&CK framework in their analysis will have a positive impact on the efficiency and efficacy of information sharing within the community.
CISA, HSSEDI, and MITRE ATT&CK encourage users and administrators to review both the guide—as well as CISA Executive Assistant Director Eric Goldstein’s blog post on the guide—to strengthen the security posture of their organization and improve information sharing.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide…
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized…
This website uses cookies.