Continue your mission
MITRE ATT&CK is a knowledge base of adversary tactics and techniques used for threat modeling, detection engineering, and security gap analysis.
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Maintained by the MITRE Corporation, ATT&CK catalogs the behavior of cyber adversaries across the attack lifecycle, providing a common language for describing threats. The framework organizes adversary behavior into 14 tactics representing the 'why' of an attack (the adversary's tactical objective) and hundreds of techniques and sub-techniques representing the 'how.' ATT&CK covers Enterprise (Windows, macOS, Linux, cloud, network, containers), Mobile, and ICS (Industrial Control Systems) environments.
The 14 Enterprise ATT&CK tactics in kill-chain order are: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact. Each tactic contains multiple techniques. For example, Initial Access includes techniques like Phishing, Exploit Public-Facing Application, and Supply Chain Compromise. Each technique is documented with a description, procedure examples from real threat groups, detection guidance, and mitigation recommendations. MITRE maps techniques to specific threat groups (over 140 documented) and software (over 680 documented), enabling organizations to model threats relevant to their sector. Organizations use ATT&CK for threat intelligence analysis, detection engineering (mapping detection rules to techniques), red team planning, security gap assessment, and security operations center maturity evaluation.
ATT&CK has become the de facto standard for describing adversary behavior in the cybersecurity industry. Security vendors map their products to ATT&CK coverage, SOC teams use it to identify detection gaps, and threat intelligence teams use it to track adversary evolution. Regulatory frameworks including CMMC and NIST CSF reference ATT&CK for threat-informed defense. For CDA, ATT&CK tactics and techniques map directly to theater missions, enabling threat-informed security operations that address real adversary behaviors rather than abstract compliance requirements.
CDA Theater missions that address topics covered in this article.
Technical requirements for complying with California's privacy laws, including data mapping, consumer rights, and security obligations.
The CCPA is California's landmark privacy law granting consumers rights over their personal data and imposing obligations on businesses that collect it.
Written by CDA Editorial
Found an issue? Help improve this article.