Two men looking at a laptop

Center for Threat-Informed Defense Releases Impact Report, Illustrating Collaborative R&D Approach in Cybersecurity

The report highlights 13 R&D projects readily available to the cybersecurity community and recognizes center participants’ impact in advancing a threat-informed defense approach to security.

McLean, Va., January 25, 2022—The Center for Threat-Informed Defense, a privately funded collaborative research and development organization operated by MITRE Engenuity, announced today the release of their inaugural Impact Report. The report, which highlights the 13 major research and development projects released over the course of the past year, illustrates the power of the center’s unique approach to collaborative R&D in the public interest. Each project leverages a shared understanding of adversary tradecraft to advance the cybersecurity community’s ability to get ahead of agile adversaries.

Since its launch in November 2019, the center has grown from 13 founding members to 30 members representing a variety of industry sectors from around the world, including 10 of the Fortune 100.

“During the first two years of operation, the center and our members have been hard at work identifying real-world problems and gaps in the cybersecurity ecosystem and filling them with freely available resources,” said Jon Baker, director of research and development, Center for Threat-Informed Defense. “The R&D projects described in this report are a testament not only to the success of the center but also to the commitment of our members to work in the public interest—to help make everyone more secure.”

The R&D projects highlighted in the report range from cyber threat intelligence to testing and evaluation to defensive measures, including:

  • NIST-800-53 mappings to MITRE ATT&CK®:  A comprehensive set of mappings of the popular security control framework to adversary behaviors defined in the ATT&CK knowledgebase of adversary tactics techniques and procedures.
  • ATT&CK Workbench: An easy-to-use open-source tool that allows organizations to manage and extend their own local version of ATT&CK and keep it in sync with MITRE’s knowledge base.
  • Adversary Emulation Library: A growing set of adversary emulation plans designed to make it easier for red teams to “look like” common cyber actors.

All the work is freely available through the center’s website, representing just the tip of the iceberg in terms of the work the center is doing in collaboration with its members. Other R&D initiatives released by the center over the past two years includes an open-source research platform for automating the mapping of threat reports to ATT&CK and a series of mappings between the most prevalent cloud service provider security offerings and ATT&CK.

“The center brings together some of the best security teams from around the world with the cybersecurity experts from MITRE—the people who created CVE® and the ATT&CK framework,” Baker continued. “The practical resources that we’re releasing are designed to give defenders resources that they can use today to make it more difficult for the adversary to achieve their objectives. The 13 projects we’re highlighting in this report are just the beginning as we will be releasing many new projects throughout 2022.”

As the center looks ahead to 2022, two of the projects slated for release include “Attack Flow,” the first in a series of projects designed to give defenders better ways to reason about sequences of adversary techniques. Also being released is a “Sightings Ecosystem,” which has analyzed voluntarily contributed intelligence on what tactics, techniques and procedures adversaries are using in the wild to help defenders understand how adversaries operate.

To learn more about each of the projects developed by the Center for Threat-Informed Defense, as well as to download a copy of the full report, please visit

About The Center for Threat-Informed Defense

The center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. More information:

Media Contact: Erin Wise, Merritt Group,