Public review invites feedback from industry, government, and academic communities
MITRE and Industry Collaborators Release Draft Framework for Continuous Security Verification in Confidential Computing
McLean, Va., and Bedford, Mass., July 16, 2026 – MITRE, in collaboration with Fr0ntierX, Invary, and the University of Kansas, today released a coordinated set of documents for public review aimed at addressing a significant unresolved challenge in modern cybersecurity: how organizations can continuously establish and verify trust across cloud, AI, and confidential computing environments.
As governments, enterprises, and critical infrastructure operators increasingly rely on confidential computing, hardware-rooted security, AI workloads, and cloud-native platforms, the ability to continuously validate the integrity of systems and workloads has become foundational to Zero Trust security. Yet despite rapid advances in attestation technologies across hardware vendors, cloud providers, and runtime platforms, the industry lacked a common operational framework for how these capabilities should work together.
A Layered Framework for Continuous Remote Attestation
Developed through collaboration among experts in formal methods, confidential computing, runtime integrity verification, and cloud security operations, the framework proposes a layered approach to continuous remote attestation that spans hardware, operating systems, containers, runtime environments, AI workloads, and attested communications channels.
“Developing widely adopted frameworks for emerging technology challenges is part of MITRE’s longstanding role within the cybersecurity community,” said Mari Spina, senior principal cloud security engineer, MITRE. “Because we work at the intersection of government, industry, and academia, we are uniquely positioned to bring stakeholders together, build consensus around complex technical problems, and help establish common approaches that can scale across sectors. As trust becomes increasingly critical in AI, cloud, and confidential computing environments, we believe this collaborative effort can provide a foundation for the interoperable security architectures the ecosystem needs.”
Documents Released for Public Review
As part of this release, the Working Group is publishing four coordinated documents for public review.
The core specification, Framework for Continuous Remote Attestation in Confidential Computing Environments, Version 0.9.6, serves as the normative foundation of the effort.
Three accompanying informative documents provide additional guidance for implementation and compliance practitioners:
- Annex A: Compliance Control Mapping Methodology, which illustrates mappings to frameworks including NIST SP 800-171/CMMC 2.0, NIST SP 800-53, HIPAA, PCI DSS, and SOC 2.
- Annex B: Provider Attestation Service Architecture, which addresses the integration of Cloud Service Provider with the framework's evidence layers, trust anchor types, and provider stances.
- Annex C: Threat Model, which defines the adversary model, assumptions, and threat matrix used throughout the framework.
Call for Community Feedback
The Working Group is releasing the framework specifically to encourage broad technical review and ecosystem participation before advancing the effort further. Feedback is requested from cloud service providers, TEE platform vendors, security architects, AI/ML platform operators, standards bodies, government stakeholders, and academic researchers.
The Public Review Drafts and participation information are available at https://www.mitre.org/news-insights/publication/framework-continuous-remote-attestation.
About the Working Group
The Confidential Computing Layered Attestation Working Group was convened to address industry’s lack of a standardized approach to continuous remote attestation.
The working group brings together contributors from across the confidential computing ecosystem, including founding collaborators MITRE, Fr0ntierX, Invary, and University of Kansas.
“We stood up the working group because it became clear that while confidential computing was closing the encryption gap and providing options for static workload trust, runtime trust remains vitally important and not well understood. In recent years, MITRE has advanced the state of the art in kernel interrogation for runtime trust, and the MITRE engineers wanted to work with industry to develop a framework, implementation guidance, and an open source software solution to help industry implement a layered attestation framework to meet the needs of cloud providers, cloud consumers, and application users.” — Mari J. Spina, D.Sc. MITRE Cloud Security Capability Area Leader.
“We’re collaborating with MITRE and Invary on this framework because the problem is too important and too cross-cutting for any single company to solve alone. MITRE brings the rigor, formal methods expertise, and credibility with government and defense stakeholders. Invary brings deep kernel integrity verification capabilities. Fr0ntierX brings practical experience turning hardware-rooted trust into secure computing systems. Together, we’re defining an architecture that any organization can implement – regardless of cloud provider, TEE platform, or compliance regime.” — Jonathan Begg, CEO, Fr0ntierX Inc.
“Security tools depend on trustworthy system state, yet modern threats increasingly undermine that trust – especially in AI-enabled environments where integrity directly affects model reliability and decision-making. Invary is proud to collaborate with MITRE and Fr0ntierX on an open attestation framework that restores confidence through verifiable runtime integrity. By continuously validating system state, we help ensure attestation reflects real operational integrity across traditional infrastructure and AI environments.” — Jason Rogers, CEO, Invary Inc.
About MITRE
MITRE’s mission-driven teams are dedicated to driving solutions to our nation’s most pressing challenges. As a not-for-profit research and development organization, MITRE’s staff leverage our unique multi-sponsor vantage point, systems expertise, and innovative solutions to ensure the health, prosperity, and security of our nation.
Media: Sarah Lytle, media@mitre.org