MITRE Center for Threat-Informed Defense and Industry Map Cloud Security Controls to Real-World Cyberattack Threats

Cybersecurity

McLean, Va., and Bedford, Mass., Jan. 28, 2026 — MITRE's Center for Threat-Informed Defense (CTID), in partnership with Citigroup, Cloud Security Alliance (CSA), CrowdStrike, Fortinet, and JPMorgan Chase, has released new, publicly available research that closes a critical gap between cloud security frameworks and how adversaries actually operate.

The research maps the CSA Cloud Controls Matrix (CCM) to the MITRE ATT&CK® framework, giving organizations clear, actionable guidance for building robust, threat-informed cloud defenses. Security professionals can now pinpoint and strengthen gaps in their posture, supporting targeted investments and data-driven decisions.

“By connecting widely adopted security controls and the adversary behaviors they are designed to stop, we are equipping defenders with a clearer lens to validate and strengthen their security strategies,” said Leslie Anderson, chief cyber strategist and head of threat-informed defense programs, MITRE. “This work allows defenders to shift focus from checking boxes to building proactive defenses that can anticipate and counter sophisticated attacks in complex cloud environments.”

The methodology and detailed mappings are freely available through CTID’s Mappings Explorer website. This transparency gives organizations of all sizes the tools to bolster security architectures, model threats, and validate their controls against evolving risks. Contributions from leading financial institutions and security vendors help ensure the research reflects real-world attack activity across complex cloud environments.

This initiative underscores MITRE’s commitment to advancing threat-informed defense through collaboration and public benefit. CTID invites cloud security professionals to explore the research, apply it within their environments, and engage in ongoing efforts to raise the bar for cloud security across the industry.

Access the Threat-Informed Defense for Cloud Security research at: https://center-for-threat-informed-defense.github.io/mappings-explorer/external/csa_ccm/.

About The Center for Threat-Informed Defense:

The Center for Threat-Informed Defense is a non-profit, privately funded research and development organization operated by MITRE. Its mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, a foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. https://ctid.mitre.org.

About MITRE

MITRE’s mission-driven teams are dedicated to driving solutions to our nation’s most pressing challenges. As a not-for-profit research and development organization, MITRE’s staff leverage our unique multi-sponsor vantage point, systems expertise, and innovative solutions to ensure the health, prosperity, and security of our nation.

Media Contact: Sarah Lytle, media@mitre.org