Threat Assessment and Remediation Analysis (TARA)

August 2020
Topics: Cybersecurity, Threat-informed Defense, Cyber Threat Intelligence, Systems Engineering
Jackson E. Wynn, The MITRE Corporation

Threat Assessment and Remediation Analysis (TARA) is an engineering methodology used to identify and assess cyber vulnerabilities and select countermeasures effective at mitigating those vulnerabilities.  TARA is part of a MITRE portfolio of systems security engineering (SSE) practices that focus on improving the cyber security hygiene and resilience of systems early in the acquisition process. TARA uses a catalog of stored attack vector and countermeasure data to inform the process of identifying attack vectors for exploiting system vulnerabilities and potential countermeasures to prevent their exploitation or mitigate its effects.  TARA was originally developed in 2010 and has been used in over 30 cyber risk assessments.  

Steps in the TARA methodology are also discussed in the MITRE Systems Engineering Guide.

In 2017, the TARA catalog was revamped to support application of TARA to ICS/SCADA systems in conjunction with the International Atomic Energy Agency (IAEA) hosted, collaborative research program J02008 on cyber incident analysis and planning for Nuclear Facilities.


Publication Search