What is MITRE ATT&CK Framework in Cybersecurity?
Frameworks & Standards
Version 1.0 · Published April 2026 · Last verified April 2026
How is it pronounced?
MY-ter uh-TACK FRAYM-werk
MITRE: 'MY-ter'. ATT&CK: 'attack'.
ATT&CK is the open library MITRE maintains of attacker behaviors observed in actual incidents, organized as a matrix you can read top to bottom. The columns are 14 tactics (the why of an action, like initial access or exfiltration) and the cells beneath each one list specific techniques and sub-techniques (the how). Defenders cross-reference their detections against the matrix to find gaps and to talk about threats in a vocabulary other teams will recognize.
Why MITRE ATT&CK Framework Matters for Your Cybersecurity Career
ATT&CK is the shared vocabulary of the cybersecurity industry. SOC analysts map alerts to ATT&CK techniques. Threat intelligence analysts describe adversary behavior using ATT&CK IDs. Penetration testers structure engagements around ATT&CK tactics. Fluency in ATT&CK is expected in most defensive and offensive cybersecurity roles.
Which Cybersecurity Roles Use MITRE ATT&CK Framework?
Related Cybersecurity Terms
Related Cybersecurity Certifications
ATT&CK is the open library MITRE maintains of attacker behaviors observed in actual incidents, organized as a matrix you can read top to bottom. The columns are 14 tactics (the why of an action, like initial access or exfiltration) and the cells beneath each one list specific techniques and sub-techniques (the how). Defenders cross-reference their detections against the matrix to find gaps and to talk about threats in a vocabulary other teams will recognize.
ATT&CK is the shared vocabulary of the cybersecurity industry. SOC analysts map alerts to ATT&CK techniques. Threat intelligence analysts describe adversary behavior using ATT&CK IDs. Penetration testers structure engagements around ATT&CK tactics. Fluency in ATT&CK is expected in most defensive and offensive cybersecurity roles.
Cybersecurity professionals who work with MITRE ATT&CK Framework include SOC Analyst, Threat Intelligence Analyst, Penetration Tester, Incident Responder. These roles apply MITRE ATT&CK Framework knowledge within the Frameworks & Standards domain.
Sources
Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.
Last verified: April 2026?Report an inaccuracy
Related Resources
Related Cybersecurity Career Guides
Related Cybersecurity Certifications
Was this page helpful?
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options