MITRE ATT&CK

I. Formal Definition

A publicly maintained knowledge base of adversary tactics, techniques, and procedures observed in real-world intrusions, organised by the phases of the attack lifecycle. ATT&CK is the federation's reference taxonomy for adversary behaviour: detection coverage, threat-model assumptions, and incident-response runbooks must reference ATT&CK technique identifiers where applicable. The federation does not endorse proprietary taxonomies as substitutes for ATT&CK in published evidence; cross-walks are accepted where vendor tooling speaks a different vocabulary.

II. Etymology

Created by the MITRE Corporation in 2013; the name expands to Adversarial Tactics, Techniques, and Common Knowledge.

III. Federation Usage

Federation accreditation evidence referencing detection coverage must use ATT&CK technique identifiers. Coverage maps that omit identifiers are returned for remediation under MEV-Annex:3.2.

IV. Related Terms

• threat-model
• lateral-movement
• control-evidence
• vulnerability-window

V. Authoritative Citations

• UFMS-001:2.4UFMS Article II - Reference Taxonomy
• MEV-Annex:3.2MEV Annex III - Identifier Standard

VI. Citation in BibTeX

@misc{ifo4_glossary_mitre_attack,
  title        = {{MITRE ATT&CK}},
  author       = {{IFO4 Federation Editorial Board}},
  howpublished = {{IFO4 Federation Glossary, slug \texttt{mitre-attack}}},
  year         = {2026},
  url          = {https://ifo4.org/glossary/mitre-attack},
  note         = {Category: SecOps; key: MITREATTCK}
}

VII. Challenge This Definition

Federation members and accredited practitioners may challenge any entry under TGS-002:1.7. Filed challenges are routed to the editorial board, triaged into the revision register, and resolved in writing on the public docket. The slug remains stable through any revision.