Speaking with TFiR, Steve Winterfeld, Advisory CISO at Akamai, outlined MITRE’s broader framework ecosystem beyond the widely known ATT&CK and ATLAS tools — describing a library of purpose-built resources that most enterprise security teams have not yet explored.

WHAT IS MITRE’S FRAMEWORK ECOSYSTEM

While MITRE ATT&CK dominates the conversation in enterprise security, MITRE maintains a significantly broader library of frameworks covering cyber resiliency engineering, sector-specific threat modeling, automated offensive tooling, and industry-specific security programs. These frameworks share the same adversarial intelligence base as ATT&CK but are applied to distinct operational contexts.

CRAFT: CYBER RESILIENCY ENGINEERING FRAMEWORK

CRAFT is MITRE’s tool for operationalizing NIST Special Publication 800-160 — the federal government’s framework for cyber resiliency engineering. NIST SP 800-160 is extensive and complex; CRAFT translates its policies and procedures recommendations into an actionable security program without requiring practitioners to parse the full publication. For organizations in regulated industries or those aligning to federal security standards, CRAFT provides a practical bridge between policy and implementation.

FIGHT: 5G HIERARCHY OF THREATS

FIGHT applies MITRE’s adversarial knowledge base specifically to 5G infrastructure. As enterprise and carrier networks increasingly depend on 5G architecture, FIGHT documents the attack techniques targeting 5G systems — giving security teams in telecom, manufacturing, and critical infrastructure a dedicated threat model for this environment.

ADVERSARIAL ENUMERATION, RED TEAMING, AND CALDERA

MITRE maintains frameworks for both offensive and defensive team operations under its adversarial enumeration and red teaming category. Caldera is the most widely used — an automated security assessment platform that enables red teams to run structured attack simulations without manual scripting. It provides a common language and methodology for both attacking and defending teams, supporting continuous security validation at scale.

ADAPT: ADVERSARIAL ACTIONS IN DIGITAL PAYMENT TECHNOLOGIES

ADAPT is purpose-built for the financial services sector — specifically for organizations operating in wealth management, banking, and payment technology environments where threat activity is disproportionately high. It applies MITRE’s adversarial intelligence to the specific attack surfaces and threat actors targeting financial infrastructure.

INDUSTRY-SPECIFIC FRAMEWORKS

Beyond sector-general frameworks, MITRE has developed industry-specific breakouts for healthcare AI, critical infrastructure, and other high-threat verticals. These frameworks reflect the reality that attack techniques, threat actors, and regulatory contexts vary significantly by industry — and that a single universal framework cannot adequately serve every operational environment.

“Depending on your industry, there are a ton of capabilities out there that are worth exploring.”

Watch the full TFiR interview with Steve Winterfeld here.