INFORM

Advance Your
Threat-Informed Defense

Measure, optimize, and strengthen your threat-informed defense capabilities with MITRE’s proven maturity model.

Learn More

What is INFORM?

INFORM is MITRE’s threat-informed defense maturity model — a structured way to measure your defensive posture, prioritize improvements, and show real progress over time. As threats evolve and programs become more complex, INFORM gives security teams a consistent, defensible framework for maturing their threat-informed defense based on real adversary behavior.

Why Threat-Informed Defense Matters

Threat-informed defense continuously aligns your security program to real adversary behavior, giving leaders deeper insight into their posture, operations, strategy, and overall effectiveness. It’s relevant and scalable for organizations of any size or sector.

Cyber Threat Intelligence

Understand the Threat

Know who is targeting you and how they operate.

Defensive Measures

Proactively Defend

Deploy and tune controls aligned to real adversary behavior.

Test and Evaluate

Validate & Improve

Continuously test defenses with real-world adversary behaviors to drive improvement.

“Threat-informed defense is the systematic application of a deep understanding of adversary tradecraft and technology to improve defenses.”

— MITRE Center for Threat-Informed Defense

How INFORM Works

INFORM turns threat-informed defense into a measurable framework with 3 dimensions and 22 measurable components that look across people, processes, and technology.

TID Dimensions

Cyber Threat Intelligence
Defensive Measures
Test & Evaluation

CTI Components

Depth of CTI
Relevance of CTI
Organizational Integration of CTI
Incorporation of CTI
Recency of CTI
Speed of CTI Dissemination
CTI Driven Decision Making

How INFORM Enables Improvement

Measure

Measure your current maturity

Prioritize

Prioritize high-impact, low complexity improvements

Improve

Track your progress and
measure improvement

INFORM vs. CTID vs. M3TID

INFORM builds on MITRE’s original M3TID model and incorporates two years of real-world feedback from security teams through the Center for Threat-Informed Defense (CTID). The result is a more actionable, more intuitive, and more operational framework for advancing threat-informed defense.

CTID

MITRE’s Center for Threat-Informed Defense (CTID) is the research and development program at MITRE that develops innovative, community-driven approaches to applying adversary intelligence to cybersecurity. Both M3TID and INFORM were created through CTID collaborations.

M3TID (2024)

M3TID was MITRE’s first threat-informed defense maturity model. It introduced the core concepts and structure used globally to assess and improve threat-informed defense programs and served as a foundational tool for training and evaluation.

INFORM (2026)

INFORM is MITRE’s updated and refined maturity model, informed by two years of real-world use. It offers clearer guidance, stronger scoring logic, and better alignment to how security teams implement and mature threat-informed defense today.

How INFORM Strengthens Continuous Threat Exposure Management (CTEM)

Threat-informed defense provides the adversary-centric foundation for CTEM, ensuring that security programs are aligned to real-world adversary behaviors and focused on the threats that matter most. INFORM assessments help organizations think strategically about security program optimization as they advance threat-informed defense maturity. Increased threat-informed defense maturity leads to a stronger, more effective foundation for CTEM.

Threat-informed defense is the adversary-centric foundation for Continuous Threat Exposure Management

  • Aligned with real-world adversary behaviors
  • Focused on the threats that matter most 

Increased TID maturity builds a stronger, more effective foundation for CTEM.

How Security Teams Use INFORM

INFORM gives organizations a structured way to evaluate their security program and make threat-informed decisions. Teams use the model to guide planning, focus resourcing, demonstrate progress, and continuously refine their defenses using real adversary behavior.

Strategic
Planning

Use INFORM assessments to shape roadmap decisions, align initiatives to adversary behavior, and ensure long-term investments are grounded in real-world threats.

Investment Prioritization

Identify which improvements—whether people, process, or technology—deliver the highest impact, and justify budget requests based on measurable maturity gains.

Program Optimization

Spot strengths, gaps, and redundancies across security operations. INFORM helps teams focus on the areas that most improve posture and reduce exposure.

Measuring
Progress

Run assessments periodically to track your maturity growth, compare results across business units or teams, and demonstrate improvement to leadership and auditors.

How AttackIQ Operationalizes INFORM

AttackIQ transforms INFORM from a maturity model into an operational capability. We help security teams measure their maturity, prioritize improvements, and operationalize threat-informed defense across—backed by automation and expert guidance.
Platform-Integrated Assessments
Run INFORM assessments directly within AttackIQ to baseline your maturity. Assessments are stored, versioned, and easily compared over time.
Trend Tracking & Dashboards
Visualize your maturity trajectory, view changes across teams or business units, and identify where progress is accelerating or stalling.
Recommendation Engine
Automatically generate prioritized “what to do next” actions based on your current maturity level, the impact of each improvement, and implementation complexity.
Professional Services Enablement
Our experts provide threat-informed defense training, facilitate INFORM assessments, and guide teams through systematically maturing their security operations. We help organizations use INFORM to build a stronger, more effective foundation for CTEM.

INFORM FAQs

Never Settle for Uncertainty

Validate Your Defenses

Take the guesswork out of threat exposure management. Validate your defenses with real-world attack scenarios and focus on what matters most—managing your risk.

Schedule a Demo Try it Free

Featured Articles

  • Threat Research

    INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained

    On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two years of operational use and broad security community feedback.
    Read More

  • Threat-INFORM Your Defenses

    MITRE’s INFORM maturity model helps organizations adopt threat-informed defense. Learn what’s new in the latest update and how to baseline posture, prioritize investments, and measure progress against real threats.
    Read More

  • MITRE ATT&CK For Dummies

    How can you ensure that your cybersecurity capabilities defend your organization as best they can? After decades and billions of dollars spent on the people, processes, and technology of cybersecurity, this question still haunts security leaders. Intruders break past, security controls falter, and defenses fail against even basic cyberattack techniques. What should be done? Instead of trying to close every vulnerability, meet every standard, or buy the “best” technology, security teams can change the game by focusing their defenses on known threats.
    Read More