Skip to main content

2. The Goal of the SAF

Emily RodriguezJune 29, 2022Less than 1 minute

2.1 The Goal of the SAF

1. Accelerate ATO

  • Automate tailored security configuration testing in every build.
  • Aggregate all security assessment results in a single dashboard to show security status.

2. Establish Security Requirements

  • Align security tests to requirements.
  • Write STIG-ready content for software components.

3. Build Security In

  • Automate security control assessment aligned to common standards.
  • Implement security requirements within existing DevSecOps pipelines.

4. Assess/Monitor Vulnerabilities

  • Visualize results of all ongoing assessments to understand risk over time.
  • Enable ongoing or continuous authorization to operate (cATO).
The Goals of the SAF
The Goals of the SAF

2.2 The Road to Security Automation

As illustrated in the picture below, the process for developing automated security tests starts with requirements documents like SRGs, STIGs, or CIS Benchmarks, which are written in human-readable language. These documents are then implemented as code. We need that code to record test results in a standardized format so that we can easily export our security data to a platform where it can be used to make informed decisions (such as the Heimdall visualization app).

This challenge is what the MITRE Security Automation Framework (MITRE SAF) was developed to address. It simplifies the journey from a Requirement Document to an automated test profile and back again, making it easier to navigate.

Edit this page on GitHub
Last update: 12/9/2024, 5:11:10 AM
Contributors: Shivani Karikar,p-oneil,Aaron Lippold,Will,dependabot[bot],wdower,Emily Rodriguez,wdower,Emily Rodriguez
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Emily Rodriguez