©

MITRE Security Automation Framework ©

Jump Start Your Security Journey

MITRE SAF © supports security processes at all stages of the software lifecycle, from planning secure system design to analyzing operational security data. All MITRE SAF © tools can work in concert or standalone; adopt the parts of the Framework that make sense for your environment.

PLAN

Select, tailor, and create security guidance content appropriate for your mission.

 

Use Vulcan© to create and manage security baselines to implement security requirements.

HARDEN

Implement security baselines using verified Ansible, Chef, and Terraform content.

 

Use Ansible, Terraform, Chef, and Puppet content from the MITRE SAF© Hardening Library to implement security baselines.

VALIDATE

Generate detailed security testing results throughout the lifecycle of a system through automated tests and manual attestation.

 

Use InSpec content from the MITRE SAF© Validation Library to assess security control compliance.

NORMALIZE

Convert security results from all your security tools into a common data format.

 

Use the MITRE SAF© command line interface (CLI) to normalize security tool output in the OASIS Heimdall Data Format (OHDF).

VISUALIZE

Identify overall security status and deep-dive to resolve specific security defects.

 

Use the MITRE SAF© Heimdall Lite/Server© to visualize security status across all security tools and even to share with your organization’s reporting / GRC tools.

MITRE SAF © Is

Free

All MITRE SAF© content is free to use under the Apache 2 license. The Framework is currently in use by government sponsors, vendors, and private sector companies, tailoring content for their own organizational requirements.

image/svg+xml
Open Source

MITRE SAF© hosts all source code for tools and test profiles publicly on GitHub. Organizations are free to use the code; no acquisitions headaches required.

A Community

All MITRE SAF© content is generated and maintained by a robust security community of both MITRE and non-MITRE contributors; MITRE serves as the Framework steward. Collaboration across the community multiplies the impact for all users.

The MITRE SAF © Open Source Toolset

MITRE SAF © maintains a toolset of utilities that support security automation.

MITRE SAF © tools are built to be modular. Slot them into your existing pipelines and or use them to enhance your favorite security tools. You can use MITRE SAF © tools on their own with or without a pipeline.

saf_logo.png

SAF CLI

The MITRE SAF© Command Line Interface (CLI) utility automates the normalization of data and other security processes for pipeline users.

 

Supports Capabilities:

 

SAF Validate Icon
 
SAF Normalize Icon
 
SAF Visualize Icon
Validate Normalize Visualize

          

SAF Heimdall Logo

Heimdall

The Heimdall© data visualization application that ingests security data from multiple security tools to create an aggregated view of the security posture for all components of a system stack. Users can examine individual findings for a deep dive on what actions are needed to secure the system.

 

Supports Capabilities:

 

SAF Normalize Icon
 
SAF Visualize Icon
Normalize Visualize

     

saf_logo.png

emasser

emasser is a CLI tool for interfacing with an eMASS instance to drop off data and run queries. 

 

Supports Capabilities:     

 

SAF Normalize Icon
 
SAF Visualize Icon
Normalize Visualize

 

        

saf_logo.png

Vulcan

The Vulcan© project streamlines the process to create STIG-ready content that is ready for DISA review.

 

Supports Capabilities:

 

SAF Plan Icon
Plan

  

Hardening Library Icon

Hardening Library

The MITRE SAF© includes a library of hardening content that delivers infrastructure as code across the development stack using industry-standard configuration management tools.

 

Supports Capabilities:

 

SAF Harden Icon
Harden

 

Validation Library Icon

Validation Library

The MITRE SAF© includes a library of standardized validation content written in the InSpec language to implement compliance checks that can be tailored to your organization to eliminate false positives. InSpec profiles can be run on premises or in the cloud or in a container.

 

Supports Capabilities:

 

SAF Validate Icon
Validate

  

Unknown Image

OHDF

OASIS Heimdall Data Format (OHDF) is the international data format standard that facilitates sharing security results from multiple tools in a common format that includes sufficient metadata to support improved data analysis and findings remediation.

 

Supports Capabilities: 

 

SAF Normalize Icon SAF Visualize Icon
Normalize Visualize

Adopted by The Community

User Stories

"How can I determine what security baseline I should measure against?"

Quality security automation content should be tied back to trusted human-readable security guidance, such as baseline documents published by government and industry (e.g., STIGS, CIS Benchmarks). Security stakeholders should know not only what you are testing, but why. If there are no existing published baseline guidance documents for your software component, you can research and author your own.

"How do I manage a diverse set of security data?"

Normalization enhances the analysis of security data, facilitating wholistic system security assessments. Converting your data to the OASIS Heimdall Data Format enables you to aggregate data and visualize the disparate security results across all components of the software stack.

"How do I provide sufficient evidence to authorize (or ATO) my system?"

Modern software environments require effective, pervasive automated testing. Each component of your system – no matter how simple or how complex – should be regularly scanned. Heimdall and the SAF CLI can generate robust reports from your data to demonstrate effective security posture.

Privacy Policy | MITRE
Deploys by Netlify

Copyright © 1997-2025, The MITRE Corporation. All rights reserved.

MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.