SAF Framework

Plan

It's hard to hit a target that you can't see. Similarly, it's hard to implement quality security automation without understanding your requirements. The Plan phase of the MITRE SAF helps you identify which security guidance applies to your software components.

Browse Security ContentView Framework

Use Cases

Two Ways to Plan Your Security

The Plan pillar supports both teams implementing existing software and developers creating new components. Start by identifying your software components, then either search for applicable security guidance from government and industry sources or create your own comprehensive validation profiles. Whether you're implementing a component into an existing system or developing new software from scratch, Plan connects you with the right baselines and helps you create documentation where standards don't yet exist.

Find Existing Guidance

Discover which STIGs, CIS Benchmarks, and security baselines apply to your technology stack. Browse our content library to find validated InSpec profiles and hardening guides for common software components.

Create New Documentation

Build security guidance for software components that lack government or industry standards. Author InSpec profiles to define security requirements and provide clear configuration guidance for your customers. Use Vulcan to create comprehensive security validation profiles that document security controls and testing procedures.

Tools

Plan with SAF Tools

Use Vulcan to author security guidance or browse our content library for existing baselines.

Vulcan

Author and edit security guidance documents that serve as a basis for later automation content. Create comprehensive documentation of security requirements, controls, and validation procedures.

SAF CLI

Build the foundation of an InSpec profile from your security guidance documents using SAF CLI.

VulcanSAF CLI