MITRE SAF™

Appearance

SAF Framework

Validate Icon Validate

Security testing doesn't have to be a manual, error-prone process. The Validate phase of the MITRE SAF helps you test and verify security controls automatically. Transform security requirements from PDFs and spreadsheets into executable tests that run in seconds, providing consistent, repeatable, and tailorable security compliance validation across your entire infrastructure.
Browse Validation ProfilesView Framework
Validate Icon
Use Cases

Automated Security Testing

The Validate pillar enables continuous security compliance through automated testing. Validate a wide variety of common system components regardless of deployment strategy -- cloud platforms, container images, virtual machines, databases, network equipment, and more. Run InSpec profiles to validate systems against STIGs, CIS Benchmarks, and custom security baselines.
Security Compliance Testing
Test systems against government and industry security standards. Run InSpec profiles that implement STIGs, CIS Benchmarks, and other compliance frameworks. Generate detailed reports in the Heimdall Data Format (HDF) showing which controls pass, fail, or are not applicable to your systems.
Continuous Validation
Integrate security testing into your CI/CD pipeline. Validate container images before deployment, test infrastructure changes before they reach production, and monitor running systems for configuration drift. Catch security issues early when they're easiest to fix.
Fast and Repeatable
Automated tests run in seconds, not hours. Unlike manual security assessments that take weeks, automated validation provides instant feedback. Run the same tests consistently across thousands of systems, eliminating human error and reducing assessment costs, or integrate them seamlessly into CI/CD pipelines.
Tools

Validate with SAF

Use InSpec profiles from our content library and accelerate profile development with SAF CLI.
InSpec Profiles
Browse our library of validated InSpec profiles for common platforms and applications. Each profile implements security requirements from STIGs, CIS Benchmarks, and other frameworks as executable tests. Download and run profiles directly or customize them for your environment.
SAF CLI
Rapidly generate the scaffolding for an InSpec testing profile using a benchmark document (STIGs, CIS Benchmarks) and the SAF CLI. Use SAF CLI to accelerate updates to test profiles when new benchmarks are released.
InSpecInSpecSAF CLISAF CLI

MITRE Security Automation Framework (MITRE SAF) is a trademark of The MITRE Corporation. Released under the Apache 2.0 License.

Copyright © 2026 The MITRE Corporation

MITRE Security Automation Framework (MITRE SAF) is a trademark of The MITRE Corporation. Released under the Apache 2.0 License.

Copyright © 2026 The MITRE Corporation