INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained

The INFORM model has become a cornerstone for translating threat‑informed defense (TID) concepts into actionable metrics. By embedding adversary behavior insights into a structured maturity framework, MITRE gives organizations a repeatable way to gauge how well they understand and counter real‑world attacks. The 2026 refresh reflects two years of operational data, addressing early criticisms that the model leaned too heavily on ATT&CK taxonomy and lacked flexibility. This evolution underscores the industry’s demand for maturity assessments that balance depth with practical relevance.

Key enhancements focus on measurement precision and decision support. Revised questions now factor in the timeliness of intelligence, ensuring that scores reflect current threat landscapes. The new impact‑vs‑complexity matrix automatically surfaces high‑value, low‑effort improvements, helping security teams prioritize actions that deliver the greatest risk reduction. Additionally, mapping INFORM to established frameworks such as the CTI Maturity Model, Red Team Maturity Model, SOC Maturity Model, and Gartner’s CTEM bridges gaps between disparate assessment tools, allowing executives to align TID progress with broader governance and compliance initiatives.

Adoption is accelerating as vendors like AttackIQ embed the model into their platforms, offering automated assessments, progress tracking, and tailored remediation guidance. The upcoming "Threat‑INFORM Your Defenses" webinar provides a practical walkthrough for practitioners seeking to justify budget requests or onboard new clients using a common language. Looking ahead, MITRE plans to integrate INFORM insights with Gartner’s CTEM, promising a unified view of adversary behavior and security program maturity that can drive strategic, risk‑based investment decisions across the enterprise.