MITRE’s Cyber Strategy Development and Implementation (CSDI) Framework draws from the best practices of more than 18 US, International, and Industry models. It uses a combination of design thinking activities, threat/opportunity/resources contextualization, and a lens of eight key cyber capacity areas in a four-phase strategy approach to assessing cyber needs and threats, developing risk-informed strategic goals, identifying and prioritizing supporting objectives and initiatives, and implementing them in a multi-stakeholder environment.

This fourth version of the Framework draws from lessons learned during its application in more than a dozen countries and three US government agencies. It slightly modifies the Eight Key Cyber Capacity Areas to allow for differentiation between civil law/regulation and policy/standards, and between operational resiliency and incident response. It also elevates Strategic Foundations to its own pre-requisite set of activities and capabilities, and acknowledges that Partnerships is not a stand-alone capacity area, but rather one that informs every other capacity area, as well as Strategic Foundations (particularly Stakeholder Involvement). This edition also addresses organizational level strategy as well as national level strategy development requirements. Finally, it adds the Cyber Workforce Development Framework and other products to its library of tools and approaches for cyber strategy development and capacity building teams.