MITRE SAF™

Appearance

MITRE SAF Training

Our Training

The MITRE SAF™ team offers training classes. Dates and sign-up links to participate in synchronous (typically virtual) class offerings are posted on this page when training dates are finalized. To preview classes, watch asynchronously, or reference class content, see the class details, materials, and recordings below.
Training Site - GitHub Training Site - Netlify

Upcoming Classes

Register for upcoming live training sessions. All times are shown in EST.

No upcoming sessions scheduled at this time. Check back soon or view our class recordings below.

Classes

Browse our training offerings. Each class includes learning objectives, course materials, and recordings of past sessions.

SAF User Class

The SAF User Class provides understanding and hands-on practical use of MITRE's Security Automation Framework with a focus on automating security validation and visualization.

View Course Materials

Learning Objectives:

  • Identify and locate security guidance for a software component
  • Understand the capabilities available in the main pillars of the MITRE Security Automation Framework - Plan, Harden, Validate, Normalize, Visualize
  • Visualize InSpec results and third party security tool data
  • Define and run an InSpec profile to validate a component against a security guide
  • Automatically export checklist results from a security assessment

Security Guidance Developer Class

The SAF Guidance Developer Class teaches participants how security guidance fits in the security validation lifecycle and equips them with the tools and knowledge to create and use security guidance.

View Course Materials

Learning Objectives:

  • Identify and locate security guidance for a software component
  • Differentiate between different types of security guidance, such as SRGs and STIGs
  • Create tailored security guidance using Vulcan
  • Classify security requirements as Applicable - Configurable, Applicable - Inherently Meets, Applicable - Does Not Meet, Not Applicable, or Not Yet Determined for a given software component
  • Export security guidance as InSpec stubs to assist in automated security validation
  • Understand how STIG-ready content can be formally peer reviewed by DISA and published to the security community
  • Create guidance with Vulcan to support Authority To Operate (ATO) efforts

Beginner Security Automation Developer Class

The SAF Beginner Security Automation Developer Class teaches the fundamentals of how to develop security validation content, particularly through hands-on examples developing InSpec profiles. Note that since InSpec tests are written in the Ruby language, basic knowledge of Ruby and CLI familiarity is required.

View Course Materials

Learning Objectives:

  • Describe the InSpec framework and its capabilities
  • Describe the architecture of an InSpec profile
  • Build an InSpec profile to transform security policy into automated security testing
  • Inherit controls from existing profile baselines into your profiles to avoid rework
  • Run an InSpec profile against a target - a component of an application stack
  • View and analyze InSpec results
  • Report Results
  • Create concise, human-readable control output using RSpec syntax in InSpec profiles

Advanced Security Automation Developer Class

The SAF Advanced Security Automation Developer Class provides a deep dive into InSpec's advanced capabilities, such as InSpec resource development, as well as how to construct a CI/CD pipeline using the tools and techniques from the framework.

View Course Materials
Privacy PolicyManage Cookies

MITRE Security Automation Framework (MITRE SAF) is a trademark of The MITRE Corporation. Released under the Apache 2.0 License.

Copyright © 2026 The MITRE Corporation