We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Define Exit Criteria

Define the set of events that would lead to the unnegotiable conclusion to the operation.

Exit Criteria are the event or sequence of events that are agreed to be the unnegotiable immediate pause or end to the operation. Sometimes, these events include the successful completion of the agreed upon strategic goals. Other times, these events may signify the operation has reached a hard stop. This is often because future operational safety cannot be guaranteed. Or events have occurred that outweigh the agreed upon acceptable risk. Finally, it may just be that if the adversary operates any longer, they may learn something the defender doesn't want them to know.

Multiple parties from the technical operations, threat intel, legal, and management perspectives should be included when Defining Exit Criteria. For example, if an adversary begins to use the engagement environment as a platform to operate against other targets, stakeholders may decide that the operation must be suspended until the unacceptable traffic can be blocked. Defining Exit Criteria is an essential step to ensure operational safety.

Details
ID: SAC0005
Type:  Strategic 
Goals:  Prepare
Approaches:  Planning