Tactics, Techniques, and Procedures (TTPs)

Tactics, Techniques, and Procedures (TTPs) describe the behavior patterns of cyber threat actors — how they operate, what methods they use, and the specific steps they follow during attacks. Tactics are the high-level goals (initial access, persistence, exfiltration), techniques are the general methods used to achieve those goals, and procedures are the specific implementations.

Understanding TTPs is more valuable than knowing specific IOCs because TTPs represent the adversary's playbook — they change less frequently than specific indicators and provide deeper insight into how to defend against particular threat actors.

Why It Matters

Understanding the TTPs used against the defense industrial base helps you focus your defenses on the attack methods you're most likely to face. This threat-informed approach to security makes your CMMC implementation more effective at actually stopping real attacks.