Decision Tool

Use MITRE ATT&CK To Test Zero Trust People Controls

 and  five contributors
Oct 07, 2025

Summary

Testing security controls against realistic attacks is pivotal to ensure controls are working as expected. Human-centric breaches like phishing and social engineering are prevalent, and people are often the least controllable link in the security chain. Effective identity and access management (IAM) as both a capability and detection surface is essential to Zero Trust as compromised identities and access credentials provide significant value to attacks. Because of these factors, people are one of the most important places to test security controls. Security teams can use this tool to test Zero Trust people security controls, leveraging tactics and techniques from the MITRE ATT&CK framework.

Log in to continue reading
Client log in
Welcome back. Log in to your account to continue reading this research.
Become a client
Become a client today for these benefits:
  • Stay ahead of changing market and customer dynamics with the latest insights.
  • Partner with expert analysts to make progress on your top initiatives.
  • Get answers from trusted research using Izola, Forrester's genAI tool.