CISA Funding Cuts: Impacts on MITRE ATT&CK and CVE Reliance

Executive Summary

The article discusses the impact of recent funding cuts on CISA and MITRE’s critical security frameworks, particularly MITRE ATT&CK and Common Vulnerabilities and Exposures (CVE). In April 2025, MITRE’s CVE program narrowly avoided shutdown due to a last-minute extension, while budget cuts at CISA threaten to reduce public guidance and resources. The evolving landscape necessitates that organizations adapt their cybersecurity strategies in response to these changes to ensure continued effectiveness in threat mitigation.

 Read the full article from Delinea here for comprehensive insights.

Key Insights

Funding Status of MITRE CVE Program

• The Department of Homeland Security (DHS) funding for MITRE’s CVE program nearly expired in April 2025.
• An 11-month extension was granted by CISA, avoiding an immediate shutdown of the CVE program.

Budget Cuts Affecting CISA

• CISA is facing significant budget reductions, which can limit its operational capacity and effectiveness.
• Recent layoffs and furloughs have led to a loss of resources, negatively affecting public cybersecurity guidance.

The Stability of MITRE ATT&CK

• While CVE resources are strained, MITRE ATT&CK remains actively funded and continues to evolve.
• The release of ATT&CK v18 signifies ongoing commitment to adapting to security needs amidst budget constraints.

Implications for Cybersecurity Strategy

• Organizations will need to reassess their dependence on MITRE’s CVE and ATT&CK frameworks in light of these funding challenges.
• Effective adaptations in incident response and threat detection measures are essential to maintain security posture.

 Access the full expert analysis and actionable security insights from Delinea here.