Designed to assess the effectiveness of Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI), and State, Local, Tribal, and Territorial (SLTT) stakeholders in identifying and resolving network vulnerabilities, the RVAs revealed that phishing links were the most successful technique for initial access.

CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to provide a better understanding of risks and help organizations remediate weaknesses that threat actors might abuse in live attacks to compromise network security controls.