Continuous Threat Exposure Management (CTEM) Working Group

Welcome to CTEM.org, the home of Continuous Threat Exposure Management.

We're building a community to develop and refine CTEM controls and identifiers. Join us in shaping the future of proactive threat management.

Join the Working Group

Are you a vendor or a cybersecurity practitioner? Join our working group to contribute and make an impact.

Join us or Provide Feedback

CTEM Controls & Identifiers

Access our developing framework of CTEM controls. These controls and identifiers are at the core of what we do. Our goal is to create a standard that helps organizations proactively assess and manage their exposure to threats.

The CTEM framework includes:

• Common Identifiers: Unique identifiers that help categorize and track different types of exposures and vulnerabilities, making it easier to understand and address risks.
• Best Practice Controls: Actionable measures that organizations can implement to reduce their threat exposure. These controls are continuously refined based on input from the community.
• Collaborative Development: By joining our community, you can help refine these controls, contribute new ideas, and ensure the standards remain practical and effective.

Help us refine the standards and put them into practice.

Community Resources

Stay informed with articles, updates, and upcoming events. Sign up for our mailing list.

Subscribe

License for Use

The controls provided on this site are free for non-commerical use and are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. For more information on the license, please visit the Creative Commons Website.

If you would like to use our framework in your commerical product, that makes at least two of us! With that said, we do ask you introduce yourself and let us know how you plan to use the framework. We are always looking for ways to improve the framework and the work we do with the community.

Identifiers

Below is a list of the current Identifiers in the CTEM framework. We still have a way to go but are moving quickly as we have some very motivated and talented people working on this project.

Have a look around and if let us know what you think.

• CTEM-BND-1 - Brand-impersonation - Counterfeit Product Offered For Sale Or Use
• CTEM-DAT-1 - Credential-dump - Credentials Leaked With Hostname
• CTEM-DAT-2 - Credential-dump - Vendor System Dump With Credentials Offered Privately
• CTEM-FIN-1 - Financial - Corporate Bank Account Routing Information Exposed
• CTEM-FIN-2 - Financial - Accounts Payable Information Exposure
• CTEM-INF-1 - Infection - Infected Corporate Owned Device
• CTEM-INF-2 - Infection - Infected Vendor Owned Device
• CTEM-INF-3 - Infection - Infected Employee Owned Device Corporate Credentials
• CTEM-INF-4 - Infection - Infected Employee Owned Device Personal Use Of Corporate Identity
• CTEM-INF-5 - Infection - Infected Customer Owned Device
• CTEM-INF-6 - Infection - Infected Employee Owned Device Internal Network Connected
• CTEM-INF-7 - Infection - Infected Employee Owned Device 3rd Party Business Use Of Corporate Identity
• CTEM-DOM-1 - Lookalike-domains - Typo Squatted Domain
• CTEM-DOM-2 - Lookalike-domains - Homoglyph Attack Domain
• CTEM-DOM-3 - Lookalike-domains - Phishing Indicator Domain
• CTEM-DOM-4 - Lookalike-domains - Brand Impersonation Domain
• CTEM-RAN-1 - Ransomware - Ransom Dump Supplier
• CTEM-RAN-2 - Ransomware - Ransom Dump Customer
• CTEM-SRC-1 - Source-code - Public Source Code Repository Company Sanctioned
• CTEM-SRC-2 - Source-code - Public Source Code Repository Employee Created
• CTEM-SRC-3 - Source-code - Public Source Code Repository Vendor Owned
• CTEM-SRC-4 - Source-code - Public Source Code Repository Unrelated 3rd Party
• CTEM-SRC-5 - Source-code - Public Source Code Repository Unrelated Company Comment Issue
• CTEM-EXP-1 - System-exposure - Directly Connected Internal System
• CTEM-EXP-2 - System-exposure - Remote Site Owned System Presumed Connected
• CTEM-EXP-3 - System-exposure - Corporate Internet Exposed Gateway Device
• CTEM-EXP-4 - System-exposure - Corporate Cloud Connected System
• CTEM-EXP-5 - System-exposure - Presumed Company System By Branding
• CTEM-EXP-6 - System-exposure - Contractor Or Vendor Managed System