The TFA (Technology-Facilitated Abuse) Matrix is a structured framework for understanding and categorising tactics and techniques used in technology-facilitated interpersonal harm.
Developed by Not A Standard, the TFA Matrix applies threat intelligence methodologies — originally designed for cybersecurity — to map patterns of technology-enabled abuse, coercive control, and harassment.
The TFA Matrix currently covers 7 tactics and 74 techniques across the following tactical categories:
| ID | Tactic |
|---|---|
| TFA-TA-1000 | Surveillance & Tracking |
| TFA-TA-2000 | Account & Access Compromise |
| TFA-TA-3000 | Harassment & Intimidation |
| TFA-TA-4000 | Information Manipulation |
| TFA-TA-5000 | Isolation & Control |
| TFA-TA-6000 | Resource & Financial Control |
| TFA-TA-7000 | Physical Enablement |
The TFA Matrix content is published in STIX 2.1 format and can be found in data/tfa-bundle.json. This enables interoperability with existing threat intelligence platforms and tooling.
SAFE (Security Abuse Framework for Evidence) is a methodology developed by Not A Standard that applies structured threat intelligence analysis to interpersonal harm. The TFA Matrix is a core component of the SAFE framework.
If you’ve identified a technique or pattern that should be included in the TFA Matrix, please submit it via our form or open an issue on this repository.
This site is built on a customised version of the MITRE ATT&CK Website framework, adapted to serve TFA Matrix content. We gratefully acknowledge MITRE’s open-source contribution that made this possible.
Content © 2026 Not A Standard Pty Ltd. SAFE and TFA Matrix are trademarks of Not A Standard Pty Ltd.
The website framework is based on the MITRE ATT&CK Website, licensed under the Apache License 2.0. See LICENSE.txt for details.