Is someone checking your browsing? This website will appear in your browser history. If you're concerned someone may be monitoring your internet use, consider using a trusted friend's device, a library computer, or your browser's private/incognito mode. You can press Quick Exit or hit Escape at any time to leave this site quickly. Learn more about staying safe online
⚡ Quick Exit
  1. Home
  2. About
  3. Licensing

Data Licensing & Reuse

TFA Matrix STIX Data

The TFA Matrix dataset (tfa-attack.json) is released under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

This means you are free to:

  • Share — copy and redistribute the data in any medium or format
  • Adapt — remix, transform, and build upon the data

Under the following terms:

  • Attribution — You must give appropriate credit to Not A Standard Pty Ltd, provide a link to the licence, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests Not A Standard endorses you or your use.
  • NonCommercial — You may not use the material for commercial purposes.
  • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same licence as the original.

For commercial licensing enquiries, contact Not A Standard.

Suggested Citation

Not A Standard Pty Ltd. (2026). TFA Matrix: Technology-Facilitated Abuse ATT&CK Framework. Version 1.0. Available at: https://tfa.notastandard.org

Ethical Use Condition

While CC BY-NC-SA 4.0 permits non-commercial sharing and adaptation, use of this data is also subject to our Terms of Use, which prohibit using the data to develop tools or techniques that enable abuse. We rely on the good faith of the research and practitioner community to honour this expectation.

Website Code

The TFA Matrix website is built on a modified version of the MITRE ATT&CK website framework, which is licensed under the Apache License 2.0. Our modifications to the website code are similarly available under Apache 2.0 in our GitHub repository.

SAFE Methodology

The SAFE (Security Abuse Framework for Evidence) methodology, including its analytical framework, classification system, and scoring models, is proprietary to Not A Standard Pty Ltd. Researchers wishing to apply or reference the SAFE methodology should contact us to discuss collaboration.

API Access

There is currently no public API for the TFA Matrix. The STIX data file can be downloaded directly from the GitHub repository. If you have a use case that would benefit from API access, please get in touch.

Contact

For licensing queries, research collaboration, or data access requests: