Compliance audit answer

Audit

For a whole framework: every control, the ATT&CK techniques it defends, and whether you can detect them

This is the one-page answer to "are my controls actually backed by detection?". For each control in the framework it shows the ATT&CK techniques the control maps to, and marks each technique detectable when a real rule (Sigma, CAR, IDS, YARA, Falco) covers it, or a gap when nothing does. Honest by construction: control-to-technique links come only from the published mappings, and a technique counts as detectable only if a real rule maps to it. Controls with no ATT&CK mapping are shown as such, not hidden. Export the full matrix for your auditor below.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

CIS v8.1 has 62 controls loaded, but no published control-to-ATT&CK mapping has been ingested for this framework yet.
We do not fabricate mappings. The authoritative ATT&CK technique coverage we can show today is for NIST 800-53 (and CSA CCM, CRI Profile). For CIS v8.1, the controls below are real and searchable, but their threat-technique coverage is not yet available here - it will be added once the official NIST 800-53 crosswalk for this framework is ingested. Until then, pivot to NIST 800-53 for technique-level coverage.

CIS v8.1 controls

controls with ATT&CK mapping

distinct techniques defended

of those, detectable

overall detection coverage

Export matrix (CSV) Export (JSON) the artifact to hand an auditor

▤

Coverage by control family

18 families

Family	Controls	Coverage
1	3	0%
10	4	0%
11	5	0%
12	2	0%
13	3	0%
14	4	0%
15	2	0%
16	3	0%
17	4	0%
18	2	0%
2	4	0%
3	4	0%
4	3	0%
5	3	0%
6	4	0%
7	5	0%
8	4	0%
9	3	0%

▤

Control-by-control coverage

62 controls

NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 44 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default. show all controls including unmapped enhancements

CIS-1 Inventory and Control of Enterprise Assets no ATT&CK mapping

CIS-1.1 Establish and Maintain Detailed Enterprise Asset Inventory enhancement of CIS-1

CIS-1.2 Address Unauthorized Assets enhancement of CIS-1

CIS-10 Malware Defenses no ATT&CK mapping

CIS-10.1 Deploy and Maintain Anti-Malware Software enhancement of CIS-10

CIS-10.2 Configure Automatic Anti-Malware Signature Updates enhancement of CIS-10

CIS-10.7 Use Behavior-Based Anti-Malware Software enhancement of CIS-10

CIS-11 Data Recovery no ATT&CK mapping

CIS-11.1 Establish and Maintain a Data Recovery Process enhancement of CIS-11

CIS-11.2 Perform Automated Backups enhancement of CIS-11

CIS-11.3 Protect Recovery Data enhancement of CIS-11

CIS-11.4 Establish and Maintain an Isolated Instance of Recovery Data enhancement of CIS-11

CIS-12 Network Infrastructure Management no ATT&CK mapping

CIS-12.1 Ensure Network Infrastructure is Up-to-Date enhancement of CIS-12

CIS-13 Network Monitoring and Defense no ATT&CK mapping

CIS-13.1 Centralize Security Event Alerting enhancement of CIS-13

CIS-13.6 Collect Network Traffic Flow Logs enhancement of CIS-13

CIS-14 Security Awareness and Skills Training no ATT&CK mapping

CIS-14.1 Establish and Maintain a Security Awareness Program enhancement of CIS-14

CIS-14.2 Train Workforce Members to Recognize Social Engineering Attacks enhancement of CIS-14

CIS-14.3 Train Workforce Members on Authentication Best Practices enhancement of CIS-14

CIS-15 Service Provider Management no ATT&CK mapping

CIS-15.1 Establish and Maintain an Inventory of Service Providers enhancement of CIS-15

CIS-16 Application Software Security no ATT&CK mapping

CIS-16.1 Establish and Maintain a Secure Application Development Process enhancement of CIS-16

CIS-16.11 Leverage Vetted Modules or Services for Application Security Components enhancement of CIS-16

CIS-17 Incident Response Management no ATT&CK mapping

CIS-17.1 Designate Personnel to Manage Incident Handling enhancement of CIS-17

CIS-17.2 Establish and Maintain Contact Information for Reporting Security Incidents enhancement of CIS-17

CIS-17.3 Establish and Maintain an Enterprise Process for Reporting Incidents enhancement of CIS-17

CIS-18 Penetration Testing no ATT&CK mapping

CIS-18.1 Establish and Maintain a Penetration Testing Program enhancement of CIS-18

CIS-2 Inventory and Control of Software Assets no ATT&CK mapping

CIS-2.1 Establish and Maintain a Software Inventory enhancement of CIS-2

CIS-2.2 Ensure Authorized Software is Currently Supported enhancement of CIS-2

CIS-2.3 Address Unauthorized Software enhancement of CIS-2

CIS-3 Data Protection no ATT&CK mapping

CIS-3.1 Establish and Maintain a Data Management Process enhancement of CIS-3

CIS-3.3 Configure Data Access Control Lists enhancement of CIS-3

CIS-3.4 Enforce Data Retention enhancement of CIS-3

CIS-4 Secure Configuration of Enterprise Assets and Software no ATT&CK mapping

CIS-4.1 Establish and Maintain a Secure Configuration Process enhancement of CIS-4

CIS-4.7 Manage Default Accounts on Enterprise Assets and Software enhancement of CIS-4

CIS-5 Account Management no ATT&CK mapping

CIS-5.2 Use Unique Passwords enhancement of CIS-5

CIS-5.3 Disable Dormant Accounts enhancement of CIS-5

CIS-6 Access Control Management no ATT&CK mapping

CIS-6.3 Require MFA for Externally-Exposed Applications enhancement of CIS-6

CIS-6.4 Require MFA for Remote Network Access enhancement of CIS-6

CIS-6.5 Require MFA for Administrative Access enhancement of CIS-6

CIS-7 Continuous Vulnerability Management no ATT&CK mapping

CIS-7.1 Establish and Maintain a Vulnerability Management Process enhancement of CIS-7

CIS-7.3 Perform Automated Operating System Patch Management enhancement of CIS-7

CIS-7.4 Perform Automated Application Patch Management enhancement of CIS-7

CIS-7.7 Remediate Detected Vulnerabilities enhancement of CIS-7

CIS-8 Audit Log Management no ATT&CK mapping

CIS-8.11 Conduct Audit Log Reviews enhancement of CIS-8

CIS-8.2 Collect Audit Logs enhancement of CIS-8

CIS-8.5 Collect Detailed Audit Logs enhancement of CIS-8

CIS-9 Email and Web Browser Protections no ATT&CK mapping

CIS-9.3 Maintain and Enforce Network-Based URL Filters enhancement of CIS-9

CIS-9.6 Block Unnecessary File Types enhancement of CIS-9

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin

Family	Controls	Coverage
1	3	0%
10	4	0%
11	5	0%
12	2	0%
13	3	0%
14	4	0%
15	2	0%
16	3	0%
17	4	0%
18	2	0%
2	4	0%
3	4	0%
4	3	0%
5	3	0%
6	4	0%
7	5	0%
8	4	0%
9	3	0%

Family	Controls	Coverage
1	3	0%
10	4	0%
11	5	0%
12	2	0%
13	3	0%
14	4	0%
15	2	0%
16	3	0%
17	4	0%
18	2	0%
2	4	0%
3	4	0%
4	3	0%
5	3	0%
6	4	0%
7	5	0%
8	4	0%
9	3	0%

Family	Controls	Coverage
1	3	0%
10	4	0%
11	5	0%
12	2	0%
13	3	0%
14	4	0%
15	2	0%
16	3	0%
17	4	0%
18	2	0%
2	4	0%
3	4	0%
4	3	0%
5	3	0%
6	4	0%
7	5	0%
8	4	0%
9	3	0%