Compliance audit answer · threatengine.sh

Home/Compliance/Audit answer

Audit

Compliance audit answer

For a whole framework: every control, the ATT&CK techniques it defends, and whether you can detect them

This is the one-page answer to "are my controls actually backed by detection?". For each control in the framework it shows the ATT&CK techniques the control maps to, and marks each technique detectable when a real rule (Sigma, CAR, IDS, YARA, Falco) covers it, or a gap when nothing does. Honest by construction: control-to-technique links come only from the published mappings, and a technique counts as detectable only if a real rule maps to it. Controls with no ATT&CK mapping are shown as such, not hidden. Export the full matrix for your auditor below.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

57

CSA CCM v4 controls

57

controls with ATT&CK mapping

213

distinct techniques defended

140

of those, detectable

65%

overall detection coverage

Export matrix (CSV) Export (JSON) the artifact to hand an auditor

▤

Coverage by control family

13 families

Family	Controls	Mapped	Techniques	Detectable	Coverage
AIS	6	6	42	31	73%
BCR	1	1	10	6	60%
CEK	1	1	14	11	78%
DCS	5	5	34	18	52%
DSP	6	6	56	45	80%
HRS	1	1	11	7	63%
I&S	6	6	65	53	81%
IAM	14	14	104	67	64%
IPY	2	2	24	19	79%
LOG	4	4	14	8	57%
STA	2	2	7	6	85%
TVM	3	3	15	12	80%
UEM	6	6	72	49	68%

▤

Control-by-control coverage

57 controls

AIS-02 Application Security Baseline Requirements 6/11 detectable

T1496.004 T1530 T1550.004 T1648 T1671 T1072 T1078.004 T1119 T1528 T1539 T1567

AIS-04 Secure Application Design and Development 10/11 detectable

T1606.001 T1059 T1078.004 T1190 T1195.001 T1212 T1528 T1550 T1550.001 T1552 T1552.005

AIS-05 Automated Application Security Testing 16/19 detectable

T1499.003 T1550.004 T1606.001 T1040 T1059 T1059.009 T1068 T1078.004 T1110 T1134 T1190 T1195.001 T1499.004 T1505.003 T1539 T1548 T1552 T1552.005 T1567

AIS-06 Automated Secure Application Deployment 9/15 detectable

T1535 T1556.009 T1578.005 T1648 T1666 T1671 T1068 T1072 T1190 T1195.001 T1496 T1525 T1546 T1578 T1610

AIS-07 Application Vulnerability Remediation 5/5 detectable

T1190 T1195.002 T1210 T1211 T1212

AIS-08 API Security 3/3 detectable

T1059 T1059.009 T1204

BCR-08 Backup 6/10 detectable

T1485.001 T1491 T1491.002 T1561 T1485 T1486 T1490 T1491.001 T1561.001 T1561.002

CEK-03 Data Encryption 11/14 detectable

T1020.001 T1530 T1669 T1119 T1213 T1550.001 T1552 T1552.004 T1557 T1557.002 T1565 T1565.001 T1565.002 T1649

DCS-09 Equipment Identification 2/4 detectable

T1219.003 T1599 T1200 T1599.001

DCS-15 Secure Utilities 4/8 detectable

T1496.002 T1498.001 T1498.002 T1499.002 T1489 T1496 T1498 T1529

DCS-18 Datacenter Operations Resilience 7/16 detectable

T1485.001 T1491 T1496.001 T1496.002 T1496.004 T1498.001 T1498.002 T1499.002 T1499.003 T1485 T1489 T1490 T1496 T1498 T1499 T1529

DSP-02 Secure Disposal 1/2 detectable

T1052 T1091

DSP-04 Data Classification 8/13 detectable

T1025 T1048.002 T1052 T1052.001 T1567.004 T1005 T1020 T1041 T1048 T1048.003 T1119 T1537 T1567

DSP-07 Data Protection by Design and Default 9/9 detectable

T1078 T1195 T1195.001 T1212 T1550 T1550.001 T1559 T1574 T1574.001

DSP-08 Data Privacy by Design and Default 7/10 detectable

T1114.002 T1530 T1550.004 T1114 T1114.001 T1114.003 T1213 T1565 T1565.001 T1565.002

DSP-10 Sensitive Data Transfer 11/16 detectable

T1020.001 T1114.002 T1530 T1565.003 T1669 T1020 T1040 T1048 T1114 T1114.001 T1114.003 T1119 T1537 T1550.001 T1565 T1565.002

DSP-15 Limitation of Production Data Use 15/17 detectable

T1048.002 T1530 T1048 T1048.001 T1048.003 T1072 T1098 T1098.001 T1133 T1199 T1210 T1552.007 T1565 T1565.001 T1565.002 T1586.003 T1610

DSP-16 Data Retention and Deletion 6/9 detectable

T1485.001 T1491 T1491.002 T1070 T1485 T1486 T1490 T1491.001 T1565

DSP-17 Sensitive Data Protection 14/16 detectable

T1530 T1555.006 T1048 T1059.009 T1098.001 T1098.003 T1119 T1190 T1213 T1528 T1537 T1550.001 T1552 T1552.005 T1567 T1609

HRS-03 Clean Desk Policy and Procedures 7/11 detectable

T1052 T1052.001 T1530 T1556.007 T1098 T1098.001 T1098.003 T1113 T1485 T1556 T1556.006

I&S-03 Network Security 22/31 detectable

I&S-04 OS Hardening and Base Controls 12/13 detectable

T1080 T1059 T1059.009 T1087 T1098 T1136 T1204 T1490 T1548 T1552 T1556 T1562 T1562.001

I&S-05 Production and Non-Production Environments 4/4 detectable

T1078 T1195 T1550 T1550.001

I&S-06 Segmentation and Segregation 25/29 detectable

I&S-07 Migration to Cloud Environments 11/13 detectable

T1020.001 T1530 T1119 T1213 T1550.001 T1552 T1552.004 T1557 T1557.002 T1565 T1565.001 T1565.002 T1649

I&S-09 Network Defense 31/40 detectable

IAM-02 Strong Password Policy and Procedures 12/16 detectable

T1110.003 T1110.004 T1555.006 T1556.007 T1078.004 T1098 T1098.001 T1098.003 T1110 T1110.001 T1110.002 T1136.003 T1199 T1556 T1556.006 T1621

IAM-03 Identity Inventory 3/4 detectable

T1556.007 T1098.001 T1136 T1136.003

IAM-04 Separation of Duties 2/4 detectable

T1098.006 T1548.005 T1098.003 T1548

IAM-05 Least Privilege 16/28 detectable

IAM-06 User Access Provisioning 16/24 detectable

T1021.008 T1213.001 T1213.002 T1213.004 T1530 T1538 T1548.005 T1648 T1021 T1021.001 T1021.004 T1072 T1098 T1098.003 T1098.004 T1213 T1484 T1484.001 T1484.002 T1505 T1548 T1555 T1555.005 T1578

IAM-07 User Access Changes and Revocation 10/17 detectable

T1021.008 T1213.001 T1213.002 T1530 T1538 T1548.005 T1648 T1021 T1021.001 T1021.004 T1078 T1078.004 T1098 T1098.003 T1213 T1555 T1555.005

IAM-08 User Access Review 4/5 detectable

T1530 T1528 T1550.001 T1552.004 T1606

IAM-09 Segregation of Privileged Access Roles 12/15 detectable

T1555.006 T1556.007 T1556.009 T1021.007 T1078.003 T1078.004 T1098 T1098.001 T1098.003 T1484 T1484.002 T1543 T1546 T1548 T1606

IAM-10 Management of Privileged Access Roles 12/15 detectable

T1555.006 T1556.007 T1556.009 T1021.007 T1078.003 T1078.004 T1098 T1098.001 T1098.003 T1484 T1484.002 T1543 T1546 T1548 T1606

IAM-11 CSCs Approval for Agreed Privileged Access Roles 11/14 detectable

T1555.006 T1556.007 T1556.009 T1021.007 T1078.003 T1078.004 T1098 T1098.001 T1098.003 T1484 T1484.002 T1543 T1546 T1606

IAM-13 Uniquely Identifiable Users 8/11 detectable

T1036.010 T1556.007 T1585.003 T1036 T1078.004 T1087.004 T1098 T1098.001 T1098.003 T1564.002 T1586.003

IAM-14 Strong Authentication 16/19 detectable

T1098.006 T1530 T1556.007 T1021 T1021.007 T1072 T1078 T1078.002 T1078.003 T1078.004 T1098 T1098.001 T1098.003 T1098.005 T1133 T1136 T1213 T1539 T1556

IAM-15 Passwords Management 13/15 detectable

T1110.003 T1555.006 T1078 T1078.003 T1078.004 T1110 T1110.001 T1110.002 T1550 T1552 T1552.001 T1552.005 T1555 T1555.003 T1555.005

IAM-16 Authorization Mechanisms 36/62 detectable

IPY-02 Application Interface Availability 9/12 detectable

T1538 T1651 T1671 T1021.007 T1059 T1059.009 T1071.001 T1072 T1098.004 T1199 T1552.005 T1552.007

IPY-03 Secure Interoperability and Portability Management 13/16 detectable

T1530 T1651 T1659 T1021 T1021.007 T1119 T1133 T1190 T1213 T1537 T1552 T1552.004 T1552.005 T1552.007 T1567 T1610

LOG-02 Audit Logs Protection 5/11 detectable

T1070.002 T1070.007 T1070.009 T1562.007 T1562.008 T1562.012 T1070 T1070.001 T1562 T1562.001 T1562.002

LOG-04 Audit Logs Access and Accountability 5/8 detectable

T1070.002 T1562.008 T1562.012 T1070 T1070.001 T1562 T1562.001 T1562.002

LOG-08 Audit Logs Sanitization 3/3 detectable

T1213 T1528 T1552

LOG-10 Audit Records Protection 5/11 detectable

T1070.002 T1070.007 T1070.009 T1562.007 T1562.008 T1562.012 T1070 T1070.001 T1562 T1562.001 T1562.002

STA-10 Supply Chain Risk Management 6/7 detectable

T1176 T1190 T1195 T1195.001 T1195.002 T1210 T1525

STA-16 Supply Chain Data Security Assessment 3/4 detectable

T1176 T1195 T1195.001 T1195.002

TVM-05 Detection Updates 4/5 detectable

T1656 T1068 T1210 T1211 T1212

TVM-06 External Library Vulnerabilities 7/9 detectable

T1176 T1204.003 T1190 T1195 T1195.001 T1195.002 T1525 T1574 T1574.001

TVM-07 Penetration Testing 4/4 detectable

T1190 T1211 T1212 T1499.004

UEM-05 Endpoint Management 15/21 detectable

T1080 T1213.004 T1535 T1550.004 T1606.001 T1666 T1059 T1059.009 T1087 T1098 T1136 T1204 T1211 T1213 T1490 T1537 T1548 T1552 T1562 T1562.001 T1606

UEM-08 Storage Encryption 8/9 detectable

T1530 T1119 T1213 T1550.001 T1552 T1552.004 T1565 T1565.001 T1649

UEM-09 Anti-Malware Detection and Prevention 11/14 detectable

T1025 T1080 T1092 T1027 T1036 T1059 T1059.001 T1059.005 T1059.006 T1091 T1204 T1221 T1543 T1564

UEM-10 Software Firewall 14/23 detectable

T1070.007 T1071.005 T1205.002 T1498.001 T1498.002 T1499.002 T1499.003 T1562.004 T1562.007 T1070 T1071 T1090 T1090.003 T1095 T1205 T1205.001 T1219 T1219.002 T1498 T1499 T1562 T1572 T1590.002

UEM-11 Data Loss Prevention 8/13 detectable

T1025 T1048.002 T1052 T1052.001 T1567.004 T1005 T1020 T1041 T1048 T1048.003 T1119 T1537 T1567

UEM-14 Third-Party Endpoint Security Posture 15/22 detectable

T1080 T1204.003 T1213.004 T1535 T1550.004 T1606.001 T1666 T1059 T1059.009 T1087 T1098 T1136 T1204 T1211 T1213 T1490 T1537 T1548 T1552 T1562 T1562.001 T1606

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin