NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 74 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default.
A.5.1
Policies for information security
enhancement of A
A.5.10
Acceptable use of information and other associated assets
enhancement of A
A.5.11
Return of assets
enhancement of A
A.5.12
Classification of information
enhancement of A
A.5.13
Labelling of information
enhancement of A
A.5.14
Information transfer
46/64 detectable
A.5.15
Access control
enhancement of A
A.5.16
Identity management
4/4 detectable
A.5.17
Authentication information
enhancement of A
A.5.18
Access rights
4/4 detectable
A.5.19
Information security in supplier relationships
enhancement of A
A.5.2
Information security roles and responsibilities
enhancement of A
A.5.20
Addressing information security within supplier agreements
enhancement of A
A.5.21
Managing information security in the ICT supply chain
enhancement of A
A.5.22
Monitoring, review and change management of supplier services
enhancement of A
A.5.23
Information security for use of cloud services
enhancement of A
A.5.24
Information security incident management planning and preparation
enhancement of A
A.5.25
Assessment and decision on information security events
enhancement of A
A.5.26
Response to information security incidents
enhancement of A
A.5.27
Learning from information security incidents
enhancement of A
A.5.28
Collection of evidence
enhancement of A
A.5.29
Information security during disruption
enhancement of A
A.5.3
Segregation of duties
enhancement of A
A.5.30
ICT readiness for business continuity
enhancement of A
A.5.31
Legal, statutory, regulatory and contractual requirements
enhancement of A
A.5.32
Intellectual property rights
enhancement of A
A.5.33
Protection of records
20/34 detectable
A.5.34
Privacy and protection of PII
enhancement of A
A.5.35
Independent review of information security
enhancement of A
A.5.36
Compliance with policies, rules and standards for information security
enhancement of A
A.5.37
Documented operating procedures
enhancement of A
A.5.4
Management responsibilities
enhancement of A
A.5.5
Contact with authorities
enhancement of A
A.5.6
Contact with special interest groups
enhancement of A
A.5.7
Threat intelligence
8/8 detectable
A.5.8
Information security in project management
enhancement of A
A.5.9
Inventory of information and other associated assets
enhancement of A
A.6.1
Screening
enhancement of A
A.6.2
Terms and conditions of employment
enhancement of A
A.6.3
Information security awareness, education and training
enhancement of A
A.6.4
Disciplinary process
enhancement of A
A.6.5
Responsibilities after termination or change of employment
enhancement of A
A.6.6
Confidentiality or non-disclosure agreements
enhancement of A
A.6.7
Remote working
82/118 detectable
A.6.8
Information security event reporting
enhancement of A
A.7.1
Physical security perimeters
enhancement of A
A.7.10
Storage media
enhancement of A
A.7.11
Supporting utilities
enhancement of A
A.7.12
Cabling security
enhancement of A
A.7.13
Equipment maintenance
enhancement of A
A.7.14
Secure disposal or re-use of equipment
20/34 detectable
A.7.2
Physical entry
enhancement of A
A.7.3
Securing offices, rooms and facilities
enhancement of A
A.7.4
Physical security monitoring
enhancement of A
A.7.5
Protecting against physical and environmental threats
enhancement of A
A.7.6
Working in secure areas
enhancement of A
A.7.7
Clear desk and clear screen
enhancement of A
A.7.8
Equipment siting and protection
enhancement of A
A.7.9
Security of assets off-premises
enhancement of A
A.8.1
User endpoint devices
26/42 detectable
A.8.10
Information deletion
enhancement of A
A.8.11
Data masking
26/42 detectable
A.8.12
Data leakage prevention
20/34 detectable
A.8.13
Information backup
enhancement of A
A.8.14
Redundancy of information processing facilities
8/12 detectable
A.8.15
Logging
enhancement of A
A.8.16
Monitoring activities
enhancement of A
A.8.17
Clock synchronisation
enhancement of A
A.8.18
Use of privileged utility programs
enhancement of A
A.8.19
Installation of software on operational systems
28/33 detectable
A.8.2
Privileged access rights
enhancement of A
A.8.20
Networks security
enhancement of A
A.8.21
Security of network services
enhancement of A
A.8.22
Segregation of networks
1/1 detectable
A.8.23
Web filtering
enhancement of A
A.8.24
Use of cryptography
29/50 detectable
A.8.25
Secure development life cycle
enhancement of A
A.8.26
Application security requirements
21/34 detectable
A.8.27
Secure system architecture and engineering principles
21/34 detectable
A.8.28
Secure coding
21/34 detectable
A.8.29
Security testing in development and acceptance
21/34 detectable
A.8.3
Information access restriction
enhancement of A
A.8.30
Outsourced development
enhancement of A
A.8.31
Separation of development, test and production environments
enhancement of A
A.8.32
Change management
15/27 detectable
A.8.33
Test information
enhancement of A
A.8.34
Protection of information systems during audit testing
enhancement of A
A.8.4
Access to source code
enhancement of A
A.8.5
Secure authentication
enhancement of A
A.8.6
Capacity management
enhancement of A
A.8.7
Protection against malware
enhancement of A
A.8.8
Management of technical vulnerabilities
enhancement of A
A.8.9
Configuration management
enhancement of A