Home/Compliance/Audit answer
Audit

Compliance audit answer

For a whole framework: every control, the ATT&CK techniques it defends, and whether you can detect them
This is the one-page answer to "are my controls actually backed by detection?". For each control in the framework it shows the ATT&CK techniques the control maps to, and marks each technique detectable when a real rule (Sigma, CAR, IDS, YARA, Falco) covers it, or a gap when nothing does. Honest by construction: control-to-technique links come only from the published mappings, and a technique counts as detectable only if a real rule maps to it. Controls with no ATT&CK mapping are shown as such, not hidden. Export the full matrix for your auditor below.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
75
PCI-DSS v4.0 controls
17
controls with ATT&CK mapping
142
distinct techniques defended
92
of those, detectable
64%
overall detection coverage
Export matrix (CSV) Export (JSON) the artifact to hand an auditor

Coverage by control family

12 families
FamilyControlsMappedTechniquesDetectableCoverage
Access Control 4 0 0 0 0%
Account Data Protection 8 8 51 30 58%
Audit Logging 8 0 0 0 0%
Cryptography in Transit 3 2 16 10 62%
Identity & Authentication 7 1 4 4 100%
Malware Protection 5 0 0 0 0%
Network Security 6 2 82 56 68%
Physical Security 6 0 0 0 0%
Secure Configurations 4 0 0 0 0%
Secure Development 6 4 36 22 61%
Security Policy 11 0 0 0 0%
Security Testing 7 0 0 0 0%

Control-by-control coverage

75 controls
NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 50 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default.
7 Restrict Access to System Components and Cardholder Data by Business Need to Know no ATT&CK mapping
7.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood enhancement of 7
7.2 Access to system components and data is appropriately defined and assigned enhancement of 7
7.3 Access to system components and data is managed via an access control system(s) enhancement of 7
3 Protect Stored Account Data 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.1 Processes and mechanisms for protecting stored account data are defined and understood 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.2 Storage of account data is kept to a minimum 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.3 Sensitive authentication data (SAD) is not stored after authorization 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.4 Access to displays of full PAN and ability to copy cardholder data are restricted 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.5 Primary account number (PAN) is secured wherever it is stored 26/42 detectable
T1003.007T1003.008T1025T1048.002T1052T1052.001T1213.001T1213.002T1213.004T1213.005T1530T1565.003T1599T1602T1602.001T1602.002T1003T1003.001T1003.002T1003.003T1003.004T1003.005T1003.006T1005T1041T1048T1048.003T1078T1078.001T1078.003T1078.004T1213T1550.001T1552T1552.001T1552.002T1552.003T1552.004T1565T1565.001T1567T1599.001
3.6 Cryptographic keys used to protect stored account data are secured 10/16 detectable
T1025T1521.003T1557.004T1563.001T1573.001T1573.002T1005T1041T1048.003T1072T1098.004T1552T1552.001T1552.002T1552.004T1573
3.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented 11/17 detectable
T1025T1521.003T1557.004T1563.001T1573.001T1573.002T1005T1041T1048.003T1072T1098.004T1552T1552.001T1552.002T1552.004T1573T1606
10 Log and Monitor All Access to System Components and Cardholder Data no ATT&CK mapping
10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented enhancement of 10
10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events enhancement of 10
10.3 Audit logs are protected from destruction and unauthorized modifications enhancement of 10
10.4 Audit logs are reviewed to identify anomalies or suspicious activity enhancement of 10
10.5 Retain audit log history for at least 12 months enhancement of 10
10.6 Time-synchronization mechanisms support consistent time settings across all systems enhancement of 10
10.7 Failures of critical security controls are detected, reported, and responded to promptly enhancement of 10
4 Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks 10/16 detectable
T1025T1521.003T1557.004T1563.001T1573.001T1573.002T1005T1041T1048.003T1072T1098.004T1552T1552.001T1552.002T1552.004T1573
4.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented enhancement of 4
4.2 PAN is protected with strong cryptography during transmission 7/11 detectable
T1521.003T1563.001T1573.001T1573.002T1072T1098.004T1552T1552.001T1552.002T1552.004T1573
8 Identify Users and Authenticate Access to System Components no ATT&CK mapping
8.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood enhancement of 8
8.2 User identification and related accounts for users and administrators are strictly managed throughout an account's lifecycle 4/4 detectable
T1078T1078.002T1078.003T1078.004
8.3 User authentication for users and administrators is established and managed enhancement of 8
8.4 Multi-factor authentication (MFA) is implemented to secure access into the CDE enhancement of 8
8.5 Multi-factor authentication (MFA) systems are configured to prevent misuse enhancement of 8
8.6 Use of application and system accounts and associated authentication factors is strictly managed enhancement of 8
5 Protect All Systems and Networks from Malicious Software no ATT&CK mapping
5.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood enhancement of 5
5.2 Malicious software (malware) is prevented, or detected and addressed enhancement of 5
5.3 Anti-malware mechanisms and processes are active, maintained, and monitored enhancement of 5
5.4 Anti-phishing mechanisms protect users against phishing attacks enhancement of 5
1 Install and Maintain Network Security Controls 1/1 detectable
T1590.002
1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood enhancement of 1
1.2 Network security controls (NSCs) are configured and maintained enhancement of 1
1.3 Network access to and from the cardholder data environment is restricted 55/81 detectable
T1020.001T1021.008T1059.008T1070.002T1070.008T1114.002T1127.002T1213.001T1213.002T1213.005T1530T1547.012T1547.013T1558.002T1558.004T1563T1563.001T1567.003T1567.004T1602T1602.001T1602.002T1612T1647T1651T1659T1021T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1037T1037.001T1040T1047T1059T1059.001T1059.002T1059.003T1059.004T1059.005T1059.006T1059.007T1070T1070.001T1114T1114.001T1114.003T1119T1133T1137T1137.002T1213T1219T1505.004T1505.005T1537T1543T1547.003T1547.004T1547.009T1550.001T1552T1552.002T1552.004T1552.005T1552.007T1557T1557.002T1558T1558.003T1563.002T1565T1565.001T1565.002T1609T1610T1613T1619
1.4 Network connections between trusted and untrusted networks are controlled enhancement of 1
1.5 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated enhancement of 1
9 Restrict Physical Access to Cardholder Data no ATT&CK mapping
9.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood enhancement of 9
9.2 Physical access controls manage entry into facilities and systems containing cardholder data enhancement of 9
9.3 Physical access for personnel and visitors is authorized and managed enhancement of 9
9.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed enhancement of 9
9.5 Point of interaction (POI) devices are protected from tampering and unauthorized substitution enhancement of 9
2 Apply Secure Configurations to All System Components no ATT&CK mapping
2.1 Processes and mechanisms for applying secure configurations are defined and understood enhancement of 2
2.2 System components are configured and managed securely enhancement of 2
2.3 Wireless environments are configured and managed securely enhancement of 2
6 Develop and Maintain Secure Systems and Software 21/34 detectable
T1195.003T1542T1542.004T1542.005T1553.006T1558.004T1559.003T1574.002T1601T1601.001T1601.002T1612T1647T1078T1078.001T1078.003T1078.004T1134.005T1195.001T1213.003T1495T1505T1505.001T1505.002T1505.004T1528T1542.001T1542.003T1552T1552.001T1552.002T1552.004T1552.006T1553
6.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood enhancement of 6
6.2 Bespoke and custom software are developed securely 21/34 detectable
T1195.003T1542T1542.004T1542.005T1553.006T1558.004T1559.003T1574.002T1601T1601.001T1601.002T1612T1647T1078T1078.001T1078.003T1078.004T1134.005T1195.001T1213.003T1495T1505T1505.001T1505.002T1505.004T1528T1542.001T1542.003T1552T1552.001T1552.002T1552.004T1552.006T1553
6.3 Security vulnerabilities are identified and addressed enhancement of 6
6.4 Public-facing web applications are protected against attacks 21/34 detectable
T1195.003T1542T1542.004T1542.005T1553.006T1558.004T1559.003T1574.002T1601T1601.001T1601.002T1612T1647T1078T1078.001T1078.003T1078.004T1134.005T1195.001T1213.003T1495T1505T1505.001T1505.002T1505.004T1528T1542.001T1542.003T1552T1552.001T1552.002T1552.004T1552.006T1553
6.5 Changes to all system components are managed securely 15/27 detectable
T1195.003T1542T1542.004T1542.005T1553.006T1559.003T1564.009T1574.002T1601T1601.001T1601.002T1647T1072T1078T1078.001T1078.003T1078.004T1195.001T1213.003T1495T1505T1505.001T1505.002T1505.004T1542.001T1542.003T1553
12 Support Information Security with Organizational Policies and Programs no ATT&CK mapping
12.1 A comprehensive information security policy that governs and provides direction for protection of the entity's information assets is known and current enhancement of 12
12.10 Suspected and confirmed security incidents that could impact the CDE are responded to immediately enhancement of 12
12.2 Acceptable use policies for end-user technologies are defined and implemented enhancement of 12
12.3 Risks to the cardholder data environment are formally identified, evaluated, and managed enhancement of 12
12.4 PCI DSS compliance is managed throughout the year enhancement of 12
12.5 PCI DSS scope is documented and validated enhancement of 12
12.6 Security awareness education is an ongoing activity enhancement of 12
12.7 Personnel are screened to reduce risks from insider threats enhancement of 12
12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed enhancement of 12
12.9 Third-party service providers (TPSPs) support their customers' PCI DSS compliance enhancement of 12
11 Test Security of Systems and Networks Regularly no ATT&CK mapping
11.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood enhancement of 11
11.2 Wireless access points are identified and monitored enhancement of 11
11.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed enhancement of 11
11.4 External and internal penetration testing is regularly performed enhancement of 11
11.5 Network intrusions and unexpected file changes are detected and responded to enhancement of 11
11.6 Unauthorized changes on payment pages are detected and responded to enhancement of 11
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin