NIST 800-53 ATT&CK mappings are published at the base-control level (e.g. AC-18), so the 40 sub-control enhancements (AC-18.1, AC-18.2, …) carry no direct technique mapping - their coverage is inherited from the base control. They are hidden by default.
A1.1
Maintains, monitors, and evaluates current processing capacity and use of system components
enhancement of A1
A1.2
Develops, documents, and maintains environmental protections, software, data backup processes
enhancement of A1
A1.3
Recovers and restores the system after disruption to meet commitments
8/12 detectable
CC1.1
COSO Principle 1: Demonstrates commitment to integrity and ethical values
enhancement of CC1
CC1.2
COSO Principle 2: Exercises oversight responsibility
enhancement of CC1
CC1.3
COSO Principle 3: Establishes structure, authority, and responsibility
enhancement of CC1
CC1.4
COSO Principle 4: Demonstrates commitment to competence
enhancement of CC1
CC1.5
COSO Principle 5: Enforces accountability
enhancement of CC1
CC2.1
COSO Principle 13: Uses relevant information
enhancement of CC2
CC2.2
COSO Principle 14: Communicates internally
enhancement of CC2
CC2.3
COSO Principle 15: Communicates externally
enhancement of CC2
CC3.1
COSO Principle 6: Specifies suitable objectives
enhancement of CC3
CC3.2
COSO Principle 7: Identifies and analyzes risk
enhancement of CC3
CC3.3
COSO Principle 8: Assesses fraud risk
enhancement of CC3
CC3.4
COSO Principle 9: Identifies and analyzes significant change
enhancement of CC3
CC4.1
COSO Principle 16: Conducts ongoing and/or separate evaluations
enhancement of CC4
CC4.2
COSO Principle 17: Evaluates and communicates deficiencies
enhancement of CC4
CC5.1
COSO Principle 10: Selects and develops control activities
enhancement of CC5
CC5.2
COSO Principle 11: Selects and develops general controls over technology
enhancement of CC5
CC5.3
COSO Principle 12: Deploys through policies and procedures
enhancement of CC5
CC6.1
Implements logical access security measures to authorized users
55/81 detectable
CC6.2
Prior to issuing credentials and granting access, registers and authorizes new users
59/85 detectable
CC6.3
Removes access to protected information when appropriate
4/4 detectable
CC6.4
Restricts access to protected information using physical security controls
82/118 detectable
CC6.5
Authenticates entities and authorizes their access to protected information assets
enhancement of CC6
CC6.6
Implements controls to prevent or detect and act upon introduction of unauthorized or malicious software
enhancement of CC6
CC6.7
Restricts the transmission, movement, and removal of information
enhancement of CC6
CC6.8
Implements controls to prevent or detect and act upon unauthorized physical access
enhancement of CC6
CC7.1
Detects and monitors for new vulnerabilities
enhancement of CC7
CC7.2
Monitors system components for anomalous behavior
enhancement of CC7
CC7.3
Evaluates security events to determine whether they could or have resulted in failure
enhancement of CC7
CC7.4
Responds to identified security incidents per incident response program
enhancement of CC7
CC7.5
Identifies, develops, and implements activities to recover from identified security incidents
8/12 detectable
CC8.1
Authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes
15/27 detectable
CC9.1
Identifies, selects, and develops risk mitigation activities
enhancement of CC9
CC9.2
Assesses and manages risks associated with vendors and business partners
enhancement of CC9
C1.1
Identifies and maintains confidential information to meet objectives related to confidentiality
26/42 detectable
C1.2
Disposes of confidential information to meet objectives related to confidentiality
39/64 detectable
P1.1
Provides notice to data subjects about its privacy practices
enhancement of P1
P2.1
Communicates choices available to data subjects and obtains implicit or explicit consent
enhancement of P2
P3.1
Collects personal information consistent with the entity's objectives
enhancement of P3
P3.2
Collects personal information using methods consistent with commitments to data subjects
20/34 detectable
P4.1
Limits the use of personal information to the purposes identified in the notice
enhancement of P4
P4.2
Retains personal information consistent with entity's privacy commitments
20/34 detectable
P4.3
Disposes of personal information consistent with entity's privacy commitments
20/34 detectable
P5.1
Grants data subjects the ability to access their personal information
4/4 detectable
P5.2
Corrects or amends personal information upon request
78/101 detectable
P6.1
Discloses personal information to third parties with the implicit or explicit consent of data subjects
enhancement of P6
P6.2
Creates and retains a complete, accurate, and timely record of authorized disclosures
enhancement of P6
P6.3
Creates and retains a complete, accurate, and timely record of detected or reported unauthorized disclosures
enhancement of P6
P7.1
Collects and maintains accurate, up-to-date, complete, and relevant personal information
78/101 detectable
P8.1
Provides data subjects with an accounting of personal information held and corrects errors
4/4 detectable
PI1.1
Obtains or generates, uses, and communicates relevant, quality information
enhancement of PI1
PI1.2
Implements policies and procedures over system inputs, including controls over completeness and accuracy
78/101 detectable
PI1.3
Implements policies and procedures over system processing
enhancement of PI1
PI1.4
Implements policies and procedures to make available or deliver output completely, accurately, and timely
enhancement of PI1
PI1.5
Implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely
enhancement of PI1