Home/Compliance
nist-800-53

NIST 800-53. Security Controls

34 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

34 shown of 34
AC-04
Information Flow Enforcement
family AC framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1001 · Data Obfuscation× T1001.001 · Junk Data× T1001.002 · Steganography T1001.003 · Protocol or Service Impersonation T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1003.005 · Cached Domain Credentials T1003.006 · DCSync T1008 · Fallback Channels× T1020.001 · Traffic Duplication T1021.001 · Remote Desktop Protocol T1021.002 · SMB/Windows Admin Shares T1021.003 · Distributed Component Object Model T1021.005 · VNC T1021.006 · Windows Remote Management T1029 · Scheduled Transfer T1030 · Data Transfer Size Limits T1041 · Exfiltration Over C2 Channel T1046 · Network Service Discovery T1048 · Exfiltration Over Alternative Protocol T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol× T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol T1068 · Exploitation for Privilege Escalation× T1070.008 · Clear Mailbox Data T1071 · Application Layer Protocol T1071.001 · Web Protocols× T1071.002 · File Transfer Protocols× T1071.003 · Mail Protocols T1071.004 · DNS× T1071.005 · Publish/Subscribe Protocols T1072 · Software Deployment Tools T1090 · Proxy T1090.001 · Internal Proxy T1090.002 · External Proxy T1090.003 · Multi-hop Proxy T1095 · Non-Application Layer Protocol T1098 · Account Manipulation T1098.001 · Additional Cloud Credentials× T1098.007 · Additional Local or Domain Groups
AC-4
Information Flow Enforcement
Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}.
family AC framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.8.12 ↗iso-27001-2022: A.8.23 ↗
AC-4.1
Object Security and Privacy Attributes
Use {{ insert: param, ac-4.1_prm_1 }} associated with {{ insert: param, ac-4.1_prm_2 }} to enforce {{ insert: param, ac-04.01_odp.09 }} as a basis for flow control decisions.
family AC framework nist-800-53
AC-4.10
Enable and Disable Security or Privacy Policy Filters
Provide the capability for privileged administrators to enable and disable {{ insert: param, ac-4.10_prm_1 }} under the following conditions: {{ insert: param, ac-4.10_prm_2 }}.
family AC framework nist-800-53
AC-4.11
Configuration of Security or Privacy Policy Filters
Provide the capability for privileged administrators to configure {{ insert: param, ac-4.11_prm_1 }} to support different security or privacy policies.
family AC framework nist-800-53
AC-4.12
Data Type Identifiers
When transferring information between different security domains, use {{ insert: param, ac-04.12_odp }} to validate data essential for information flow decisions.
family AC framework nist-800-53
AC-4.13
Decomposition into Policy-relevant Subcomponents
When transferring information between different security domains, decompose information into {{ insert: param, ac-04.13_odp }} for submission to policy enforcement mechanisms.
family AC framework nist-800-53
AC-4.14
Security or Privacy Policy Filter Constraints
When transferring information between different security domains, implement {{ insert: param, ac-4.14_prm_1 }} requiring fully enumerated formats that restrict data structure and content.
family AC framework nist-800-53
AC-4.15
Detection of Unsanctioned Information
When transferring information between different security domains, examine the information for the presence of {{ insert: param, ac-04.15_odp.01 }} and prohibit the transfer of such information in accordance with the {{ insert: param, ac-4.15_prm_2 }}.
family AC framework nist-800-53
AC-4.16
Information Transfers on Interconnected Systems
family AC framework nist-800-53
AC-4.17
Domain Authentication
Uniquely identify and authenticate source and destination points by {{ insert: param, ac-04.17_odp }} for information transfer.
family AC framework nist-800-53
AC-4.18
Security Attribute Binding
family AC framework nist-800-53
AC-4.19
Validation of Metadata
When transferring information between different security domains, implement {{ insert: param, ac-4.19_prm_1 }} on metadata.
family AC framework nist-800-53
AC-4.2
Processing Domains
Use protected processing domains to enforce {{ insert: param, ac-04.02_odp }} as a basis for flow control decisions.
family AC framework nist-800-53
AC-4.20
Approved Solutions
Employ {{ insert: param, ac-04.20_odp.01 }} to control the flow of {{ insert: param, ac-04.20_odp.02 }} across security domains.
family AC framework nist-800-53
AC-4.21
Physical or Logical Separation of Information Flows
Separate information flows logically or physically using {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert: param, ac-04.21_odp.03 }}.
family AC framework nist-800-53
AC-4.22
Access Only
Provide access from a single device to computing platforms, applications, or data residing in multiple different security domains, while preventing information flow between the different security domains.
family AC framework nist-800-53
AC-4.23
Modify Non-releasable Information
When transferring information between different security domains, modify non-releasable information by implementing {{ insert: param, ac-04.23_odp }}.
family AC framework nist-800-53
AC-4.24
Internal Normalized Format
When transferring information between different security domains, parse incoming data into an internal normalized format and regenerate the data to be consistent with its intended specification.
family AC framework nist-800-53
AC-4.25
Data Sanitization
When transferring information between different security domains, sanitize data to minimize {{ insert: param, ac-04.25_odp.01 }} in accordance with {{ insert: param, ac-04.25_odp.02 }}.
family AC framework nist-800-53
AC-4.26
Audit Filtering Actions
When transferring information between different security domains, record and audit content filtering actions and results for the information being filtered.
family AC framework nist-800-53
AC-4.27
Redundant/Independent Filtering Mechanisms
When transferring information between different security domains, implement content filtering solutions that provide redundant and independent filtering mechanisms for each data type.
family AC framework nist-800-53
AC-4.28
Linear Filter Pipelines
When transferring information between different security domains, implement a linear content filter pipeline that is enforced with discretionary and mandatory access controls.
family AC framework nist-800-53
AC-4.29
Filter Orchestration Engines
When transferring information between different security domains, employ content filter orchestration engines to ensure that: Content filtering mechanisms successfully complete execution without errors; and Content filtering actions occur in the correct order and comply with {{ insert: param, ac-04.29_odp }}.
family AC framework nist-800-53
AC-4.3
Dynamic Information Flow Control
Enforce {{ insert: param, ac-04.03_odp }}.
family AC framework nist-800-53
AC-4.30
Filter Mechanisms Using Multiple Processes
When transferring information between different security domains, implement content filtering mechanisms using multiple processes.
family AC framework nist-800-53
AC-4.31
Failed Content Transfer Prevention
When transferring information between different security domains, prevent the transfer of failed content to the receiving domain.
family AC framework nist-800-53
AC-4.32
Process Requirements for Information Transfer
When transferring information between different security domains, the process that transfers information between filter pipelines: Does not filter message content; Validates filtering metadata; Ensures the content associated with the filtering metadata has successfully completed filtering; and Transfers the content to the destination filter pipeline.
family AC framework nist-800-53
AC-4.4
Flow Control of Encrypted Information
Prevent encrypted information from bypassing {{ insert: param, ac-04.04_odp.01 }} by {{ insert: param, ac-04.04_odp.02 }}.
family AC framework nist-800-53
AC-4.5
Embedded Data Types
Enforce {{ insert: param, ac-04.05_odp }} on embedding data types within other data types.
family AC framework nist-800-53
AC-4.6
Metadata
Enforce information flow control based on {{ insert: param, ac-04.06_odp }}.
family AC framework nist-800-53
AC-4.7
One-way Flow Mechanisms
Enforce one-way information flows through hardware-based flow control mechanisms.
family AC framework nist-800-53
AC-4.8
Security and Privacy Policy Filters
Enforce information flow control using {{ insert: param, ac-4.8_prm_1 }} as a basis for flow control decisions for {{ insert: param, ac-4.8_prm_2 }} ; and {{ insert: param, ac-04.08_odp.05 }} data after a filter processing failure in accordance with {{ insert: param, ac-4.8_prm_4 }}.
family AC framework nist-800-53
AC-4.9
Human Reviews
Enforce the use of human reviews for {{ insert: param, ac-04.09_odp.01 }} under the following conditions: {{ insert: param, ac-04.09_odp.02 }}.
family AC framework nist-800-53
Showing 1-34 of 34
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin