Home/Compliance
nist-800-53

NIST 800-53. Security Controls

12 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

12 shown of 12
AC-06
Least Privilege
family AC framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1003.002 · Security Account Manager T1003.003 · NTDS T1003.004 · LSA Secrets T1003.005 · Cached Domain Credentials T1003.006 · DCSync× T1003.007 · Proc Filesystem× T1003.008 · /etc/passwd and /etc/shadow T1005 · Data from Local System× T1020.001 · Traffic Duplication T1021 · Remote Services T1021.001 · Remote Desktop Protocol T1021.002 · SMB/Windows Admin Shares T1021.003 · Distributed Component Object Model T1021.004 · SSH T1021.005 · VNC T1021.006 · Windows Remote Management T1021.007 · Cloud Services× T1021.008 · Direct Cloud VM Connections× T1025 · Data from Removable Media T1036 · Masquerading T1036.003 · Rename Legitimate Utilities T1036.005 · Match Legitimate Resource Name or Location T1041 · Exfiltration Over C2 Channel T1047 · Windows Management Instrumentation T1048 · Exfiltration Over Alternative Protocol× T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol× T1052 · Exfiltration Over Physical Medium× T1052.001 · Exfiltration over USB T1053 · Scheduled Task/Job T1053.002 · At T1053.003 · Cron T1053.005 · Scheduled Task× T1053.006 · Systemd Timers× T1053.007 · Container Orchestration Job T1055 · Process Injection T1055.001 · Dynamic-link Library Injection× T1055.002 · Portable Executable Injection
AC-6
Least Privilege
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.
family AC framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.5.15 ↗iso-27001-2022: A.5.18 ↗iso-27001-2022: A.8.2 ↗
AC-6.1
Authorize Access to Security Functions
Authorize access for {{ insert: param, ac-06.01_odp.01 }} to: {{ insert: param, ac-6.1_prm_2 }} ; and {{ insert: param, ac-06.01_odp.05 }}.
family AC framework nist-800-53
AC-6.10
Prohibit Non-privileged Users from Executing Privileged Functions
Prevent non-privileged users from executing privileged functions.
family AC framework nist-800-53
AC-6.2
Non-privileged Access for Nonsecurity Functions
Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.
family AC framework nist-800-53
AC-6.3
Network Access to Privileged Commands
Authorize network access to {{ insert: param, ac-06.03_odp.01 }} only for {{ insert: param, ac-06.03_odp.02 }} and document the rationale for such access in the security plan for the system.
family AC framework nist-800-53
AC-6.4
Separate Processing Domains
Provide separate processing domains to enable finer-grained allocation of user privileges.
family AC framework nist-800-53
AC-6.5
Privileged Accounts
Restrict privileged accounts on the system to {{ insert: param, ac-06.05_odp }}.
family AC framework nist-800-53
AC-6.6
Privileged Access by Non-organizational Users
Prohibit privileged access to the system by non-organizational users.
family AC framework nist-800-53
AC-6.7
Review of User Privileges
Review {{ insert: param, ac-06.07_odp.01 }} the privileges assigned to {{ insert: param, ac-06.07_odp.02 }} to validate the need for such privileges; and Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.
family AC framework nist-800-53
AC-6.8
Privilege Levels for Code Execution
Prevent the following software from executing at higher privilege levels than users executing the software: {{ insert: param, ac-06.08_odp }}.
family AC framework nist-800-53
AC-6.9
Log Use of Privileged Functions
Log the execution of privileged functions.
family AC framework nist-800-53
Showing 1-12 of 12
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin