Home/Compliance
nist-800-53

NIST 800-53. Security Controls

11 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

11 shown of 11
AC-16
Security and Privacy Attributes
Provide the means to associate {{ insert: param, ac-16_prm_1 }} with {{ insert: param, ac-16_prm_2 }} for information in storage, in process, and/or in transmission; Ensure that the attribute associations are made and retained with the information; Establish the following permitted security and privacy attributes from the attributes defined in [AC-16a](#ac-16_smt.a) for {{ insert: param, ac-16_prm_3 }}: {{ insert: param, ac-16_prm_4 }}; Determine the following permitted attribute values or ranges for each of the established attributes: {{ insert: param, ac-16_odp.09 }}; Audit changes to attributes; and Review {{ insert: param, ac-16_prm_6 }} for applicability {{ insert: param, ac-16_prm_7 }}.
family AC framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1003 · OS Credential Dumping T1003.003 · NTDS T1005 · Data from Local System× T1020.001 · Traffic Duplication× T1025 · Data from Removable Media T1040 · Network Sniffing T1041 · Exfiltration Over C2 Channel T1048 · Exfiltration Over Alternative Protocol× T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol× T1052 · Exfiltration Over Physical Medium× T1052.001 · Exfiltration over USB T1070 · Indicator Removal T1070.001 · Clear Windows Event Logs× T1070.002 · Clear Linux or Mac System Logs× T1070.008 · Clear Mailbox Data T1114 · Email Collection T1114.001 · Local Email Collection× T1114.002 · Remote Email Collection T1114.003 · Email Forwarding Rule T1119 · Automated Collection T1213 · Data from Information Repositories× T1213.001 · Confluence× T1213.002 · Sharepoint× T1213.004 · Customer Relationship Management Software× T1213.005 · Messaging Applications T1222 · File and Directory Permissions Modification T1222.001 · Windows Permissions T1222.002 · Linux and Mac Permissions T1505 · Server Software Component T1505.002 · Transport Agent× T1530 · Data from Cloud Storage T1537 · Transfer Data to Cloud Account× T1547.007 · Re-opened Applications T1548 · Abuse Elevation Control Mechanism T1548.003 · Sudo and Sudo Caching× T1548.006 · TCC Manipulation T1550.001 · Application Access Token T1552 · Unsecured Credentials T1552.004 · Private Keys
AC-16.1
Dynamic Attribute Association
Dynamically associate security and privacy attributes with {{ insert: param, ac-16.1_prm_1 }} in accordance with the following security and privacy policies as information is created and combined: {{ insert: param, ac-16.1_prm_2 }}.
family AC framework nist-800-53
AC-16.10
Attribute Configuration by Authorized Individuals
Provide authorized individuals the capability to define or change the type and value of security and privacy attributes available for association with subjects and objects.
family AC framework nist-800-53
AC-16.2
Attribute Value Changes by Authorized Individuals
Provide authorized individuals (or processes acting on behalf of individuals) the capability to define or change the value of associated security and privacy attributes.
family AC framework nist-800-53
AC-16.3
Maintenance of Attribute Associations by System
Maintain the association and integrity of {{ insert: param, ac-16.3_prm_1 }} to {{ insert: param, ac-16.3_prm_2 }}.
family AC framework nist-800-53
AC-16.4
Association of Attributes by Authorized Individuals
Provide the capability to associate {{ insert: param, ac-16.4_prm_1 }} with {{ insert: param, ac-16.4_prm_2 }} by authorized individuals (or processes acting on behalf of individuals).
family AC framework nist-800-53
AC-16.5
Attribute Displays on Objects to Be Output
Display security and privacy attributes in human-readable form on each object that the system transmits to output devices to identify {{ insert: param, ac-16.05_odp.01 }} using {{ insert: param, ac-16.05_odp.02 }}.
family AC framework nist-800-53
AC-16.6
Maintenance of Attribute Association
Require personnel to associate and maintain the association of {{ insert: param, ac-16.6_prm_1 }} with {{ insert: param, ac-16.6_prm_2 }} in accordance with {{ insert: param, ac-16.6_prm_3 }}.
family AC framework nist-800-53
AC-16.7
Consistent Attribute Interpretation
Provide a consistent interpretation of security and privacy attributes transmitted between distributed system components.
family AC framework nist-800-53
AC-16.8
Association Techniques and Technologies
Implement {{ insert: param, ac-16.8_prm_1 }} in associating security and privacy attributes to information.
family AC framework nist-800-53
AC-16.9
Attribute Reassignment, Regrading Mechanisms
Change security and privacy attributes associated with information only via regrading mechanisms validated using {{ insert: param, ac-16.9_prm_1 }}.
family AC framework nist-800-53
Showing 1-11 of 11
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin