Home/Compliance
nist-800-53

NIST 800-53. Security Controls

11 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

11 shown of 11
AC-17
Remote Access
Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and Authorize each type of remote access to the system prior to allowing such connections.
family AC framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
× T1020.001 · Traffic Duplication T1021 · Remote Services T1021.001 · Remote Desktop Protocol T1021.002 · SMB/Windows Admin Shares T1021.003 · Distributed Component Object Model T1021.004 · SSH T1021.005 · VNC T1021.006 · Windows Remote Management× T1021.008 · Direct Cloud VM Connections T1037 · Boot or Logon Initialization Scripts T1037.001 · Logon Script (Windows) T1040 · Network Sniffing T1047 · Windows Management Instrumentation T1059 · Command and Scripting Interpreter T1059.001 · PowerShell T1059.002 · AppleScript T1059.003 · Windows Command Shell T1059.004 · Unix Shell T1059.005 · Visual Basic T1059.006 · Python T1059.007 · JavaScript× T1059.008 · Network Device CLI T1070 · Indicator Removal T1070.001 · Clear Windows Event Logs× T1070.002 · Clear Linux or Mac System Logs× T1070.008 · Clear Mailbox Data T1114 · Email Collection T1114.001 · Local Email Collection× T1114.002 · Remote Email Collection T1114.003 · Email Forwarding Rule T1119 · Automated Collection× T1127.002 · ClickOnce T1133 · External Remote Services T1137 · Office Application Startup T1137.002 · Office Test T1213 · Data from Information Repositories× T1213.001 · Confluence× T1213.002 · Sharepoint× T1213.005 · Messaging Applications T1219 · Remote Access Tools
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.6.7 ↗
AC-17.1
Monitoring and Control
Employ automated mechanisms to monitor and control remote access methods.
family AC framework nist-800-53
AC-17.10
Authenticate Remote Commands
Implement {{ insert: param, ac-17.10_odp.01 }} to authenticate {{ insert: param, ac-17.10_odp.02 }}.
family AC framework nist-800-53
AC-17.2
Protection of Confidentiality and Integrity Using Encryption
Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.
family AC framework nist-800-53
AC-17.3
Managed Access Control Points
Route remote accesses through authorized and managed network access control points.
family AC framework nist-800-53
AC-17.4
Privileged Commands and Access
Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: {{ insert: param, ac-17.4_prm_1 }} ; and Document the rationale for remote access in the security plan for the system.
family AC framework nist-800-53
AC-17.5
Monitoring for Unauthorized Connections
family AC framework nist-800-53
AC-17.6
Protection of Mechanism Information
Protect information about remote access mechanisms from unauthorized use and disclosure.
family AC framework nist-800-53
AC-17.7
Additional Protection for Security Function Access
family AC framework nist-800-53
AC-17.8
Disable Nonsecure Network Protocols
family AC framework nist-800-53
AC-17.9
Disconnect or Disable Access
Provide the capability to disconnect or disable remote access to the system within {{ insert: param, ac-17.09_odp }}.
family AC framework nist-800-53
Showing 1-11 of 11
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin