Home/Compliance
nist-800-53

NIST 800-53. Security Controls

8 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

8 shown of 8
CA-07
Continuous Monitoring
family CA framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1001 · Data Obfuscation× T1001.001 · Junk Data× T1001.002 · Steganography T1001.003 · Protocol or Service Impersonation T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1003.002 · Security Account Manager T1003.003 · NTDS T1003.004 · LSA Secrets T1003.005 · Cached Domain Credentials T1003.006 · DCSync× T1003.007 · Proc Filesystem× T1003.008 · /etc/passwd and /etc/shadow T1008 · Fallback Channels T1021.002 · SMB/Windows Admin Shares T1021.005 · VNC T1029 · Scheduled Transfer T1030 · Data Transfer Size Limits T1036 · Masquerading T1036.003 · Rename Legitimate Utilities T1036.005 · Match Legitimate Resource Name or Location T1036.007 · Double File Extension T1037 · Boot or Logon Initialization Scripts× T1037.002 · Login Hook× T1037.003 · Network Logon Script× T1037.004 · RC Scripts T1037.005 · Startup Items T1041 · Exfiltration Over C2 Channel T1046 · Network Service Discovery T1048 · Exfiltration Over Alternative Protocol T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol× T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol× T1052 · Exfiltration Over Physical Medium× T1052.001 · Exfiltration over USB× T1053.006 · Systemd Timers T1055.009 · Proc Memory T1056.002 · GUI Input Capture T1059 · Command and Scripting Interpreter T1059.005 · Visual Basic
CA-7
Continuous Monitoring
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: Establishing the following system-level metrics to be monitored: {{ insert: param, ca-07_odp.01 }}; Establishing {{ insert: param, ca-07_odp.02 }} for monitoring and {{ insert: param, ca-07_odp.03 }} for assessment of control effectiveness; Ongoing control assessments in accordance with the continuous monitoring strategy; Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy; Correlation and analysis of information generated by control assessments and monitoring; Response actions to address results of the analysis of control assessment and monitoring information; and Reporting the security and privacy status of the system to {{ insert: param, ca-7_prm_4 }} {{ insert: param, ca-7_prm_5 }}.
family CA framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.5.35 ↗iso-27001-2022: A.5.36 ↗iso-27001-2022: A.8.16 ↗
CA-7.1
Independent Assessment
Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.
family CA framework nist-800-53
CA-7.2
Types of Assessments
family CA framework nist-800-53
CA-7.3
Trend Analyses
Employ trend analyses to determine if control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process need to be modified based on empirical data.
family CA framework nist-800-53
CA-7.4
Risk Monitoring
Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following: Effectiveness monitoring; Compliance monitoring; and Change monitoring.
family CA framework nist-800-53
CA-7.5
Consistency Analysis
Employ the following actions to validate that policies are established and implemented controls are operating in a consistent manner: {{ insert: param, ca-7.5_prm_1 }}.
family CA framework nist-800-53
CA-7.6
Automation Support for Monitoring
Ensure the accuracy, currency, and availability of monitoring results for the system using {{ insert: param, ca-07.06_odp }}.
family CA framework nist-800-53
Showing 1-8 of 8
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin