Home/Compliance
nist-800-53

NIST 800-53. Security Controls

10 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

10 shown of 10
CM-03
Configuration Change Control
family CM framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1021.005 · VNC T1059.006 · Python× T1176 · Software Extensions T1195 · Supply Chain Compromise× T1195.003 · Compromise Hardware Supply Chain T1213 · Data from Information Repositories× T1213.001 · Confluence× T1213.002 · Sharepoint× T1213.005 · Messaging Applications T1495 · Firmware Corruption× T1542 · Pre-OS Boot T1542.001 · System Firmware T1542.003 · Bootkit× T1542.004 · ROMMONkit× T1542.005 · TFTP Boot T1543 · Create or Modify System Process T1543.002 · Systemd Service T1546 · Event Triggered Execution× T1547.007 · Re-opened Applications× T1547.013 · XDG Autostart Entries T1548 · Abuse Elevation Control Mechanism T1553 · Subvert Trust Controls× T1553.006 · Code Signing Policy Modification T1555 · Credentials from Password Stores× T1556.008 · Network Provider DLL× T1562.008 · Disable or Modify Cloud Logs× T1562.012 · Disable or Modify Linux Audit System× T1564.008 · Email Hiding Rules× T1578.005 · Modify Cloud Compute Configurations× T1601 · Modify System Image× T1601.001 · Patch System Image× T1601.002 · Downgrade System Image× T1647 · Plist File Modification T1653 · Power Settings× T1666 · Modify Cloud Resource Hierarchy
CM-3
Configuration Change Control
Determine and document the types of changes to the system that are configuration-controlled; Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses; Document configuration change decisions associated with the system; Implement approved configuration-controlled changes to the system; Retain records of configuration-controlled changes to the system for {{ insert: param, cm-03_odp.01 }}; Monitor and review activities associated with configuration-controlled changes to the system; and Coordinate and provide oversight for configuration change control activities through {{ insert: param, cm-03_odp.02 }} that convenes {{ insert: param, cm-03_odp.03 }}.
family CM framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.8.32 ↗
CM-3.1
Automated Documentation, Notification, and Prohibition of Changes
Use {{ insert: param, cm-03.01_odp.01 }} to: Document proposed changes to the system; Notify {{ insert: param, cm-03.01_odp.02 }} of proposed changes to the system and request change approval; Highlight proposed changes to the system that have not been approved or disapproved within {{ insert: param, cm-03.01_odp.03 }}; Prohibit changes to the system until designated approvals are received; Document all changes to the system; and Notify {{ insert: param, cm-03.01_odp.04 }} when approved changes to the system are completed.
family CM framework nist-800-53
CM-3.2
Testing, Validation, and Documentation of Changes
Test, validate, and document changes to the system before finalizing the implementation of the changes.
family CM framework nist-800-53
CM-3.3
Automated Change Implementation
Implement changes to the current system baseline and deploy the updated baseline across the installed base using {{ insert: param, cm-03.03_odp }}.
family CM framework nist-800-53
CM-3.4
Security and Privacy Representatives
Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}.
family CM framework nist-800-53
CM-3.5
Automated Security Response
Implement the following security responses automatically if baseline configurations are changed in an unauthorized manner: {{ insert: param, cm-03.05_odp }}.
family CM framework nist-800-53
CM-3.6
Cryptography Management
Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: {{ insert: param, cm-03.06_odp }}.
family CM framework nist-800-53
CM-3.7
Review System Changes
Review changes to the system {{ insert: param, cm-03.07_odp.01 }} or when {{ insert: param, cm-03.07_odp.02 }} to determine whether unauthorized changes have occurred.
family CM framework nist-800-53
CM-3.8
Prevent or Restrict Configuration Changes
Prevent or restrict changes to the configuration of the system under the following circumstances: {{ insert: param, cm-03.08_odp }}.
family CM framework nist-800-53
Showing 1-10 of 10
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin