NIST 800-53 — Compliance Controls · threatengine.sh

Home/Compliance

nist-800-53

NIST 800-53. Security Controls

11 controls · cross-mapped to ATT&CK techniques

Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

1246

Total controls

0%

Detection coverage

0

Covered controls

1246

Coverage gaps

▤ Export audit (CSV) Coverage report Self-assessment Show gaps only

▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

▤

Controls

11 shown of 11

CM-08

System Component Inventory

family CM framework nist-800-53

ATT&CK techniques this control defends against ✓ covered by Sigma/YARA in our corpus × = detection gap

× T1011.001 · Exfiltration Over Bluetooth × T1020.001 · Traffic Duplication ✓ T1021.001 · Remote Desktop Protocol ✓ T1021.003 · Distributed Component Object Model ✓ T1021.004 · SSH ✓ T1021.005 · VNC ✓ T1021.006 · Windows Remote Management ✓ T1046 · Network Service Discovery × T1052 · Exfiltration Over Physical Medium × T1052.001 · Exfiltration over USB ✓ T1053 · Scheduled Task/Job ✓ T1053.002 · At ✓ T1053.005 · Scheduled Task ✓ T1059 · Command and Scripting Interpreter ✓ T1059.001 · PowerShell ✓ T1059.005 · Visual Basic ✓ T1059.007 · JavaScript × T1059.010 · AutoHotKey & AutoIT ✓ T1068 · Exploitation for Privilege Escalation ✓ T1072 · Software Deployment Tools ✓ T1091 · Replication Through Removable Media × T1092 · Communication Through Removable Media ✓ T1098.004 · SSH Authorized Keys ✓ T1119 · Automated Collection ✓ T1127 · Trusted Developer Utilities Proxy Execution ✓ T1127.001 · MSBuild × T1127.002 · ClickOnce ✓ T1133 · External Remote Services ✓ T1137 · Office Application Startup × T1137.001 · Office Template Macros ✓ T1189 · Drive-by Compromise ✓ T1190 · Exploit Public-Facing Application ✓ T1195 · Supply Chain Compromise × T1195.003 · Compromise Hardware Supply Chain ✓ T1203 · Exploitation for Client Execution ✓ T1210 · Exploitation of Remote Services ✓ T1211 · Exploitation for Stealth ✓ T1212 · Exploitation for Credential Access ✓ T1213 · Data from Information Repositories × T1213.001 · Confluence

CM-8

System Component Inventory

Develop and document an inventory of system components that: Accurately reflects the system; Includes all components within the system; Does not include duplicate accounting of components or components assigned to any other system; Is at the level of granularity deemed necessary for tracking and reporting; and Includes the following information to achieve system component accountability: {{ insert: param, cm-08_odp.01 }} ; and Review and update the system component inventory {{ insert: param, cm-08_odp.02 }}.

family CM framework nist-800-53

Equivalent controls in other frameworks click any to see its ATT&CK technique mappings

iso-27001-2022: A.5.9 ↗iso-27001-2022: A.8.1 ↗

CM-8.1

Updates During Installation and Removal

Update the inventory of system components as part of component installations, removals, and system updates.

family CM framework nist-800-53

CM-8.2

Automated Maintenance

Maintain the currency, completeness, accuracy, and availability of the inventory of system components using {{ insert: param, cm-8.2_prm_1 }}.

family CM framework nist-800-53

CM-8.3

Automated Unauthorized Component Detection

Detect the presence of unauthorized hardware, software, and firmware components within the system using {{ insert: param, cm-8.3_prm_1 }} {{ insert: param, cm-08.03_odp.04 }} ; and Take the following actions when unauthorized components are detected: {{ insert: param, cm-08.03_odp.05 }}.

family CM framework nist-800-53

CM-8.4

Accountability Information

Include in the system component inventory information, a means for identifying by {{ insert: param, cm-08.04_odp }} , individuals responsible and accountable for administering those components.

family CM framework nist-800-53

CM-8.5

No Duplicate Accounting of Components

family CM framework nist-800-53

CM-8.6

Assessed Configurations and Approved Deviations

Include assessed component configurations and any approved deviations to current deployed configurations in the system component inventory.

family CM framework nist-800-53

CM-8.7

Centralized Repository

Provide a centralized repository for the inventory of system components.

family CM framework nist-800-53

CM-8.8

Automated Location Tracking

Support the tracking of system components by geographic location using {{ insert: param, cm-08.08_odp }}.

family CM framework nist-800-53

CM-8.9

Assignment of Components to Systems

Assign system components to a system; and Receive an acknowledgement from {{ insert: param, cm-08.09_odp }} of this assignment.

family CM framework nist-800-53

Showing 1-11 of 11

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin