Home/Compliance
nist-800-53

NIST 800-53. Security Controls

8 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

8 shown of 8
CP-07
Alternate Processing Site
family CP framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1070 · Indicator Removal T1070.001 · Clear Windows Event Logs× T1070.002 · Clear Linux or Mac System Logs× T1070.008 · Clear Mailbox Data T1119 · Automated Collection T1485 · Data Destruction T1486 · Data Encrypted for Impact T1490 · Inhibit System Recovery× T1491 · Defacement T1491.001 · Internal Defacement× T1491.002 · External Defacement× T1561 · Disk Wipe T1561.001 · Disk Content Wipe T1561.002 · Disk Structure Wipe T1565 · Data Manipulation T1565.001 · Stored Data Manipulation
CP-7
Alternate Processing Site
Establish an alternate processing site, including necessary agreements to permit the transfer and resumption of {{ insert: param, cp-07_odp.01 }} for essential mission and business functions within {{ insert: param, cp-07_odp.02 }} when the primary processing capabilities are unavailable; Make available at the alternate processing site, the equipment and supplies required to transfer and resume operations or put contracts in place to support delivery to the site within the organization-defined time period for transfer and resumption; and Provide controls at the alternate processing site that are equivalent to those at the primary site.
family CP framework nist-800-53
CP-7.1
Separation from Primary Site
Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.
family CP framework nist-800-53
CP-7.2
Accessibility
Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
family CP framework nist-800-53
CP-7.3
Priority of Service
Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives).
family CP framework nist-800-53
CP-7.4
Preparation for Use
Prepare the alternate processing site so that the site can serve as the operational site supporting essential mission and business functions.
family CP framework nist-800-53
CP-7.5
Equivalent Information Security Safeguards
family CP framework nist-800-53
CP-7.6
Inability to Return to Primary Site
Plan and prepare for circumstances that preclude returning to the primary processing site.
family CP framework nist-800-53
Showing 1-8 of 8
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin