Home/Compliance
nist-800-53

NIST 800-53. Security Controls

15 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

15 shown of 15
IA-02
Identification and Authentication (Organizational Users)
family IA framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1003.002 · Security Account Manager T1003.003 · NTDS T1003.004 · LSA Secrets T1003.005 · Cached Domain Credentials T1003.006 · DCSync× T1003.007 · Proc Filesystem× T1003.008 · /etc/passwd and /etc/shadow T1021 · Remote Services T1021.001 · Remote Desktop Protocol T1021.002 · SMB/Windows Admin Shares T1021.003 · Distributed Component Object Model T1021.004 · SSH T1021.005 · VNC T1021.006 · Windows Remote Management T1021.007 · Cloud Services× T1021.008 · Direct Cloud VM Connections T1036.007 · Double File Extension× T1036.010 · Masquerade Account Name T1040 · Network Sniffing T1047 · Windows Management Instrumentation T1053 · Scheduled Task/Job T1053.002 · At T1053.003 · Cron T1053.005 · Scheduled Task× T1053.006 · Systemd Timers× T1053.007 · Container Orchestration Job T1055 · Process Injection T1055.008 · Ptrace System Calls× T1056.003 · Web Portal Capture T1059 · Command and Scripting Interpreter T1059.001 · PowerShell× T1059.008 · Network Device CLI T1059.009 · Cloud API T1072 · Software Deployment Tools T1078 · Valid Accounts T1078.002 · Domain Accounts T1078.003 · Local Accounts T1078.004 · Cloud Accounts
IA-2
Identification and Authentication (Organizational Users)
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
family IA framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.5.16 ↗iso-27001-2022: A.8.5 ↗
IA-2.1
Multi-factor Authentication to Privileged Accounts
Implement multi-factor authentication for access to privileged accounts.
family IA framework nist-800-53
IA-2.10
Single Sign-on
Provide a single sign-on capability for {{ insert: param, ia-02.10_odp }}.
family IA framework nist-800-53
IA-2.11
Remote Access, Separate Device
family IA framework nist-800-53
IA-2.12
Acceptance of PIV Credentials
Accept and electronically verify Personal Identity Verification-compliant credentials.
family IA framework nist-800-53
IA-2.13
Out-of-band Authentication
Implement the following out-of-band authentication mechanisms under {{ insert: param, ia-02.13_odp.02 }}: {{ insert: param, ia-02.13_odp.01 }}.
family IA framework nist-800-53
IA-2.2
Multi-factor Authentication to Non-privileged Accounts
Implement multi-factor authentication for access to non-privileged accounts.
family IA framework nist-800-53
IA-2.3
Local Access to Privileged Accounts
family IA framework nist-800-53
IA-2.4
Local Access to Non-privileged Accounts
family IA framework nist-800-53
IA-2.5
Individual Authentication with Group Authentication
When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources.
family IA framework nist-800-53
IA-2.6
Access to Accounts, separate Device
Implement multi-factor authentication for {{ insert: param, ia-02.06_odp.01 }} access to {{ insert: param, ia-02.06_odp.02 }} such that: One of the factors is provided by a device separate from the system gaining access; and The device meets {{ insert: param, ia-02.06_odp.03 }}.
family IA framework nist-800-53
IA-2.7
Network Access to Non-privileged Accounts, Separate Device
family IA framework nist-800-53
IA-2.8
Access to Accounts, Replay Resistant
Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}.
family IA framework nist-800-53
IA-2.9
Network Access to Non-privileged Accounts, Replay Resistant
family IA framework nist-800-53
Showing 1-15 of 15
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin