NIST 800-53 — Compliance Controls · threatengine.sh

Home/Compliance

nist-800-53

NIST 800-53. Security Controls

5 controls · cross-mapped to ATT&CK techniques

Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

1246

Total controls

0%

Detection coverage

0

Covered controls

1246

Coverage gaps

▤ Export audit (CSV) Coverage report Self-assessment Show gaps only

▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

▤

Controls

5 shown of 5

PS-3

Personnel Screening

Screen individuals prior to authorizing access to the system; and Rescreen individuals in accordance with {{ insert: param, ps-3_prm_1 }}.

family PS framework nist-800-53

Equivalent controls in other frameworks click any to see its ATT&CK technique mappings

iso-27001-2022: A.6.1 ↗pci-dss-4: 12.7 ↗

PS-3.1

Classified Information

Verify that individuals accessing a system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.

family PS framework nist-800-53

PS-3.2

Formal Indoctrination

Verify that individuals accessing a system processing, storing, or transmitting types of classified information that require formal indoctrination, are formally indoctrinated for all the relevant types of information to which they have access on the system.

family PS framework nist-800-53

PS-3.3

Information Requiring Special Protective Measures

Verify that individuals accessing a system processing, storing, or transmitting information requiring special protection: Have valid access authorizations that are demonstrated by assigned official government duties; and Satisfy {{ insert: param, ps-03.03_odp }}.

family PS framework nist-800-53

PS-3.4

Citizenship Requirements

Verify that individuals accessing a system processing, storing, or transmitting {{ insert: param, ps-03.04_odp.01 }} meet {{ insert: param, ps-03.04_odp.02 }}.

family PS framework nist-800-53

Showing 1-5 of 5

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin