Home/Compliance
nist-800-53

NIST 800-53. Security Controls

8 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

8 shown of 8
SA-10
Developer Configuration Management
Require the developer of the system, system component, or system service to: Perform configuration management during system, component, or service {{ insert: param, sa-10_odp.01 }}; Document, manage, and control the integrity of changes to {{ insert: param, sa-10_odp.02 }}; Implement only organization-approved changes to the system, component, or service; Document approved changes to the system, component, or service and the potential security and privacy impacts of such changes; and Track security flaws and flaw resolution within the system, component, or service and report findings to {{ insert: param, sa-10_odp.03 }}.
family SA framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1072 · Software Deployment Tools T1078 · Valid Accounts T1078.001 · Default Accounts T1078.003 · Local Accounts T1078.004 · Cloud Accounts T1195.001 · Compromise Software Dependencies and Development Tools× T1195.003 · Compromise Hardware Supply Chain T1213.003 · Code Repositories T1495 · Firmware Corruption T1505 · Server Software Component T1505.001 · SQL Stored Procedures T1505.002 · Transport Agent T1505.004 · IIS Components× T1542 · Pre-OS Boot T1542.001 · System Firmware T1542.003 · Bootkit× T1542.004 · ROMMONkit× T1542.005 · TFTP Boot T1553 · Subvert Trust Controls× T1553.006 · Code Signing Policy Modification× T1559.003 · XPC Services× T1564.009 · Resource Forking× T1574.002 · DLL Side-Loading× T1601 · Modify System Image× T1601.001 · Patch System Image× T1601.002 · Downgrade System Image× T1647 · Plist File Modification
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.8.32 ↗pci-dss-4: 6.5 ↗soc2-tsc: CC8.1 ↗
SA-10.1
Software and Firmware Integrity Verification
Require the developer of the system, system component, or system service to enable integrity verification of software and firmware components.
family SA framework nist-800-53
SA-10.2
Alternative Configuration Management Processes
Provide an alternate configuration management process using organizational personnel in the absence of a dedicated developer configuration management team.
family SA framework nist-800-53
SA-10.3
Hardware Integrity Verification
Require the developer of the system, system component, or system service to enable integrity verification of hardware components.
family SA framework nist-800-53
SA-10.4
Trusted Generation
Require the developer of the system, system component, or system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions, source code, and object code with previous versions.
family SA framework nist-800-53
SA-10.5
Mapping Integrity for Version Control
Require the developer of the system, system component, or system service to maintain the integrity of the mapping between the master build data describing the current version of security-relevant hardware, software, and firmware and the on-site master copy of the data for the current version.
family SA framework nist-800-53
SA-10.6
Trusted Distribution
Require the developer of the system, system component, or system service to execute procedures for ensuring that security-relevant hardware, software, and firmware updates distributed to the organization are exactly as specified by the master copies.
family SA framework nist-800-53
SA-10.7
Security and Privacy Representatives
Require {{ insert: param, sa-10.7_prm_1 }} to be included in the {{ insert: param, sa-10.7_prm_2 }}.
family SA framework nist-800-53
Showing 1-8 of 8
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin