NIST 800-53 — Compliance Controls · threatengine.sh

Home/Compliance

nist-800-53

NIST 800-53. Security Controls

19 controls · cross-mapped to ATT&CK techniques

Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

1246

Total controls

0%

Detection coverage

0

Covered controls

1246

Coverage gaps

▤ Export audit (CSV) Coverage report Self-assessment Show gaps only

▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

▤

Controls

19 shown of 19

SI-07

Software, Firmware, and Information Integrity

family SI framework nist-800-53

ATT&CK techniques this control defends against ✓ covered by Sigma/YARA in our corpus × = detection gap

✓ T1003 · OS Credential Dumping ✓ T1003.003 · NTDS × T1020.001 · Traffic Duplication ✓ T1027 · Obfuscated Files or Information ✓ T1027.002 · Software Packing × T1027.007 · Dynamic API Resolution × T1027.008 · Stripped Payloads ✓ T1027.009 · Embedded Payloads ✓ T1036 · Masquerading × T1036.001 · Invalid Code Signature ✓ T1036.005 · Match Legitimate Resource Name or Location ✓ T1037 · Boot or Logon Initialization Scripts × T1037.002 · Login Hook × T1037.003 · Network Logon Script × T1037.004 · RC Scripts ✓ T1037.005 · Startup Items ✓ T1040 · Network Sniffing ✓ T1047 · Windows Management Instrumentation × T1053.006 · Systemd Timers ✓ T1056.002 · GUI Input Capture ✓ T1059 · Command and Scripting Interpreter ✓ T1059.001 · PowerShell ✓ T1059.002 · AppleScript ✓ T1059.003 · Windows Command Shell ✓ T1059.004 · Unix Shell ✓ T1059.005 · Visual Basic ✓ T1059.006 · Python ✓ T1059.007 · JavaScript × T1059.008 · Network Device CLI × T1059.010 · AutoHotKey & AutoIT × T1059.011 · Lua ✓ T1068 · Exploitation for Privilege Escalation ✓ T1070 · Indicator Removal ✓ T1070.001 · Clear Windows Event Logs × T1070.002 · Clear Linux or Mac System Logs ✓ T1070.003 · Clear Command History × T1070.007 · Clear Network Connection History and Configurations × T1070.008 · Clear Mailbox Data × T1070.009 · Clear Persistence × T1070.010 · Relocate Malware

SI-7

Software, Firmware, and Information Integrity

Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm_1 }} ; and Take the following actions when unauthorized changes to the software, firmware, and information are detected: {{ insert: param, si-7_prm_2 }}.

family SI framework nist-800-53

SI-7.1

Integrity Checks

Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}.

family SI framework nist-800-53

SI-7.10

Protection of Boot Firmware

Implement the following mechanisms to protect the integrity of boot firmware in {{ insert: param, si-07.10_odp.02 }}: {{ insert: param, si-07.10_odp.01 }}.

family SI framework nist-800-53

SI-7.11

Confined Environments with Limited Privileges

family SI framework nist-800-53

SI-7.12

Integrity Verification

Require that the integrity of the following user-installed software be verified prior to execution: {{ insert: param, si-07.12_odp }}.

family SI framework nist-800-53

SI-7.13

Code Execution in Protected Environments

family SI framework nist-800-53

SI-7.14

Binary or Machine Executable Code

family SI framework nist-800-53

SI-7.15

Code Authentication

Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}.

family SI framework nist-800-53

SI-7.16

Time Limit on Process Execution Without Supervision

Prohibit processes from executing without supervision for more than {{ insert: param, si-07.16_odp }}.

family SI framework nist-800-53

SI-7.17

Runtime Application Self-protection

Implement {{ insert: param, si-07.17_odp }} for application self-protection at runtime.

family SI framework nist-800-53

SI-7.2

Automated Notifications of Integrity Violations

Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification.

family SI framework nist-800-53

SI-7.3

Centrally Managed Integrity Tools

Employ centrally managed integrity verification tools.

family SI framework nist-800-53

SI-7.4

Tamper-evident Packaging

family SI framework nist-800-53

SI-7.5

Automated Response to Integrity Violations

Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered.

family SI framework nist-800-53

SI-7.6

Cryptographic Protection

Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.

family SI framework nist-800-53

SI-7.7

Integration of Detection and Response

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}.

family SI framework nist-800-53

SI-7.8

Auditing Capability for Significant Events

Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: {{ insert: param, si-07.08_odp.01 }}.

family SI framework nist-800-53

SI-7.9

Verify Boot Process

Verify the integrity of the boot process of the following system components: {{ insert: param, si-07.09_odp }}.

family SI framework nist-800-53

Showing 1-19 of 19

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin