Home/Compliance
nist-800-53

NIST 800-53. Security Controls

19 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

19 shown of 19
SI-07
Software, Firmware, and Information Integrity
family SI framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1003 · OS Credential Dumping T1003.003 · NTDS× T1020.001 · Traffic Duplication T1027 · Obfuscated Files or Information T1027.002 · Software Packing× T1027.007 · Dynamic API Resolution× T1027.008 · Stripped Payloads T1027.009 · Embedded Payloads T1036 · Masquerading× T1036.001 · Invalid Code Signature T1036.005 · Match Legitimate Resource Name or Location T1037 · Boot or Logon Initialization Scripts× T1037.002 · Login Hook× T1037.003 · Network Logon Script× T1037.004 · RC Scripts T1037.005 · Startup Items T1040 · Network Sniffing T1047 · Windows Management Instrumentation× T1053.006 · Systemd Timers T1056.002 · GUI Input Capture T1059 · Command and Scripting Interpreter T1059.001 · PowerShell T1059.002 · AppleScript T1059.003 · Windows Command Shell T1059.004 · Unix Shell T1059.005 · Visual Basic T1059.006 · Python T1059.007 · JavaScript× T1059.008 · Network Device CLI× T1059.010 · AutoHotKey & AutoIT× T1059.011 · Lua T1068 · Exploitation for Privilege Escalation T1070 · Indicator Removal T1070.001 · Clear Windows Event Logs× T1070.002 · Clear Linux or Mac System Logs T1070.003 · Clear Command History× T1070.007 · Clear Network Connection History and Configurations× T1070.008 · Clear Mailbox Data× T1070.009 · Clear Persistence× T1070.010 · Relocate Malware
SI-7
Software, Firmware, and Information Integrity
Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm_1 }} ; and Take the following actions when unauthorized changes to the software, firmware, and information are detected: {{ insert: param, si-7_prm_2 }}.
family SI framework nist-800-53
SI-7.1
Integrity Checks
Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}.
family SI framework nist-800-53
SI-7.10
Protection of Boot Firmware
Implement the following mechanisms to protect the integrity of boot firmware in {{ insert: param, si-07.10_odp.02 }}: {{ insert: param, si-07.10_odp.01 }}.
family SI framework nist-800-53
SI-7.11
Confined Environments with Limited Privileges
family SI framework nist-800-53
SI-7.12
Integrity Verification
Require that the integrity of the following user-installed software be verified prior to execution: {{ insert: param, si-07.12_odp }}.
family SI framework nist-800-53
SI-7.13
Code Execution in Protected Environments
family SI framework nist-800-53
SI-7.14
Binary or Machine Executable Code
family SI framework nist-800-53
SI-7.15
Code Authentication
Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}.
family SI framework nist-800-53
SI-7.16
Time Limit on Process Execution Without Supervision
Prohibit processes from executing without supervision for more than {{ insert: param, si-07.16_odp }}.
family SI framework nist-800-53
SI-7.17
Runtime Application Self-protection
Implement {{ insert: param, si-07.17_odp }} for application self-protection at runtime.
family SI framework nist-800-53
SI-7.2
Automated Notifications of Integrity Violations
Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification.
family SI framework nist-800-53
SI-7.3
Centrally Managed Integrity Tools
Employ centrally managed integrity verification tools.
family SI framework nist-800-53
SI-7.4
Tamper-evident Packaging
family SI framework nist-800-53
SI-7.5
Automated Response to Integrity Violations
Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered.
family SI framework nist-800-53
SI-7.6
Cryptographic Protection
Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.
family SI framework nist-800-53
SI-7.7
Integration of Detection and Response
Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}.
family SI framework nist-800-53
SI-7.8
Auditing Capability for Significant Events
Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: {{ insert: param, si-07.08_odp.01 }}.
family SI framework nist-800-53
SI-7.9
Verify Boot Process
Verify the integrity of the boot process of the following system components: {{ insert: param, si-07.09_odp }}.
family SI framework nist-800-53
Showing 1-19 of 19
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin