NIST 800-53 — Compliance Controls · threatengine.sh

Home/Compliance

nist-800-53

NIST 800-53. Security Controls

1 controls · cross-mapped to ATT&CK techniques

Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

1246

Total controls

0%

Detection coverage

0

Covered controls

1246

Coverage gaps

▤ Export audit (CSV) Coverage report Self-assessment Show gaps only

▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

▤

Controls

1 shown of 1

SI-15

Information Output Filtering

Validate information output from the following software programs and/or applications to ensure that the information is consistent with the expected content: {{ insert: param, si-15_odp }}.

family SI framework nist-800-53

ATT&CK techniques this control defends against ✓ covered by Sigma/YARA in our corpus × = detection gap

✓ T1021.002 · SMB/Windows Admin Shares ✓ T1021.005 · VNC ✓ T1048 · Exfiltration Over Alternative Protocol ✓ T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol × T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 Protocol ✓ T1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓ T1071.004 · DNS ✓ T1090 · Proxy ✓ T1090.003 · Multi-hop Proxy ✓ T1095 · Non-Application Layer Protocol ✓ T1187 · Forced Authentication ✓ T1197 · BITS Jobs ✓ T1205 · Traffic Signaling ✓ T1205.001 · Port Knocking × T1218.012 · Verclsid × T1218.015 · Electron Applications ✓ T1219 · Remote Access Tools ✓ T1498 · Network Denial of Service × T1498.001 · Direct Network Flood × T1498.002 · Reflection Amplification ✓ T1499 · Endpoint Denial of Service ✓ T1499.001 · OS Exhaustion Flood × T1499.002 · Service Exhaustion Flood × T1499.003 · Application Exhaustion Flood ✓ T1499.004 · Application or System Exploitation × T1530 · Data from Cloud Storage ✓ T1537 · Transfer Data to Cloud Account ✓ T1552 · Unsecured Credentials ✓ T1552.005 · Cloud Instance Metadata API ✓ T1557 · Adversary-in-the-Middle ✓ T1557.001 · Name Resolution Poisoning and SMB Relay ✓ T1557.002 · ARP Cache Poisoning ✓ T1557.003 · DHCP Spoofing × T1564.009 · Resource Forking ✓ T1570 · Lateral Tool Transfer ✓ T1572 · Protocol Tunneling × T1599 · Network Boundary Bridging ✓ T1599.001 · Network Address Translation Traversal × T1602 · Data from Configuration Repository × T1602.001 · SNMP (MIB Dump)

Showing 1-1 of 1

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin