Home/Compliance
nist-800-53

NIST 800-53. Security Controls

9 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

9 shown of 9
SI-02
Flaw Remediation
family SI framework nist-800-53
ATT&CK techniques this control defends against   ✓ covered by Sigma/YARA in our corpus  × = detection gap
T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1027 · Obfuscated Files or Information T1027.002 · Software Packing× T1027.007 · Dynamic API Resolution× T1027.008 · Stripped Payloads T1027.009 · Embedded Payloads T1047 · Windows Management Instrumentation T1055 · Process Injection T1055.001 · Dynamic-link Library Injection× T1055.002 · Portable Executable Injection T1055.003 · Thread Execution Hijacking× T1055.004 · Asynchronous Procedure Call× T1055.005 · Thread Local Storage T1055.008 · Ptrace System Calls T1055.009 · Proc Memory T1055.011 · Extra Window Memory Injection T1055.012 · Process Hollowing× T1055.013 · Process Doppelgänging× T1055.014 · VDSO Hijacking T1059 · Command and Scripting Interpreter T1059.001 · PowerShell T1059.005 · Visual Basic T1059.006 · Python T1068 · Exploitation for Privilege Escalation T1072 · Software Deployment Tools T1106 · Native API T1137 · Office Application Startup T1137.003 · Outlook Forms× T1137.004 · Outlook Home Page× T1137.005 · Outlook Rules T1189 · Drive-by Compromise T1190 · Exploit Public-Facing Application T1195 · Supply Chain Compromise T1195.001 · Compromise Software Dependencies and Development Tools T1195.002 · Compromise Software Supply Chain× T1195.003 · Compromise Hardware Supply Chain T1203 · Exploitation for Client Execution T1204 · User Execution T1204.001 · Malicious Link
SI-2
Flaw Remediation
Identify, report, and correct system flaws; Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; Install security-relevant software and firmware updates within {{ insert: param, si-02_odp }} of the release of the updates; and Incorporate flaw remediation into the organizational configuration management process.
family SI framework nist-800-53
Equivalent controls in other frameworks  click any to see its ATT&CK technique mappings
iso-27001-2022: A.5.22 ↗iso-27001-2022: A.8.8 ↗pci-dss-4: 11.3 ↗pci-dss-4: 6 ↗pci-dss-4: 6.3 ↗soc2-tsc: CC7.1 ↗
SI-2.1
Central Management
family SI framework nist-800-53
SI-2.2
Automated Flaw Remediation Status
Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}.
family SI framework nist-800-53
SI-2.3
Time to Remediate Flaws and Benchmarks for Corrective Actions
Measure the time between flaw identification and flaw remediation; and Establish the following benchmarks for taking corrective actions: {{ insert: param, si-02.03_odp }}.
family SI framework nist-800-53
SI-2.4
Automated Patch Management Tools
Employ automated patch management tools to facilitate flaw remediation to the following system components: {{ insert: param, si-02.04_odp }}.
family SI framework nist-800-53
SI-2.5
Automatic Software and Firmware Updates
Install {{ insert: param, si-02.05_odp.01 }} automatically to {{ insert: param, si-02.05_odp.02 }}.
family SI framework nist-800-53
SI-2.6
Removal of Previous Versions of Software and Firmware
Remove previous versions of {{ insert: param, si-02.06_odp }} after updated versions have been installed.
family SI framework nist-800-53
SI-2.7
Root Cause Analysis
Conduct root cause analysis to identify underlying causes of issues or failures. Develop actions to address the root cause of the issue or failure. Implement the actions and monitor the implementation for effectiveness.
family SI framework nist-800-53
Showing 1-9 of 9
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin