NIST 800-53 — Compliance Controls · threatengine.sh

Home/Compliance

nist-800-53

NIST 800-53. Security Controls

4 controls · cross-mapped to ATT&CK techniques

Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.

NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)

1246

Total controls

0%

Detection coverage

0

Covered controls

1246

Coverage gaps

▤ Export audit (CSV) Coverage report Self-assessment Show gaps only

▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

▤

Controls

4 shown of 4

SR-3

Supply Chain Controls and Processes

Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of {{ insert: param, sr-03_odp.01 }} in coordination with {{ insert: param, sr-03_odp.02 }}; Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: {{ insert: param, sr-03_odp.03 }} ; and Document the selected and implemented supply chain processes and controls in {{ insert: param, sr-03_odp.04 }}.

family SR framework nist-800-53

Equivalent controls in other frameworks click any to see its ATT&CK technique mappings

iso-27001-2022: A.5.19 ↗iso-27001-2022: A.5.21 ↗iso-27001-2022: A.8.30 ↗pci-dss-4: 12.8 ↗

SR-3.1

Diverse Supply Base

Employ a diverse set of sources for the following system components and services: {{ insert: param, sr-3.1_prm_1 }}.

family SR framework nist-800-53

SR-3.2

Limitation of Harm

Employ the following controls to limit harm from potential adversaries identifying and targeting the organizational supply chain: {{ insert: param, sr-03.02_odp }}.

family SR framework nist-800-53

SR-3.3

Sub-tier Flow Down

Ensure that the controls included in the contracts of prime contractors are also included in the contracts of subcontractors.

family SR framework nist-800-53

Showing 1-4 of 4

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin