Home/Compliance
nist-800-53

NIST 800-53. Security Controls

1,246 controls · cross-mapped to ATT&CK techniques
Translate between regulatory language and what attackers actually do. Each control maps to MITRE ATT&CK techniques; open a control to see those techniques and whether we hold detection coverage for them.
NIST 800-53 (1246)NIST CSF (106)ISO 27001:2022 (93)PCI-DSS v4.0 (75)CIS v8.1 (62)CRI Profile (60)CSA CCM v4 (57)SOC 2 TSC (57)OWASP API (10)OWASP Mobile (10)OWASP Web (10)
1246
Total controls
0%
Detection coverage
0
Covered controls
1246
Coverage gaps
▤ Export audit (CSV) Coverage report Self-assessment Show gaps only
▶ Check your own detection coverage

Paste the ATT&CK technique IDs you have Sigma/YARA rules for (one per line, e.g. T1059, T1190). The controls below will update to show YOUR coverage instead of ours.

Red team insight A nist-800-53 compliant org should have detection for the green-tagged techniques below. Controls showing no technique coverage are likely blind spots. Use gaps view to enumerate unmonitored attack paths.

Controls

80 shown of 1,246
CA-02
Control Assessments
family CA framework nist-800-53
CA-03
Information Exchange
family CA framework nist-800-53
CA-07
Continuous Monitoring
family CA framework nist-800-53
CA-1
Policy and Procedures
Develop, document, and disseminate to {{ insert: param, ca-1_prm_1 }}: {{ insert: param, ca-01_odp.03 }} assessment, authorization, and monitoring policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and the associated assessment, authorization, and monitoring controls; Designate an {{ insert: param, ca-01_odp.04 }} to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures; and Review and update the current assessment, authorization, and monitoring: Policy {{ insert: param, ca-01_odp.05 }} and following {{ insert: param, ca-01_odp.06 }} ; and Procedures {{ insert: param, ca-01_odp.07 }} and following {{ insert: param, ca-01_odp.08 }}.
family CA framework nist-800-53
CA-2
Control Assessments
Select the appropriate assessor or assessment team for the type of assessment to be conducted; Develop a control assessment plan that describes the scope of the assessment including: Controls and control enhancements under assessment; Assessment procedures to be used to determine control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment; Assess the controls in the system and its environment of operation {{ insert: param, ca-02_odp.01 }} to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements; Produce a control assessment report that document the results of the assessment; and Provide the results of the control assessment to {{ insert: param, ca-02_odp.02 }}.
family CA framework nist-800-53
CA-2.1
Independent Assessors
Employ independent assessors or assessment teams to conduct control assessments.
family CA framework nist-800-53
CA-2.2
Specialized Assessments
Include as part of control assessments, {{ insert: param, ca-02.02_odp.01 }}, {{ insert: param, ca-02.02_odp.02 }}, {{ insert: param, ca-02.02_odp.03 }}.
family CA framework nist-800-53
CA-2.3
Leveraging Results from External Organizations
Leverage the results of control assessments performed by {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02 }} when the assessment meets {{ insert: param, ca-02.03_odp.03 }}.
family CA framework nist-800-53
CA-3
Information Exchange
Approve and manage the exchange of information between the system and other systems using {{ insert: param, ca-03_odp.01 }}; Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and Review and update the agreements {{ insert: param, ca-03_odp.03 }}.
family CA framework nist-800-53
CA-3.1
Unclassified National Security System Connections
family CA framework nist-800-53
CA-3.2
Classified National Security System Connections
family CA framework nist-800-53
CA-3.3
Unclassified Non-national Security System Connections
family CA framework nist-800-53
CA-3.4
Connections to Public Networks
family CA framework nist-800-53
CA-3.5
Restrictions on External System Connections
family CA framework nist-800-53
CA-3.6
Transfer Authorizations
Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.
family CA framework nist-800-53
CA-3.7
Transitive Information Exchanges
Identify transitive (downstream) information exchanges with other systems through the systems identified in [CA-3a](#ca-3_smt.a) ; and Take measures to ensure that transitive (downstream) information exchanges cease when the controls on identified transitive (downstream) systems cannot be verified or validated.
family CA framework nist-800-53
CA-4
Security Certification
family CA framework nist-800-53
CA-5
Plan of Action and Milestones
Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and Update existing plan of action and milestones {{ insert: param, ca-05_odp }} based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.
family CA framework nist-800-53
CA-5.1
Automation Support for Accuracy and Currency
Ensure the accuracy, currency, and availability of the plan of action and milestones for the system using {{ insert: param, ca-05.01_odp }}.
family CA framework nist-800-53
CA-6
Authorization
Assign a senior official as the authorizing official for the system; Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems; Ensure that the authorizing official for the system, before commencing operations: Accepts the use of common controls inherited by the system; and Authorizes the system to operate; Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems; Update the authorizations {{ insert: param, ca-06_odp }}.
family CA framework nist-800-53
CA-6.1
Joint Authorization, Intra-organization
Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.
family CA framework nist-800-53
CA-6.2
Joint Authorization, Inter-organization
Employ a joint authorization process for the system that includes multiple authorizing officials with at least one authorizing official from an organization external to the organization conducting the authorization.
family CA framework nist-800-53
CA-7
Continuous Monitoring
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: Establishing the following system-level metrics to be monitored: {{ insert: param, ca-07_odp.01 }}; Establishing {{ insert: param, ca-07_odp.02 }} for monitoring and {{ insert: param, ca-07_odp.03 }} for assessment of control effectiveness; Ongoing control assessments in accordance with the continuous monitoring strategy; Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy; Correlation and analysis of information generated by control assessments and monitoring; Response actions to address results of the analysis of control assessment and monitoring information; and Reporting the security and privacy status of the system to {{ insert: param, ca-7_prm_4 }} {{ insert: param, ca-7_prm_5 }}.
family CA framework nist-800-53
CA-7.1
Independent Assessment
Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.
family CA framework nist-800-53
CA-7.2
Types of Assessments
family CA framework nist-800-53
CA-7.3
Trend Analyses
Employ trend analyses to determine if control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process need to be modified based on empirical data.
family CA framework nist-800-53
CA-7.4
Risk Monitoring
Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following: Effectiveness monitoring; Compliance monitoring; and Change monitoring.
family CA framework nist-800-53
CA-7.5
Consistency Analysis
Employ the following actions to validate that policies are established and implemented controls are operating in a consistent manner: {{ insert: param, ca-7.5_prm_1 }}.
family CA framework nist-800-53
CA-7.6
Automation Support for Monitoring
Ensure the accuracy, currency, and availability of monitoring results for the system using {{ insert: param, ca-07.06_odp }}.
family CA framework nist-800-53
CA-8
Penetration Testing
Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.
family CA framework nist-800-53
CA-8.1
Independent Penetration Testing Agent or Team
Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.
family CA framework nist-800-53
CA-8.2
Red Team Exercises
Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: {{ insert: param, ca-08.02_odp }}.
family CA framework nist-800-53
CA-8.3
Facility Penetration Testing
Employ a penetration testing process that includes {{ insert: param, ca-08.03_odp.01 }} {{ insert: param, ca-08.03_odp.02 }} attempts to bypass or circumvent controls associated with physical access points to the facility.
family CA framework nist-800-53
CA-9
Internal System Connections
Authorize internal connections of {{ insert: param, ca-09_odp.01 }} to the system; Document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated; Terminate internal system connections after {{ insert: param, ca-09_odp.02 }} ; and Review {{ insert: param, ca-09_odp.03 }} the continued need for each internal connection.
family CA framework nist-800-53
CA-9.1
Compliance Checks
Perform security and privacy compliance checks on constituent system components prior to the establishment of the internal connection.
family CA framework nist-800-53
CM-02
Baseline Configuration
family CM framework nist-800-53
CM-03
Configuration Change Control
family CM framework nist-800-53
CM-05
Access Restrictions for Change
family CM framework nist-800-53
CM-06
Configuration Settings
family CM framework nist-800-53
CM-07
Least Functionality
family CM framework nist-800-53
CM-08
System Component Inventory
family CM framework nist-800-53
CM-1
Policy and Procedures
Develop, document, and disseminate to {{ insert: param, cm-1_prm_1 }}: {{ insert: param, cm-01_odp.03 }} configuration management policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the configuration management policy and the associated configuration management controls; Designate an {{ insert: param, cm-01_odp.04 }} to manage the development, documentation, and dissemination of the configuration management policy and procedures; and Review and update the current configuration management: Policy {{ insert: param, cm-01_odp.05 }} and following {{ insert: param, cm-01_odp.06 }} ; and Procedures {{ insert: param, cm-01_odp.07 }} and following {{ insert: param, cm-01_odp.08 }}.
family CM framework nist-800-53
CM-10
Software Usage Restrictions
Use software and associated documentation in accordance with contract agreements and copyright laws; Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
family CM framework nist-800-53
CM-10.1
Open-source Software
Establish the following restrictions on the use of open-source software: {{ insert: param, cm-10.01_odp }}.
family CM framework nist-800-53
CM-11
User-installed Software
Establish {{ insert: param, cm-11_odp.01 }} governing the installation of software by users; Enforce software installation policies through the following methods: {{ insert: param, cm-11_odp.02 }} ; and Monitor policy compliance {{ insert: param, cm-11_odp.03 }}.
family CM framework nist-800-53
CM-11.1
Alerts for Unauthorized Installations
family CM framework nist-800-53
CM-11.2
Software Installation with Privileged Status
Allow user installation of software only with explicit privileged status.
family CM framework nist-800-53
CM-11.3
Automated Enforcement and Monitoring
Enforce and monitor compliance with software installation policies using {{ insert: param, cm-11.3_prm_1 }}.
family CM framework nist-800-53
CM-12
Information Location
Identify and document the location of {{ insert: param, cm-12_odp }} and the specific system components on which the information is processed and stored; Identify and document the users who have access to the system and system components where the information is processed and stored; and Document changes to the location (i.e., system or system components) where the information is processed and stored.
family CM framework nist-800-53
CM-12.1
Automated Tools to Support Information Location
Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.
family CM framework nist-800-53
CM-13
Data Action Mapping
Develop and document a map of system data actions.
family CM framework nist-800-53
CM-14
Signed Components
Prevent the installation of {{ insert: param, cm-14_prm_1 }} without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.
family CM framework nist-800-53
CM-2
Baseline Configuration
Develop, document, and maintain under configuration control, a current baseline configuration of the system; and Review and update the baseline configuration of the system: {{ insert: param, cm-02_odp.01 }}; When required due to {{ insert: param, cm-02_odp.02 }} ; and When system components are installed or upgraded.
family CM framework nist-800-53
CM-2.1
Reviews and Updates
family CM framework nist-800-53
CM-2.2
Automation Support for Accuracy and Currency
Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using {{ insert: param, cm-02.02_odp }}.
family CM framework nist-800-53
CM-2.3
Retention of Previous Configurations
Retain {{ insert: param, cm-02.03_odp }} of previous versions of baseline configurations of the system to support rollback.
family CM framework nist-800-53
CM-2.4
Unauthorized Software
family CM framework nist-800-53
CM-2.5
Authorized Software
family CM framework nist-800-53
CM-2.6
Development and Test Environments
Maintain a baseline configuration for system development and test environments that is managed separately from the operational baseline configuration.
family CM framework nist-800-53
CM-2.7
Configure Systems and Components for High-risk Areas
Issue {{ insert: param, cm-02.07_odp.01 }} with {{ insert: param, cm-02.07_odp.02 }} to individuals traveling to locations that the organization deems to be of significant risk; and Apply the following controls to the systems or components when the individuals return from travel: {{ insert: param, cm-02.07_odp.03 }}.
family CM framework nist-800-53
CM-3
Configuration Change Control
Determine and document the types of changes to the system that are configuration-controlled; Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses; Document configuration change decisions associated with the system; Implement approved configuration-controlled changes to the system; Retain records of configuration-controlled changes to the system for {{ insert: param, cm-03_odp.01 }}; Monitor and review activities associated with configuration-controlled changes to the system; and Coordinate and provide oversight for configuration change control activities through {{ insert: param, cm-03_odp.02 }} that convenes {{ insert: param, cm-03_odp.03 }}.
family CM framework nist-800-53
CM-3.1
Automated Documentation, Notification, and Prohibition of Changes
Use {{ insert: param, cm-03.01_odp.01 }} to: Document proposed changes to the system; Notify {{ insert: param, cm-03.01_odp.02 }} of proposed changes to the system and request change approval; Highlight proposed changes to the system that have not been approved or disapproved within {{ insert: param, cm-03.01_odp.03 }}; Prohibit changes to the system until designated approvals are received; Document all changes to the system; and Notify {{ insert: param, cm-03.01_odp.04 }} when approved changes to the system are completed.
family CM framework nist-800-53
CM-3.2
Testing, Validation, and Documentation of Changes
Test, validate, and document changes to the system before finalizing the implementation of the changes.
family CM framework nist-800-53
CM-3.3
Automated Change Implementation
Implement changes to the current system baseline and deploy the updated baseline across the installed base using {{ insert: param, cm-03.03_odp }}.
family CM framework nist-800-53
CM-3.4
Security and Privacy Representatives
Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}.
family CM framework nist-800-53
CM-3.5
Automated Security Response
Implement the following security responses automatically if baseline configurations are changed in an unauthorized manner: {{ insert: param, cm-03.05_odp }}.
family CM framework nist-800-53
CM-3.6
Cryptography Management
Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: {{ insert: param, cm-03.06_odp }}.
family CM framework nist-800-53
CM-3.7
Review System Changes
Review changes to the system {{ insert: param, cm-03.07_odp.01 }} or when {{ insert: param, cm-03.07_odp.02 }} to determine whether unauthorized changes have occurred.
family CM framework nist-800-53
CM-3.8
Prevent or Restrict Configuration Changes
Prevent or restrict changes to the configuration of the system under the following circumstances: {{ insert: param, cm-03.08_odp }}.
family CM framework nist-800-53
CM-4
Impact Analyses
Analyze changes to the system to determine potential security and privacy impacts prior to change implementation.
family CM framework nist-800-53
CM-4.1
Separate Test Environments
Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, or intentional malice.
family CM framework nist-800-53
CM-4.2
Verification of Controls
After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system.
family CM framework nist-800-53
CM-5
Access Restrictions for Change
Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.
family CM framework nist-800-53
CM-5.1
Automated Access Enforcement and Audit Records
Enforce access restrictions using {{ insert: param, cm-05.01_odp }} ; and Automatically generate audit records of the enforcement actions.
family CM framework nist-800-53
CM-5.2
Review System Changes
family CM framework nist-800-53
CM-5.3
Signed Components
family CM framework nist-800-53
CM-5.4
Dual Authorization
Enforce dual authorization for implementing changes to {{ insert: param, cm-5.4_prm_1 }}.
family CM framework nist-800-53
CM-5.5
Privilege Limitation for Production and Operation
Limit privileges to change system components and system-related information within a production or operational environment; and Review and reevaluate privileges {{ insert: param, cm-5.5_prm_1 }}.
family CM framework nist-800-53
CM-5.6
Limit Library Privileges
Limit privileges to change software resident within software libraries.
family CM framework nist-800-53
CM-5.7
Automatic Implementation of Security Safeguards
family CM framework nist-800-53
Showing 241-320 of 1,246
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin