National Institute of Standards in Technology (NIST) Special Publication 800-53 provides a catalog of security and privacy controls for the protection of information systems and organizations from a diverse set of threats and risks. These mappings provide resources for security control coverage against real-world threats as described in the MITRE ATT&CK® knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.
NIST 800-53 Versions: rev5, rev4 ATT&CK Versions: 14.1, 12.1, 10.1, 9.0, 8.2 ATT&CK Domain: Enterprise
ID | Capability Group Name | Number of Mappings | Number of Capabilities |
|---|---|---|---|
| AC | Access Control | 1328 | 18 |
| CA | Security Assessment and Authorization | 277 | 4 |
| CM | Configuration Management | 1120 | 9 |
| SC | System and Communications Protection | 513 | 31 |
| SI | System and Information Integrity | 1085 | 12 |
| CP | Contingency Planning | 65 | 5 |
| IA | Identification and Authentication | 353 | 10 |
| SA | System and Services Acquisition | 126 | 10 |
| RA | Risk Assessment | 122 | 3 |
| MP | Media Protection | 6 | 1 |
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-04 | Information Flow Enforcement | Protects | T1001 | Data Obfuscation |
| CA-07 | Continuous Monitoring | Protects | T1001 | Data Obfuscation |
| CM-02 | Baseline Configuration | Protects | T1001 | Data Obfuscation |
| CM-06 | Configuration Settings | Protects | T1001 | Data Obfuscation |
| SC-07 | Boundary Protection | Protects | T1001 | Data Obfuscation |
| SI-03 | Malicious Code Protection | Protects | T1001 | Data Obfuscation |
| SI-04 | System Monitoring | Protects | T1001 | Data Obfuscation |
| AC-04 | Information Flow Enforcement | Protects | T1001.001 | Junk Data |
| CA-07 | Continuous Monitoring | Protects | T1001.001 | Junk Data |
| CM-02 | Baseline Configuration | Protects | T1001.001 | Junk Data |
