NIST 800-53 Risk Assessment – Mappings Explorer

All Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
RA-10	Threat Hunting	Protects	T1068	Exploitation for Privilege Escalation
RA-10	Threat Hunting	Protects	T1190	Exploit Public-Facing Application
RA-10	Threat Hunting	Protects	T1195	Supply Chain Compromise
RA-10	Threat Hunting	Protects	T1195.001	Compromise Software Dependencies and Development Tools
RA-10	Threat Hunting	Protects	T1195.002	Compromise Software Supply Chain
RA-10	Threat Hunting	Protects	T1210	Exploitation of Remote Services
RA-10	Threat Hunting	Protects	T1211	Exploitation for Defense Evasion
RA-10	Threat Hunting	Protects	T1212	Exploitation for Credential Access
RA-5	Vulnerability Monitoring and Scanning	Protects	T1011.001	Exfiltration Over Bluetooth
RA-5	Vulnerability Monitoring and Scanning	Protects	T1021.001	Remote Desktop Protocol
RA-5	Vulnerability Monitoring and Scanning	Protects	T1021.003	Distributed Component Object Model
RA-5	Vulnerability Monitoring and Scanning	Protects	T1021.004	SSH
RA-5	Vulnerability Monitoring and Scanning	Protects	T1021.005	VNC
RA-5	Vulnerability Monitoring and Scanning	Protects	T1021.006	Windows Remote Management
RA-5	Vulnerability Monitoring and Scanning	Protects	T1046	Network Service Scanning
RA-5	Vulnerability Monitoring and Scanning	Protects	T1052	Exfiltration Over Physical Medium
RA-5	Vulnerability Monitoring and Scanning	Protects	T1052.001	Exfiltration over USB
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053	Scheduled Task/Job
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053.001	At (Linux)
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053.002	At (Windows)
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053.003	Cron
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053.004	Launchd
RA-5	Vulnerability Monitoring and Scanning	Protects	T1053.005	Scheduled Task
RA-5	Vulnerability Monitoring and Scanning	Protects	T1059	Command and Scripting Interpreter
RA-5	Vulnerability Monitoring and Scanning	Protects	T1059.001	PowerShell
RA-5	Vulnerability Monitoring and Scanning	Protects	T1059.005	Visual Basic
RA-5	Vulnerability Monitoring and Scanning	Protects	T1059.007	JavaScript
RA-5	Vulnerability Monitoring and Scanning	Protects	T1068	Exploitation for Privilege Escalation
RA-5	Vulnerability Monitoring and Scanning	Protects	T1078	Valid Accounts
RA-5	Vulnerability Monitoring and Scanning	Protects	T1091	Replication Through Removable Media
RA-5	Vulnerability Monitoring and Scanning	Protects	T1092	Communication Through Removable Media
RA-5	Vulnerability Monitoring and Scanning	Protects	T1098.004	SSH Authorized Keys
RA-5	Vulnerability Monitoring and Scanning	Protects	T1127	Trusted Developer Utilities Proxy Execution
RA-5	Vulnerability Monitoring and Scanning	Protects	T1127.001	MSBuild
RA-5	Vulnerability Monitoring and Scanning	Protects	T1133	External Remote Services
RA-5	Vulnerability Monitoring and Scanning	Protects	T1137	Office Application Startup
RA-5	Vulnerability Monitoring and Scanning	Protects	T1137.001	Office Template Macros
RA-5	Vulnerability Monitoring and Scanning	Protects	T1176	Browser Extensions
RA-5	Vulnerability Monitoring and Scanning	Protects	T1190	Exploit Public-Facing Application
RA-5	Vulnerability Monitoring and Scanning	Protects	T1195	Supply Chain Compromise
RA-5	Vulnerability Monitoring and Scanning	Protects	T1195.001	Compromise Software Dependencies and Development Tools
RA-5	Vulnerability Monitoring and Scanning	Protects	T1195.002	Compromise Software Supply Chain
RA-5	Vulnerability Monitoring and Scanning	Protects	T1204.003	Malicious Image
RA-5	Vulnerability Monitoring and Scanning	Protects	T1210	Exploitation of Remote Services
RA-5	Vulnerability Monitoring and Scanning	Protects	T1211	Exploitation for Defense Evasion
RA-5	Vulnerability Monitoring and Scanning	Protects	T1212	Exploitation for Credential Access
RA-5	Vulnerability Monitoring and Scanning	Protects	T1213	Data from Information Repositories
RA-5	Vulnerability Monitoring and Scanning	Protects	T1213.001	Confluence
RA-5	Vulnerability Monitoring and Scanning	Protects	T1213.002	Sharepoint
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218	Signed Binary Proxy Execution
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.003	CMSTP
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.004	InstallUtil
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.005	Mshta
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.008	Odbcconf
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.009	Regsvcs/Regasm
RA-5	Vulnerability Monitoring and Scanning	Protects	T1218.012	Verclsid
RA-5	Vulnerability Monitoring and Scanning	Protects	T1221	Template Injection
RA-5	Vulnerability Monitoring and Scanning	Protects	T1482	Domain Trust Discovery
RA-5	Vulnerability Monitoring and Scanning	Protects	T1484	Domain Policy Modification
RA-5	Vulnerability Monitoring and Scanning	Protects	T1505	Server Software Component
RA-5	Vulnerability Monitoring and Scanning	Protects	T1505.001	SQL Stored Procedures
RA-5	Vulnerability Monitoring and Scanning	Protects	T1505.002	Transport Agent
RA-5	Vulnerability Monitoring and Scanning	Protects	T1525	Implant Internal Image
RA-5	Vulnerability Monitoring and Scanning	Protects	T1528	Steal Application Access Token
RA-5	Vulnerability Monitoring and Scanning	Protects	T1530	Data from Cloud Storage Object
RA-5	Vulnerability Monitoring and Scanning	Protects	T1542.004	ROMMONkit
RA-5	Vulnerability Monitoring and Scanning	Protects	T1542.005	TFTP Boot
RA-5	Vulnerability Monitoring and Scanning	Protects	T1543	Create or Modify System Process
RA-5	Vulnerability Monitoring and Scanning	Protects	T1543.003	Windows Service
RA-5	Vulnerability Monitoring and Scanning	Protects	T1546.002	Screensaver
RA-5	Vulnerability Monitoring and Scanning	Protects	T1546.014	Emond
RA-5	Vulnerability Monitoring and Scanning	Protects	T1547.007	Re-opened Applications
RA-5	Vulnerability Monitoring and Scanning	Protects	T1547.008	LSASS Driver
RA-5	Vulnerability Monitoring and Scanning	Protects	T1548	Abuse Elevation Control Mechanism
RA-5	Vulnerability Monitoring and Scanning	Protects	T1548.002	Bypass User Account Control
RA-5	Vulnerability Monitoring and Scanning	Protects	T1548.003	Sudo and Sudo Caching
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552	Unsecured Credentials
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552.001	Credentials In Files
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552.002	Credentials in Registry
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552.004	Private Keys
RA-5	Vulnerability Monitoring and Scanning	Protects	T1552.006	Group Policy Preferences
RA-5	Vulnerability Monitoring and Scanning	Protects	T1557	Man-in-the-Middle
RA-5	Vulnerability Monitoring and Scanning	Protects	T1558.004	AS-REP Roasting
RA-5	Vulnerability Monitoring and Scanning	Protects	T1559	Inter-Process Communication
RA-5	Vulnerability Monitoring and Scanning	Protects	T1559.002	Dynamic Data Exchange
RA-5	Vulnerability Monitoring and Scanning	Protects	T1560	Archive Collected Data
RA-5	Vulnerability Monitoring and Scanning	Protects	T1560.001	Archive via Utility
RA-5	Vulnerability Monitoring and Scanning	Protects	T1562	Impair Defenses
RA-5	Vulnerability Monitoring and Scanning	Protects	T1563	Remote Service Session Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1563.001	SSH Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1563.002	RDP Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574	Hijack Execution Flow
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.001	DLL Search Order Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.004	Dylib Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.005	Executable Installer File Permissions Weakness
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.007	Path Interception by PATH Environment Variable
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.008	Path Interception by Search Order Hijacking
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.009	Path Interception by Unquoted Path
RA-5	Vulnerability Monitoring and Scanning	Protects	T1574.010	Services File Permissions Weakness
RA-5	Vulnerability Monitoring and Scanning	Protects	T1578	Modify Cloud Compute Infrastructure
RA-5	Vulnerability Monitoring and Scanning	Protects	T1578.001	Create Snapshot
RA-5	Vulnerability Monitoring and Scanning	Protects	T1578.002	Create Cloud Instance
RA-5	Vulnerability Monitoring and Scanning	Protects	T1578.003	Delete Cloud Instance
RA-5	Vulnerability Monitoring and Scanning	Protects	T1612	Build Image on Host
RA-9	Criticality Analysis	Protects	T1195.003	Compromise Hardware Supply Chain
RA-9	Criticality Analysis	Protects	T1495	Firmware Corruption
RA-9	Criticality Analysis	Protects	T1542	Pre-OS Boot
RA-9	Criticality Analysis	Protects	T1542.001	System Firmware
RA-9	Criticality Analysis	Protects	T1542.003	Bootkit
RA-9	Criticality Analysis	Protects	T1542.004	ROMMONkit
RA-9	Criticality Analysis	Protects	T1542.005	TFTP Boot
RA-9	Criticality Analysis	Protects	T1553	Subvert Trust Controls
RA-9	Criticality Analysis	Protects	T1553.006	Code Signing Policy Modification
RA-9	Criticality Analysis	Protects	T1601	Modify System Image
RA-9	Criticality Analysis	Protects	T1601.001	Patch System Image
RA-9	Criticality Analysis	Protects	T1601.002	Downgrade System Image

Capabilities

Capability ID	Capability Name	Number of Mappings
RA-10	Threat Hunting	8
RA-5	Vulnerability Monitoring and Scanning	96
RA-9	Criticality Analysis	12

NIST 800-53 Risk Assessment Capability Group

All Mappings

Capabilities