14 frameworks127 controls

CROSSWALKFramework crosswalk

14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.

Cells coloured by Jaccard similarity of technique sets.

01

	DORA	ISO 27001	PCI DSS v4	CIS v8	NIS2	OWASP API Top 10	OWASP LLM Top 10	OWASP Top 10	ISO 27701	EU AI Act	GDPR	NIST CSF	TIBER-EU
DORA		0.40	0.36	0.48	0.54	0.23	0.31	0.33	0.29	0.26	0.45	0.46	0.19
ISO 27001	0.40		0.33	0.53	0.44	0.30	0.29	0.34	0.28	0.25	0.40	0.36	0.14
PCI DSS v4	0.36	0.33		0.41	0.41	0.33	0.35	0.33	0.39	0.40	0.30	0.33	0.29
CIS v8	0.48	0.53	0.41		0.54	0.33	0.33	0.39	0.29	0.30	0.51	0.48	0.19
NIS2	0.54	0.44	0.41	0.54		0.33	0.36	0.32	0.32	0.27	0.45	0.47	0.22
OWASP API Top 10	0.23	0.30	0.33	0.33	0.33		0.36	0.35	0.26	0.20	0.25	0.31	0.11
OWASP LLM Top 10	0.31	0.29	0.35	0.33	0.36	0.36		0.39	0.39	0.31	0.37	0.39	0.21
OWASP Top 10	0.33	0.34	0.33	0.39	0.32	0.35	0.39		0.28	0.27	0.31	0.35	0.17
ISO 27701	0.29	0.28	0.39	0.29	0.32	0.26	0.39	0.28		0.30	0.38	0.26	0.29
EU AI Act	0.26	0.25	0.40	0.30	0.27	0.20	0.31	0.27	0.30		0.40	0.31	0.27
GDPR	0.45	0.40	0.30	0.51	0.45	0.25	0.37	0.31	0.38	0.40		0.44	0.21
NIST CSF	0.46	0.36	0.33	0.48	0.47	0.31	0.39	0.35	0.26	0.31	0.44		0.18
EU CRA
TIBER-EU	0.19	0.14	0.29	0.19	0.22	0.11	0.21	0.17	0.29	0.27	0.21	0.18

NIST CSF ↔ EU AI Act — 20 shared techniques

Clear ✕

Control A	Control B	Shared	Examples
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Art. 15 Accuracy, robustness and cybersecurity	10	T1190, T1566, T1547, T1068
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Art. 10 Data and data governance	9	T1190, T1566, T1547, T1068
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Art. 15 Accuracy, robustness and cybersecurity	7	T1078, T1068, T1027, T1003
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Art. 10 Data and data governance	6	T1078, T1068, T1027, T1003
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Art. 12 Record keeping	5	T1547.001, T1070.004, T1003, T1087
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Art. 10 Data and data governance	5	T1083, T1003, T1190, T1005
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Art. 15 Accuracy, robustness and cybersecurity	5	T1087, T1083, T1003, T1190
RESPOND RESPOND (RS) — Take action regarding a detected…	Art. 10 Data and data governance	5	T1190, T1068, T1005, T1041
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Art. 12 Record keeping	4	T1059, T1003, T1087, T1071
RECOVER RECOVER (RC) — Restore assets and operations af…	Art. 10 Data and data governance	4	T1485, T1490, T1005, T1041
RECOVER RECOVER (RC) — Restore assets and operations af…	Art. 12 Record keeping	4	T1485, T1490, T1562.001, T1041
RESPOND RESPOND (RS) — Take action regarding a detected…	Art. 15 Accuracy, robustness and cybersecurity	4	T1190, T1068, T1005, T1041
RECOVER RECOVER (RC) — Restore assets and operations af…	Art. 15 Accuracy, robustness and cybersecurity	3	T1485, T1005, T1041
RESPOND RESPOND (RS) — Take action regarding a detected…	Art. 12 Record keeping	3	T1070.004, T1041, T1547.001
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Art. 12 Record keeping	2	T1087, T1003
DETECT DETECT (DE) — Find and analyse possible cyberse…	Art. 10 Data and data governance	1	T1005
DETECT DETECT (DE) — Find and analyse possible cyberse…	Art. 15 Accuracy, robustness and cybersecurity	1	T1005

Show non-overlap — NIST CSF techniques NOT covered by EU AI Act (38)

T1003.001, T1004, T1009, T1011.001, T1014, T1015, T1018, T1021, T1021.001, T1033, T1035, T1036, T1036.003, T1037.001, T1038, T1046, T1048.003, T1049, T1053, T1053.005, T1055, T1056, T1059.003, T1071.001, T1087.001, T1098, T1133, T1195, T1491, T1498, T1529, T1531, T1552.001, T1561.001, T1561.002, T1565.001, T1566.001, T1595

Sourced from cs-graph compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.