14 frameworks127 controls
CROSSWALKFramework crosswalk
14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.
Cells coloured by Jaccard similarity of technique sets.
01
| DORA | ISO 27001 | PCI DSS v4 | CIS v8 | NIS2 | OWASP API Top 10 | OWASP LLM Top 10 | OWASP Top 10 | ISO 27701 | EU AI Act | GDPR | NIST CSF | EU CRA | TIBER-EU | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DORA | 0.40 | 0.36 | 0.48 | 0.54 | 0.23 | 0.31 | 0.33 | 0.29 | 0.26 | 0.45 | 0.46 | 0.19 | ||
| ISO 27001 | 0.40 | 0.33 | 0.53 | 0.44 | 0.30 | 0.29 | 0.34 | 0.28 | 0.25 | 0.40 | 0.36 | 0.14 | ||
| PCI DSS v4 | 0.36 | 0.33 | 0.41 | 0.41 | 0.33 | 0.35 | 0.33 | 0.39 | 0.40 | 0.30 | 0.33 | 0.29 | ||
| CIS v8 | 0.48 | 0.53 | 0.41 | 0.54 | 0.33 | 0.33 | 0.39 | 0.29 | 0.30 | 0.51 | 0.48 | 0.19 | ||
| NIS2 | 0.54 | 0.44 | 0.41 | 0.54 | 0.33 | 0.36 | 0.32 | 0.32 | 0.27 | 0.45 | 0.47 | 0.22 | ||
| OWASP API Top 10 | 0.23 | 0.30 | 0.33 | 0.33 | 0.33 | 0.36 | 0.35 | 0.26 | 0.20 | 0.25 | 0.31 | 0.11 | ||
| OWASP LLM Top 10 | 0.31 | 0.29 | 0.35 | 0.33 | 0.36 | 0.36 | 0.39 | 0.39 | 0.31 | 0.37 | 0.39 | 0.21 | ||
| OWASP Top 10 | 0.33 | 0.34 | 0.33 | 0.39 | 0.32 | 0.35 | 0.39 | 0.28 | 0.27 | 0.31 | 0.35 | 0.17 | ||
| ISO 27701 | 0.29 | 0.28 | 0.39 | 0.29 | 0.32 | 0.26 | 0.39 | 0.28 | 0.30 | 0.38 | 0.26 | 0.29 | ||
| EU AI Act | 0.26 | 0.25 | 0.40 | 0.30 | 0.27 | 0.20 | 0.31 | 0.27 | 0.30 | 0.40 | 0.31 | 0.27 | ||
| GDPR | 0.45 | 0.40 | 0.30 | 0.51 | 0.45 | 0.25 | 0.37 | 0.31 | 0.38 | 0.40 | 0.44 | 0.21 | ||
| NIST CSF | 0.46 | 0.36 | 0.33 | 0.48 | 0.47 | 0.31 | 0.39 | 0.35 | 0.26 | 0.31 | 0.44 | 0.18 | ||
| EU CRA | ||||||||||||||
| TIBER-EU | 0.19 | 0.14 | 0.29 | 0.19 | 0.22 | 0.11 | 0.21 | 0.17 | 0.29 | 0.27 | 0.21 | 0.18 |
OWASP API Top 10 ↔ EU AI Act — 14 shared techniques
Clear ✕| Control A | Control B | Shared | Examples |
|---|---|---|---|
| API1:2023 Broken Object Level Authorization (BOLA) | Art. 10 Data and data governance | 7 | T1005, T1041, T1485, T1490 |
| API6:2023 Unrestricted Access to Sensitive Business Flows | Art. 15 Accuracy, robustness and cybersecurity | 7 | T1190, T1078, T1068, T1087 |
| API1:2023 Broken Object Level Authorization (BOLA) | Art. 15 Accuracy, robustness and cybersecurity | 6 | T1005, T1041, T1485, T1078 |
| API3:2023 Broken Object Property Level Authorization (BOPLA) | Art. 10 Data and data governance | 5 | T1078, T1485, T1490, T1003 |
| API3:2023 Broken Object Property Level Authorization (BOPLA) | Art. 12 Record keeping | 5 | T1087, T1485, T1490, T1003 |
| API3:2023 Broken Object Property Level Authorization (BOPLA) | Art. 15 Accuracy, robustness and cybersecurity | 5 | T1078, T1087, T1485, T1003 |
| API6:2023 Unrestricted Access to Sensitive Business Flows | Art. 10 Data and data governance | 5 | T1190, T1078, T1068, T1005 |
| API7:2023 Server-Side Request Forgery (SSRF) | Art. 10 Data and data governance | 4 | T1190, T1005, T1041, T1490 |
| API1:2023 Broken Object Level Authorization (BOLA) | Art. 12 Record keeping | 3 | T1041, T1485, T1490 |
| API6:2023 Unrestricted Access to Sensitive Business Flows | Art. 12 Record keeping | 3 | T1059, T1087, T1071 |
| API7:2023 Server-Side Request Forgery (SSRF) | Art. 15 Accuracy, robustness and cybersecurity | 3 | T1190, T1005, T1041 |
| API8:2023 Security Misconfiguration | Art. 10 Data and data governance | 3 | T1190, T1068, T1041 |
| API8:2023 Security Misconfiguration | Art. 15 Accuracy, robustness and cybersecurity | 3 | T1190, T1068, T1041 |
| API2:2023 Broken Authentication | Art. 10 Data and data governance | 2 | T1078, T1068 |
| API2:2023 Broken Authentication | Art. 15 Accuracy, robustness and cybersecurity | 2 | T1078, T1068 |
| API7:2023 Server-Side Request Forgery (SSRF) | Art. 12 Record keeping | 2 | T1041, T1490 |
| API8:2023 Security Misconfiguration | Art. 12 Record keeping | 2 | T1070.004, T1041 |
Show non-overlap — OWASP API Top 10 techniques NOT covered by EU AI Act (43)
T1003.001, T1003.008, T1018, T1020, T1021.001, T1046, T1055, T1059.003, T1071.001, T1074.001, T1078.004, T1082, T1087.001, T1087.004, T1090.003, T1098, T1098.005, T1110, T1110.003, T1110.004, T1119, T1133, T1136, T1498, T1498.001, T1499, T1530, T1537, T1539, T1550.001, T1550.004, T1552, T1552.001, T1552.007, T1552.008, T1556.006, T1562, T1565.001, T1567, T1572, T1592, T1595, T1595.002
compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.