14 frameworks127 controls
CROSSWALKFramework crosswalk
14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.
Cells coloured by Jaccard similarity of technique sets.
01
| DORA | ISO 27001 | PCI DSS v4 | CIS v8 | NIS2 | OWASP API Top 10 | OWASP LLM Top 10 | OWASP Top 10 | ISO 27701 | EU AI Act | GDPR | NIST CSF | EU CRA | TIBER-EU | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DORA | 0.40 | 0.36 | 0.48 | 0.54 | 0.23 | 0.31 | 0.33 | 0.29 | 0.26 | 0.45 | 0.46 | 0.19 | ||
| ISO 27001 | 0.40 | 0.33 | 0.53 | 0.44 | 0.30 | 0.29 | 0.34 | 0.28 | 0.25 | 0.40 | 0.36 | 0.14 | ||
| PCI DSS v4 | 0.36 | 0.33 | 0.41 | 0.41 | 0.33 | 0.35 | 0.33 | 0.39 | 0.40 | 0.30 | 0.33 | 0.29 | ||
| CIS v8 | 0.48 | 0.53 | 0.41 | 0.54 | 0.33 | 0.33 | 0.39 | 0.29 | 0.30 | 0.51 | 0.48 | 0.19 | ||
| NIS2 | 0.54 | 0.44 | 0.41 | 0.54 | 0.33 | 0.36 | 0.32 | 0.32 | 0.27 | 0.45 | 0.47 | 0.22 | ||
| OWASP API Top 10 | 0.23 | 0.30 | 0.33 | 0.33 | 0.33 | 0.36 | 0.35 | 0.26 | 0.20 | 0.25 | 0.31 | 0.11 | ||
| OWASP LLM Top 10 | 0.31 | 0.29 | 0.35 | 0.33 | 0.36 | 0.36 | 0.39 | 0.39 | 0.31 | 0.37 | 0.39 | 0.21 | ||
| OWASP Top 10 | 0.33 | 0.34 | 0.33 | 0.39 | 0.32 | 0.35 | 0.39 | 0.28 | 0.27 | 0.31 | 0.35 | 0.17 | ||
| ISO 27701 | 0.29 | 0.28 | 0.39 | 0.29 | 0.32 | 0.26 | 0.39 | 0.28 | 0.30 | 0.38 | 0.26 | 0.29 | ||
| EU AI Act | 0.26 | 0.25 | 0.40 | 0.30 | 0.27 | 0.20 | 0.31 | 0.27 | 0.30 | 0.40 | 0.31 | 0.27 | ||
| GDPR | 0.45 | 0.40 | 0.30 | 0.51 | 0.45 | 0.25 | 0.37 | 0.31 | 0.38 | 0.40 | 0.44 | 0.21 | ||
| NIST CSF | 0.46 | 0.36 | 0.33 | 0.48 | 0.47 | 0.31 | 0.39 | 0.35 | 0.26 | 0.31 | 0.44 | 0.18 | ||
| EU CRA | ||||||||||||||
| TIBER-EU | 0.19 | 0.14 | 0.29 | 0.19 | 0.22 | 0.11 | 0.21 | 0.17 | 0.29 | 0.27 | 0.21 | 0.18 |
OWASP LLM Top 10 ↔ DORA — 27 shared techniques
Clear ✕| Control A | Control B | Shared | Examples |
|---|---|---|---|
| LLM04:2025 Data and Model Poisoning | Art. 11 Response and recovery | 9 | T1078, T1547, T1068, T1036 |
| LLM04:2025 Data and Model Poisoning | Art. 28 General principles for ICT third-party risk | 9 | T1195, T1078, T1068, T1003 |
| LLM05:2025 Improper Output Handling | Art. 24 DORA-Art24__Q2.2026 | 9 | T1190, T1059, T1068, T1027 |
| LLM05:2025 Improper Output Handling | Art. 10 DORA-Art10__Q2.2026 | 8 | T1059, T1068, T1027, T1003 |
| LLM05:2025 Improper Output Handling | Art. 17 ICT-related incident management process | 8 | T1059, T1068, T1027, T1003 |
| LLM03:2025 Supply Chain | Art. 7 DORA-Art7__Q2.2026 | 7 | T1068, T1547.001, T1083, T1005 |
| LLM04:2025 Data and Model Poisoning | Art. 10 DORA-Art10__Q2.2026 | 7 | T1078, T1068, T1003, T1005 |
| LLM04:2025 Data and Model Poisoning | Art. 13 Learning and evolving | 7 | T1078, T1036, T1003, T1082 |
| LLM04:2025 Data and Model Poisoning | Art. 17 ICT-related incident management process | 7 | T1078, T1068, T1003, T1005 |
| LLM05:2025 Improper Output Handling | Art. 11 Response and recovery | 7 | T1068, T1027, T1003, T1021 |
| LLM05:2025 Improper Output Handling | Art. 25 Advanced testing of ICT tools, systems and proc… | 7 | T1190, T1059, T1068, T1027 |
| LLM05:2025 Improper Output Handling | Art. 7 DORA-Art7__Q2.2026 | 7 | T1190, T1068, T1027, T1083 |
| LLM06:2025 Excessive Agency | Art. 7 DORA-Art7__Q2.2026 | 7 | T1490, T1486, T1068, T1070.004 |
| LLM07:2025 System Prompt Leakage | Art. 7 DORA-Art7__Q2.2026 | 7 | T1566.001, T1190, T1083, T1027 |
| LLM04:2025 Data and Model Poisoning | Art. 12 Backup policies and recovery methods | 6 | T1003, T1083, T1005, T1039 |
| LLM04:2025 Data and Model Poisoning | Art. 24 DORA-Art24__Q2.2026 | 6 | T1078, T1068, T1003, T1005 |
| LLM05:2025 Improper Output Handling | Art. 28 General principles for ICT third-party risk | 6 | T1068, T1003, T1021, T1071 |
| LLM07:2025 System Prompt Leakage | Art. 12 Backup policies and recovery methods | 6 | T1083, T1003, T1027, T1005 |
| LLM02:2025 Sensitive Information Disclosure | Art. 10 DORA-Art10__Q2.2026 | 5 | T1005, T1041, T1087, T1018 |
| LLM02:2025 Sensitive Information Disclosure | Art. 12 Backup policies and recovery methods | 5 | T1005, T1041, T1083, T1018 |
| LLM03:2025 Supply Chain | Art. 25 Advanced testing of ICT tools, systems and proc… | 5 | T1068, T1547.001, T1005, T1041 |
| LLM04:2025 Data and Model Poisoning | Art. 25 Advanced testing of ICT tools, systems and proc… | 5 | T1078, T1068, T1003, T1005 |
| LLM04:2025 Data and Model Poisoning | Art. 6 DORA-Art6__Q2.2026 | 5 | T1078, T1068, T1003, T1005 |
| LLM04:2025 Data and Model Poisoning | Art. 7 DORA-Art7__Q2.2026 | 5 | T1068, T1083, T1005, T1041 |
| LLM04:2025 Data and Model Poisoning | Art. 9 DORA-Art9__Q2.2026 | 5 | T1036, T1003, T1005, T1021 |
Showing top 25 of 84 control pairs.
Show non-overlap — OWASP LLM Top 10 techniques NOT covered by DORA (26)
T1059.001, T1059.003, T1059.004, T1074, T1105, T1119, T1195.001, T1195.002, T1203, T1485, T1497.001, T1499, T1530, T1531, T1552, T1560, T1562, T1562.001, T1565.001, T1567, T1567.002, T1592, T1592.002, T1592.004, T1595, T1598
compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.