14 frameworks127 controls

CROSSWALKFramework crosswalk

14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.

Cells coloured by Jaccard similarity of technique sets.

01

	DORA	ISO 27001	PCI DSS v4	CIS v8	NIS2	OWASP API Top 10	OWASP LLM Top 10	OWASP Top 10	ISO 27701	EU AI Act	GDPR	NIST CSF	TIBER-EU
DORA		0.40	0.36	0.48	0.54	0.23	0.31	0.33	0.29	0.26	0.45	0.46	0.19
ISO 27001	0.40		0.33	0.53	0.44	0.30	0.29	0.34	0.28	0.25	0.40	0.36	0.14
PCI DSS v4	0.36	0.33		0.41	0.41	0.33	0.35	0.33	0.39	0.40	0.30	0.33	0.29
CIS v8	0.48	0.53	0.41		0.54	0.33	0.33	0.39	0.29	0.30	0.51	0.48	0.19
NIS2	0.54	0.44	0.41	0.54		0.33	0.36	0.32	0.32	0.27	0.45	0.47	0.22
OWASP API Top 10	0.23	0.30	0.33	0.33	0.33		0.36	0.35	0.26	0.20	0.25	0.31	0.11
OWASP LLM Top 10	0.31	0.29	0.35	0.33	0.36	0.36		0.39	0.39	0.31	0.37	0.39	0.21
OWASP Top 10	0.33	0.34	0.33	0.39	0.32	0.35	0.39		0.28	0.27	0.31	0.35	0.17
ISO 27701	0.29	0.28	0.39	0.29	0.32	0.26	0.39	0.28		0.30	0.38	0.26	0.29
EU AI Act	0.26	0.25	0.40	0.30	0.27	0.20	0.31	0.27	0.30		0.40	0.31	0.27
GDPR	0.45	0.40	0.30	0.51	0.45	0.25	0.37	0.31	0.38	0.40		0.44	0.21
NIST CSF	0.46	0.36	0.33	0.48	0.47	0.31	0.39	0.35	0.26	0.31	0.44		0.18
EU CRA
TIBER-EU	0.19	0.14	0.29	0.19	0.22	0.11	0.21	0.17	0.29	0.27	0.21	0.18

EU AI Act ↔ NIST CSF — 20 shared techniques

Clear ✕

Control A	Control B	Shared	Examples
Art. 15 Accuracy, robustness and cybersecurity	PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	10	T1190, T1566, T1547, T1068
Art. 10 Data and data governance	PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	9	T1190, T1566, T1547, T1068
Art. 15 Accuracy, robustness and cybersecurity	GOVERN GOVERN (GV) — Establish and monitor the cyberse…	7	T1078, T1068, T1027, T1003
Art. 10 Data and data governance	GOVERN GOVERN (GV) — Establish and monitor the cyberse…	6	T1078, T1068, T1027, T1003
Art. 10 Data and data governance	IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	5	T1190, T1003, T1083, T1005
Art. 10 Data and data governance	RESPOND RESPOND (RS) — Take action regarding a detected…	5	T1190, T1068, T1005, T1041
Art. 12 Record keeping	GOVERN GOVERN (GV) — Establish and monitor the cyberse…	5	T1070.004, T1003, T1087, T1041
Art. 15 Accuracy, robustness and cybersecurity	IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	5	T1190, T1003, T1087, T1083
Art. 10 Data and data governance	RECOVER RECOVER (RC) — Restore assets and operations af…	4	T1005, T1041, T1485, T1490
Art. 12 Record keeping	PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	4	T1003, T1087, T1071, T1059
Art. 12 Record keeping	RECOVER RECOVER (RC) — Restore assets and operations af…	4	T1562.001, T1485, T1490, T1041
Art. 15 Accuracy, robustness and cybersecurity	RESPOND RESPOND (RS) — Take action regarding a detected…	4	T1190, T1068, T1005, T1041
Art. 12 Record keeping	RESPOND RESPOND (RS) — Take action regarding a detected…	3	T1070.004, T1041, T1547.001
Art. 15 Accuracy, robustness and cybersecurity	RECOVER RECOVER (RC) — Restore assets and operations af…	3	T1005, T1041, T1485
Art. 12 Record keeping	IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	2	T1003, T1087
Art. 10 Data and data governance	DETECT DETECT (DE) — Find and analyse possible cyberse…	1	T1005
Art. 15 Accuracy, robustness and cybersecurity	DETECT DETECT (DE) — Find and analyse possible cyberse…	1	T1005

Show non-overlap — EU AI Act techniques NOT covered by NIST CSF (7)

T1070.001, T1070.002, T1070.003, T1074, T1136.001, T1561, T1562.004

Sourced from cs-graph compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.