14 frameworks127 controls
CROSSWALKFramework crosswalk
14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.
Cells coloured by Jaccard similarity of technique sets.
01
| DORA | ISO 27001 | PCI DSS v4 | CIS v8 | NIS2 | OWASP API Top 10 | OWASP LLM Top 10 | OWASP Top 10 | ISO 27701 | EU AI Act | GDPR | NIST CSF | EU CRA | TIBER-EU | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DORA | 0.40 | 0.36 | 0.48 | 0.54 | 0.23 | 0.31 | 0.33 | 0.29 | 0.26 | 0.45 | 0.46 | 0.19 | ||
| ISO 27001 | 0.40 | 0.33 | 0.53 | 0.44 | 0.30 | 0.29 | 0.34 | 0.28 | 0.25 | 0.40 | 0.36 | 0.14 | ||
| PCI DSS v4 | 0.36 | 0.33 | 0.41 | 0.41 | 0.33 | 0.35 | 0.33 | 0.39 | 0.40 | 0.30 | 0.33 | 0.29 | ||
| CIS v8 | 0.48 | 0.53 | 0.41 | 0.54 | 0.33 | 0.33 | 0.39 | 0.29 | 0.30 | 0.51 | 0.48 | 0.19 | ||
| NIS2 | 0.54 | 0.44 | 0.41 | 0.54 | 0.33 | 0.36 | 0.32 | 0.32 | 0.27 | 0.45 | 0.47 | 0.22 | ||
| OWASP API Top 10 | 0.23 | 0.30 | 0.33 | 0.33 | 0.33 | 0.36 | 0.35 | 0.26 | 0.20 | 0.25 | 0.31 | 0.11 | ||
| OWASP LLM Top 10 | 0.31 | 0.29 | 0.35 | 0.33 | 0.36 | 0.36 | 0.39 | 0.39 | 0.31 | 0.37 | 0.39 | 0.21 | ||
| OWASP Top 10 | 0.33 | 0.34 | 0.33 | 0.39 | 0.32 | 0.35 | 0.39 | 0.28 | 0.27 | 0.31 | 0.35 | 0.17 | ||
| ISO 27701 | 0.29 | 0.28 | 0.39 | 0.29 | 0.32 | 0.26 | 0.39 | 0.28 | 0.30 | 0.38 | 0.26 | 0.29 | ||
| EU AI Act | 0.26 | 0.25 | 0.40 | 0.30 | 0.27 | 0.20 | 0.31 | 0.27 | 0.30 | 0.40 | 0.31 | 0.27 | ||
| GDPR | 0.45 | 0.40 | 0.30 | 0.51 | 0.45 | 0.25 | 0.37 | 0.31 | 0.38 | 0.40 | 0.44 | 0.21 | ||
| NIST CSF | 0.46 | 0.36 | 0.33 | 0.48 | 0.47 | 0.31 | 0.39 | 0.35 | 0.26 | 0.31 | 0.44 | 0.18 | ||
| EU CRA | ||||||||||||||
| TIBER-EU | 0.19 | 0.14 | 0.29 | 0.19 | 0.22 | 0.11 | 0.21 | 0.17 | 0.29 | 0.27 | 0.21 | 0.18 |
ISO 27001 ↔ NIST CSF — 35 shared techniques
Clear ✕| Control A | Control B | Shared | Examples |
|---|---|---|---|
| A.5.7 Threat intelligence | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 12 | T1190, T1566, T1059, T1547 |
| A.8.16 Monitoring activities | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 11 | T1059, T1547, T1068, T1070 |
| A.8.21 Security of network services | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 10 | T1133, T1078, T1068, T1027 |
| A.8.25 Secure development life cycle | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 10 | T1133, T1547.001, T1068, T1027 |
| A.8.8 Management of technical vulnerabilities | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 9 | T1190, T1068, T1059, T1027 |
| A.8.9 Configuration management | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 9 | T1133, T1547.001, T1068, T1003 |
| A.8.9 Configuration management | RESPOND RESPOND (RS) — Take action regarding a detected… | 9 | T1190, T1547.001, T1068, T1087.001 |
| A.8.16 Monitoring activities | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 8 | T1078, T1133, T1068, T1003 |
| A.8.26 Application security requirements | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 8 | T1078, T1068, T1055, T1133 |
| A.8.28 Secure coding | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 8 | T1133, T1547.001, T1068, T1027 |
| A.8.28 Secure coding | RESPOND RESPOND (RS) — Take action regarding a detected… | 8 | T1190, T1547.001, T1068, T1070.004 |
| A.8.2 Privileged access rights | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 8 | T1003, T1068, T1021, T1070 |
| A.8.8 Management of technical vulnerabilities | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 8 | T1068, T1055, T1027, T1003 |
| A.5.7 Threat intelligence | IDENTIFY IDENTIFY (ID) — Understand organisational cyber… | 7 | T1190, T1036, T1003, T1087 |
| A.8.16 Monitoring activities | IDENTIFY IDENTIFY (ID) — Understand organisational cyber… | 7 | T1036, T1003, T1046, T1087 |
| A.8.23 Web filtering | RESPOND RESPOND (RS) — Take action regarding a detected… | 7 | T1071.001, T1041, T1005, T1068 |
| A.8.26 Application security requirements | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 7 | T1190, T1059, T1068, T1003 |
| A.8.2 Privileged access rights | IDENTIFY IDENTIFY (ID) — Understand organisational cyber… | 7 | T1003, T1053, T1021, T1087 |
| A.5.7 Threat intelligence | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 6 | T1068, T1027, T1003, T1087 |
| A.8.21 Security of network services | RESPOND RESPOND (RS) — Take action regarding a detected… | 6 | T1190, T1068, T1070.004, T1021.001 |
| A.8.23 Web filtering | GOVERN GOVERN (GV) — Establish and monitor the cyberse… | 6 | T1041, T1027, T1005, T1068 |
| A.8.25 Secure development life cycle | RESPOND RESPOND (RS) — Take action regarding a detected… | 6 | T1190, T1547.001, T1068, T1021.001 |
| A.8.26 Application security requirements | IDENTIFY IDENTIFY (ID) — Understand organisational cyber… | 6 | T1190, T1003, T1083, T1021 |
| A.8.26 Application security requirements | RESPOND RESPOND (RS) — Take action regarding a detected… | 6 | T1190, T1068, T1070.004, T1005 |
| A.8.28 Secure coding | PROTECT PROTECT (PR) — Use safeguards to manage cyberse… | 6 | T1190, T1059, T1068, T1027 |
Showing top 25 of 83 control pairs.
Show non-overlap — ISO 27001 techniques NOT covered by NIST CSF (38)
T1003.002, T1003.003, T1003.005, T1012, T1016, T1021.002, T1021.003, T1027.011, T1036.001, T1040, T1048, T1048.001, T1071.004, T1078.002, T1078.003, T1078.004, T1087.004, T1090, T1098.001, T1110.002, T1136, T1136.003, T1189, T1203, T1204.001, T1526, T1530, T1535, T1537, T1543, T1543.003, T1548.001, T1548.002, T1552, T1553.004, T1567, T1573.001, T1574
compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.