14 frameworks127 controls

CROSSWALKFramework crosswalk

14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.

Cells coloured by Jaccard similarity of technique sets.

01

	DORA	ISO 27001	PCI DSS v4	CIS v8	NIS2	OWASP API Top 10	OWASP LLM Top 10	OWASP Top 10	ISO 27701	EU AI Act	GDPR	NIST CSF	TIBER-EU
DORA		0.40	0.36	0.48	0.54	0.23	0.31	0.33	0.29	0.26	0.45	0.46	0.19
ISO 27001	0.40		0.33	0.53	0.44	0.30	0.29	0.34	0.28	0.25	0.40	0.36	0.14
PCI DSS v4	0.36	0.33		0.41	0.41	0.33	0.35	0.33	0.39	0.40	0.30	0.33	0.29
CIS v8	0.48	0.53	0.41		0.54	0.33	0.33	0.39	0.29	0.30	0.51	0.48	0.19
NIS2	0.54	0.44	0.41	0.54		0.33	0.36	0.32	0.32	0.27	0.45	0.47	0.22
OWASP API Top 10	0.23	0.30	0.33	0.33	0.33		0.36	0.35	0.26	0.20	0.25	0.31	0.11
OWASP LLM Top 10	0.31	0.29	0.35	0.33	0.36	0.36		0.39	0.39	0.31	0.37	0.39	0.21
OWASP Top 10	0.33	0.34	0.33	0.39	0.32	0.35	0.39		0.28	0.27	0.31	0.35	0.17
ISO 27701	0.29	0.28	0.39	0.29	0.32	0.26	0.39	0.28		0.30	0.38	0.26	0.29
EU AI Act	0.26	0.25	0.40	0.30	0.27	0.20	0.31	0.27	0.30		0.40	0.31	0.27
GDPR	0.45	0.40	0.30	0.51	0.45	0.25	0.37	0.31	0.38	0.40		0.44	0.21
NIST CSF	0.46	0.36	0.33	0.48	0.47	0.31	0.39	0.35	0.26	0.31	0.44		0.18
EU CRA
TIBER-EU	0.19	0.14	0.29	0.19	0.22	0.11	0.21	0.17	0.29	0.27	0.21	0.18

EU AI Act ↔ OWASP Top 10 — 19 shared techniques

Clear ✕

Control A	Control B	Shared	Examples
Art. 10 Data and data governance	A03:2021 Injection	8	T1190, T1068, T1027, T1003
Art. 10 Data and data governance	A06:2021 Vulnerable and Outdated Components	8	T1190, T1547, T1068, T1003
Art. 15 Accuracy, robustness and cybersecurity	A09:2021 Security Logging and Monitoring Failures	8	T1190, T1078, T1547, T1070
Art. 10 Data and data governance	A09:2021 Security Logging and Monitoring Failures	7	T1190, T1078, T1547, T1003
Art. 12 Record keeping	A08:2021 Software and Data Integrity Failures	7	T1562.001, T1485, T1490, T1003
Art. 15 Accuracy, robustness and cybersecurity	A03:2021 Injection	7	T1190, T1068, T1027, T1003
Art. 15 Accuracy, robustness and cybersecurity	A06:2021 Vulnerable and Outdated Components	7	T1190, T1547, T1068, T1003
Art. 10 Data and data governance	A08:2021 Software and Data Integrity Failures	6	T1027, T1003, T1005, T1041
Art. 10 Data and data governance	A10:2021 Server-Side Request Forgery (SSRF)	5	T1190, T1068, T1083, T1005
Art. 12 Record keeping	A03:2021 Injection	5	T1490, T1003, T1041, T1547.001
Art. 12 Record keeping	A09:2021 Security Logging and Monitoring Failures	5	T1003, T1087, T1071, T1041
Art. 15 Accuracy, robustness and cybersecurity	A08:2021 Software and Data Integrity Failures	5	T1027, T1003, T1005, T1041
Art. 15 Accuracy, robustness and cybersecurity	A10:2021 Server-Side Request Forgery (SSRF)	5	T1190, T1068, T1083, T1005
Art. 10 Data and data governance	A07:2021 Identification and Authentication Failures	4	T1078, T1003, T1041, T1486
Art. 10 Data and data governance	A02:2021 Cryptographic Failures	3	T1083, T1005, T1041
Art. 12 Record keeping	A06:2021 Vulnerable and Outdated Components	3	T1003, T1071, T1041
Art. 15 Accuracy, robustness and cybersecurity	A02:2021 Cryptographic Failures	3	T1083, T1005, T1041
Art. 15 Accuracy, robustness and cybersecurity	A07:2021 Identification and Authentication Failures	3	T1078, T1003, T1041
Art. 12 Record keeping	A02:2021 Cryptographic Failures	2	T1562.001, T1041
Art. 12 Record keeping	A07:2021 Identification and Authentication Failures	2	T1003, T1041
Art. 12 Record keeping	A10:2021 Server-Side Request Forgery (SSRF)	1	T1071

Show non-overlap — EU AI Act techniques NOT covered by OWASP Top 10 (8)

T1070.001, T1070.002, T1070.003, T1070.004, T1074, T1561, T1562.004, T1566

Sourced from cs-graph compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.