14 frameworks127 controls

CROSSWALKFramework crosswalk

14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.

Cells coloured by Jaccard similarity of technique sets.

01

	DORA	ISO 27001	PCI DSS v4	CIS v8	NIS2	OWASP API Top 10	OWASP LLM Top 10	OWASP Top 10	ISO 27701	EU AI Act	GDPR	NIST CSF	TIBER-EU
DORA		0.40	0.36	0.48	0.54	0.23	0.31	0.33	0.29	0.26	0.45	0.46	0.19
ISO 27001	0.40		0.33	0.53	0.44	0.30	0.29	0.34	0.28	0.25	0.40	0.36	0.14
PCI DSS v4	0.36	0.33		0.41	0.41	0.33	0.35	0.33	0.39	0.40	0.30	0.33	0.29
CIS v8	0.48	0.53	0.41		0.54	0.33	0.33	0.39	0.29	0.30	0.51	0.48	0.19
NIS2	0.54	0.44	0.41	0.54		0.33	0.36	0.32	0.32	0.27	0.45	0.47	0.22
OWASP API Top 10	0.23	0.30	0.33	0.33	0.33		0.36	0.35	0.26	0.20	0.25	0.31	0.11
OWASP LLM Top 10	0.31	0.29	0.35	0.33	0.36	0.36		0.39	0.39	0.31	0.37	0.39	0.21
OWASP Top 10	0.33	0.34	0.33	0.39	0.32	0.35	0.39		0.28	0.27	0.31	0.35	0.17
ISO 27701	0.29	0.28	0.39	0.29	0.32	0.26	0.39	0.28		0.30	0.38	0.26	0.29
EU AI Act	0.26	0.25	0.40	0.30	0.27	0.20	0.31	0.27	0.30		0.40	0.31	0.27
GDPR	0.45	0.40	0.30	0.51	0.45	0.25	0.37	0.31	0.38	0.40		0.44	0.21
NIST CSF	0.46	0.36	0.33	0.48	0.47	0.31	0.39	0.35	0.26	0.31	0.44		0.18
EU CRA
TIBER-EU	0.19	0.14	0.29	0.19	0.22	0.11	0.21	0.17	0.29	0.27	0.21	0.18

NIST CSF ↔ PCI DSS v4 — 24 shared techniques

Clear ✕

Control A	Control B	Shared	Examples
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Requirement 11 Test Security of Systems and Networks Regularly	9	T1190, T1547, T1068, T1003
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	9	T1190, T1566, T1068, T1003
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Requirement 11 Test Security of Systems and Networks Regularly	8	T1046, T1087, T1083, T1018
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Requirement 3 Protect Stored Account Data	7	T1547.001, T1068, T1070.004, T1027
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	7	T1078, T1133, T1068, T1003
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Requirement 10 Log and Monitor All Access to System Components…	7	T1190, T1003, T1087, T1021
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Requirement 3 Protect Stored Account Data	7	T1190, T1566, T1068, T1027
RESPOND RESPOND (RS) — Take action regarding a detected…	Requirement 3 Protect Stored Account Data	7	T1190, T1068, T1070.004, T1005
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Requirement 10 Log and Monitor All Access to System Components…	6	T1078, T1055, T1003, T1087
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Requirement 11 Test Security of Systems and Networks Regularly	6	T1068, T1003, T1087, T1046
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Requirement 10 Log and Monitor All Access to System Components…	6	T1087, T1003, T1190, T1021
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Requirement 3 Protect Stored Account Data	5	T1083, T1003, T1190, T1005
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	5	T1046, T1003, T1190, T1021
GOVERN GOVERN (GV) — Establish and monitor the cyberse…	Requirement 8 Identify Users and Authenticate Access to Syste…	4	T1078, T1133, T1003, T1087
PROTECT PROTECT (PR) — Use safeguards to manage cyberse…	Requirement 8 Identify Users and Authenticate Access to Syste…	4	T1003, T1087, T1021, T1071
RESPOND RESPOND (RS) — Take action regarding a detected…	Requirement 10 Log and Monitor All Access to System Components…	4	T1190, T1005, T1041, T1486
RESPOND RESPOND (RS) — Take action regarding a detected…	Requirement 11 Test Security of Systems and Networks Regularly	4	T1190, T1068, T1005, T1041
RESPOND RESPOND (RS) — Take action regarding a detected…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	4	T1190, T1068, T1005, T1041
IDENTIFY IDENTIFY (ID) — Understand organisational cyber…	Requirement 8 Identify Users and Authenticate Access to Syste…	3	T1087, T1003, T1021
RECOVER RECOVER (RC) — Restore assets and operations af…	Requirement 11 Test Security of Systems and Networks Regularly	3	T1490, T1005, T1041
RECOVER RECOVER (RC) — Restore assets and operations af…	Requirement 3 Protect Stored Account Data	3	T1485, T1005, T1041
DETECT DETECT (DE) — Find and analyse possible cyberse…	Requirement 11 Test Security of Systems and Networks Regularly	2	T1046, T1005
DETECT DETECT (DE) — Find and analyse possible cyberse…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	2	T1046, T1005
RECOVER RECOVER (RC) — Restore assets and operations af…	Requirement 10 Log and Monitor All Access to System Components…	2	T1005, T1041
RECOVER RECOVER (RC) — Restore assets and operations af…	Requirement 4 Protect Cardholder Data with Strong Cryptograph…	2	T1005, T1041

Showing top 25 of 29 control pairs.

Show non-overlap — NIST CSF techniques NOT covered by PCI DSS v4 (34)

T1003.001, T1004, T1009, T1011.001, T1014, T1015, T1021.001, T1033, T1035, T1036, T1036.003, T1037.001, T1038, T1048.003, T1049, T1053, T1053.005, T1059, T1059.003, T1070, T1071.001, T1087.001, T1195, T1491, T1498, T1529, T1531, T1552.001, T1561.001, T1561.002, T1562.001, T1565.001, T1566.001, T1595

Sourced from cs-graph compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.