14 frameworks127 controls

CROSSWALKFramework crosswalk

14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.

Cells coloured by Jaccard similarity of technique sets.

01

	DORA	ISO 27001	PCI DSS v4	CIS v8	NIS2	OWASP API Top 10	OWASP LLM Top 10	OWASP Top 10	ISO 27701	EU AI Act	GDPR	NIST CSF	TIBER-EU
DORA		0.40	0.36	0.48	0.54	0.23	0.31	0.33	0.29	0.26	0.45	0.46	0.19
ISO 27001	0.40		0.33	0.53	0.44	0.30	0.29	0.34	0.28	0.25	0.40	0.36	0.14
PCI DSS v4	0.36	0.33		0.41	0.41	0.33	0.35	0.33	0.39	0.40	0.30	0.33	0.29
CIS v8	0.48	0.53	0.41		0.54	0.33	0.33	0.39	0.29	0.30	0.51	0.48	0.19
NIS2	0.54	0.44	0.41	0.54		0.33	0.36	0.32	0.32	0.27	0.45	0.47	0.22
OWASP API Top 10	0.23	0.30	0.33	0.33	0.33		0.36	0.35	0.26	0.20	0.25	0.31	0.11
OWASP LLM Top 10	0.31	0.29	0.35	0.33	0.36	0.36		0.39	0.39	0.31	0.37	0.39	0.21
OWASP Top 10	0.33	0.34	0.33	0.39	0.32	0.35	0.39		0.28	0.27	0.31	0.35	0.17
ISO 27701	0.29	0.28	0.39	0.29	0.32	0.26	0.39	0.28		0.30	0.38	0.26	0.29
EU AI Act	0.26	0.25	0.40	0.30	0.27	0.20	0.31	0.27	0.30		0.40	0.31	0.27
GDPR	0.45	0.40	0.30	0.51	0.45	0.25	0.37	0.31	0.38	0.40		0.44	0.21
NIST CSF	0.46	0.36	0.33	0.48	0.47	0.31	0.39	0.35	0.26	0.31	0.44		0.18
EU CRA
TIBER-EU	0.19	0.14	0.29	0.19	0.22	0.11	0.21	0.17	0.29	0.27	0.21	0.18

ISO 27001 ↔ TIBER-EU — 11 shared techniques

Clear ✕

Control A	Control B	Shared	Examples
A.5.7 Threat intelligence	Preparation Phase TIBER-EU Preparation Phase	10	T1190, T1566, T1547, T1068
A.8.16 Monitoring activities	Preparation Phase TIBER-EU Preparation Phase	7	T1547, T1068, T1087, T1021
A.8.2 Privileged access rights	Preparation Phase TIBER-EU Preparation Phase	6	T1068, T1021, T1087, T1486
A.8.8 Management of technical vulnerabilities	Preparation Phase TIBER-EU Preparation Phase	6	T1190, T1068, T1027, T1021
A.8.26 Application security requirements	Preparation Phase TIBER-EU Preparation Phase	5	T1190, T1068, T1021, T1005
A.8.21 Security of network services	Preparation Phase TIBER-EU Preparation Phase	4	T1190, T1068, T1027, T1018
A.8.23 Web filtering	Preparation Phase TIBER-EU Preparation Phase	4	T1566, T1027, T1005, T1068
A.8.28 Secure coding	Preparation Phase TIBER-EU Preparation Phase	4	T1190, T1068, T1027, T1005
A.8.29 Security testing in development and acceptance	Preparation Phase TIBER-EU Preparation Phase	4	T1190, T1068, T1547, T1071
A.8.9 Configuration management	Preparation Phase TIBER-EU Preparation Phase	4	T1190, T1068, T1005, T1486
A.8.25 Secure development life cycle	Preparation Phase TIBER-EU Preparation Phase	3	T1190, T1068, T1027
A.8.24 Use of cryptography	Preparation Phase TIBER-EU Preparation Phase	2	T1005, T1071
A.5.23 Information security for use of cloud services	Preparation Phase TIBER-EU Preparation Phase	1	T1190
A.8.5 Secure authentication	Preparation Phase TIBER-EU Preparation Phase	1	T1021

Show non-overlap — ISO 27001 techniques NOT covered by TIBER-EU (62)

T1003, T1003.001, T1003.002, T1003.003, T1003.005, T1012, T1016, T1021.001, T1021.002, T1021.003, T1027.011, T1033, T1036, T1036.001, T1040, T1041, T1046, T1048, T1048.001, T1049, T1053, T1055, T1059, T1070, T1070.004, T1071.001, T1071.004, T1078, T1078.002, T1078.003, T1078.004, T1083, T1087.001, T1087.004, T1090, T1098, T1098.001, T1110.002, T1133, T1136, T1136.003, T1189, T1203, T1204.001, T1485, T1490, T1526, T1530, T1535, T1537, T1543, T1543.003, T1547.001, T1548.001, T1548.002, T1552, T1552.001, T1553.004, T1562.001, T1567, T1573.001, T1574

Sourced from cs-graph compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.