14 frameworks127 controls
CROSSWALKFramework crosswalk
14 compliance frameworks mapped to ATT&CK. Click a cell to see overlapping controls and shared techniques. Authored by Adam Lundqvist.
Cells coloured by Jaccard similarity of technique sets.
01
| DORA | ISO 27001 | PCI DSS v4 | CIS v8 | NIS2 | OWASP API Top 10 | OWASP LLM Top 10 | OWASP Top 10 | ISO 27701 | EU AI Act | GDPR | NIST CSF | EU CRA | TIBER-EU | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DORA | 0.40 | 0.36 | 0.48 | 0.54 | 0.23 | 0.31 | 0.33 | 0.29 | 0.26 | 0.45 | 0.46 | 0.19 | ||
| ISO 27001 | 0.40 | 0.33 | 0.53 | 0.44 | 0.30 | 0.29 | 0.34 | 0.28 | 0.25 | 0.40 | 0.36 | 0.14 | ||
| PCI DSS v4 | 0.36 | 0.33 | 0.41 | 0.41 | 0.33 | 0.35 | 0.33 | 0.39 | 0.40 | 0.30 | 0.33 | 0.29 | ||
| CIS v8 | 0.48 | 0.53 | 0.41 | 0.54 | 0.33 | 0.33 | 0.39 | 0.29 | 0.30 | 0.51 | 0.48 | 0.19 | ||
| NIS2 | 0.54 | 0.44 | 0.41 | 0.54 | 0.33 | 0.36 | 0.32 | 0.32 | 0.27 | 0.45 | 0.47 | 0.22 | ||
| OWASP API Top 10 | 0.23 | 0.30 | 0.33 | 0.33 | 0.33 | 0.36 | 0.35 | 0.26 | 0.20 | 0.25 | 0.31 | 0.11 | ||
| OWASP LLM Top 10 | 0.31 | 0.29 | 0.35 | 0.33 | 0.36 | 0.36 | 0.39 | 0.39 | 0.31 | 0.37 | 0.39 | 0.21 | ||
| OWASP Top 10 | 0.33 | 0.34 | 0.33 | 0.39 | 0.32 | 0.35 | 0.39 | 0.28 | 0.27 | 0.31 | 0.35 | 0.17 | ||
| ISO 27701 | 0.29 | 0.28 | 0.39 | 0.29 | 0.32 | 0.26 | 0.39 | 0.28 | 0.30 | 0.38 | 0.26 | 0.29 | ||
| EU AI Act | 0.26 | 0.25 | 0.40 | 0.30 | 0.27 | 0.20 | 0.31 | 0.27 | 0.30 | 0.40 | 0.31 | 0.27 | ||
| GDPR | 0.45 | 0.40 | 0.30 | 0.51 | 0.45 | 0.25 | 0.37 | 0.31 | 0.38 | 0.40 | 0.44 | 0.21 | ||
| NIST CSF | 0.46 | 0.36 | 0.33 | 0.48 | 0.47 | 0.31 | 0.39 | 0.35 | 0.26 | 0.31 | 0.44 | 0.18 | ||
| EU CRA | ||||||||||||||
| TIBER-EU | 0.19 | 0.14 | 0.29 | 0.19 | 0.22 | 0.11 | 0.21 | 0.17 | 0.29 | 0.27 | 0.21 | 0.18 |
OWASP Top 10 ↔ TIBER-EU — 11 shared techniques
Clear ✕| Control A | Control B | Shared | Examples |
|---|---|---|---|
| A06:2021 Vulnerable and Outdated Components | Preparation Phase TIBER-EU Preparation Phase | 8 | T1190, T1068, T1547, T1018 |
| A09:2021 Security Logging and Monitoring Failures | Preparation Phase TIBER-EU Preparation Phase | 6 | T1021, T1087, T1071, T1547 |
| A10:2021 Server-Side Request Forgery (SSRF) | Preparation Phase TIBER-EU Preparation Phase | 6 | T1190, T1018, T1021, T1005 |
| A03:2021 Injection | Preparation Phase TIBER-EU Preparation Phase | 4 | T1190, T1068, T1005, T1027 |
| A08:2021 Software and Data Integrity Failures | Preparation Phase TIBER-EU Preparation Phase | 3 | T1027, T1021, T1005 |
| A02:2021 Cryptographic Failures | Preparation Phase TIBER-EU Preparation Phase | 2 | T1005, T1039 |
| A07:2021 Identification and Authentication Failures | Preparation Phase TIBER-EU Preparation Phase | 1 | T1486 |
Show non-overlap — OWASP Top 10 techniques NOT covered by TIBER-EU (51)
T1003, T1003.001, T1003.002, T1041, T1046, T1048.003, T1053, T1055, T1056.001, T1059, T1059.003, T1059.004, T1070, T1071.001, T1071.002, T1078, T1082, T1083, T1087.001, T1087.002, T1090, T1098, T1110.001, T1110.004, T1119, T1136, T1136.001, T1195.001, T1195.002, T1203, T1204.002, T1210, T1218, T1485, T1490, T1499, T1528, T1539, T1547.001, T1550.002, T1552, T1552.001, T1552.002, T1552.004, T1562, T1562.001, T1565.001, T1565.002, T1566.002, T1572, T1574
compliance_mappings (127 controls across 14 frameworks). Jaccard computed from the union of applicable_techniques per control. Refreshed hourly via ISR. Curated by Adam Lundqvist, Founder at SQUR.