Semantic D3FEND Mappings to NIST 800-53
The D3FEND team created this mapping in order to help users navigate between the two data sets.
| Catalog | Control | Relation | Defensive Technique | Technique |
|---|---|---|---|---|
| NIST SP 800-53 R5 | AC-2(1) | broader | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-2(1) | broader | Multi-factor Authentication | Multi-factor Authentication |
| NIST SP 800-53 R5 | AC-2(2) | broader | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-2(3) | broader | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-2(4) | related | Domain Account Monitoring | Domain Account Monitoring |
| NIST SP 800-53 R5 | AC-2(5) | related | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-2(7) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AC-2(9) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AC-2(13) | narrower | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-3 | narrower | Executable Allowlisting | Executable Allowlisting |
| NIST SP 800-53 R5 | AC-3 | narrower | Executable Denylisting | Executable Denylisting |
| NIST SP 800-53 R5 | AC-3(8) | narrower | System Call Filtering | System Call Filtering |
| NIST SP 800-53 R5 | AC-4 | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4 | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(1) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(1) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(3) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(3) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(4) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(4) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(5) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(5) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(6) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(6) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(8) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(8) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(10) | broader | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(10) | broader | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(11) | broader | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(11) | broader | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(12) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(12) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(13) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(13) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(14) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(14) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(15) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(15) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(17) | narrower | Domain Trust Policy | Domain Trust Policy |
| NIST SP 800-53 R5 | AC-4(19) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(19) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(20) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(20) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(21) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(21) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(26) | narrower | File Content Rules | File Content Rules |
| NIST SP 800-53 R5 | AC-4(27) | exactly | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(27) | exactly | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(28) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(28) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(29) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(29) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(30) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(30) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(32) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-4(32) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering |
| NIST SP 800-53 R5 | AC-5 | broader | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | AC-5 | broader | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AC-6 | broader | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | AC-6 | broader | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AC-6(1) | exactly | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | AC-6(3) | exactly | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | AC-6(4) | narrower | Hardware-based Process Isolation | Hardware-based Process Isolation |
| NIST SP 800-53 R5 | AC-6(5) | narrower | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | AC-6(5) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | AC-6(6) | narrower | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | AC-6(6) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | AC-6(9) | broader | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AC-6(9) | broader | User Behavior Analysis | User Behavior Analysis |
| NIST SP 800-53 R5 | AC-6(10) | narrower | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | AC-6(10) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | AC-7 | exactly | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-7(3) | narrower | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-7(4) | broader | Account Locking | Account Locking |
| NIST SP 800-53 R5 | AC-17(8) | broader | Executable Denylisting | Executable Denylisting |
| NIST SP 800-53 R5 | AC-23 | narrower | Job Function Access Pattern Analysis | Job Function Access Pattern Analysis |
| NIST SP 800-53 R5 | AC-23 | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AC-23 | narrower | Resource Access Pattern Analysis | Resource Access Pattern Analysis |
| NIST SP 800-53 R5 | AC-23 | narrower | User Data Transfer Analysis | User Data Transfer Analysis |
| NIST SP 800-53 R5 | AC-24(1) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AC-24(2) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | AU-2 | exactly | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-2(1) | exactly | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-2(2) | exactly | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-3 | exactly | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-4 | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-10(5) | broader | Driver Load Integrity Checking | Driver Load Integrity Checking |
| NIST SP 800-53 R5 | AU-14(2) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | AU-15 | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5 | narrower | Executable Allowlisting | Executable Allowlisting |
| NIST SP 800-53 R5 | CM-5 | narrower | Executable Denylisting | Executable Denylisting |
| NIST SP 800-53 R5 | CM-5 | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5(1) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5(3) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5(3) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | CM-5(5) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5(5) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | CM-5(6) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | CM-5(6) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | CM-6(3) | broader | Application Configuration Hardening | Application Configuration Hardening |
| NIST SP 800-53 R5 | CM-14 | related | Driver Load Integrity Checking | Driver Load Integrity Checking |
| NIST SP 800-53 R5 | CM-14 | related | Message Authentication | Message Authentication |
| NIST SP 800-53 R5 | IA-2(1) | narrower | Multi-factor Authentication | Multi-factor Authentication |
| NIST SP 800-53 R5 | IA-2(2) | narrower | Multi-factor Authentication | Multi-factor Authentication |
| NIST SP 800-53 R5 | IA-2(4) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | IA-2(6) | narrower | Multi-factor Authentication | Multi-factor Authentication |
| NIST SP 800-53 R5 | IR-4(12) | related | Dynamic Analysis | Dynamic Analysis |
| NIST SP 800-53 R5 | IR-4(13) | related | Decoy Environment | Decoy Environment |
| NIST SP 800-53 R5 | IR-4(13) | related | Decoy Object | Decoy Object |
| NIST SP 800-53 R5 | MA-3(3) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | MA-3(4) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | MA-3(5) | narrower | User Account Permissions | User Account Permissions |
| NIST SP 800-53 R5 | MA-3(6) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | MA-4(1) | narrower | Local Account Monitoring | Local Account Monitoring |
| NIST SP 800-53 R5 | MA-6 | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | MA-6(1) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | MA-6(2) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | MA-6(3) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | RA-3(3) | broader | File Analysis | File Analysis |
| NIST SP 800-53 R5 | RA-3(3) | broader | Identifier Analysis | Identifier Analysis |
| NIST SP 800-53 R5 | RA-3(3) | broader | Message Analysis | Message Analysis |
| NIST SP 800-53 R5 | RA-3(3) | broader | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | RA-3(3) | broader | Platform Monitoring | Platform Monitoring |
| NIST SP 800-53 R5 | RA-3(3) | broader | Process Analysis | Process Analysis |
| NIST SP 800-53 R5 | RA-3(3) | broader | User Behavior Analysis | User Behavior Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | File Analysis | File Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Identifier Analysis | Identifier Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Message Analysis | Message Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Platform Monitoring | Platform Monitoring |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Process Analysis | Process Analysis |
| NIST SP 800-53 R5 | RA-3(4) | narrower | User Behavior Analysis | User Behavior Analysis |
| NIST SP 800-53 R5 | RA-5 | broader | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | RA-5(2) | narrower | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | RA-5(3) | narrower | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | RA-5(4) | related | Decoy Environment | Decoy Environment |
| NIST SP 800-53 R5 | RA-5(4) | related | Decoy Object | Decoy Object |
| NIST SP 800-53 R5 | RA-5(5) | narrower | Platform Hardening | Platform Hardening |
| NIST SP 800-53 R5 | RA-5(6) | narrower | Platform Hardening | Platform Hardening |
| NIST SP 800-53 R5 | RA-5(7) | narrower | Executable Allowlisting | Executable Allowlisting |
| NIST SP 800-53 R5 | RA-5(7) | narrower | Executable Denylisting | Executable Denylisting |
| NIST SP 800-53 R5 | SA-8(18) | related | Encrypted Tunnels | Encrypted Tunnels |
| NIST SP 800-53 R5 | SA-8(22) | related | Domain Account Monitoring | Domain Account Monitoring |
| NIST SP 800-53 R5 | SA-10(1) | related | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SA-10(1) | related | Platform Hardening | Platform Hardening |
| NIST SP 800-53 R5 | SA-10(3) | related | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SA-10(4) | related | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SA-10(5) | related | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SA-10(5) | related | Platform Hardening | Platform Hardening |
| NIST SP 800-53 R5 | SA-10(6) | related | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SA-10(6) | related | Platform Hardening | Platform Hardening |
| NIST SP 800-53 R5 | SA-11(1) | related | Application Hardening | Application Hardening |
| NIST SP 800-53 R5 | SA-11(8) | related | Application Hardening | Application Hardening |
| NIST SP 800-53 R5 | SC-2 | broader | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | SC-2 | broader | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | SC-2(1) | narrower | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | SC-2(1) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | SC-3 | broader | Execution Isolation | Execution Isolation |
| NIST SP 800-53 R5 | SC-3 | broader | Network Isolation | Network Isolation |
| NIST SP 800-53 R5 | SC-3(1) | narrower | Execution Isolation | Execution Isolation |
| NIST SP 800-53 R5 | SI-2(4) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Peripheral Firmware Verification | Peripheral Firmware Verification |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Software Update | Software Update |
| NIST SP 800-53 R5 | SI-2(5) | exactly | System Firmware Verification | System Firmware Verification |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Firmware Verification | Firmware Verification |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Peripheral Firmware Verification | Peripheral Firmware Verification |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Software Update | Software Update |
| NIST SP 800-53 R5 | SI-2(6) | narrower | System Firmware Verification | System Firmware Verification |
| NIST SP 800-53 R5 | SI-3 | broader | File Analysis | File Analysis |
| NIST SP 800-53 R5 | SI-3 | broader | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | SI-3 | broader | Platform Monitoring | Platform Monitoring |
| NIST SP 800-53 R5 | SI-3 | broader | Process Analysis | Process Analysis |
| NIST SP 800-53 R5 | SI-3(4) | narrower | Local File Permissions | Local File Permissions |
| NIST SP 800-53 R5 | SI-3(4) | narrower | System Configuration Permissions | System Configuration Permissions |
| NIST SP 800-53 R5 | SI-3(8) | narrower | User Behavior Analysis | User Behavior Analysis |
| NIST SP 800-53 R5 | SI-3(10) | exactly | Dynamic Analysis | Dynamic Analysis |
| NIST SP 800-53 R5 | SI-4 | broader | Operating System Monitoring | Operating System Monitoring |
| NIST SP 800-53 R5 | SI-4(2) | narrower | Network Traffic Analysis | Network Traffic Analysis |
| NIST SP 800-53 R5 | SI-4(4) | narrower | Network Traffic Analysis | Network Traffic Analysis |