Semantic D3FEND Mappings to NIST 800-53
The D3FEND team created this mapping in order to help users navigate between the two data sets.
| catalog label | control label | relation label | technique | technique label | definition |
|---|---|---|---|---|---|
| NIST SP 800-53 R5 | AC-17(8) | broader | Executable Denylisting | Executable Denylisting | |
| NIST SP 800-53 R5 | AC-2(1) | broader | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-2(1) | broader | Multi-factor Authentication | Multi-factor Authentication | |
| NIST SP 800-53 R5 | AC-2(13) | narrower | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-2(2) | broader | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-2(3) | broader | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-2(4) | related | Domain Account Monitoring | Domain Account Monitoring | |
| NIST SP 800-53 R5 | AC-2(5) | related | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-2(6) | broader | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-2(7) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-2(9) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-2(9) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-23 | narrower | Job Function Access Pattern Analysis | Job Function Access Pattern Analysis | |
| NIST SP 800-53 R5 | AC-23 | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AC-23 | narrower | Resource Access Pattern Analysis | Resource Access Pattern Analysis | |
| NIST SP 800-53 R5 | AC-23 | narrower | User Data Transfer Analysis | User Data Transfer Analysis | |
| NIST SP 800-53 R5 | AC-24 | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-24(1) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-24(1) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-24(2) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-24(2) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-3 | narrower | Executable Allowlisting | Executable Allowlisting | |
| NIST SP 800-53 R5 | AC-3 | narrower | Executable Denylisting | Executable Denylisting | |
| NIST SP 800-53 R5 | AC-3 | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(11) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(13) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(3) | exactly | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(7) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(8) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-3(8) | narrower | System Call Filtering | System Call Filtering | |
| NIST SP 800-53 R5 | AC-4 | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4 | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(1) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(1) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(10) | broader | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(10) | broader | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(11) | broader | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(11) | broader | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(12) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(12) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(13) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(13) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(14) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(14) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(15) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(15) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(17) | narrower | Domain Trust Policy | Domain Trust Policy | |
| NIST SP 800-53 R5 | AC-4(19) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(19) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(20) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(20) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(21) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(21) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(26) | narrower | File Content Rules | File Content Rules | |
| NIST SP 800-53 R5 | AC-4(27) | exactly | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(27) | exactly | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(28) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(28) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(29) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(29) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(3) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(3) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(30) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(30) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(32) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(32) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(4) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(4) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(5) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(5) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(6) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(6) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(8) | narrower | Inbound Traffic Filtering | Inbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-4(8) | narrower | Outbound Traffic Filtering | Outbound Traffic Filtering | |
| NIST SP 800-53 R5 | AC-5 | broader | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | AC-5 | broader | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-5 | broader | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-6 | broader | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | AC-6 | broader | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-6 | broader | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | AC-6(1) | exactly | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | AC-6(10) | narrower | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | AC-6(10) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-6(10) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | AC-6(3) | exactly | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | AC-6(4) | narrower | Hardware-based Process Isolation | Hardware-based Process Isolation | |
| NIST SP 800-53 R5 | AC-6(5) | narrower | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | AC-6(5) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-6(5) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | AC-6(6) | narrower | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | AC-6(6) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | AC-6(6) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | AC-6(9) | broader | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AC-6(9) | broader | User Behavior Analysis | User Behavior Analysis | |
| NIST SP 800-53 R5 | AC-7 | exactly | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-7(3) | narrower | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AC-7(4) | broader | Account Locking | Account Locking | |
| NIST SP 800-53 R5 | AU-10(5) | broader | Driver Load Integrity Checking | Driver Load Integrity Checking | |
| NIST SP 800-53 R5 | AU-14(2) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-15 | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-2 | exactly | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-2(1) | exactly | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-2(2) | exactly | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-3 | exactly | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | AU-4 | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-14 | related | Driver Load Integrity Checking | Driver Load Integrity Checking | |
| NIST SP 800-53 R5 | CM-14 | related | Message Authentication | Message Authentication | |
| NIST SP 800-53 R5 | CM-5 | narrower | Executable Allowlisting | Executable Allowlisting | |
| NIST SP 800-53 R5 | CM-5 | narrower | Executable Denylisting | Executable Denylisting | |
| NIST SP 800-53 R5 | CM-5 | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-5 | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | CM-5(1) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-5(3) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-5(3) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | CM-5(5) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-5(5) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | CM-5(6) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | CM-5(6) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | CM-6(3) | broader | Application Configuration Hardening | Application Configuration Hardening | |
| NIST SP 800-53 R5 | IA-2(1) | narrower | Multi-factor Authentication | Multi-factor Authentication | |
| NIST SP 800-53 R5 | IA-2(2) | narrower | Multi-factor Authentication | Multi-factor Authentication | |
| NIST SP 800-53 R5 | IA-2(4) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | IA-2(6) | narrower | Multi-factor Authentication | Multi-factor Authentication | |
| NIST SP 800-53 R5 | IR-4(12) | related | Dynamic Analysis | Dynamic Analysis | |
| NIST SP 800-53 R5 | IR-4(13) | related | Decoy Environment | Decoy Environment | |
| NIST SP 800-53 R5 | IR-4(13) | related | Decoy Object | Decoy Object | |
| NIST SP 800-53 R5 | MA-3(3) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | MA-3(4) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | MA-3(5) | narrower | User Account Permissions | User Account Permissions | |
| NIST SP 800-53 R5 | MA-3(6) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | MA-4(1) | narrower | Local Account Monitoring | Local Account Monitoring | |
| NIST SP 800-53 R5 | MA-6 | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | MA-6(1) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | MA-6(2) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | MA-6(3) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | RA-3(3) | broader | File Analysis | File Analysis | |
| NIST SP 800-53 R5 | RA-3(3) | broader | Identifier Analysis | Identifier Analysis | |
| NIST SP 800-53 R5 | RA-3(3) | broader | Message Analysis | Message Analysis | |
| NIST SP 800-53 R5 | RA-3(3) | broader | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | RA-3(3) | broader | Platform Monitoring | Platform Monitoring | |
| NIST SP 800-53 R5 | RA-3(3) | broader | Process Analysis | Process Analysis | |
| NIST SP 800-53 R5 | RA-3(3) | broader | User Behavior Analysis | User Behavior Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | File Analysis | File Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Identifier Analysis | Identifier Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Message Analysis | Message Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Platform Monitoring | Platform Monitoring | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | Process Analysis | Process Analysis | |
| NIST SP 800-53 R5 | RA-3(4) | narrower | User Behavior Analysis | User Behavior Analysis | |
| NIST SP 800-53 R5 | RA-5 | broader | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | RA-5(2) | narrower | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | RA-5(3) | narrower | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | RA-5(4) | related | Decoy Environment | Decoy Environment | |
| NIST SP 800-53 R5 | RA-5(4) | related | Decoy Object | Decoy Object | |
| NIST SP 800-53 R5 | RA-5(5) | narrower | Platform Hardening | Platform Hardening | |
| NIST SP 800-53 R5 | RA-5(6) | narrower | Platform Hardening | Platform Hardening | |
| NIST SP 800-53 R5 | RA-5(7) | narrower | Executable Allowlisting | Executable Allowlisting | |
| NIST SP 800-53 R5 | RA-5(7) | narrower | Executable Denylisting | Executable Denylisting | |
| NIST SP 800-53 R5 | SA-10(1) | related | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SA-10(1) | related | Platform Hardening | Platform Hardening | |
| NIST SP 800-53 R5 | SA-10(3) | related | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SA-10(4) | related | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SA-10(5) | related | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SA-10(5) | related | Platform Hardening | Platform Hardening | |
| NIST SP 800-53 R5 | SA-10(6) | related | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SA-10(6) | related | Platform Hardening | Platform Hardening | |
| NIST SP 800-53 R5 | SA-11(1) | related | Application Hardening | Application Hardening | |
| NIST SP 800-53 R5 | SA-11(8) | related | Application Hardening | Application Hardening | |
| NIST SP 800-53 R5 | SA-8(18) | related | Encrypted Tunnels | Encrypted Tunnels | |
| NIST SP 800-53 R5 | SA-8(22) | related | Domain Account Monitoring | Domain Account Monitoring | |
| NIST SP 800-53 R5 | SC-2 | broader | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | SC-2 | broader | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | SC-2 | broader | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | SC-2(1) | narrower | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | SC-2(1) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | SC-2(1) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | SC-3 | broader | Execution Isolation | Execution Isolation | |
| NIST SP 800-53 R5 | SC-3 | broader | Network Isolation | Network Isolation | |
| NIST SP 800-53 R5 | SC-3(1) | narrower | Execution Isolation | Execution Isolation | |
| NIST SP 800-53 R5 | SI-2(4) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Peripheral Firmware Verification | Peripheral Firmware Verification | |
| NIST SP 800-53 R5 | SI-2(5) | exactly | Software Update | Software Update | |
| NIST SP 800-53 R5 | SI-2(5) | exactly | System Firmware Verification | System Firmware Verification | |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Firmware Verification | Firmware Verification | |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Peripheral Firmware Verification | Peripheral Firmware Verification | |
| NIST SP 800-53 R5 | SI-2(6) | narrower | Software Update | Software Update | |
| NIST SP 800-53 R5 | SI-2(6) | narrower | System Firmware Verification | System Firmware Verification | |
| NIST SP 800-53 R5 | SI-3 | broader | File Analysis | File Analysis | |
| NIST SP 800-53 R5 | SI-3 | broader | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | SI-3 | broader | Platform Monitoring | Platform Monitoring | |
| NIST SP 800-53 R5 | SI-3 | broader | Process Analysis | Process Analysis | |
| NIST SP 800-53 R5 | SI-3(10) | exactly | Dynamic Analysis | Dynamic Analysis | |
| NIST SP 800-53 R5 | SI-3(4) | narrower | Local File Permissions | Local File Permissions | |
| NIST SP 800-53 R5 | SI-3(4) | narrower | Mandatory Access Control | Mandatory Access Control | |
| NIST SP 800-53 R5 | SI-3(4) | narrower | System Configuration Permissions | System Configuration Permissions | |
| NIST SP 800-53 R5 | SI-3(8) | narrower | User Behavior Analysis | User Behavior Analysis | |
| NIST SP 800-53 R5 | SI-4 | broader | Operating System Monitoring | Operating System Monitoring | |
| NIST SP 800-53 R5 | SI-4(2) | narrower | Network Traffic Analysis | Network Traffic Analysis | |
| NIST SP 800-53 R5 | SI-4(4) | narrower | Network Traffic Analysis | Network Traffic Analysis |