The CISO’s Guide to NIST Security Control Compliance

Download the CISO’s Guide to NIST 800-53 Security Control Compliance

An historic evolution has occurred in cybersecurity planning and operations to improve security compliance effectiveness. In late 2020, MITRE Engenuity’s Center for Threat-Informed Defense mapped the security controls in the National Institute for Standards and Technology (NIST) 800-53 framework to the adversary behaviors described by the MITRE ATT&CK (Adversary Tactics, Techniques and Common Knowledge) framework.


Aligning the ATT&CK framework with the NIST security control structure helps close gaps in an organization’s security ecosystem.

With the combined frameworks integrated into AttackIQ’s Security Optimization Platform, security leaders can measure and test the effectiveness of their internal controls in detecting and responding to threats described by MITRE ATT&CK. They can simultaneously determine the degree to which their people, processes, and technologies comply with NIST requirements.

In addition to NIST 800-53 compliance, the AttackIQ Security Optimization platform can now test security controls under the U.S. Department of Defense Cybersecurity Maturity Model (CMMC), many of which stem from NIST 800-53, to validate CMMC compliance and security control effectiveness. This alignment marries a threat-informed approach to defense, focused on adversaries’ likely behaviors, to the world’s leading cybersecurity regulatory framework.


Use MITRE ATT&CK to Achieve Effective NIST 800-53 Compliance.

Learn more about MITRE ATT&CK and AttackIQ’s innovative approach to NIST and CMMC security control compliance by downloading the new guide.

To support your learning, AttackIQ is offering a free course through AttackIQ Academy on achieving NIST compliance effectiveness with MITRE ATT&CK and AttackIQ. For that course, please enroll here.