Veri-Tech
← All Frameworks

NIST SP 800-53 Rev 5

Official / Regulatory

U.S. federal security and privacy controls catalog. Includes both NIST-prefixed detection controls and cross-framework tags on all controls.

Official documentation

35

Controls

24

Auto-Remediable

3

Domains

Entra ID(20)

NIST-AC-11

Idle session timeout configured for Office 365 apps

medium
Auto-remediable
NIST AC-11NIST AC-12SOC2 CC6.1ISO27001 A.7.7ISO27001 A.8.1CSF PR.PT-4GDPR Art.32
NIST-AC-12

No persistent browser session

medium
Auto-remediable
CIS 1.3.6SOC2 CC6.1NIST AC-12NIST CM-6ISO27001 A.8.9CSF PR.IP-1CSF PR.PT-4GDPR Art.25GDPR Art.32
NIST-AC-17.1

Require approved or compliant client apps for mobile access

medium
Auto-remediable
CIS 1.3.7NIST AC-17(1)NIST AC-3NIST AC-5NIST AC-6NIST AU-6(1)NIST AU-7NIST CA-9NIST IR-4(1)NIST MP-2NIST SC-7NIST SI-4(2)NIST SI-4(5)ISO27001 A.5.10ISO27001 A.5.14ISO27001 A.5.15ISO27001 A.5.3ISO27001 A.5.33ISO27001 A.7.10ISO27001 A.7.7ISO27001 A.8.16ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF DE.CM-1CSF ID.AM-3CSF PR.AC-4CSF PR.AC-5CSF PR.DS-1CSF PR.DS-5CSF PR.PT-1CSF PR.PT-2CSF PR.PT-3CSF PR.PT-4CSF RS.AN-3GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.4SOC2 CC6.6SOC2 CC7.2SOC2 CC7.4
NIST-AC-2.12

Identity protection risk detection monitoring configured

medium
NIST AC-2(12)CIS 1.2.5SOC2 CC7.2ISO27001 A.8.16GDPR Art.32GDPR Art.33405D 8.M.A
NIST-AC-2.3

App credentials rotated within 180 days

medium
Auto-remediable
NIST AC-2(3)CIS 1.1.16ISO27001 A.8.9GDPR Art.25GDPR Art.32SOC2 CC6.2
NIST-AC-2.5

Periodic access review enabled for privileged roles

medium
NIST AC-2(3)SOC2 CC6.2ISO27001 A.8.2GDPR Art.32
NIST-AC-20.1

B2B collaboration outbound access controlled

medium
Auto-remediable
NIST AC-20(1)CISA MS.AAD.7.6ISO27001 A.8.3GDPR Art.32SOC2 CC9.2405D 3.L.A
NIST-AC-20.2

B2B direct connect outbound access controlled

medium
Auto-remediable
NIST AC-20(2)CISA MS.AAD.7.7ISO27001 A.8.3GDPR Art.32SOC2 CC6.7405D 3.L.A
NIST-AC-3

Block all agent users

medium
NIST AC-3SOC2 CC6.1ISO27001 A.5.15ISO27001 A.5.33ISO27001 A.8.18ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.PT-3GDPR Art.32GDPR Art.5(1)(f)
NIST-AC-3.1

Workload identity Conditional Access policy configured

medium
Auto-remediable
NIST AC-3(1)SOC2 CC6.1ISO27001 A.8.5GDPR Art.32
NIST-AC-6.2

No guest users in Global Administrator role

critical
NIST AC-6(2)CIS 1.1.12SOC2 CC6.3ISO27001 A.8.2GDPR Art.32405D 3.L.B
NIST-AC-6.5

Minimize standing Global Admin privilege

high
NIST AC-6(5)ISO27001 A.8.2GDPR Art.32SOC2 CC6.3
NIST-AC-6.6

Application registrations with credentials have multiple owners

medium
Auto-remediable
NIST AC-6ISO27001 A.5.15ISO27001 A.8.18ISO27001 A.8.2CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1
NIST-AC-6.7

Global Administrators use PIM eligible assignments instead of permanent

high
CIS 1.1.3NIST AC-2NIST AC-6(5)NIST CM-1NIST CM-2NIST CM-6NIST CM-7NIST CM-7(1)NIST CM-9NIST SA-10NIST SA-3NIST SA-8ISO27001 A.5.1ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.5.8ISO27001 A.8.19ISO27001 A.8.2ISO27001 A.8.25ISO27001 A.8.27ISO27001 A.8.28ISO27001 A.8.30ISO27001 A.8.31ISO27001 A.8.32ISO27001 A.8.9CSF DE.AE-1CSF DE.CM-3CSF ID.BE-5CSF PR.AC-4CSF PR.DS-7CSF PR.DS-8CSF PR.IP-1CSF PR.IP-2CSF PR.IP-3CSF PR.PT-3GDPR Art.24GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.3SOC2 CC8.1405D 3.L.B
NIST-IA-2.2

Require MFA for device registration

high
Auto-remediable
NIST IA-2(2)CIS 1.2.4SOC2 CC6.1ISO27001 A.8.5GDPR Art.32405D 3.M.D
NIST-IA-2.6

Custom authentication strength policy defined

medium
Auto-remediable
NIST IA-2(6)SOC2 CC6.1ISO27001 A.8.5GDPR Art.32405D 3.M.D
NIST-IA-5.1

Application credentials do not exceed 12-month expiry

high
Auto-remediable
CIS 3.1.1NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7NIST IA-5(1)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2
NIST-IA-5.2

Applications use certificate credentials over secrets

medium
Auto-remediable
CIS 3.1.2NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST IA-5(2)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.25ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.6.8ISO27001 A.8.15ISO27001 A.8.2CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2
NIST-IA-5.3

Password notification window is at least 14 days

low
Auto-remediable
NIST IA-5(1)SOC2 CC6.1
NIST-IA-5.4

No expired app registration credentials

medium
Auto-remediable
NIST IA-5(4)CIS 1.1.15SOC2 CC6.1ISO27001 A.8.5GDPR Art.32

Intune(11)

NIST-CM-2

Intune MDM authority configured

high
NIST CM-2CIS 5.1.6SOC2 CC6.1ISO27001 A.8.9CSF DE.AE-1CSF PR.DS-7CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.B
NIST-CM-3

Configure Delivery Optimization

low
Auto-remediable
NIST CM-3SOC2 CC8.1ISO27001 A.8.32ISO27001 A.8.9CSF DE.CM-1CSF DE.CM-7CSF PR.IP-1CSF PR.IP-3GDPR Art.25GDPR Art.32
NIST-CM-6.1

Platform enrollment restrictions configured

medium
Auto-remediable
NIST CM-6(1)CIS 5.7.3SOC2 CC6.1405D 2.M.B405D 5.M.A
NIST-CM-7

Deploy App Control for Business (application whitelisting)

high
NIST CM-7CIS 5.2.4SOC2 CC6.8ISO27001 A.8.19CSF PR.IP-1CSF PR.PT-3GDPR Art.32405D 2.L.D
NIST-IA-12

Windows Hello for Business enrollment configured

medium
Auto-remediable
CIS 6.1.2NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7NIST IA-12ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.AC-1CSF PR.AC-3CSF PR.AC-4CSF PR.AC-6CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 2.M.B405D 5.M.A
NIST-SC-7

Enable Windows Firewall on all profiles

high
Auto-remediable
NIST SC-7CIS 5.2.3SOC2 CC6.6ISO27001 A.5.14ISO27001 A.8.16ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23CSF DE.CM-1CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)405D 2.M.A405D 6.M.A
NIST-SI-2

Windows Update for Business rings configured

high
NIST SI-2CIS 5.6.1SOC2 CC7.1ISO27001 A.6.8ISO27001 A.8.32ISO27001 A.8.8CSF ID.RA-1CSF PR.IP-12GDPR Art.32405D 7.M.D
NIST-SI-2.1

Feature update profile configured

medium
Auto-remediable
NIST SI-2(1)CIS 5.6.1SOC2 CC7.1405D 7.M.D
NIST-SI-2.2

Quality update expedite configured

medium
Auto-remediable
NIST SI-2(2)CIS 5.6.2SOC2 CC8.1405D 7.M.D
NIST-SI-3

Configure Attack Surface Reduction rules

high
Auto-remediable
NIST SI-3CIS 5.2.4SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 2.L.C
NIST-SI-4

Deploy Endpoint Detection and Response (EDR) policy

high
NIST SI-4CIS 5.4.2SOC2 CC7.2ISO27001 A.8.16CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-8CSF RS.AN-1GDPR Art.32GDPR Art.33405D 2.L.C

Exchange(4)

NIST-AU-2

Exchange admin audit logging enabled

high
NIST AU-2CIS 6.5.10SOC2 CC7.2ISO27001 A.8.15CSF PR.PT-1GDPR Art.32GDPR Art.33405D 8.M.A
NIST-SC-7.1

Inbound mail connector enforces TLS

medium
Auto-remediable
NIST SC-7CIS 6.6.1SOC2 CC6.7ISO27001 A.5.14ISO27001 A.8.16ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23CSF DE.CM-1CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)
NIST-SC-7.2

Outbound mail connector enforces TLS

medium
Auto-remediable
NIST SC-7(4)CIS 6.6.2ISO27001 A.8.24GDPR Art.32SOC2 CC6.6
NIST-SI-3a

Zero-hour auto purge (ZAP) enabled for malware

high
Auto-remediable
NIST SI-3CIS 6.5.11SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 1.M.A