diff --git a/controls.csv b/controls.csv
new file mode 100644
index 0000000..d02fa9d
--- /dev/null
+++ b/controls.csv
@@ -0,0 +1,481 @@
+Risk #,Risk Description,CIS v8.1 Safeguards (Sub-Controls),Weight (0-10)
+1,"Ransomware Attack on Critical Systems","3.1 - Establish and Maintain Inventory of Enterprise Assets",3
+1,"Ransomware Attack on Critical Systems","3.3 - Manage Assets",4
+1,"Ransomware Attack on Critical Systems","5.1 - Establish and Maintain a Secure Configuration Process",5
+1,"Ransomware Attack on Critical Systems","5.3 - Securely Configure Enterprise Assets and Software",7
+1,"Ransomware Attack on Critical Systems","8.1 - Establish and Maintain a Vulnerability Management Process",6
+1,"Ransomware Attack on Critical Systems","9.2 - Deploy and Maintain Anti-Malware Software",9
+1,"Ransomware Attack on Critical Systems","10.8 - Perform and Test Data Backups",10
+1,"Ransomware Attack on Critical Systems","15.1 - Develop an Incident Response Plan",8
+2,"Large-Scale Data Breach Due to External Attack","3.1 - Establish and Maintain Inventory of Enterprise Assets",4
+2,"Large-Scale Data Breach Due to External Attack","3.4 - Manage Sensitive Assets",8
+2,"Large-Scale Data Breach Due to External Attack","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",7
+2,"Large-Scale Data Breach Due to External Attack","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+2,"Large-Scale Data Breach Due to External Attack","6.3 - Implement and Manage Network Segmentation",8
+2,"Large-Scale Data Breach Due to External Attack","7.1 - Establish and Maintain a Data Management Process",6
+2,"Large-Scale Data Breach Due to External Attack","7.2 - Implement and Enforce Data Retention",5
+2,"Large-Scale Data Breach Due to External Attack","7.3 - Implement Data Loss Prevention (DLP)",9
+2,"Large-Scale Data Breach Due to External Attack","12.5 - Enforce Encryption of Data-at-Rest",8
+2,"Large-Scale Data Breach Due to External Attack","12.6 - Enforce Encryption of Data-in-Transit",7
+3,"Insider Threat Leading to Data Exfiltration","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+3,"Insider Threat Leading to Data Exfiltration","4.3 - Manage Privileged Access",9
+3,"Insider Threat Leading to Data Exfiltration","4.4 - Manage Service Accounts",6
+3,"Insider Threat Leading to Data Exfiltration","4.6 - Manage External Accounts",5
+3,"Insider Threat Leading to Data Exfiltration","7.3 - Implement Data Loss Prevention (DLP)",8
+3,"Insider Threat Leading to Data Exfiltration","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",7
+3,"Insider Threat Leading to Data Exfiltration","16.1 - Conduct Security Awareness and Skills Training",6
+4,"Supply Chain Disruption Impacting Operations","3.1 - Establish and Maintain Inventory of Enterprise Assets",2
+4,"Supply Chain Disruption Impacting Operations","3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets",1
+4,"Supply Chain Disruption Impacting Operations","4.6 - Manage External Accounts",6
+4,"Supply Chain Disruption Impacting Operations","13.1 - Establish and Maintain a Security Awareness Program",3
+4,"Supply Chain Disruption Impacting Operations","18.1 - Establish and Maintain a Penetration Testing Program",4
+4,"Supply Chain Disruption Impacting Operations","19.1 - Establish and Maintain an Incident Response Plan",7
+4,"Supply Chain Disruption Impacting Operations","20.1 - Establish and Maintain a Business Continuity Plan",10
+5,"Reputational Damage from Social Media Incident","13.1 - Establish and Maintain a Security Awareness Program",9
+5,"Reputational Damage from Social Media Incident","16.1 - Conduct Security Awareness and Skills Training",8
+5,"Reputational Damage from Social Media Incident","16.2 - Train Workforce Members on Social Engineering Attacks",7
+5,"Reputational Damage from Social Media Incident","19.1 - Establish and Maintain an Incident Response Plan",6
+5,"Reputational Damage from Social Media Incident","19.8 - Perform Post-Incident Reviews",5
+6,"Compliance Failure Leading to Fines","1.1 - Establish and Maintain Enterprise Governance",10
+6,"Compliance Failure Leading to Fines","1.2 - Establish and Maintain Enterprise Security Policies",9
+6,"Compliance Failure Leading to Fines","1.3 - Establish and Maintain Enterprise Agreements",8
+6,"Compliance Failure Leading to Fines","2.1 - Establish and Maintain an Inventory of Authorized Software",4
+6,"Compliance Failure Leading to Fines","3.4 - Manage Sensitive Assets",7
+7,"Loss of Critical Business Data Due to System Failure","10.8 - Perform and Test Data Backups",10
+7,"Loss of Critical Business Data Due to System Failure","10.9 - Perform Off-Site Backups",9
+7,"Loss of Critical Business Data Due to System Failure","10.10 - Securely Store Backups",8
+7,"Loss of Critical Business Data Due to System Failure","5.3 - Securely Configure Enterprise Assets and Software",6
+7,"Loss of Critical Business Data Due to System Failure","19.1 - Establish and Maintain an Incident Response Plan",5
+8,"Business Email Compromise (BEC) Attack","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+8,"Business Email Compromise (BEC) Attack","16.2 - Train Workforce Members on Social Engineering Attacks",8
+8,"Business Email Compromise (BEC) Attack","11.1 - Implement and Manage Email Protections",7
+8,"Business Email Compromise (BEC) Attack","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",5
+9,"Physical Security Breach Leading to Asset Theft","17.1 - Implement Physical Access Controls",10
+9,"Physical Security Breach Leading to Asset Theft","17.2 - Monitor Physical Environment",9
+9,"Physical Security Breach Leading to Asset Theft","3.1 - Establish and Maintain Inventory of Enterprise Assets",6
+9,"Physical Security Breach Leading to Asset Theft","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",4
+10,"Denial-of-Service (DoS) Attack Disrupting Services","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",6
+10,"Denial-of-Service (DoS) Attack Disrupting Services","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+10,"Denial-of-Service (DoS) Attack Disrupting Services","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",10
+10,"Denial-of-Service (DoS) Attack Disrupting Services","14.1 - Establish and Maintain a Security Logging and Monitoring Process",8
+11,"Unpatched Software Vulnerabilities Exploited","8.2 - Remediate Vulnerabilities Based on Risk",10
+11,"Unpatched Software Vulnerabilities Exploited","8.3 - Verify Application of Security Patches",9
+11,"Unpatched Software Vulnerabilities Exploited","3.2 - Utilize an Automated Asset Discovery Tool",4
+12,"Third-Party Vendor Security Breach Impacting Data","4.6 - Manage External Accounts",8
+12,"Third-Party Vendor Security Breach Impacting Data","13.5 - Manage Supplier Access",9
+12,"Third-Party Vendor Security Breach Impacting Data","13.6 - Monitor Supplier Security",7
+13,"Mobile Device Compromise Leading to Data Loss","3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely",8
+13,"Mobile Device Compromise Leading to Data Loss","4.5 - Manage Mobile Devices",9
+13,"Mobile Device Compromise Leading to Data Loss","12.5 - Enforce Encryption of Data-at-Rest",7
+14,"Cloud Service Configuration Errors Exposing Data","5.4 - Securely Configure Cloud Infrastructure",9
+14,"Cloud Service Configuration Errors Exposing Data","5.5 - Securely Configure Cloud Workloads",8
+14,"Cloud Service Configuration Errors Exposing Data","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+15,"Lack of Employee Security Awareness Leading to Phishing Success","16.1 - Conduct Security Awareness and Skills Training",10
+15,"Lack of Employee Security Awareness Leading to Phishing Success","16.2 - Train Workforce Members on Social Engineering Attacks",9
+15,"Lack of Employee Security Awareness Leading to Phishing Success","11.1 - Implement and Manage Email Protections",7
+16,"Unsecured APIs Exposing Sensitive Information","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",6
+16,"Unsecured APIs Exposing Sensitive Information","12.6 - Enforce Encryption of Data-in-Transit",9
+16,"Unsecured APIs Exposing Sensitive Information","18.1 - Establish and Maintain a Penetration Testing Program",7
+17,"Accidental Data Leak by Employee","7.3 - Implement Data Loss Prevention (DLP)",8
+17,"Accidental Data Leak by Employee","16.1 - Conduct Security Awareness and Skills Training",7
+17,"Accidental Data Leak by Employee","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",5
+18,"Weak Password Policies Leading to Account Compromise","4.7 - Enforce Account Password Requirements",9
+18,"Weak Password Policies Leading to Account Compromise","4.8 - Enforce Multi-Factor Authentication for All Users",8
+18,"Weak Password Policies Leading to Account Compromise","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",7
+19,"Uncontrolled Use of Shadow IT","3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets",8
+19,"Uncontrolled Use of Shadow IT","2.1 - Establish and Maintain an Inventory of Authorized Software",7
+19,"Uncontrolled Use of Shadow IT","13.1 - Establish and Maintain a Security Awareness Program",6
+20,"Insider Trading Based on Stolen Information","4.3 - Manage Privileged Access",9
+20,"Insider Trading Based on Stolen Information","7.3 - Implement Data Loss Prevention (DLP)",7
+20,"Insider Trading Based on Stolen Information","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",8
+21,"Loss of Key Personnel with Critical Security Knowledge","16.4 - Establish and Maintain a Role-Based Security Training Program",7
+21,"Loss of Key Personnel with Critical Security Knowledge","16.5 - Conduct Skills Gap Assessments",6
+21,"Loss of Key Personnel with Critical Security Knowledge","1.3 - Establish and Maintain Enterprise Agreements",5
+22,"Natural Disaster Impacting Data Centers","17.3 - Plan and Implement Environmental Protections",9
+22,"Natural Disaster Impacting Data Centers","20.1 - Establish and Maintain a Business Continuity Plan",10
+22,"Natural Disaster Impacting Data Centers","10.9 - Perform Off-Site Backups",8
+23,"Industrial Control System (ICS) Compromise","5.6 - Securely Configure Industrial Control Systems (ICS)",10
+23,"Industrial Control System (ICS) Compromise","6.6 - Implement and Manage Network Segmentation for ICS",9
+23,"Industrial Control System (ICS) Compromise","9.2 - Deploy and Maintain Anti-Malware Software",7
+24,"Misconfiguration of Network Devices","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",9
+24,"Misconfiguration of Network Devices","6.4 - Implement and Manage Network Infrastructure Device Hardening",8
+24,"Misconfiguration of Network Devices","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+25,"Lack of Regular Security Audits","1.5 - Conduct Periodic Security Risk Assessments",9
+25,"Lack of Regular Security Audits","14.7 - Conduct Security Controls Testing and Validation",8
+25,"Lack of Regular Security Audits","18.1 - Establish and Maintain a Penetration Testing Program",7
+26,"AI/ML System Bias Leading to Unfair Outcomes","1.2 - Establish and Maintain Enterprise Security Policies",6
+26,"AI/ML System Bias Leading to Unfair Outcomes","7.1 - Establish and Maintain a Data Management Process",7
+26,"AI/ML System Bias Leading to Unfair Outcomes","15.4 - Establish and Maintain a Security Architecture",5
+27,"IoT Device Vulnerabilities Exploited","3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely",8
+27,"IoT Device Vulnerabilities Exploited","5.3 - Securely Configure Enterprise Assets and Software",7
+27,"IoT Device Vulnerabilities Exploited","9.2 - Deploy and Maintain Anti-Malware Software",6
+28,"Geopolitical Risks Impacting Cybersecurity","1.4 - Establish and Maintain a Threat Intelligence Program",9
+28,"Geopolitical Risks Impacting Cybersecurity","19.1 - Establish and Maintain an Incident Response Plan",7
+28,"Geopolitical Risks Impacting Cybersecurity","13.1 - Establish and Maintain a Security Awareness Program",6
+29,"Unsecured Code in Custom Applications","2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware",7
+29,"Unsecured Code in Custom Applications","8.4 - Perform Application Security Testing",9
+29,"Unsecured Code in Custom Applications","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",8
+30,"Failure to Adequately Vet New Technologies","15.4 - Establish and Maintain a Security Architecture",7
+30,"Failure to Adequately Vet New Technologies","1.5 - Conduct Periodic Security Risk Assessments",8
+30,"Failure to Adequately Vet New Technologies","13.1 - Establish and Maintain a Security Awareness Program",6
+31,"Social Engineering Attack Targeting Executives","16.2 - Train Workforce Members on Social Engineering Attacks",10
+31,"Social Engineering Attack Targeting Executives","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",8
+31,"Social Engineering Attack Targeting Executives","11.1 - Implement and Manage Email Protections",7
+32,"Vulnerability in Open-Source Software Components","2.1 - Establish and Maintain an Inventory of Authorized Software",6
+32,"Vulnerability in Open-Source Software Components","8.1 - Establish and Maintain a Vulnerability Management Process",9
+32,"Vulnerability in Open-Source Software Components","8.2 - Remediate Vulnerabilities Based on Risk",8
+33,"Cryptojacking on Enterprise Assets","9.2 - Deploy and Maintain Anti-Malware Software",9
+33,"Cryptojacking on Enterprise Assets","5.3 - Securely Configure Enterprise Assets and Software",7
+33,"Cryptojacking on Enterprise Assets","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+34,"Data Spillage in Cloud Environments","7.3 - Implement Data Loss Prevention (DLP)",8
+34,"Data Spillage in Cloud Environments","5.4 - Securely Configure Cloud Infrastructure",7
+34,"Data Spillage in Cloud Environments","12.5 - Enforce Encryption of Data-at-Rest",6
+35,"Malicious Browser Extensions Compromising Users","9.1 - Establish and Maintain a Software Allow List",8
+35,"Malicious Browser Extensions Compromising Users","16.1 - Conduct Security Awareness and Skills Training",7
+35,"Malicious Browser Extensions Compromising Users","11.2 - Implement and Manage Web Browser Protections",9
+36,"Domain Name System (DNS) Attacks","6.7 - Implement and Manage Domain Name System (DNS) Security",9
+36,"Domain Name System (DNS) Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+36,"Domain Name System (DNS) Attacks","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",6
+37,"Quantum Computing Breaking Encryption","12.7 - Plan and Implement Cryptographic Key Management",7
+37,"Quantum Computing Breaking Encryption","15.4 - Establish and Maintain a Security Architecture",6
+37,"Quantum Computing Breaking Encryption","1.4 - Establish and Maintain a Threat Intelligence Program",5
+38,"Deepfake Technology Used for Fraud","16.2 - Train Workforce Members on Social Engineering Attacks",8
+38,"Deepfake Technology Used for Fraud","11.1 - Implement and Manage Email Protections",7
+38,"Deepfake Technology Used for Fraud","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",6
+39,"Misinformation Campaigns Damaging Reputation","13.1 - Establish and Maintain a Security Awareness Program",9
+39,"Misinformation Campaigns Damaging Reputation","19.1 - Establish and Maintain an Incident Response Plan",7
+39,"Misinformation Campaigns Damaging Reputation","1.4 - Establish and Maintain a Threat Intelligence Program",6
+40,"Lack of a Formal Security Culture","13.1 - Establish and Maintain a Security Awareness Program",10
+40,"Lack of a Formal Security Culture","16.1 - Conduct Security Awareness and Skills Training",9
+40,"Lack of a Formal Security Culture","1.2 - Establish and Maintain Enterprise Security Policies",8
+41,"Insufficient Physical Security at Remote Offices","17.1 - Implement Physical Access Controls",9
+41,"Insufficient Physical Security at Remote Offices","17.2 - Monitor Physical Environment",8
+41,"Insufficient Physical Security at Remote Offices","3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely",6
+42,"Compromise of Building Management Systems (BMS)","5.6 - Securely Configure Industrial Control Systems (ICS)",8
+42,"Compromise of Building Management Systems (BMS)","6.6 - Implement and Manage Network Segmentation for ICS",7
+42,"Compromise of Building Management Systems (BMS)","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+43,"Failure to Securely Dispose of Sensitive Data","7.4 - Securely Dispose of Assets",9
+43,"Failure to Securely Dispose of Sensitive Data","3.3 - Manage Assets",7
+43,"Failure to Securely Dispose of Sensitive Data","1.2 - Establish and Maintain Enterprise Security Policies",6
+44,"Man-in-the-Middle (MitM) Attacks","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",7
+44,"Man-in-the-Middle (MitM) Attacks","12.6 - Enforce Encryption of Data-in-Transit",9
+44,"Man-in-the-Middle (MitM) Attacks","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",8
+45,"Session Hijacking","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+45,"Session Hijacking","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+45,"Session Hijacking","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+46,"Cross-Site Scripting (XSS) Attacks","8.4 - Perform Application Security Testing",9
+46,"Cross-Site Scripting (XSS) Attacks","12.2 - Secure Software via Secure Coding Practices",8
+46,"Cross-Site Scripting (XSS) Attacks","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",6
+47,"SQL Injection Attacks","8.4 - Perform Application Security Testing",10
+47,"SQL Injection Attacks","12.2 - Secure Software via Secure Coding Practices",9
+47,"SQL Injection Attacks","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",7
+48,"Zero-Day Exploits","8.1 - Establish and Maintain a Vulnerability Management Process",7
+48,"Zero-Day Exploits","9.2 - Deploy and Maintain Anti-Malware Software",8
+48,"Zero-Day Exploits","6.3 - Implement and Manage Network Segmentation",6
+49,"Rogue Access Points on the Network","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",8
+49,"Rogue Access Points on the Network","6.3 - Implement and Manage Network Segmentation",7
+49,"Rogue Access Points on the Network","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+50,"Wireless Network Attacks","6.8 - Secure Wireless Access Points",9
+50,"Wireless Network Attacks","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",7
+50,"Wireless Network Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+51,"Stolen Credentials","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",9
+51,"Stolen Credentials","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",10
+51,"Stolen Credentials","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+52,"Unsecured Public Wi-Fi Usage","16.1 - Conduct Security Awareness and Skills Training",7
+52,"Unsecured Public Wi-Fi Usage","12.6 - Enforce Encryption of Data-in-Transit",8
+52,"Unsecured Public Wi-Fi Usage","4.9 - Manage Access to Enterprise Applications",6
+53,"Vishing Attacks","16.2 - Train Workforce Members on Social Engineering Attacks",9
+53,"Vishing Attacks","13.1 - Establish and Maintain a Security Awareness Program",8
+53,"Vishing Attacks","11.1 - Implement and Manage Email Protections",5
+54,"Smishing Attacks","16.2 - Train Workforce Members on Social Engineering Attacks",9
+54,"Smishing Attacks","13.1 - Establish and Maintain a Security Awareness Program",8
+54,"Smishing Attacks","11.3 - Implement and Manage Endpoint Protections",6
+55,"Watering Hole Attacks","11.2 - Implement and Manage Web Browser Protections",8
+55,"Watering Hole Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+55,"Watering Hole Attacks","1.4 - Establish and Maintain a Threat Intelligence Program",6
+56,"Typosquatting Attacks","11.1 - Implement and Manage Email Protections",7
+56,"Typosquatting Attacks","13.1 - Establish and Maintain a Security Awareness Program",8
+56,"Typosquatting Attacks","1.4 - Establish and Maintain a Threat Intelligence Program",6
+57,"Malvertising","11.2 - Implement and Manage Web Browser Protections",9
+57,"Malvertising","9.2 - Deploy and Maintain Anti-Malware Software",7
+57,"Malvertising","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+58,"Fileless Malware Attacks","9.2 - Deploy and Maintain Anti-Malware Software",8
+58,"Fileless Malware Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+58,"Fileless Malware Attacks","11.3 - Implement and Manage Endpoint Protections",6
+59,"Advanced Persistent Threats (APTs)","1.4 - Establish and Maintain a Threat Intelligence Program",9
+59,"Advanced Persistent Threats (APTs)","14.1 - Establish and Maintain a Security Logging and Monitoring Process",8
+59,"Advanced Persistent Threats (APTs)","18.1 - Establish and Maintain a Penetration Testing Program",7
+60,"Remote Code Execution (RCE) Vulnerabilities","8.2 - Remediate Vulnerabilities Based on Risk",10
+60,"Remote Code Execution (RCE) Vulnerabilities","8.3 - Verify Application of Security Patches",9
+60,"Remote Code Execution (Rulnerabilities","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+61,"Formjacking Attacks","12.2 - Secure Software via Secure Coding Practices",8
+61,"Formjacking Attacks","11.2 - Implement and Manage Web Browser Protections",7
+61,"Formjacking Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+62,"SIM Swapping Attacks","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+62,"SIM Swapping Attacks","16.1 - Conduct Security Awareness and Skills Training",7
+62,"SIM Swapping Attacks","1.3 - Establish and Maintain Enterprise Agreements",6
+63,"Unsecured Database Configurations","5.3 - Securely Configure Enterprise Assets and Software",9
+63,"Unsecured Database Configurations","7.1 - Establish and Maintain a Data Management Process",8
+63,"Unsecured Database Configurations","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+64,"API Sprawl and Lack of API Governance","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",8
+64,"API Sprawl and Lack of API Governance","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",7
+64,"API Sprawl and Lack of API Governance","15.4 - Establish and Maintain a Security Architecture",6
+65,"Insecure Default Configurations","5.1 - Establish and Maintain a Secure Configuration Process",9
+65,"Insecure Default Configurations","5.3 - Securely Configure Enterprise Assets and Software",8
+65,"Insecure Default Configurations","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",7
+66,"Insufficient Data Encryption","12.5 - Enforce Encryption of Data-at-Rest",10
+66,"Insufficient Data Encryption","12.6 - Enforce Encryption of Data-in-Transit
+66,"Insufficient Data Encryption","12.6 - Enforce Encryption of Data-in-Transit",9
+66,"Insufficient Data Encryption","7.2 - Implement and Enforce Data Retention",6
+67,"Legacy Systems with Known Vulnerabilities","3.3 - Manage Assets",7
+67,"Legacy Systems with Known Vulnerabilities","8.2 - Remediate Vulnerabilities Based on Risk",9
+67,"Legacy Systems with Known Vulnerabilities","6.3 - Implement and Manage Network Segmentation",8
+68,"Poorly Implemented Patch Management","8.2 - Remediate Vulnerabilities Based on Risk",10
+68,"Poorly Implemented Patch Management","8.3 - Verify Application of Security Patches",9
+68,"Poorly Implemented Patch Management","3.2 - Utilize an Automated Asset Discovery Tool",6
+69,"Unsecured Configuration Management Practices","5.1 - Establish and Maintain a Secure Configuration Process",9
+69,"Unsecured Configuration Management Practices","5.3 - Securely Configure Enterprise Assets and Software",8
+69,"Unsecured Configuration Management Practices","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",7
+70,"Lack of Network Segmentation","6.3 - Implement and Manage Network Segmentation",10
+70,"Lack of Network Segmentation","6.1 - Establish and Maintain a Baseline Configuration of Network Devices",7
+70,"Lack of Network Segmentation","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+71,"Compromised Software Update Mechanisms","8.3 - Verify Application of Security Patches",8
+71,"Compromised Software Update Mechanisms","9.2 - Deploy and Maintain Anti-Malware Software",7
+71,"Compromised Software Update Mechanisms","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+72,"Weaknesses in Cloud Identity and Access Management","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",9
+72,"Weaknesses in Cloud Identity and Access Management","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",8
+72,"Weaknesses in Cloud Identity and Access Management","5.4 - Securely Configure Cloud Infrastructure",7
+73,"Insufficient Security Logging and Monitoring","14.1 - Establish and Maintain a Security Logging and Monitoring Process",10
+73,"Insufficient Security Logging and Monitoring","14.2 - Integrate Threat Intelligence into Security Monitoring",8
+73,"Insufficient Security Logging and Monitoring","14.3 - Establish and Maintain Alerting and Escalation Processes",7
+74,"Lack of an Effective Incident Response Plan","19.1 - Establish and Maintain an Incident Response Plan",10
+74,"Lack of an Effective Incident Response Plan","19.2 - Establish and Maintain an Incident Response Team",9
+74,"Lack of an Effective Incident Response Plan","19.3 - Develop and Conduct Incident Response Exercises",8
+75,"Poor Data Backup and Recovery Procedures","10.8 - Perform and Test Data Backups",10
+75,"Poor Data Backup and Recovery Procedures","10.9 - Perform Off-Site Backups",9
+75,"Poor Data Backup and Recovery Procedures","10.10 - Securely Store Backups",8
+76,"Insufficient Security Awareness Training for Employees","16.1 - Conduct Security Awareness and Skills Training",10
+76,"Insufficient Security Awareness Training for Employees","16.2 - Train Workforce Members on Social Engineering Attacks",9
+76,"Insufficient Security Awareness Training for Employees","13.1 - Establish and Maintain a Security Awareness Program",8
+77,"Lack of a Formal Risk Management Program","1.5 - Conduct Periodic Security Risk Assessments",10
+77,"Lack of a Formal Risk Management Program","1.1 - Establish and Maintain Enterprise Governance",9
+77,"Lack of a Formal Risk Management Program","1.2 - Establish and Maintain Enterprise Security Policies",8
+78,"Inadequate Third-Party Risk Management","13.5 - Manage Supplier Access",9
+78,"Inadequate Third-Party Risk Management","13.6 - Monitor Supplier Security",8
+78,"Inadequate Third-Party Risk Management","4.6 - Manage External Accounts",7
+79,"Failure to Enforce Least Privilege","4.3 - Manage Privileged Access",10
+79,"Failure to Enforce Least Privilege","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+79,"Failure to Enforce Least Privilege","4.4 - Manage Service Accounts",7
+80,"Unsecured Remote Access Solutions","4.9 - Manage Access to Enterprise Applications",9
+80,"Unsecured Remote Access Solutions","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",8
+80,"Unsecured Remote Access Solutions","12.6 - Enforce Encryption of Data-in-Transit",7
+81,"Insufficient Protection of Critical Infrastructure","17.1 - Implement Physical Access Controls",8
+81,"Insufficient Protection of Critical Infrastructure","6.3 - Implement and Manage Network Segmentation",7
+81,"Insufficient Protection of Critical Infrastructure","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+82,"Lack of Data Loss Prevention (DLP) Measures","7.3 - Implement Data Loss Prevention (DLP)",10
+82,"Lack of Data Loss Prevention (DLP) Measures","3.4 - Manage Sensitive Assets",8
+82,"Lack of Data Loss Prevention (DLP) Measures","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",7
+83,"Ineffective Vulnerability Scanning Practices","8.1 - Establish and Maintain a Vulnerability Management Process",9
+83,"Ineffective Vulnerability Scanning Practices","8.2 - Remediate Vulnerabilities Based on Risk",8
+83,"Ineffective Vulnerability Scanning Practices","3.2 - Utilize an Automated Asset Discovery Tool",7
+84,"Poorly Defined Security Roles and Responsibilities","1.2 - Establish and Maintain Enterprise Security Policies",8
+84,"Poorly Defined Security Roles and Responsibilities","1.3 - Establish and Maintain Enterprise Agreements",7
+84,"Poorly Defined Security Roles and Responsibilities","16.4 - Establish and Maintain a Role-Based Security Training Program",6
+85,"Lack of a Formal Change Management Process","5.2 - Implement and Manage a Change Management Process",9
+85,"Lack of a Formal Change Management Process","5.3 - Securely Configure Enterprise Assets and Software",7
+85,"Lack of a Formal Change Management Process","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+86,"Insufficient Security Architecture and Design","15.4 - Establish and Maintain a Security Architecture",10
+86,"Insufficient Security Architecture and Design","6.3 - Implement and Manage Network Segmentation",8
+86,"Insufficient Security Architecture and Design","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",7
+87,"Failure to Secure Containerized Environments","5.7 - Securely Configure Containers",9
+87,"Failure to Secure Containerized Environments","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",7
+87,"Failure to Secure Containerized Environments","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+88,"Inadequate Protection of API Keys and Secrets","12.3 - Manage Credentials",9
+88,"Inadequate Protection of API Keys and Secrets","12.5 - Enforce Encryption of Data-at-Rest",7
+88,"Inadequate Protection of API Keys and Secrets","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+89,"Lack of a Formal Security Assessment Process for New Projects","1.5 - Conduct Periodic Security Risk Assessments",8
+89,"Lack of a Formal Security Assessment Process for New Projects","15.4 - Establish and Maintain a Security Architecture",7
+89,"Lack of a Formal Security Assessment Process for New Projects","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",6
+90,"Insufficient Budget Allocation for Cybersecurity","1.1 - Establish and Maintain Enterprise Governance",9
+90,"Insufficient Budget Allocation for Cybersecurity","1.2 - Establish and Maintain Enterprise Security Policies",8
+90,"Insufficient Budget Allocation for Cybersecurity","1.5 - Conduct Periodic Security Risk Assessments",7
+91,"Lack of Executive Support for Security Initiatives","1.1 - Establish and Maintain Enterprise Governance",10
+91,"Lack of Executive Support for Security Initiatives","1.2 - Establish and Maintain Enterprise Security Policies",9
+91,"Lack of Executive Support for Security Initiatives","13.1 - Establish and Maintain a Security Awareness Program",7
+92,"Mergers and Acquisitions Leading to Security Integration Challenges","1.3 - Establish and Maintain Enterprise Agreements",8
+92,"Mergers and Acquisitions Leading to Security Integration Challenges","15.4 - Establish and Maintain a Security Architecture",7
+92,"Mergers and Acquisitions Leading to Security Integration Challenges","3.1 - Establish and Maintain Inventory of Enterprise Assets",6
+93,"Decentralized Security Management Leading to Inconsistencies","1.1 - Establish and Maintain Enterprise Governance",8
+93,"Decentralized Security Management Leading to Inconsistencies","1.2 - Establish and Maintain Enterprise Security Policies",7
+93,"Decentralized Security Management Leading to Inconsistencies","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",6
+94,"Rapid Cloud Adoption Without Adequate Security Controls","5.4 - Securely Configure Cloud Infrastructure",9
+94,"Rapid Cloud Adoption Without Adequate Security Controls","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+94,"Rapid Cloud Adoption Without Adequate Security Controls","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+95,"Increased Use of Personal Devices for Work (BYOD)","3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely",8
+95,"Increased Use of Personal Devices for Work (BYOD)","4.5 - Manage Mobile Devices",7
+95,"Increased Use of Personal Devices for Work (BYOD)","12.5 - Enforce Encryption of Data-at-Rest",6
+96,"Growing Attack Surface Due to Digital Transformation","3.1 - Establish and Maintain Inventory of Enterprise Assets",7
+96,"Growing Attack Surface Due to Digital Transformation","15.4 - Establish and Maintain a Security Architecture",8
+96,"Growing Attack Surface Due to Digital Transformation","8.1 - Establish and Maintain a Vulnerability Management Process",6
+97,"Talent Shortage in Cybersecurity","16.3 - Establish and Maintain a Security Skills Development Program",9
+97,"Talent Shortage in Cybersecurity","16.5 - Conduct Skills Gap Assessments",8
+97,"Talent Shortage in Cybersecurity","1.3 - Establish and Maintain Enterprise Agreements",5
+98,"Increased Regulatory Scrutiny and Complexity","1.1 - Establish and Maintain Enterprise Governance",9
+98,"Increased Regulatory Scrutiny and Complexity","1.2 - Establish and Maintain Enterprise Security Policies",8
+98,"Increased Regulatory Scrutiny and Complexity","3.4 - Manage Sensitive Assets",7
+99,"Evolving Threat Landscape","1.4 - Establish and Maintain a Threat Intelligence Program",10
+99,"Evolving Threat Landscape","18.1 - Establish and Maintain a Penetration Testing Program",8
+99,"Evolving Threat Landscape","13.1 - Establish and Maintain a Security Awareness Program",7
+100,"Failure to Adapt Security Strategy to Business Changes","1.2 - Establish and Maintain Enterprise Security Policies",8
+100,"Failure to Adapt Security Strategy to Business Changes","1.5 - Conduct Periodic Security Risk Assessments",9
+100,"Failure to Adapt Security Strategy to Business Changes","15.4 - Establish and Maintain a Security Architecture",7
+101,"Advanced Persistent Threats (APTs) Evading Existing Defenses","14.2 - Integrate Threat Intelligence into Security Monitoring",9
+101,"Advanced Persistent Threats (APTs) Evading Existing Defenses","18.1 - Establish and Maintain a Penetration Testing Program",8
+101,"Advanced Persistent Threats (APTs) Evading Existing Defenses","9.3 - Implement and Manage Endpoint Detection and Response (EDR)",8
+102,"Zero-Day Exploits Targeting Unpatched Applications","8.2 - Remediate Vulnerabilities Based on Risk",9
+102,"Zero-Day Exploits Targeting Unpatched Applications","6.3 - Implement and Manage Network Segmentation",7
+102,"Zero-Day Exploits Targeting Unpatched Applications","9.3 - Implement and Manage Endpoint Detection and Response (EDR)",7
+103,"Sophisticated Phishing Campaigns Bypassing Email Security","11.1 - Implement and Manage Email Protections",8
+103,"Sophisticated Phishing Campaigns Bypassing Email Security","16.2 - Train Workforce Members on Social Engineering Attacks",9
+103,"Sophisticated Phishing Campaigns Bypassing Email Security","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",7
+104,"Malware Delivered Through Supply Chain Compromise","13.3 - Implement and Manage Secure Software Supply Chain Practices",9
+104,"Malware Delivered Through Supply Chain Compromise","9.2 - Deploy and Maintain Anti-Malware Software",7
+104,"Malware Delivered Through Supply Chain Compromise","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+105,"Ransomware Targeting Backup Infrastructure","10.8 - Perform and Test Data Backups",8
+105,"Ransomware Targeting Backup Infrastructure","10.10 - Securely Store Backups",9
+105,"Ransomware Targeting Backup Infrastructure","6.3 - Implement and Manage Network Segmentation",7
+106,"Data Exfiltration Through DNS Tunneling","6.7 - Implement and Manage Domain Name System (DNS) Security",9
+106,"Data Exfiltration Through DNS Tunneling","14.1 - Establish and Maintain a Security Logging and Monitoring Process",8
+106,"Data Exfiltration Through DNS Tunneling","7.3 - Implement Data Loss Prevention (DLP)",7
+107,"Compromise of Cloud Service Provider Credentials","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+107,"Compromise of Cloud Service Provider Credentials","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+107,"Compromise of Cloud Service Provider Credentials","5.4 - Securely Configure Cloud Infrastructure",7
+108,"Lateral Movement within the Network Post-Breach","6.3 - Implement and Manage Network Segmentation",10
+108,"Lateral Movement within the Network Post-Breach","14.1 - Establish and Maintain a Security Logging and Monitoring Process",8
+108,"Lateral Movement within the Network Post-Breach","9.3 - Implement and Manage Endpoint Detection and Response (EDR)",7
+109,"Exploitation of Unsecured APIs","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",7
+109,"Exploitation of Unsecured APIs","12.4 - Implement and Manage Security for Software Applications",9
+109,"Exploitation of Unsecured APIs","18.1 - Establish and Maintain a Penetration Testing Program",8
+110,"Credential Stuffing Attacks Against Web Applications","4.7 - Enforce Account Password Requirements",7
+110,"Credential Stuffing Attacks Against Web Applications","4.8 - Enforce Multi-Factor Authentication for All Users",9
+110,"Credential Stuffing Attacks Against Web Applications","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+111,"Brute-Force Attacks Targeting Cloud Services","4.7 - Enforce Account Password Requirements",8
+111,"Brute-Force Attacks Targeting Cloud Services","4.8 - Enforce Multi-Factor Authentication for All Users",9
+111,"Brute-Force Attacks Targeting Cloud Services","5.4 - Securely Configure Cloud Infrastructure",7
+112,"Cryptojacking Exploiting Web Browser Vulnerabilities","11.2 - Implement and Manage Web Browser Protections",9
+112,"Cryptojacking Exploiting Web Browser Vulnerabilities","9.2 - Deploy and Maintain Anti-Malware Software",7
+112,"Cryptojacking Exploiting Web Browser Vulnerabilities","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+113,"Business Logic Flaws in Applications Leading to Data Breach","12.4 - Implement and Manage Security for Software Applications",9
+113,"Business Logic Flaws in Applications Leading to Data Breach","8.4 - Perform Application Security Testing",8
+113,"Business Logic Flaws in Applications Leading to Data Breach","7.1 - Establish and Maintain a Data Management Process",7
+114,"Malicious Insiders Exfiltrating Data Using Approved Tools","4.3 - Manage Privileged Access",8
+114,"Malicious Insiders Exfiltrating Data Using Approved Tools","7.3 - Implement Data Loss Prevention (DLP)",9
+114,"Malicious Insiders Exfiltrating Data Using Approved Tools","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",7
+115,"Rogue or Shadow IT Devices on the Network","3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets",9
+115,"Rogue or Shadow IT Devices on the Network","6.3 - Implement and Manage Network Segmentation",7
+115,"Rogue or Shadow IT Devices on the Network","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+116,"Compromise of CI/CD Pipelines Leading to Malicious Code Injection","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",9
+116,"Compromise of CI/CD Pipelines Leading to Malicious Code Injection","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+116,"Compromise of CI/CD Pipelines Leading to Malicious Code Injection","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+117,"Insecurely Configured Cloud Storage Buckets","5.4 - Securely Configure Cloud Infrastructure",10
+117,"Insecurely Configured Cloud Storage Buckets","7.1 - Establish and Maintain a Data Management Process",8
+117,"Insecurely Configured Cloud Storage Buckets","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+118,"Exploitation of Memory Corruption Vulnerabilities","8.2 - Remediate Vulnerabilities Based on Risk",9
+118,"Exploitation of Memory Corruption Vulnerabilities","9.3 - Implement and Manage Endpoint Detection and Response (EDR)",8
+118,"Exploitation of Memory Corruption Vulnerabilities","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+119,"Data Breaches Due to Misconfigured Security Groups","5.4 - Securely Configure Cloud Infrastructure",9
+119,"Data Breaches Due to Misconfigured Security Groups","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+119,"Data Breaches Due to Misconfigured Security Groups","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+120,"Use of Default or Weak Encryption Keys","12.7 - Plan and Implement Cryptographic Key Management",9
+120,"Use of Default or Weak Encryption Keys","12.5 - Enforce Encryption of Data-at-Rest",8
+120,"Use of Default or Weak Encryption Keys","12.6 - Enforce Encryption of Data-in-Transit",7
+121,"Vulnerabilities in Third-Party Libraries and Dependencies","8.1 - Establish and Maintain a Vulnerability Management Process",8
+121,"Vulnerabilities in Third-Party Libraries and Dependencies","12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)",9
+121,"Vulnerabilities in Third-Party Libraries and Dependencies","2.1 - Establish and Maintain an Inventory of Authorized Software",7
+122,"Targeted Attacks on Operational Technology (OT) Systems","5.6 - Securely Configure Industrial Control Systems (ICS)",9
+122,"Targeted Attacks on Operational Technology (OT) Systems","6.6 - Implement and Manage Network Segmentation for ICS",10
+122,"Targeted Attacks on Operational Technology (OT) Systems","14.1 - Establish and Maintain a Security Logging and Monitoring Process",8
+123,"Data Aggregation from Multiple Sources Leading to Privacy Violations","7.1 - Establish and Maintain a Data Management Process",8
+123,"Data Aggregation from Multiple Sources Leading to Privacy Violations","3.4 - Manage Sensitive Assets",9
+123,"Data Aggregation from Multiple Sources Leading to Privacy Violations","1.2 - Establish and Maintain Enterprise Security Policies",7
+124,"AI Poisoning Attacks Manipulating Machine Learning Models","15.4 - Establish and Maintain a Security Architecture",8
+124,"AI Poisoning Attacks Manipulating Machine Learning Models","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+124,"AI Poisoning Attacks Manipulating Machine Learning Models","1.4 - Establish and Maintain a Threat Intelligence Program",6
+125,"Quantum Computing Attacks Breaking Current Encryption","12.7 - Plan and Implement Cryptographic Key Management",9
+125,"Quantum Computing Attacks Breaking Current Encryption","15.4 - Establish and Maintain a Security Architecture",7
+125,"Quantum Computing Attacks Breaking Current Encryption","1.4 - Establish and Maintain a Threat Intelligence Program",6
+126,"Deepfake Technology Used for Social Engineering","16.2 - Train Workforce Members on Social Engineering Attacks",9
+126,"Deepfake Technology Used for Social Engineering","11.1 - Implement and Manage Email Protections",7
+126,"Deepfake Technology Used for Social Engineering","13.1 - Establish and Maintain a Security Awareness Program",6
+127,"Blockchain Vulnerabilities Leading to Financial Loss","12.4 - Implement and Manage Security for Software Applications",8
+127,"Blockchain Vulnerabilities Leading to Financial Loss","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",7
+127,"Blockchain Vulnerabilities Leading to Financial Loss","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+128,"Serverless Function Vulnerabilities","5.4 - Securely Configure Cloud Infrastructure",8
+128,"Serverless Function Vulnerabilities","12.4 - Implement and Manage Security for Software Applications",7
+128,"Serverless Function Vulnerabilities","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+129,"Insider Threats Leveraging Data in Motion","7.3 - Implement Data Loss Prevention (DLP)",8
+129,"Insider Threats Leveraging Data in Motion","12.6 - Enforce Encryption of Data-in-Transit",7
+129,"Insider Threats Leveraging Data in Motion","14.5 - Establish and Maintain an Audit Log Review and Analysis Process",6
+130,"Compromise of Hardware Supply Chain (Hardware Implants)","13.4 - Implement and Manage Secure Hardware Supply Chain Practices",9
+130,"Compromise of Hardware Supply Chain (Hardware Implants)","3.1 - Establish and Maintain Inventory of Enterprise Assets",7
+130,"Compromise of Hardware Supply Chain (Hardware Implants)","18.1 - Establish and Maintain a Penetration Testing Program",6
+131,"Formjacking Attacks Stealing Payment Card Data","12.4 - Implement and Manage Security for Software Applications",9
+131,"Formjacking Attacks Stealing Payment Card Data","11.2 - Implement and Manage Web Browser Protections",7
+131,"Formjacking Attacks Stealing Payment Card Data","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+132,"SIM Swapping Leading to Account Takeover","4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts",9
+132,"SIM Swapping Leading to Account Takeover","16.1 - Conduct Security Awareness and Skills Training",7
+132,"SIM Swapping Leading to Account Takeover","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",6
+133,"Attacks Targeting APIs of Third-Party Services","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",7
+133,"Attacks Targeting APIs of Third-Party Services","12.4 - Implement and Manage Security for Software Applications",8
+133,"Attacks Targeting APIs of Third-Party Services","13.6 - Monitor Supplier Security",7
+134,"Insufficient Segmentation of Cloud Workloads","5.4 - Securely Configure Cloud Infrastructure",9
+134,"Insufficient Segmentation of Cloud Workloads","6.3 - Implement and Manage Network Segmentation",8
+134,"Insufficient Segmentation of Cloud Workloads","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",7
+135,"Compromise of Managed Service Provider (MSP) Infrastructure","4.6 - Manage External Accounts",8
+135,"Compromise of Managed Service Provider (MSP) Infrastructure","13.5 - Manage Supplier Access",9
+135,"Compromise of Managed Service Provider (MSP) Infrastructure","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+136,"Abuse of Stored Cross-Site Scripting (XSS) Vulnerabilities","8.4 - Perform Application Security Testing",9
+136,"Abuse of Stored Cross-Site Scripting (XSS) Vulnerabilities","12.2 - Secure Software via Secure Coding Practices",8
+136,"Abuse of Stored Cross-Site Scripting (XSS) Vulnerabilities","6.2 - Establish and Maintain a Baseline Configuration of Endpoints",6
+137,"Exploitation of Race Conditions in Applications","12.2 - Secure Software via Secure Coding Practices",8
+137,"Exploitation of Race Conditions in Applications","8.4 - Perform Application Security Testing",7
+137,"Exploitation of Race Conditions in Applications","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+138,"ARP Spoofing and Man-in-the-Middle Attacks on Local Networks","6.4 - Implement and Manage Network Infrastructure Device Hardening",8
+138,"ARP Spoofing and Man-in-the-Middle Attacks on Local Networks","6.3 - Implement and Manage Network Segmentation",7
+138,"ARP Spoofing and Man-in-the-Middle Attacks on Local Networks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+139,"DNS Spoofing and Cache Poisoning Attacks","6.7 - Implement and Manage Domain Name System (DNS) Security",9
+139,"DNS Spoofing and Cache Poisoning Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+139,"DNS Spoofing and Cache Poisoning Attacks","11.2 - Implement and Manage Web Browser Protections",6
+140,"Border Gateway Protocol (BGP) Hijacking","6.4 - Implement and Manage Network Infrastructure Device Hardening",8
+140,"Border Gateway Protocol (BGP) Hijacking","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+140,"Border Gateway Protocol (BGP) Hijacking","1.4 - Establish and Maintain a Threat Intelligence Program",6
+141,"ICMP Flood Attacks","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",8
+141,"ICMP Flood Attacks","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+141,"ICMP Flood Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+142,"SYN Flood Attacks","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",9
+142,"SYN Flood Attacks","6.4 - Implement and Manage Network Infrastructure Device Hardening",8
+142,"SYN Flood Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+143,"Smurf Attacks","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",8
+143,"Smurf Attacks","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+143,"Smurf Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+144,"Fraggle Attacks","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",8
+144,"Fraggle Attacks","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+144,"Fraggle Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+145,"GTP Tunneling Exploits in Mobile Networks","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+145,"GTP Tunneling Exploits in Mobile Networks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+145,"GTP Tunneling Exploits in Mobile Networks","1.4 - Establish and Maintain a Threat Intelligence Program",5
+146,"SIP Flood Attacks Targeting VoIP Infrastructure","6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques",9
+146,"SIP Flood Attacks Targeting VoIP Infrastructure","6.4 - Implement and Manage Network Infrastructure Device Hardening",7
+146,"SIP Flood Attacks Targeting VoIP Infrastructure","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+147,"LLMNR/NBT-NS Poisoning","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",7
+147,"LLMNR/NBT-NS Poisoning","6.3 - Implement and Manage Network Segmentation",8
+147,"LLMNR/NBT-NS Poisoning","14.1 - Establish and Maintain a Security Logging and Monitoring Process",6
+148,"Pass-the-Hash Attacks","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",9
+148,"Pass-the-Hash Attacks","4.3 - Manage Privileged Access",8
+148,"Pass-the-Hash Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+149,"Pass-the-Ticket Attacks (Kerberoasting)","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",8
+149,"Pass-the-Ticket Attacks (Kerberoasting)","4.3 - Manage Privileged Access",9
+149,"Pass-the-Ticket Attacks (Kerberoasting)","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7
+150,"Golden SAML Attacks","4.1 - Establish and Maintain a Secure Access Control Policy and Procedures",9
+150,"Golden SAML Attacks","4.3 - Manage Privileged Access",8
+150,"Golden SAML Attacks","14.1 - Establish and Maintain a Security Logging and Monitoring Process",7