NIST 800-53 r5 · Controls catalogue · Family AC
AC-15Automated Marking
Automated Marking
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Automated marking applies security attributes to system outputs, making it harder for attackers to exploit unmarked sensitive information leading to unauthorized exposure. |
CWE-284 | Improper Access Control | 4,832 | By automatically labeling outputs with security attributes, the control supports attribute-based enforcement and reduces exploitability of improper access control weaknesses. |
CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | 174 | Automated marking identifies private personal information in outputs, tangibly reducing the ability to exploit weaknesses that result in its unauthorized exposure. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-65319 | 1.8 | 9.1 | 0.0013 | good |