NIST 800-53 r5 · Controls catalogue · Family AU
AU-14Session Audit
Provide and implement the capability for {{ insert: param, au-14_odp.01 }} to {{ insert: param, au-14_odp.02 }} the content of a user session under {{ insert: param, au-14_odp.03 }} ; and Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Session auditing enables detection of unauthorized exposure or access to sensitive information during user activities. |
CWE-862 | Missing Authorization | 8,680 | Session auditing detects missing authorization by exposing unauthorized actions taken within sessions. |
CWE-284 | Improper Access Control | 4,832 | Provides capability to review session content, directly detecting violations of access control. |
CWE-287 | Improper Authentication | 4,730 | Session content review can reveal authentication bypasses or failures in session establishment. |
CWE-863 | Incorrect Authorization | 3,234 | Enables detection of incorrect authorization through review of session-level activities and decisions. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Auditing sessions makes it possible to detect access to critical functions without required authentication. |
CWE-285 | Improper Authorization | 1,230 | Auditing session actions allows identification of improper authorization decisions and enforcement failures. |
CWE-778 | Insufficient Logging | 23 | Directly implements detailed session logging to address the weakness of insufficient logging. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-22386 | 1.5 | 7.3 | 0.0019 | partial |
CVE-2024-11627 | 1.4 | 6.8 | 0.0012 | partial |
CVE-2024-56529 | 1.4 | 7.1 | 0.0013 | partial |