Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family CA

CA-6Authorization

Assign a senior official as the authorizing official for the system; Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems; Ensure that the authorizing official for the system, before commencing operations: Accepts the use of common controls inherited by the system; and Authorizes the system to operate; Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems; Update the authorizations {{ insert: param, ca-06_odp }}.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (4)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-862Missing Authorization8,680Prevents systems from commencing operations without assigned authorizing official approval, addressing missing authorization for critical functions.
CWE-284Improper Access Control4,832Requires formal authorization of the system and inherited controls before operation, ensuring access control mechanisms are reviewed and approved.
CWE-863Incorrect Authorization3,234The authorization process includes review of common controls and system security, helping detect and correct incorrect authorization implementations.
CWE-285Improper Authorization1,230Mandates explicit acceptance and authorization of controls by a senior official, directly reducing improper authorization configurations.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family CA

CA-1 CA-2 CA-3 CA-4 CA-5 CA-7 CA-8 CA-9