NIST 800-53 r5 · Controls catalogue · Family CM
CM-14Signed Components
Prevent the installation of {{ insert: param, cm-14_prm_1 }} without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-347 | Improper Verification of Cryptographic Signature | 778 | Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures. |
CWE-494 | Download of Code Without Integrity Check | 242 | Blocks installation of components lacking a valid signature, mitigating download or installation of code without integrity checks. |
CWE-353 | Missing Support for Integrity Check | 37 | Implements required signature-based integrity verification, addressing missing support for integrity checks on components. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-66255 | 2.0 | 9.8 | 0.0038 | good |
CVE-2025-27670 | 2.0 | 9.8 | 0.0016 | good |
CVE-2025-43245 | 2.0 | 9.8 | 0.0013 | good |
CVE-2025-27680 | 1.8 | 9.1 | 0.0023 | good |
CVE-2024-41334 | 1.8 | 8.8 | 0.0014 | good |
CVE-2026-40066 | 1.8 | 8.8 | 0.0003 | good |
CVE-2025-68623 | 1.8 | 8.8 | 0.0001 | good |
CVE-2024-7344 | 1.7 | 8.2 | 0.0039 | good |
CVE-2026-32920 | 1.7 | 8.4 | 0.0002 | good |
CVE-2024-11128 | 1.6 | 7.8 | 0.0006 | good |
CVE-2025-0509 | 1.5 | 7.3 | 0.0007 | good |
CVE-2026-3780 | 1.5 | 7.3 | 0.0001 | good |
CVE-2024-56161 | 1.4 | 7.2 | 0.0008 | good |
CVE-2025-12295 | 1.3 | 6.6 | 0.0024 | good |
CVE-2025-24109 | 1.1 | 5.5 | 0.0010 | good |
CVE-2025-30154 KEV | 5.8 | 8.6 | 0.3399 | good |
CVE-2026-27180 | 4.9 | 9.8 | 0.4880 | good |
CVE-2025-15556 KEV | 3.9 | 7.5 | 0.0609 | good |
CVE-2026-3502 KEV | 3.7 | 7.8 | 0.0275 | good |
CVE-2023-53959 | 2.0 | 9.8 | 0.0037 | good |
CVE-2026-34424 | 2.0 | 9.8 | 0.0024 | good |
CVE-2024-56336 | 2.0 | 9.8 | 0.0031 | good |
CVE-2025-26155 | 2.0 | 9.8 | 0.0008 | good |
CVE-2025-34212 | 2.0 | 9.8 | 0.0067 | good |
CVE-2025-49841 | 2.0 | 9.8 | 0.0034 | good |