NIST 800-53 r5 · Controls catalogue · Family CP
CP-13Alternative Security Mechanisms
Employ {{ insert: param, cp-13_odp.01 }} for satisfying {{ insert: param, cp-13_odp.02 }} when the primary means of implementing the security function is unavailable or compromised.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Alternative mechanisms sustain access control enforcement even if the primary access control implementation is unavailable or compromised. |
CWE-287 | Improper Authentication | 4,730 | Delivers alternative authentication approaches to verify identity when the primary authentication mechanism is unavailable or compromised. |
CWE-285 | Improper Authorization | 1,230 | Supplies backup authorization methods to block unauthorized actions when the primary authorization process is unavailable or compromised. |
CWE-693 | Protection Mechanism Failure | 476 | Provides alternative mechanisms to maintain security functions when the primary implementation is unavailable or compromised, directly preventing protection mechanism failure. |
CWE-636 | Not Failing Securely ('Failing Open') | 27 | Ensures security functions remain enforced via alternatives instead of defaulting to an insecure state when the primary means fails. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||