NIST 800-53 r5 · Controls catalogue · Family MP
MP-5Media Transport
Protect and control {{ insert: param, mp-05_odp.01 }} during transport outside of controlled areas using {{ insert: param, mp-5_prm_2 }}; Maintain accountability for system media during transport outside of controlled areas; Document activities associated with the transport of system media; and Restrict the activities associated with the transport of system media to authorized personnel.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Protecting and controlling media during external transport prevents exposure of sensitive information to unauthorized actors. |
CWE-284 | Improper Access Control | 4,832 | Restricting transport activities to authorized personnel directly enforces proper access control over system media. |
CWE-285 | Improper Authorization | 1,230 | Requiring authorization for media transport activities prevents improper authorization of resource handling. |
CWE-668 | Exposure of Resource to Wrong Sphere | 779 | Protecting media during transport prevents exposure of resources to the wrong control sphere. |
CWE-669 | Incorrect Resource Transfer Between Spheres | 96 | Accountability, documentation, and protection requirements ensure correct transfer of media resources between spheres. |
CWE-501 | Trust Boundary Violation | 24 | Controlling media movement outside controlled areas maintains separation between internal and external trust boundaries. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||