NIST 800-53 r5 · Controls catalogue · Family MP

MP-8Media Downgrading

Establish {{ insert: param, mp-08_odp.01 }} that includes employing downgrading mechanisms with strength and integrity commensurate with the security category or classification of the information; Verify that the system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information; Identify {{ insert: param, mp-08_odp.02 }} ; and Downgrade the identified system media using the established process.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

No implementations targeting this control yet.

ATT&CK techniques this control mitigates (0)

No ATT&CK techniques mapped to this control yet.

Weaknesses this control addresses (3)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE	Name	CVEs	Why this control addresses it
`CWE-200`	Exposure of Sensitive Information to an Unauthorized Actor	10,204	Proper media downgrading process prevents sensitive information from remaining on media that is then accessible to lower-classification recipients.
`CWE-212`	Improper Removal of Sensitive Information Before Storage or Transfer	126	The control requires verified removal of sensitive data before media is made available at a reduced classification level, directly addressing improper removal prior to storage or transfer.
`CWE-226`	Sensitive Information in Resource Not Removed Before Reuse	30	Downgrading enables reuse of media at lower security levels, and the mandated process ensures sensitive information is removed beforehand to prevent exposure on reused resources.

Top CVEs where this control is the strongest mitigation

CVE	Risk	CVSS	EPSS	Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family MP

MP-1 MP-2 MP-3 MP-4 MP-5 MP-6 MP-7