NIST 800-53 r5 · Controls catalogue · Family PE
PE-1Policy and Procedures
Develop, document, and disseminate to {{ insert: param, pe-1_prm_1 }}: {{ insert: param, pe-01_odp.03 }} physical and environmental protection policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the physical and environmental protection policy and the associated physical and environmental protection controls; Designate an {{ insert: param, pe-01_odp.04 }} to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures; and Review and update the current physical and environmental protection: Policy {{ insert: param, pe-01_odp.05 }} and following {{ insert: param, pe-01_odp.06 }} ; and Procedures {{ insert: param, pe-01_odp.07 }} and following {{ insert: param, pe-01_odp.08 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | The policy defines and enforces restrictions on physical access to resources, directly reducing improper access control. |
CWE-269 | Improper Privilege Management | 2,907 | Designates roles and review processes for managing physical privileges and access rights. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Policy specifies correct permission assignments for physical critical resources and facilities. |
CWE-276 | Incorrect Default Permissions | 1,757 | Requires addressing secure default permissions in physical and environmental protection controls. |
CWE-285 | Improper Authorization | 1,230 | Procedures establish authorization rules for physical and environmental access, limiting improper authorization. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||