NIST 800-53 r5 · Controls catalogue · Family PE
PE-10Emergency Shutoff
Provide the capability of shutting off power to {{ insert: param, pe-10_odp.01 }} in emergency situations; Place emergency shutoff switches or devices in {{ insert: param, pe-10_odp.02 }} to facilitate access for authorized personnel; and Protect emergency power shutoff capability from unauthorized activation.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | The control directly implements access restrictions on the emergency shutoff mechanism to prevent unauthorized use. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | The shutoff is a critical function, and the control ensures it cannot be activated without proper (physical) authentication. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | The emergency shutoff is a critical resource whose activation is protected via proper permission assignment. |
CWE-285 | Improper Authorization | 1,230 | Protecting the shutoff from unauthorized activation enforces proper authorization for this critical operation. |
CWE-1263 | Improper Physical Access Control | 13 | Placement for authorized access and protection against unauthorized activation specifically address improper physical access control. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||