NIST 800-53 r5 · Controls catalogue · Family PE
PE-23Facility Location
Plan the location or site of the facility where the system resides considering physical and environmental hazards; and For existing facilities, consider the physical and environmental hazards in the organizational risk management strategy.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (4)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Facility siting decisions that account for physical hazards strengthen overall access control by limiting unauthorized physical entry vectors. |
CWE-668 | Exposure of Resource to Wrong Sphere | 779 | Planning facility placement prevents exposure of critical resources to environmental or physical threat spheres. |
CWE-653 | Improper Isolation or Compartmentalization | 52 | Locating systems away from hazards improves isolation and compartmentalization from external physical or environmental threats. |
CWE-1263 | Improper Physical Access Control | 13 | Selecting facility sites to avoid physical and environmental hazards directly reduces the exploitability of improper physical access controls. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||