NIST 800-53 r5 · Controls catalogue · Family PE
PE-7Visitor Control
Visitor Control
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Visitor control enforces physical entry restrictions and monitoring, directly reducing improper access to facilities and resources. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Implements authentication steps (ID checks, sign-in, escort verification) for physical access to critical functions or locations. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Prevents default or overly broad physical permissions by requiring per-visitor access decisions and time-limited credentials. |
CWE-285 | Improper Authorization | 1,230 | Requires explicit authorization (badges, escorts, logs) before visitors can reach sensitive areas or equipment. |
CWE-1263 | Improper Physical Access Control | 13 | Directly addresses physical access by mandating visitor registration, escorting, and logging to prevent unauthorized presence. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||