NIST 800-53 r5 · Controls catalogue · Family PL
PL-11Baseline Tailoring
Tailor the selected control baseline by applying specified tailoring actions.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-862 | Missing Authorization | 8,680 | Tailoring ensures the authorization baseline is scoped and augmented so that missing authorization checks are identified and addressed for the target system. |
CWE-284 | Improper Access Control | 4,832 | Tailoring selects and adjusts the precise set of access-control baselines and compensating controls required for the system, directly reducing improper access control exposure. |
CWE-269 | Improper Privilege Management | 2,907 | Baseline tailoring enforces organization-specific privilege-management decisions rather than accepting generic high-water-mark settings. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Tailoring determines which functions require authentication and selects the appropriate baseline or compensating authentication controls. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Tailoring actions include assigning or restricting permissions on critical resources to the minimum necessary for the system's purpose and threat environment. |
CWE-276 | Incorrect Default Permissions | 1,757 | Tailoring explicitly overrides or scopes default permission assignments in the baseline to match the system's actual risk and operational needs. |
CWE-693 | Protection Mechanism Failure | 476 | Tailoring validates that selected protection mechanisms remain effective after scoping, parameterization, and compensating-control decisions are applied. |
CWE-1188 | Initialization of a Resource with an Insecure Default | 300 | Tailoring replaces or augments insecure default initializations with system-specific values and compensating controls before deployment. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||