NIST 800-53 r5 · Controls catalogue · Family PL
PL-6Security-related Activity Planning
Security-related Activity Planning
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,324 | Planning and coordination of security activities (scans, tests, maintenance) directly imposes scheduling and throttling that prevents those activities from producing uncontrolled resource consumption. |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 2,603 | Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | Explicit planning of security-related actions requires defining limits, windows, and resource allocations, making allocation without throttling far less likely. |
CWE-799 | Improper Control of Interaction Frequency | 67 | The control requires defining frequency, timing, and approval for security interactions, directly addressing uncontrolled interaction rates. |
CWE-833 | Deadlock | 21 | Advance scheduling and deconfliction of security tasks lowers the chance that overlapping operations will produce deadlock conditions on shared resources. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||