NIST 800-53 r5 · Controls catalogue · Family PM
PM-15Security and Privacy Groups and Associations
Establish and institutionalize contact with selected groups and associations within the security and privacy communities: To facilitate ongoing security and privacy education and training for organizational personnel; To maintain currency with recommended security and privacy practices, techniques, and technologies; and To share current security and privacy information, including threats, vulnerabilities, and incidents.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | 736 | Ongoing education and sharing of recommended practices helps organizations identify and migrate away from broken or risky cryptographic algorithms. |
CWE-326 | Inadequate Encryption Strength | 513 | Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength. |
CWE-521 | Weak Password Requirements | 303 | Facilitated training and awareness of current practices improves definition and enforcement of sufficiently strong password requirements. |
CWE-1104 | Use of Unmaintained Third Party Components | 19 | Contact with security communities directly informs personnel of unmaintained components and their vulnerabilities, reducing the likelihood of their continued use. |
CWE-477 | Use of Obsolete Function | 16 | Institutionalized information sharing keeps developers aware of obsolete functions and the need to replace them with supported alternatives. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||