NIST 800-53 r5 · Controls catalogue · Family PT
PT-7Specific Categories of Personally Identifiable Information
Apply {{ insert: param, pt-07_odp }} for specific categories of personally identifiable information.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Requiring organization-defined processing conditions on specific PII categories directly reduces the chance that personal data will be exposed to unauthorized actors. |
CWE-532 | Insertion of Sensitive Information into Log File | 1,378 | Specific processing rules for sensitive PII categories commonly include restrictions on logging, making insertion of such data into log files less likely. |
CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | 174 | The control mandates tailored handling for designated categories of personally identifiable information, thereby limiting unauthorized disclosure of private personal data. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||