NIST 800-53 r5 · Controls catalogue · Family SC
SC-10Network Disconnect
Terminate the network connection associated with a communications session at the end of the session or after {{ insert: param, sc-10_odp }} of inactivity.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (5)
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,324 | Terminating idle connections bounds resource consumption that would otherwise allow uncontrolled accumulation of open sessions. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | Imposes an inactivity-based limit on network resource allocation, throttling the number of concurrently held connections. |
CWE-404 | Improper Resource Shutdown or Release | 737 | Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release. |
CWE-613 | Insufficient Session Expiration | 606 | Directly enforces termination of network sessions after inactivity or end-of-session, preventing indefinite session lifetime. |
CWE-772 | Missing Release of Resource after Effective Lifetime | 468 | Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||