NIST 800-53 r5 · Controls catalogue · Family SC
SC-16Transmission of Security and Privacy Attributes
Associate {{ insert: param, sc-16_prm_1 }} with information exchanged between systems and between system components.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (5)
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Associating security/privacy attributes with exchanged data enables receiving systems to enforce handling rules and avoid unauthorized disclosure. |
CWE-284 | Improper Access Control | 4,832 | Transmitting bound security attributes preserves access-control context across system boundaries, directly reducing improper access control. |
CWE-285 | Improper Authorization | 1,230 | Security attributes carried with data allow consistent authorization decisions between components and external systems. |
CWE-807 | Reliance on Untrusted Inputs in a Security Decision | 74 | Providing authoritative attributes with the data reduces the need for security decisions to rely on untrusted external inputs. |
CWE-501 | Trust Boundary Violation | 24 | Explicitly binding attributes to information crossing trust boundaries prevents loss of security context that leads to trust-boundary violations. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-32014 | 1.6 | 8.0 | 0.0003 | good |