NIST 800-53 r5 · Controls catalogue · Family SC
SC-22Architecture and Provisioning for Name/Address Resolution Service
Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (7)
- T1071 Application Layer Protocol Command And Control
- T1071.001 Web Protocols Command And Control
- T1071.002 File Transfer Protocols Command And Control
- T1071.003 Mail Protocols Command And Control
- T1071.004 DNS Command And Control
- T1568 Dynamic Resolution Command And Control
- T1568.002 Domain Generation Algorithms Command And Control
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Internal/external role separation directly prevents external actors from obtaining sensitive internal host and network information via name resolution. |
CWE-284 | Improper Access Control | 4,832 | Role separation implements access control boundaries between internal and external name resolution services. |
CWE-400 | Uncontrolled Resource Consumption | 3,324 | Fault tolerance reduces the impact of resource-exhaustion attacks against the organization's name services. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | Redundant provisioning limits the effectiveness of uncontrolled allocation attacks on resolution infrastructure. |
CWE-668 | Exposure of Resource to Wrong Sphere | 779 | Fault-tolerant architecture with role separation keeps internal resolution resources from being exposed to external spheres. |
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | 57 | Explicit internal/external separation restricts name-resolution channels to their intended communication endpoints. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-30140 | 1.5 | 7.5 | 0.0021 | good |
CVE-2025-71058 | 1.8 | 9.1 | 0.0014 | partial |
CVE-2025-30132 | 1.8 | 9.1 | 0.0008 | good |
CVE-2024-57174 | 1.6 | 8.1 | 0.0026 | good |