NIST 800-53 r5 · Controls catalogue · Family SC
SC-32System Partitioning
Partition the system into {{ insert: param, sc-32_odp.01 }} residing in separate {{ insert: param, sc-32_odp.02 }} domains or environments based on {{ insert: param, sc-32_odp.03 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (1)
- T1590.002 DNS Reconnaissance
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Enforces separation of domains that reduces the ability to bypass or violate access control boundaries. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Supports correct permission assignment by allowing permissions to be scoped to individual partitions rather than a monolithic system. |
CWE-285 | Improper Authorization | 1,230 | Partitioning limits authorization scope by confining subjects and objects to distinct environments. |
CWE-668 | Exposure of Resource to Wrong Sphere | 779 | Prevents resources from residing in the wrong sphere by design through explicit domain separation. |
CWE-250 | Execution with Unnecessary Privileges | 305 | Enables execution with minimal necessary privileges by isolating components into distinct environments. |
CWE-669 | Incorrect Resource Transfer Between Spheres | 96 | Reduces incorrect transfers between spheres by establishing clear, separate domains for different sensitivities or functions. |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | 81 | Mitigates confused deputy risks by ensuring distinct privilege domains so one partition cannot unintentionally act on behalf of another. |
CWE-653 | Improper Isolation or Compartmentalization | 52 | Directly implements isolation and compartmentalization by placing components into separate domains or environments. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||