NIST 800-53 r5 · Controls catalogue · Family SC
SC-35External Malicious Code Identification
Include system components that proactively seek to identify network-based malicious code or malicious websites.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (3)
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | 254 | External identification of malicious code makes inclusion of functionality from untrusted network sources substantially harder to perform undetected. |
CWE-494 | Download of Code Without Integrity Check | 242 | Proactive network scanning for malicious code directly detects and blocks downloads that lack integrity verification. |
CWE-830 | Inclusion of Web Functionality from an Untrusted Source | 12 | Components that flag malicious websites reduce the ability to pull and render web functionality from untrusted external sources. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-1342 | 1.7 | 8.5 | 0.0001 | good |
CVE-2026-43003 | 1.6 | 8.0 | 0.0004 | good |
CVE-2025-65319 | 1.8 | 9.1 | 0.0013 | partial |
CVE-2026-26056 | 1.8 | 8.8 | 0.0006 | good |