NIST 800-53 r5 · Controls catalogue · Family SC
SC-4Information in Shared System Resources
Prevent unauthorized and unintended information transfer via shared system resources.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (29)
- T1020.001 Traffic Duplication Exfiltration
- T1040 Network Sniffing Credential Access, Discovery
- T1070 Indicator Removal Stealth
- T1070.008 Clear Mailbox Data Stealth
- T1080 Taint Shared Content Lateral Movement
- T1119 Automated Collection Collection
- T1530 Data from Cloud Storage Collection
- T1552 Unsecured Credentials Credential Access
- T1552.001 Credentials In Files Credential Access
- T1552.002 Credentials in Registry Credential Access
- T1552.004 Private Keys Credential Access
- T1557 Adversary-in-the-Middle Credential Access, Collection
- T1557.002 ARP Cache Poisoning Credential Access, Collection
- T1558 Steal or Forge Kerberos Tickets Credential Access
- T1558.002 Silver Ticket Credential Access
- T1558.003 Kerberoasting Credential Access
- T1558.004 AS-REP Roasting Credential Access
- T1558.005 Ccache Files Credential Access
- T1564.009 Resource Forking Stealth
- T1565 Data Manipulation Impact
- T1565.001 Stored Data Manipulation Impact
- T1565.002 Transmitted Data Manipulation Impact
- T1565.003 Runtime Data Manipulation Impact
- T1595.003 Wordlist Scanning Reconnaissance
- T1602 Data from Configuration Repository Collection
- T1602.001 SNMP (MIB Dump) Collection
- T1602.002 Network Device Configuration Dump Collection
- T1685.005 Clear Windows Event Logs Defense Impairment
- T1685.006 Clear Linux or Mac System Logs Defense Impairment
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-404 | Improper Resource Shutdown or Release | 737 | Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects. |
CWE-665 | Improper Initialization | 416 | Ensures shared resources are explicitly initialized or cleared on allocation, preventing exposure of prior contents to new users or processes. |
CWE-459 | Incomplete Cleanup | 215 | Mandates complete sanitization during cleanup so that shared resources (memory, caches, buffers) do not retain data across subjects. |
CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | 30 | Directly requires removal of sensitive data from resources before reuse or reallocation to another subject, eliminating residual information transfer. |
CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | 19 | Forces clearing of heap memory contents prior to release, preventing subsequent processes from inspecting prior sensitive data. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-24241 | 2.0 | 9.8 | 0.0057 | good |
CVE-2025-30461 | 2.0 | 9.8 | 0.0037 | good |
CVE-2025-34206 | 2.0 | 9.8 | 0.0016 | good |
CVE-2025-25176 | 1.8 | 9.1 | 0.0005 | good |
CVE-2024-9950 | 1.7 | 7.8 | 0.0177 | good |
CVE-2026-32091 | 1.7 | 8.4 | 0.0004 | good |
CVE-2026-29872 | 1.6 | 8.2 | 0.0007 | good |
CVE-2025-1801 | 1.6 | 8.1 | 0.0011 | good |
CVE-2024-46975 | 1.6 | 7.9 | 0.0002 | good |
CVE-2026-32160 | 1.6 | 7.8 | 0.0004 | good |
CVE-2026-32159 | 1.6 | 7.8 | 0.0004 | good |
CVE-2026-27927 | 1.6 | 7.8 | 0.0004 | good |
CVE-2026-20930 | 1.6 | 7.8 | 0.0004 | good |
CVE-2026-22163 | 1.6 | 7.8 | 0.0001 | good |
CVE-2026-32164 | 1.6 | 7.8 | 0.0004 | good |
CVE-2026-20874 | 1.6 | 7.8 | 0.0003 | good |
CVE-2026-20873 | 1.6 | 7.8 | 0.0003 | good |
CVE-2026-5795 | 1.5 | 7.4 | 0.0002 | good |
CVE-2024-12577 | 1.5 | 7.3 | 0.0003 | good |
CVE-2026-35603 | 1.5 | 7.3 | 0.0001 | good |
CVE-2024-45339 | 1.4 | 7.1 | 0.0007 | good |
CVE-2024-56436 | 1.1 | 5.5 | 0.0007 | good |
CVE-2025-60710 KEV | 5.3 | 7.8 | 0.2972 | good |
CVE-2025-62215 KEV | 3.5 | 7.0 | 0.0237 | good |
CVE-2026-20805 KEV | 3.3 | 5.5 | 0.0327 | good |