NIST 800-53 r5 · Controls catalogue · Family SC
SC-40Wireless Link Protection
Protect external and internal {{ insert: param, sc-40_prm_1 }} from the following signal parameter attacks: {{ insert: param, sc-40_prm_2 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (1)
- T1557.004 Evil Twin Credential Access, Collection
Weaknesses this control addresses (7)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Wireless link protection (encryption, directional transmission, etc.) directly prevents unauthorized actors from observing transmitted data. |
CWE-287 | Improper Authentication | 4,730 | Requires authentication mechanisms on the wireless link, making improper authentication weaknesses harder to exploit. |
CWE-319 | Cleartext Transmission of Sensitive Information | 1,042 | Mandates cryptographic protection of the wireless medium, eliminating cleartext transmission of sensitive information over the air. |
CWE-290 | Authentication Bypass by Spoofing | 631 | Signal-parameter protections (e.g., cryptographic authentication, anti-spoofing) directly counter spoofing-based authentication bypass. |
CWE-294 | Authentication Bypass by Capture-replay | 264 | Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses. |
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints | 57 | Enforces that the wireless communication channel is usable only by intended endpoints, addressing improper channel restriction. |
CWE-300 | Channel Accessible by Non-Endpoint | 53 | The control restricts an inherently broadcast wireless channel to only intended endpoints, mitigating accessibility by non-endpoints. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-65552 | 2.0 | 9.8 | 0.0013 | good |
CVE-2025-69969 | 1.9 | 9.6 | 0.0005 | good |
CVE-2025-24836 | 1.4 | 7.1 | 0.0005 | good |
CVE-2025-14346 | 2.0 | 9.8 | 0.0015 | partial |
CVE-2025-30139 | 2.0 | 9.8 | 0.0025 | partial |
CVE-2025-62235 | 1.6 | 8.1 | 0.0004 | partial |
CVE-2024-20153 | 1.5 | 7.5 | 0.0068 | partial |