NIST 800-53 r5 · Controls catalogue · Family SC
SC-43Usage Restrictions
Establish usage restrictions and implementation guidelines for the following system components: {{ insert: param, sc-43_odp }} ; and Authorize, monitor, and control the use of such components within the system.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (5)
- T1011 Exfiltration Over Other Network Medium Exfiltration
- T1078 Valid Accounts Stealth, Persistence, Privilege Escalation, Initial Access
- T1078.004 Cloud Accounts Stealth, Persistence, Privilege Escalation, Initial Access
- T1114.003 Email Forwarding Rule Collection
- T1613 Container and Resource Discovery Discovery
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-862 | Missing Authorization | 8,680 | The control mandates authorization prior to allowing use of designated components, eliminating missing authorization paths. |
CWE-284 | Improper Access Control | 4,832 | Requiring authorization, monitoring, and control of component use directly enforces access control decisions on system resources. |
CWE-863 | Incorrect Authorization | 3,234 | Ongoing monitoring and control of component usage detects and stops incorrect authorization decisions at runtime. |
CWE-269 | Improper Privilege Management | 2,907 | Usage restrictions and implementation guidelines limit how privileges may be exercised with the specified components. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Requiring authorization for listed components ensures authentication occurs before critical functions are invoked. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Establishing usage restrictions and guidelines directly addresses assignment of appropriate permissions to critical components. |
CWE-285 | Improper Authorization | 1,230 | Explicit authorization step before component use prevents actions that bypass intended authorization checks. |
CWE-250 | Execution with Unnecessary Privileges | 305 | Authorizing only necessary component uses reduces the chance of processes running with extraneous privileges. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||