NIST 800-53 r5 · Controls catalogue · Family SC

SC-47Alternate Communications Paths

Establish {{ insert: param, sc-47_odp }} for system operations organizational command and control.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

No implementations targeting this control yet.

ATT&CK techniques this control mitigates (0)

No ATT&CK techniques mapped to this control yet.

Weaknesses this control addresses (8)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE	Name	CVEs	Why this control addresses it
`CWE-400`	Uncontrolled Resource Consumption	3,324	Alternate paths allow continued C2 operations when an attacker exploits resource-consumption weaknesses against the primary channel.
`CWE-770`	Allocation of Resources Without Limits or Throttling	1,979	Unbounded allocation or throttling attacks on one path are contained; the alternate path preserves organizational command functions.
`CWE-693`	Protection Mechanism Failure	476	Failure or compromise of the primary protection mechanism no longer results in total loss of C2 capability.
`CWE-923`	Improper Restriction of Communication Channel to Intended Endpoints	57	Dedicated alternate paths enable explicit restriction of C2 traffic to intended endpoints rather than relying on a single unrestricted channel.
`CWE-653`	Improper Isolation or Compartmentalization	52	Providing a distinct alternate path directly implements compartmentalization of critical command-and-control communications.
`CWE-405`	Asymmetric Resource Consumption (Amplification)	40	Amplification attacks that exhaust the primary path are mitigated by the existence of an independent alternate path for command traffic.
`CWE-657`	Violation of Secure Design Principles	19	Mandating redundant paths corrects the design-level omission of single points of failure for security-critical functions.
`CWE-406`	Insufficient Control of Network Message Volume (Network Amplification)	15	Network-volume amplification against one channel can be bypassed via the pre-established alternate path.

Top CVEs where this control is the strongest mitigation

CVE	Risk	CVSS	EPSS	Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9