NIST 800-53 r5 · Controls catalogue · Family SC
SC-49Hardware-enforced Separation and Policy Enforcement
Implement hardware-enforced separation and policy enforcement mechanisms between {{ insert: param, sc-49_odp }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Hardware-enforced separation directly implements strong access control boundaries that software alone cannot bypass. |
CWE-269 | Improper Privilege Management | 2,907 | Hardware policy enforcement prevents improper privilege assignment or escalation across separated execution domains. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Hardware mechanisms enforce correct permission assignments on critical resources that would otherwise be modifiable by software. |
CWE-693 | Protection Mechanism Failure | 476 | Hardware enforcement reduces the likelihood that protection mechanisms can be bypassed or fail due to software flaws. |
CWE-250 | Execution with Unnecessary Privileges | 305 | Mandatory hardware separation makes it harder to run code with unnecessary privileges by isolating privilege domains. |
CWE-653 | Improper Isolation or Compartmentalization | 52 | The control explicitly provides hardware-backed isolation and compartmentalization between domains or components. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-6573 | 2.0 | 9.8 | 0.0021 | good |