NIST 800-53 r5 · Controls catalogue · Family SC
SC-50Software-enforced Separation and Policy Enforcement
Implement software-enforced separation and policy enforcement mechanisms between {{ insert: param, sc-50_odp }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-862 | Missing Authorization | 8,680 | Requires explicit authorization checks as part of the enforced policy between separated components. |
CWE-284 | Improper Access Control | 4,832 | Directly implements software-enforced boundaries that prevent unauthorized access across separated components or domains. |
CWE-863 | Incorrect Authorization | 3,234 | Policy enforcement mechanisms correct or prevent flawed authorization logic across domain boundaries. |
CWE-269 | Improper Privilege Management | 2,907 | Policy enforcement mechanisms limit privilege escalation and improper privilege assignments across boundaries. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Software-enforced separation ensures correct permission assignments on critical resources between domains. |
CWE-285 | Improper Authorization | 1,230 | Enforces policy-based authorization decisions between the separated subjects and objects. |
CWE-250 | Execution with Unnecessary Privileges | 305 | Separation and policy enforcement reduce the ability to execute with unnecessary privileges by isolating higher-privilege functions. |
CWE-653 | Improper Isolation or Compartmentalization | 52 | Explicitly requires isolation and compartmentalization mechanisms that address failures in separating security domains. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-33396 | 2.0 | 9.9 | 0.0097 | good |
CVE-2026-27952 | 1.8 | 8.8 | 0.0012 | good |
CVE-2025-0781 | 1.7 | 8.6 | 0.0004 | good |
CVE-2026-27597 | 2.0 | 10.0 | 0.0077 | good |
CVE-2026-25142 | 2.0 | 10.0 | 0.0022 | good |
CVE-2026-34208 | 2.0 | 10.0 | 0.0020 | good |
CVE-2025-24178 | 2.0 | 9.8 | 0.0067 | good |
CVE-2026-29649 | 2.0 | 9.8 | 0.0002 | good |
CVE-2026-25520 | 2.0 | 10.0 | 0.0005 | good |
CVE-2026-25587 | 2.0 | 10.0 | 0.0003 | partial |
CVE-2026-25725 | 2.0 | 10.0 | 0.0002 | good |
CVE-2026-0881 | 2.0 | 10.0 | 0.0003 | good |
CVE-2025-5120 | 2.0 | 10.0 | 0.0040 | good |
CVE-2026-40959 | 1.9 | 9.3 | 0.0001 | good |
CVE-2025-15540 | 1.8 | 8.8 | 0.0006 | good |
CVE-2025-43257 | 1.7 | 8.7 | 0.0001 | good |
CVE-2026-28891 | 1.6 | 8.1 | 0.0001 | good |
CVE-2026-32988 | 1.5 | 7.5 | 0.0001 | good |
CVE-2025-52643 | 0.9 | 4.7 | 0.0002 | good |
CVE-2026-23830 | 2.0 | 10.0 | 0.0020 | good |
CVE-2026-22686 | 2.0 | 10.0 | 0.0021 | good |
CVE-2026-39888 | 2.0 | 9.9 | 0.0010 | good |
CVE-2026-33897 | 2.0 | 9.9 | 0.0002 | good |
CVE-2026-29646 | 2.0 | 9.8 | 0.0008 | good |
CVE-2026-26954 | 2.0 | 10.0 | 0.0009 | partial |