NIST 800-53 r5 · Controls catalogue · Family SI
SI-13Predictable Failure Prevention
Determine mean time to failure (MTTF) for the following system components in specific environments of operation: {{ insert: param, si-13_odp.01 }} ; and Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: {{ insert: param, si-13_odp.02 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,324 | MTTF monitoring plus ready substitutes directly mitigate sustained resource exhaustion by allowing component swap before or at failure. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | Pre-planned substitution limits the window an attacker can exploit unbounded allocation to cause predictable component failure. |
CWE-754 | Improper Check for Unusual or Exceptional Conditions | 697 | MTTF determination forces explicit checks for conditions that precede predictable component failure. |
CWE-755 | Improper Handling of Exceptional Conditions | 662 | Prepared component exchange provides a defined recovery path, making improper handling of failures less exploitable. |
CWE-703 | Improper Check or Handling of Exceptional Conditions | 146 | Requires systematic prediction and handling of failure conditions, reducing the impact of unhandled exceptional states. |
CWE-636 | Not Failing Securely ('Failing Open') | 27 | Standby components and explicit exchange criteria enforce a controlled, secure failover instead of failing open. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-34063 | 1.5 | 7.5 | 0.0005 | good |