NIST 800-53 r5 · Controls catalogue · Family SI
SI-14Non-persistence
Implement non-persistent {{ insert: param, si-14_odp.01 }} that are initiated in a known state and terminated {{ insert: param, si-14_odp.02 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (7)
- T1505 Server Software Component Persistence
- T1505.001 SQL Stored Procedures Persistence
- T1505.002 Transport Agent Persistence
- T1505.004 IIS Components Persistence
- T1546.003 Windows Management Instrumentation Event Subscription Privilege Escalation, Persistence
- T1547.004 Winlogon Helper DLL Persistence, Privilege Escalation
- T1547.006 Kernel Modules and Extensions Persistence, Privilege Escalation
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-613 | Insufficient Session Expiration | 606 | When the non-persistent artifact is a session or connection, mandatory termination implements the missing expiration that CWE-613 describes. |
CWE-665 | Improper Initialization | 416 | Mandates that every instance begins in a known (presumably clean) state, eliminating reliance on residual or uninitialized state left by prior executions. |
CWE-459 | Incomplete Cleanup | 215 | Termination of the non-persistent artifact guarantees cleanup of temporary state, directly countering incomplete cleanup weaknesses. |
CWE-506 | Embedded Malicious Code | 80 | Any embedded malicious code or backdoor written into an instance is erased at termination, rendering persistence mechanisms ineffective across successive instances. |
CWE-912 | Hidden Functionality | 79 | Hidden or unauthorized functionality introduced at runtime cannot survive instance termination, neutralizing the value of such concealed code. |
CWE-664 | Improper Control of a Resource Through its Lifetime | 39 | Directly enforces limited resource lifetime by requiring initiation from a known state and explicit termination, shrinking the window any long-lived resource weakness can be exploited. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-0473 | 1.3 | 6.5 | 0.0013 | good |