NIST 800-53 r5 · Controls catalogue · Family SI
SI-16Memory Protection
Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (36)
- T1003.001 LSASS Memory Credential Access
- T1047 Windows Management Instrumentation Execution
- T1055.009 Proc Memory Stealth, Privilege Escalation
- T1059 Command and Scripting Interpreter Execution
- T1059.001 PowerShell Execution
- T1059.002 AppleScript Execution
- T1059.003 Windows Command Shell Execution
- T1059.004 Unix Shell Execution
- T1059.005 Visual Basic Execution
- T1059.006 Python Execution
- T1059.007 JavaScript Execution
- T1059.008 Network Device CLI Execution
- T1059.011 Lua Execution
- T1218 System Binary Proxy Execution Stealth
- T1218.001 Compiled HTML File Stealth
- T1218.002 Control Panel Stealth
- T1218.003 CMSTP Stealth
- T1218.004 InstallUtil Stealth
- T1218.005 Mshta Stealth
- T1218.008 Odbcconf Stealth
- T1218.009 Regsvcs/Regasm Stealth
- T1218.012 Verclsid Stealth
- T1218.013 Mavinject Stealth
- T1218.014 MMC Stealth
- T1218.015 Electron Applications Stealth
- T1505.004 IIS Components Persistence
- T1543 Create or Modify System Process Persistence, Privilege Escalation
- T1543.002 Systemd Service Persistence, Privilege Escalation
- T1547.004 Winlogon Helper DLL Persistence, Privilege Escalation
- T1547.006 Kernel Modules and Extensions Persistence, Privilege Escalation
- T1548 Abuse Elevation Control Mechanism Privilege Escalation
- T1548.004 Elevated Execution with Prompt Privilege Escalation
- T1565 Data Manipulation Impact
- T1565.001 Stored Data Manipulation Impact
- T1565.003 Runtime Data Manipulation Impact
- T1611 Escape to Host Privilege Escalation
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-787 | Out-of-bounds Write | 16,279 | Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections. |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | 14,126 | Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution. |
CWE-416 | Use After Free | 8,528 | Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR. |
CWE-94 | Improper Control of Generation of Code ('Code Injection') | 6,628 | Directly prevents execution of attacker-supplied code written into data memory regions. |
CWE-123 | Write-what-where Condition | 50 | Write-what-where primitives are neutralized when the attacker cannot execute the memory they control. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-24085 KEV | 5.0 | 10.0 | 0.1590 | good |
CVE-2025-24201 KEV | 4.0 | 10.0 | 0.0024 | good |
CVE-2025-31277 KEV | 3.8 | 8.8 | 0.0017 | good |
CVE-2025-43510 KEV | 3.6 | 7.8 | 0.0030 | good |
CVE-2025-43520 KEV | 3.1 | 5.5 | 0.0027 | good |
CVE-2025-24118 | 3.0 | 7.1 | 0.2702 | good |
CVE-2022-50922 | 2.0 | 9.8 | 0.0026 | good |
CVE-2025-24211 | 2.0 | 9.8 | 0.0077 | good |
CVE-2025-29913 | 2.0 | 9.8 | 0.0076 | good |
CVE-2025-26004 | 2.0 | 9.8 | 0.0060 | good |
CVE-2025-24269 | 2.0 | 9.8 | 0.0045 | good |
CVE-2024-55414 | 2.0 | 9.8 | 0.0009 | good |
CVE-2025-25664 | 2.0 | 9.8 | 0.0009 | good |
CVE-2020-37176 | 2.0 | 9.8 | 0.0008 | good |
CVE-2020-37124 | 2.0 | 9.8 | 0.0008 | good |
CVE-2025-34193 | 2.0 | 9.8 | 0.0029 | good |
CVE-2025-43186 | 2.0 | 9.8 | 0.0027 | good |
CVE-2025-43189 | 2.0 | 9.8 | 0.0014 | good |
CVE-2025-50518 | 2.0 | 9.8 | 0.0012 | good |
CVE-2025-52579 | 1.9 | 9.4 | 0.0020 | good |
CVE-2026-24406 | 1.8 | 8.8 | 0.0014 | good |
CVE-2026-34865 | 1.8 | 9.1 | 0.0003 | good |
CVE-2026-40572 | 1.8 | 9.0 | 0.0001 | good |
CVE-2024-54543 | 1.8 | 8.8 | 0.0014 | good |
CVE-2025-0304 | 1.8 | 8.8 | 0.0008 | good |