Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family SI

SI-21Information Refresh

Refresh {{ insert: param, si-21_odp.01 }} at {{ insert: param, si-21_odp.02 }} or generate the information on demand and delete the information when no longer needed.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,204Deleting information when no longer needed directly reduces the window during which sensitive data can be exposed to unauthorized actors.
CWE-613Insufficient Session Expiration606Timed refresh of session-related information or on-demand generation plus deletion implements proper session expiration.
CWE-459Incomplete Cleanup215The explicit delete step when information is no longer needed implements the cleanup that this weakness omits.
CWE-212Improper Removal of Sensitive Information Before Storage or Transfer126The generate-on-demand-and-delete requirement enforces removal of sensitive information before storage or transfer, preventing improper retention.
CWE-524Use of Cache Containing Sensitive Information37Refreshing cached data or generating it ephemerally and deleting afterward directly mitigates storage of sensitive information in caches.
CWE-226Sensitive Information in Resource Not Removed Before Reuse30Periodic refresh or explicit deletion before reuse prevents sensitive information from remaining in a reusable resource.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family SI

SI-1 SI-10 SI-11 SI-12 SI-13 SI-14 SI-15 SI-16 SI-17 SI-18 SI-19 SI-2 SI-20 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-7 SI-8 SI-9