NIST 800-53 r5 · Controls catalogue · Family SI
SI-6Security and Privacy Function Verification
Verify the correct operation of {{ insert: param, si-6_prm_1 }}; Perform the verification of the functions specified in SI-6a {{ insert: param, si-06_odp.03 }}; Alert {{ insert: param, si-06_odp.06 }} to failed security and privacy verification tests; and {{ insert: param, si-06_odp.07 }} when anomalies are discovered.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-754 | Improper Check for Unusual or Exceptional Conditions | 697 | Anomaly detection and alerting implement checks for unusual conditions that would otherwise go unnoticed. |
CWE-693 | Protection Mechanism Failure | 476 | Explicit verification and alerting detect when protection mechanisms are not functioning, limiting undetected bypasses. |
CWE-703 | Improper Check or Handling of Exceptional Conditions | 146 | The required verification process supplies the missing checks for exceptional conditions affecting security functions. |
CWE-440 | Expected Behavior Violation | 37 | Verification of security function operation directly detects deviations from expected behavior. |
CWE-636 | Not Failing Securely ('Failing Open') | 27 | Failed verification tests trigger alerts, reducing the window for exploitation when systems fail open. |
CWE-684 | Incorrect Provision of Specified Functionality | 27 | Periodic checks confirm that specified security and privacy functions are actually provided and operating. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-26742 | 1.6 | 8.1 | 0.0005 | good |
CVE-2026-4748 | 1.5 | 7.5 | 0.0005 | good |
CVE-2026-29649 | 2.0 | 9.8 | 0.0002 | good |
CVE-2026-33471 | 1.9 | 9.6 | 0.0003 | good |
CVE-2026-33807 | 1.8 | 9.1 | 0.0002 | good |
CVE-2026-24851 | 1.8 | 8.8 | 0.0002 | good |
CVE-2026-5501 | 1.6 | 8.1 | 0.0002 | partial |
CVE-2026-40880 | 1.6 | 8.1 | 0.0005 | partial |
CVE-2026-22753 | 1.5 | 7.5 | 0.0007 | partial |
CVE-2026-28498 | 1.5 | 7.5 | 0.0002 | good |
CVE-2026-35042 | 1.5 | 7.5 | 0.0002 | good |