NIST 800-53 r5 · Controls catalogue · Family SI
SI-9Information Input Restrictions
Information Input Restrictions
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-862 | Missing Authorization | 8,680 | Prevents missing authorization checks for input operations by restricting the capability itself. |
CWE-284 | Improper Access Control | 4,832 | Directly enforces access control by limiting input capability exclusively to authorized personnel. |
CWE-863 | Incorrect Authorization | 3,234 | Reduces incorrect authorization decisions by gating all input at the personnel/process level. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Ensures critical input functions cannot be reached without prior authorization. |
CWE-285 | Improper Authorization | 1,230 | Implements authorization checks on who may supply information to the system. |
CWE-425 | Direct Request ('Forced Browsing') | 255 | Blocks unauthorized direct requests or forced browsing by denying input access to non-authorized actors. |
CWE-807 | Reliance on Untrusted Inputs in a Security Decision | 74 | Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data. |
CWE-642 | External Control of Critical State Data | 18 | Limits external actors' ability to control critical state through input channels. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-27636 | 3.1 | 8.8 | 0.2242 | good |
CVE-2025-52636 | 0.4 | 1.8 | 0.0003 | good |
CVE-2025-7441 | 6.7 | 9.8 | 0.7894 | good |
CVE-2015-10138 | 6.0 | 9.8 | 0.6754 | good |
CVE-2013-10032 | 5.4 | 8.8 | 0.6065 | good |
CVE-2025-14558 | 5.1 | 7.2 | 0.6137 | good |
CVE-2024-57487 | 4.0 | 6.5 | 0.4510 | good |
CVE-2024-13171 | 3.4 | 7.8 | 0.3033 | good |
CVE-2025-68109 | 3.3 | 9.1 | 0.2544 | good |
CVE-2024-48760 | 2.7 | 9.8 | 0.1221 | good |
CVE-2025-64128 | 2.5 | 10.0 | 0.0832 | partial |
CVE-2025-55591 | 2.5 | 9.8 | 0.0955 | partial |
CVE-2025-22906 | 2.1 | 9.8 | 0.0218 | good |
CVE-2024-57595 | 2.1 | 9.8 | 0.0237 | good |
CVE-2025-14532 | 2.0 | 9.8 | 0.0025 | good |
CVE-2019-25459 | 2.0 | 9.8 | 0.0015 | partial |
CVE-2020-37186 | 2.0 | 9.8 | 0.0014 | good |
CVE-2020-37090 | 2.0 | 9.8 | 0.0104 | good |
CVE-2025-69828 | 2.0 | 10.0 | 0.0039 | good |
CVE-2025-67325 | 2.0 | 9.8 | 0.0029 | good |
CVE-2022-50912 | 2.0 | 9.8 | 0.0020 | good |
CVE-2024-8958 | 2.0 | 9.8 | 0.0127 | good |
CVE-2024-50660 | 2.0 | 9.8 | 0.0113 | good |
CVE-2026-40453 | 2.0 | 9.9 | 0.0019 | good |
CVE-2026-32169 | 2.0 | 10.0 | 0.0010 | good |