NIST 800-53 r5 · Controls catalogue · Family SR

SR-12Component Disposal

Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE	Name	CVEs	Why this control addresses it
`CWE-200`	Exposure of Sensitive Information to an Unauthorized Actor	10,204	Secure disposal techniques directly prevent sensitive data from becoming accessible to unauthorized actors after components leave organizational control.
`CWE-668`	Exposure of Resource to Wrong Sphere	779	Ensures components are not exposed to an external or disposal sphere while still containing sensitive data or resources.
`CWE-459`	Incomplete Cleanup	215	Enforces complete cleanup and sanitization steps during disposal, closing gaps that leave data remnants on retired components.
`CWE-212`	Improper Removal of Sensitive Information Before Storage or Transfer	126	Requires explicit removal of sensitive information prior to component transfer or disposal, reducing exposure from retained data.
`CWE-669`	Incorrect Resource Transfer Between Spheres	96	Addresses incorrect transfer of resources to an uncontrolled sphere by requiring approved destruction or sanitization methods.
`CWE-226`	Sensitive Information in Resource Not Removed Before Reuse	30	Mandates sanitization of resources before they are released or discarded, preventing residual sensitive information from being recovered.

CVE	Risk	CVSS	EPSS	Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.