NIST 800-53 r5 · Controls catalogue · Family AC
AC-10Concurrent Session Control
Limit the number of concurrent sessions for each {{ insert: param, ac-10_odp.01 }} to {{ insert: param, ac-10_odp.02 }}.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 2 mapping(s) from 2 framework(s): ASVS 5.0 1 (partial) · CSF 2.0 1 (partial)
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (4)
Weaknesses this control addresses (2)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,572 | Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 2,210 | This control implements explicit throttling on session allocation, addressing the weakness of allocating resources without limits. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2023-1907 | 5.5 | 8.0 | 0.0044 | good |
CVE-2026-32663 | 5.5 | 7.3 | 0.0025 | good |
CVE-2026-27649 | 5.5 | 7.3 | 0.0033 | good |
CVE-2026-26290 | 5.5 | 7.3 | 0.0034 | good |
CVE-2026-27647 | 5.5 | 7.3 | 0.0030 | good |
CVE-2026-27652 | 5.5 | 7.3 | 0.0031 | good |
CVE-2026-25778 | 5.5 | 7.3 | 0.0031 | good |
CVE-2026-20895 | 5.5 | 7.3 | 0.0036 | good |
CVE-2026-20748 | 5.5 | 7.3 | 0.0025 | good |
CVE-2025-55705 | 5.5 | 7.3 | 0.0030 | good |
CVE-2026-24912 | 5.5 | 7.3 | 0.0039 | good |
CVE-2026-28412 | 3.5 | 6.5 | 0.0026 | good |
CVE-2024-42176 | 1.5 | 2.6 | 0.0021 | good |
CVE-2025-55275 | 1.5 | 3.7 | 0.0022 | good |
CVE-2026-1435 | 7.0 | 9.8 | 0.0037 | good |
CVE-2025-30118 | 5.5 | 7.5 | 0.0038 | good |
CVE-2026-40116 | 5.5 | 7.5 | 0.0037 | good |
CVE-2026-27630 | 5.5 | 7.5 | 0.0044 | good |
CVE-2026-1848 | 5.5 | 7.5 | 0.0026 | good |
CVE-2021-47865 | 5.5 | 7.5 | 0.0054 | good |
CVE-2025-68133 | 5.5 | 7.4 | 0.0035 | good |
CVE-2026-27764 | 5.5 | 7.3 | 0.0029 | good |
CVE-2025-8671 UPD | 5.5 | 7.5 | 0.0460 | partial |
CVE-2025-53506 UPD | 5.5 | 7.5 | 0.0190 | good |
CVE-2025-63529 | 3.5 | 6.1 | 0.0033 | partial |