NIST 800-53 r5 · Controls catalogue · Family AC
AC-11Device Lock
Prevent further access to the system by {{ insert: param, ac-11_odp.01 }} ; and Retain the device lock until the user reestablishes access using established identification and authentication procedures.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 2 mapping(s) from 1 framework(s): ASVS 5.0 2 (partial)
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (2)
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 5,367 | Device lock enforces restricted access until re-authentication, directly reducing unauthorized use of active sessions. |
CWE-306 | Missing Authentication for Critical Function | 2,820 | Requires established identification and authentication to unlock, mitigating missing authentication for continued system access. |
CWE-613 | Insufficient Session Expiration | 642 | Locks the device (typically after inactivity) until re-authentication, addressing insufficient session expiration by preventing indefinite access. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2024-44286 | 5.5 | 7.5 | 0.0034 | good |
CVE-2022-50976 | 5.5 | 7.7 | 0.0014 | good |
CVE-2025-48568 | 5.5 | 7.4 | 0.0008 | good |
CVE-2022-26629 | 7.0 | 9.1 | 0.0317 | good |
CVE-2024-53835 | 5.5 | 7.8 | 0.0008 | partial |
CVE-2024-43764 | 5.5 | 7.8 | 0.0008 | partial |
CVE-2025-48605 | 5.5 | 8.4 | 0.0011 | good |
CVE-2025-48602 | 5.5 | 8.4 | 0.0011 | good |
CVE-2025-48577 | 5.5 | 7.4 | 0.0008 | good |
CVE-2024-44136 | 3.5 | 4.6 | 0.0042 | good |
CVE-2025-15554 | 5.5 | 7.8 | 0.0014 | good |
CVE-2025-15552 | 5.5 | 7.8 | 0.0011 | partial |
CVE-2026-25476 | 5.5 | 7.5 | 0.0031 | partial |
CVE-2024-57957 | 3.5 | 6.6 | 0.0030 | good |