NIST 800-53 r5 · Controls catalogue · Family CM
CM-14Signed Components
Prevent the installation of {{ insert: param, cm-14_prm_1 }} without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 1 mapping(s) from 1 framework(s): OWASP-Web 1 (partial)
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-347 | Improper Verification of Cryptographic Signature | 842 | Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures. |
CWE-494 | Download of Code Without Integrity Check | 252 | Blocks installation of components lacking a valid signature, mitigating download or installation of code without integrity checks. |
CWE-353 | Missing Support for Integrity Check | 40 | Implements required signature-based integrity verification, addressing missing support for integrity checks on components. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-3502 KEV | 10.0 | 7.8 | 0.0575 | good |
CVE-2025-47827 KEV UPD | 10.0 | 4.6 | 0.0382 | good |
CVE-2024-4978 KEV | 10.0 | 8.4 | 0.2694 | good |
CVE-2022-40139 KEV | 10.0 | 7.2 | 0.0305 | good |
CVE-2021-25395 KEV | 10.0 | 6.4 | 0.0039 | good |
CVE-2016-3235 KEV | 10.0 | 7.8 | 0.4343 | good |
CVE-2025-66255 | 7.0 | 9.8 | 0.0033 | good |
CVE-2025-27670 | 7.0 | 9.8 | 0.0039 | good |
CVE-2025-27680 | 7.0 | 9.1 | 0.0029 | good |
CVE-2025-43245 UPD | 7.0 | 9.8 | 0.0069 | good |
CVE-2023-25143 | 7.0 | 9.8 | 0.0174 | good |
CVE-2023-49313 | 7.0 | 9.8 | 0.0132 | good |
CVE-2022-30315 | 7.0 | 9.8 | 0.0076 | good |
CVE-2025-34071 UPD | 7.0 | 9.8 | 0.0070 | good |
CVE-2025-28236 UPD | 7.0 | 9.8 | 0.0032 | good |
CVE-2022-48194 | 6.0 | 8.8 | 0.3348 | good |
CVE-2024-41334 | 5.5 | 8.8 | 0.0037 | good |
CVE-2026-40066 | 5.5 | 8.8 | 0.0030 | good |
CVE-2024-7344 | 5.5 | 8.2 | 0.0104 | good |
CVE-2026-32920 | 5.5 | 8.4 | 0.0033 | good |
CVE-2024-11128 | 5.5 | 7.8 | 0.0016 | good |
CVE-2025-0509 | 5.5 | 7.3 | 0.0089 | good |
CVE-2026-3780 | 5.5 | 7.3 | 0.0012 | good |
CVE-2024-56161 | 5.5 | 7.2 | 0.0052 | good |
CVE-2025-68623 | 5.5 | 8.8 | 0.0013 | good |