Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family CP

CP-13Alternative Security Mechanisms

Employ {{ insert: param, cp-13_odp.01 }} for satisfying {{ insert: param, cp-13_odp.02 }} when the primary means of implementing the security function is unavailable or compromised.

Last updated: 04 July 2026 08:17 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,385Alternative mechanisms sustain access control enforcement even if the primary access control implementation is unavailable or compromised.
CWE-287Improper Authentication4,909Delivers alternative authentication approaches to verify identity when the primary authentication mechanism is unavailable or compromised.
CWE-285Improper Authorization1,360Supplies backup authorization methods to block unauthorized actions when the primary authorization process is unavailable or compromised.
CWE-693Protection Mechanism Failure614Provides alternative mechanisms to maintain security functions when the primary implementation is unavailable or compromised, directly preventing protection mechanism failure.
CWE-636Not Failing Securely ('Failing Open')35Ensures security functions remain enforced via alternatives instead of defaulting to an insecure state when the primary means fails.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family CP

CP-1 CP-10 CP-11 CP-12 CP-2 CP-3 CP-4 CP-5 CP-6 CP-7 CP-8 CP-9