Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family PS

PS-8Personnel Sanctions

Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and Notify {{ insert: param, ps-08_odp.01 }} within {{ insert: param, ps-08_odp.02 }} when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (7)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-862Missing Authorization9,346Makes missing authorization checks or bypasses less likely by sanctioning responsible individuals for policy violations.
CWE-284Improper Access Control5,367Reduces insider exploitation of access-control weaknesses through enforceable consequences for policy non-compliance.
CWE-269Improper Privilege Management3,104Sanctions process enforces accountability for improper privilege assignments and management actions that breach policy.
CWE-732Incorrect Permission Assignment for Critical Resource1,874Sanctions discourage incorrect permission assignments on critical resources when such actions violate security policy.
CWE-285Improper Authorization1,356Deters improper authorization decisions by personnel via a formal sanctions and notification process.
CWE-250Execution with Unnecessary Privileges333Formal sanctions deter personnel from violating least-privilege policies by imposing consequences for unnecessary privilege use.
CWE-272Least Privilege Violation33Directly addresses least-privilege violations by providing a deterrent and notification mechanism when policies are not followed.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family PS

PS-1 PS-2 PS-3 PS-4 PS-5 PS-6 PS-7 PS-9