Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-24Fail in Known State

Fail to a {{ insert: param, sc-24_odp.02 }} for the following failures on the indicated components while preserving {{ insert: param, sc-24_odp.03 }} in failure: {{ insert: param, sc-24_odp.01 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 2 mapping(s) from 2 framework(s): CSF 2.0 1 (mostly) · ASVS 5.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-754Improper Check for Unusual or Exceptional Conditions730Requires detection of unusual conditions followed by a controlled transition to the defined failure state.
CWE-755Improper Handling of Exceptional Conditions677Enforces structured response to exceptional conditions so the system cannot remain in an unsafe state.
CWE-248Uncaught Exception219Prevents abrupt termination from uncaught exceptions by requiring a defined, preserved-state failure mode.
CWE-703Improper Check or Handling of Exceptional Conditions150Mandates explicit, predictable handling of exceptional conditions rather than undefined continuation.
CWE-636Not Failing Securely ('Failing Open')35Directly requires transition to a known (secure) state on failure, preventing fail-open behavior.
CWE-390Detection of Error Condition Without Action18Ensures that detected error conditions trigger an explicit action to reach the known failure state.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2021-1906 KEV10.06.20.0052good
CVE-2025-304307.09.80.0109good
CVE-2026-22877.09.80.0069good
CVE-2026-275867.09.10.0027good
CVE-2026-234665.57.80.0013good
CVE-2026-424235.57.50.0032good
CVE-2026-35535 UPD5.57.40.0017good
CVE-2025-709565.57.50.0046good
CVE-2026-31837 UPD5.57.50.0038good
CVE-2026-263195.57.50.0028good
CVE-2024-27983 UPD8.08.20.8721partial
CVE-2026-314095.58.80.0045good
CVE-2026-340635.57.50.0035good
CVE-2026-402465.57.50.0038good
CVE-2026-296435.57.10.0016partial
CVE-2025-701235.57.50.0033partial
CVE-2025-681345.57.40.0016partial
CVE-2025-681415.57.40.0025partial
CVE-2026-284025.57.10.0020partial
CVE-2025-5987 UPD5.58.10.0144partial
CVE-2022-361275.57.50.0159partial
CVE-2026-17393.55.30.0070partial

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9