Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-32System Partitioning

Partition the system into {{ insert: param, sc-32_odp.01 }} residing in separate {{ insert: param, sc-32_odp.02 }} domains or environments based on {{ insert: param, sc-32_odp.03 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 1 mapping(s) from 1 framework(s): ASVS 5.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (1)

Weaknesses this control addresses (8)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,367Enforces separation of domains that reduces the ability to bypass or violate access control boundaries.
CWE-732Incorrect Permission Assignment for Critical Resource1,874Supports correct permission assignment by allowing permissions to be scoped to individual partitions rather than a monolithic system.
CWE-285Improper Authorization1,356Partitioning limits authorization scope by confining subjects and objects to distinct environments.
CWE-668Exposure of Resource to Wrong Sphere797Prevents resources from residing in the wrong sphere by design through explicit domain separation.
CWE-250Execution with Unnecessary Privileges333Enables execution with minimal necessary privileges by isolating components into distinct environments.
CWE-669Incorrect Resource Transfer Between Spheres105Reduces incorrect transfers between spheres by establishing clear, separate domains for different sensitivities or functions.
CWE-441Unintended Proxy or Intermediary ('Confused Deputy')95Mitigates confused deputy risks by ensuring distinct privilege domains so one partition cannot unintentionally act on behalf of another.
CWE-653Improper Isolation or Compartmentalization66Directly implements isolation and compartmentalization by placing components into separate domains or environments.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9