NIST 800-53 r5 · Controls catalogue · Family SC
SC-32System Partitioning
Partition the system into {{ insert: param, sc-32_odp.01 }} residing in separate {{ insert: param, sc-32_odp.02 }} domains or environments based on {{ insert: param, sc-32_odp.03 }}.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 1 mapping(s) from 1 framework(s): ASVS 5.0 1 (partial)
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (1)
- T1590.002 DNS Reconnaissance
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 5,367 | Enforces separation of domains that reduces the ability to bypass or violate access control boundaries. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,874 | Supports correct permission assignment by allowing permissions to be scoped to individual partitions rather than a monolithic system. |
CWE-285 | Improper Authorization | 1,356 | Partitioning limits authorization scope by confining subjects and objects to distinct environments. |
CWE-668 | Exposure of Resource to Wrong Sphere | 797 | Prevents resources from residing in the wrong sphere by design through explicit domain separation. |
CWE-250 | Execution with Unnecessary Privileges | 333 | Enables execution with minimal necessary privileges by isolating components into distinct environments. |
CWE-669 | Incorrect Resource Transfer Between Spheres | 105 | Reduces incorrect transfers between spheres by establishing clear, separate domains for different sensitivities or functions. |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | 95 | Mitigates confused deputy risks by ensuring distinct privilege domains so one partition cannot unintentionally act on behalf of another. |
CWE-653 | Improper Isolation or Compartmentalization | 66 | Directly implements isolation and compartmentalization by placing components into separate domains or environments. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||