Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-39Process Isolation

Maintain a separate execution domain for each executing system process.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 1 mapping(s) from 1 framework(s): CSF 2.0 1 (mostly)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (22)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,367Maintaining distinct execution domains directly implements access-control separation between processes, blocking unauthorized cross-process access.
CWE-269Improper Privilege Management3,104Separate execution domains enforce privilege boundaries so that improper privilege management within one process cannot affect others.
CWE-732Incorrect Permission Assignment for Critical Resource1,874By giving each process its own protected domain, the control reduces the impact of incorrect permission assignments on critical resources shared across processes.
CWE-668Exposure of Resource to Wrong Sphere797Process isolation ensures resources remain inside their intended spheres, preventing exposure of a resource to an unintended process.
CWE-250Execution with Unnecessary Privileges333Process isolation confines each process to its own execution domain, preventing one process from exercising the privileges or resources belonging to another.
CWE-653Improper Isolation or Compartmentalization66The control is a direct realization of proper isolation and compartmentalization, eliminating the weakness of shared execution domains.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-22225 KEV10.08.20.0096good
CVE-2020-16017 KEV10.09.60.0275good
CVE-2019-0211 KEV10.07.80.6501good
CVE-2026-341567.09.90.3650good
CVE-2026-398617.010.00.0052good
CVE-2025-28577.010.00.0189good
CVE-2024-563467.010.00.0106good
CVE-2025-242497.09.80.0083good
CVE-2026-412657.09.80.0046good
CVE-2026-257257.010.00.0042good
CVE-2025-43275 UPD7.09.80.0059good
CVE-2022-207777.09.90.1076good
CVE-2023-323147.09.80.0564good
CVE-2023-379037.09.80.0279good
CVE-2024-23652 UPD7.010.00.0204good
CVE-2024-480617.09.80.0132good
CVE-2024-21626 UPD6.08.60.1809good
CVE-2023-205886.05.50.1240good
CVE-2024-564445.57.50.0026good
CVE-2026-320485.57.50.0028good
CVE-2025-155405.58.80.0048good
CVE-2026-206675.58.80.0013good
CVE-2024-564433.56.20.0020good
CVE-2026-320463.55.30.0029good
CVE-2025-526433.54.70.0009good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9