Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-4Information in Shared System Resources

Prevent unauthorized and unintended information transfer via shared system resources.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 1 mapping(s) from 1 framework(s): CSF 2.0 1 (mostly)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (29)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-404Improper Resource Shutdown or Release807Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
CWE-665Improper Initialization420Ensures shared resources are explicitly initialized or cleared on allocation, preventing exposure of prior contents to new users or processes.
CWE-459Incomplete Cleanup225Mandates complete sanitization during cleanup so that shared resources (memory, caches, buffers) do not retain data across subjects.
CWE-226Sensitive Information in Resource Not Removed Before Reuse32Directly requires removal of sensitive data from resources before reuse or reallocation to another subject, eliminating residual information transfer.
CWE-244Improper Clearing of Heap Memory Before Release ('Heap Inspection')19Forces clearing of heap memory contents prior to release, preventing subsequent processes from inspecting prior sensitive data.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-43510 KEV10.07.80.0035good
CVE-2024-50302 KEV10.05.50.0081good
CVE-2024-29745 KEV UPD10.05.50.0048good
CVE-2025-242417.09.80.0097good
CVE-2025-304617.09.80.0062good
CVE-2025-251767.09.10.0031good
CVE-2025-342067.09.80.0047good
CVE-2024-99505.57.80.0030good
CVE-2026-298725.58.20.0025good
CVE-2026-320915.58.40.0016good
CVE-2025-18015.58.10.0029good
CVE-2024-469755.57.90.0014good
CVE-2026-321605.57.80.0020good
CVE-2026-321595.57.80.0020good
CVE-2026-279275.57.80.0019good
CVE-2026-209305.57.80.0019good
CVE-2026-221635.57.80.0008good
CVE-2026-321645.57.80.0016good
CVE-2026-5795 UPD5.57.40.0053good
CVE-2024-125775.57.30.0016good
CVE-2026-356035.57.30.0011good
CVE-2024-453395.57.10.0028good
CVE-2026-208745.57.80.0030good
CVE-2026-208735.57.80.0030good
CVE-2026-208535.57.40.0031good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9