Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-40Wireless Link Protection

Protect external and internal {{ insert: param, sc-40_prm_1 }} from the following signal parameter attacks: {{ insert: param, sc-40_prm_2 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 1 mapping(s) from 1 framework(s): CSF 2.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (1)

Weaknesses this control addresses (7)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Wireless link protection (encryption, directional transmission, etc.) directly prevents unauthorized actors from observing transmitted data.
CWE-287Improper Authentication4,908Requires authentication mechanisms on the wireless link, making improper authentication weaknesses harder to exploit.
CWE-319Cleartext Transmission of Sensitive Information1,076Mandates cryptographic protection of the wireless medium, eliminating cleartext transmission of sensitive information over the air.
CWE-290Authentication Bypass by Spoofing698Signal-parameter protections (e.g., cryptographic authentication, anti-spoofing) directly counter spoofing-based authentication bypass.
CWE-294Authentication Bypass by Capture-replay280Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses.
CWE-923Improper Restriction of Communication Channel to Intended Endpoints61Enforces that the wireless communication channel is usable only by intended endpoints, addressing improper channel restriction.
CWE-300Channel Accessible by Non-Endpoint54The control restricts an inherently broadcast wireless channel to only intended endpoints, mitigating accessibility by non-endpoints.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-655527.09.80.0040good
CVE-2025-1727 UPD5.58.10.0053good
CVE-2026-260485.57.50.0026good
CVE-2025-524355.57.50.0021good
CVE-2026-238083.55.40.0026good
CVE-2025-699697.09.60.0046good
CVE-2025-248365.57.10.0023good
CVE-2025-698215.57.40.0041good
CVE-2025-369115.57.10.0694good
CVE-2025-143467.09.80.0549partial
CVE-2025-206347.09.80.0074partial
CVE-2025-301397.09.80.0039partial
CVE-2024-20017 UPD7.09.80.4633partial
CVE-2022-201457.09.80.0645partial
CVE-2023-277467.09.80.0175partial
CVE-2024-201545.58.80.0394partial
CVE-2024-201535.57.50.0032partial
CVE-2025-622355.58.10.0037partial
CVE-2025-698225.57.40.0034good
CVE-2025-473835.57.20.0013partial
CVE-2024-300785.58.80.0516partial
CVE-2026-238093.55.40.0026partial

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9