Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-41Port and I/O Device Access

{{ insert: param, sc-41_odp.02 }} disable or remove {{ insert: param, sc-41_odp.01 }} on the following systems or system components: {{ insert: param, sc-41_odp.03 }}.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (5)

Weaknesses this control addresses (8)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,367Disabling or removing ports and I/O devices directly enforces hardware-level access control by eliminating entry points.
CWE-923Improper Restriction of Communication Channel to Intended Endpoints61Restricts communication channels to only intended endpoints by eliminating unnecessary ports and devices.
CWE-300Channel Accessible by Non-Endpoint54Eliminates channels that could be accessed by non-endpoint actors through disabled ports and devices.
CWE-420Unprotected Alternate Channel38Removes or disables unprotected alternate I/O channels that could otherwise be used to bypass primary controls.
CWE-1191On-Chip Debug and Test Interface With Improper Access Control20Directly mitigates exposure of on-chip debug and test interfaces by disabling or removing them.
CWE-1263Improper Physical Access Control13Reduces physical access attack surface by disabling physical ports and I/O devices.
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or State12Prevents internal assets from being exposed through debug or test access levels by removing those interfaces.
CWE-1299Missing Protection Mechanism for Alternate Hardware Interface11Provides protection for alternate hardware interfaces by disabling them when not required.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2018-19322 KEV10.07.80.0187good
CVE-2026-307047.09.10.0031good
CVE-2024-481235.58.40.0018good
CVE-2026-290935.58.10.0049good
CVE-2024-554075.57.80.0021good
CVE-2024-554125.57.80.0021good
CVE-2026-250865.57.70.0015good
CVE-2024-53197 KEV10.07.80.0356partial
CVE-2024-53150 KEV10.07.10.0132partial
CVE-2015-1769 KEV10.06.60.0434good
CVE-2025-301137.09.80.0041good
CVE-2025-543047.09.80.0044good
CVE-2022-240827.09.80.0948good
CVE-2026-271825.58.40.0121good
CVE-2026-258075.58.80.0064good
CVE-2025-552215.58.60.0036good
CVE-2024-554135.57.80.0021good
CVE-2025-301415.57.50.0033good
CVE-2022-509765.57.70.0014good
CVE-2021-477865.57.50.0044good
CVE-2024-404315.58.80.0127good
CVE-2026-20387.09.80.0065good
CVE-2026-263337.09.80.0093good
CVE-2025-594037.09.80.0100good
CVE-2025-301377.09.80.0044good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9