Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-42Sensor Capability and Data

Prohibit {{ insert: param, sc-42_odp.01 }} ; and Provide an explicit indication of sensor use to {{ insert: param, sc-42_odp.05 }}.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (4)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Requiring explicit sensor-use indication and prohibiting selected capabilities directly reduces covert collection and exposure of sensitive data captured by device sensors.
CWE-284Improper Access Control5,367Prohibiting specific sensor capabilities implements an access-control policy on hardware resources that would otherwise be freely usable by unauthorized software.
CWE-668Exposure of Resource to Wrong Sphere797By restricting sensor activation and surfacing its use, the control prevents sensor data from being transferred into an unintended sphere (e.g., attacker-controlled processes or remote exfiltration).
CWE-359Exposure of Private Personal Information to an Unauthorized Actor190Mandatory user notification of sensor activation makes surreptitious capture of private personal information (camera, microphone, location, etc.) substantially harder to perform without detection.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-695157.09.10.0050good
CVE-2017-202135.57.50.0042good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9