Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-50Software-enforced Separation and Policy Enforcement

Implement software-enforced separation and policy enforcement mechanisms between {{ insert: param, sc-50_odp }}.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (8)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-862Missing Authorization9,346Requires explicit authorization checks as part of the enforced policy between separated components.
CWE-284Improper Access Control5,367Directly implements software-enforced boundaries that prevent unauthorized access across separated components or domains.
CWE-863Incorrect Authorization3,515Policy enforcement mechanisms correct or prevent flawed authorization logic across domain boundaries.
CWE-269Improper Privilege Management3,104Policy enforcement mechanisms limit privilege escalation and improper privilege assignments across boundaries.
CWE-732Incorrect Permission Assignment for Critical Resource1,874Software-enforced separation ensures correct permission assignments on critical resources between domains.
CWE-285Improper Authorization1,356Enforces policy-based authorization decisions between the separated subjects and objects.
CWE-250Execution with Unnecessary Privileges333Separation and policy enforcement reduce the ability to execute with unnecessary privileges by isolating higher-privilege functions.
CWE-653Improper Isolation or Compartmentalization66Explicitly requires isolation and compartmentalization mechanisms that address failures in separating security domains.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2014-0546 KEV10.09.80.2233good
CVE-2026-333967.09.90.0083good
CVE-2026-279525.58.80.0050good
CVE-2025-07815.58.60.0034good
CVE-2026-275977.010.00.0088good
CVE-2026-251427.010.00.0109good
CVE-2026-342087.010.00.0056good
CVE-2025-241787.09.80.0148good
CVE-2026-296497.09.80.0045good
CVE-2026-409597.09.30.0018good
CVE-2026-255207.010.00.0078good
CVE-2026-255877.010.00.0065partial
CVE-2026-257257.010.00.0042good
CVE-2026-0881 UPD7.010.00.0031good
CVE-2024-341447.09.80.4808good
CVE-2025-432575.58.70.0018good
CVE-2026-288915.58.10.0014good
CVE-2026-329885.57.50.0008good
CVE-2025-155405.58.80.0048good
CVE-2025-526433.54.70.0009good
CVE-2026-238307.010.00.0112good
CVE-2026-226867.010.00.0059good
CVE-2026-398887.09.90.0054good
CVE-2026-338977.09.90.0048good
CVE-2026-296467.09.80.0037good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-51 SC-6 SC-7 SC-8 SC-9