Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-51Hardware-based Protection

Employ hardware-based, write-protect for {{ insert: param, sc-51_odp.01 }} ; and Implement specific procedures for {{ insert: param, sc-51_odp.02 }} to manually disable hardware write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-862Missing Authorization9,346Eliminates missing authorization for writes by requiring physical/hardware action under controlled procedures.
CWE-284Improper Access Control5,367Hardware write-protect enforces access control on critical resources (e.g., firmware) independent of software state.
CWE-434Unrestricted Upload of File with Dangerous Type4,993Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
CWE-863Incorrect Authorization3,515Ensures authorization decisions for firmware changes cannot be bypassed by software and must follow explicit re-enable steps.
CWE-732Incorrect Permission Assignment for Critical Resource1,874Directly implements hardware-enforced write protection on critical resources instead of relying on potentially incorrect software permissions.
CWE-285Improper Authorization1,356Requires explicit authorization (via manual hardware procedures) before any write is possible, preventing unauthorized modifications.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-316497.09.80.0041good
CVE-2025-47827 KEV UPD10.04.60.0382partial
CVE-2025-31201 KEV UPD10.09.80.1236partial
CVE-2024-561815.58.20.0020partial
CVE-2025-473755.57.80.0007good
CVE-2025-473985.57.80.0009good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-6 SC-7 SC-8 SC-9