Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-8Transmission Confidentiality and Integrity

Protect the {{ insert: param, sc-08_odp }} of transmitted information.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 2 mapping(s) from 2 framework(s): CSF 2.0 1 (full) · ASVS 5.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (10)

ATT&CK techniques this control mitigates (19)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-319Cleartext Transmission of Sensitive Information1,076The control explicitly requires confidentiality protection for transmitted information, preventing cleartext exposure of sensitive data.
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute60Enforcing confidentiality on transmitted sensitive cookies requires the Secure attribute, preventing exposure on insecure channels.
CWE-300Channel Accessible by Non-Endpoint54Confidentiality and integrity protections on the transmission channel directly reduce the ability of non-endpoint actors to access or tamper with the data.
CWE-924Improper Enforcement of Message Integrity During Transmission in a Communication Channel40The control directly mandates integrity protection for transmitted information, addressing failures to enforce message integrity in transit.
CWE-523Unprotected Transport of Credentials23Requiring protected transport for credentials directly mitigates unprotected credential transmission over networks.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-48928 KEV UPD10.04.00.0037good
CVE-2022-33657.09.80.0204good
CVE-2025-342717.09.80.0068good
CVE-2025-28597.09.80.0041good
CVE-2025-632107.09.80.0050good
CVE-2025-139267.09.80.0044good
CVE-2026-423637.09.30.0019good
CVE-2026-7161 UPD7.09.30.0021good
CVE-2024-15097.09.10.0034good
CVE-2026-240607.09.10.0020good
CVE-2025-2311 UPD7.09.00.0016good
CVE-2025-686377.09.10.0022good
CVE-2025-21450 UPD7.09.10.0029good
CVE-2024-35967.09.00.1486good
CVE-2025-32444 UPD7.010.00.0148good
CVE-2025-26199 UPD7.09.80.0049good
CVE-2026-34486 UPD6.07.50.1583good
CVE-2023-254376.08.80.1411good
CVE-2022-451246.07.50.1450good
CVE-2025-05565.58.80.0029good
CVE-2024-475195.58.30.0033good
CVE-2025-21905.58.10.0031good
CVE-2024-365535.58.10.0029good
CVE-2025-232065.58.10.0031good
CVE-2024-138725.57.50.0023good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-9