Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SI

SI-11Error Handling

Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and Reveal error messages only to {{ insert: param, si-11_odp }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 3 mapping(s) from 2 framework(s): ASVS 5.0 2 (partial) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Restricts error message visibility to authorized recipients, directly reducing unauthorized exposure of sensitive information.
CWE-203Observable Discrepancy854Prevents attackers from using observable differences in error responses to infer internal system details or state.
CWE-209Generation of Error Message Containing Sensitive Information666Explicitly requires error messages to avoid including sensitive or exploitable details while still supporting corrective action.
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere342Ensures sensitive system information is not disclosed outside the intended control sphere through error output.
CWE-204Observable Response Discrepancy161Eliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-47813 KEV UPD10.04.30.5637good
CVE-2024-29059 KEV UPD10.07.50.9883good
CVE-2023-28771 KEV10.09.80.9928good
CVE-2021-1906 KEV10.06.20.0052good
CVE-2013-7331 KEV10.06.50.5802good
CVE-2025-621688.010.00.6332good
CVE-2023-369338.07.50.7224good
CVE-2025-276677.09.80.0062good
CVE-2026-275867.09.10.0027good
CVE-2024-529757.09.00.0027good
CVE-2026-278097.09.10.0041good
CVE-2026-22778 UPD7.09.80.0382good
CVE-2025-101567.09.80.0143good
CVE-2025-46658 UPD7.09.80.0035good
CVE-2022-231217.09.80.0853good
CVE-2024-75697.09.60.0164good
CVE-2024-21733 UPD6.05.30.1429good
CVE-2026-201015.58.60.0035good
CVE-2025-22555.58.70.0028good
CVE-2025-303535.58.60.0050good
CVE-2025-145515.58.10.0028good
CVE-2024-118645.57.50.0050good
CVE-2024-569215.57.50.0047good
CVE-2024-116255.57.70.0029good
CVE-2026-343885.57.50.0026good

Other controls in family SI

SI-1 SI-10 SI-12 SI-13 SI-14 SI-15 SI-16 SI-17 SI-18 SI-19 SI-2 SI-20 SI-21 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-7 SI-8 SI-9