NIST 800-53 r5 · Controls catalogue · Family SI
SI-11Error Handling
Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and Reveal error messages only to {{ insert: param, si-11_odp }}.
Last updated: 19 May 2026 14:18 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (5)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,259 | Restricts error message visibility to authorized recipients, directly reducing unauthorized exposure of sensitive information. |
CWE-203 | Observable Discrepancy | 838 | Prevents attackers from using observable differences in error responses to infer internal system details or state. |
CWE-209 | Generation of Error Message Containing Sensitive Information | 648 | Explicitly requires error messages to avoid including sensitive or exploitable details while still supporting corrective action. |
CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | 318 | Ensures sensitive system information is not disclosed outside the intended control sphere through error output. |
CWE-204 | Observable Response Discrepancy | 153 | Eliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-47813 KEV | 4.5 | 4.3 | 0.2692 | good |
CVE-2025-62168 | 3.0 | 10.0 | 0.1639 | good |
CVE-2026-1357 | 2.9 | 9.8 | 0.1582 | good |
CVE-2025-27667 | 2.0 | 9.8 | 0.0048 | good |
CVE-2026-22778 | 2.0 | 9.8 | 0.0009 | good |
CVE-2025-46658 | 2.0 | 9.8 | 0.0010 | good |
CVE-2026-27586 | 1.8 | 9.1 | 0.0013 | good |
CVE-2024-52975 | 1.8 | 9.0 | 0.0034 | good |
CVE-2026-27809 | 1.8 | 9.1 | 0.0008 | good |
CVE-2026-20101 | 1.7 | 8.6 | 0.0016 | good |
CVE-2025-2255 | 1.7 | 8.7 | 0.0014 | good |
CVE-2025-30353 | 1.7 | 8.6 | 0.0036 | good |
CVE-2026-0011 | 1.7 | 8.4 | 0.0000 | good |
CVE-2025-14551 | 1.6 | 8.1 | 0.0005 | good |
CVE-2024-56921 | 1.6 | 7.5 | 0.0095 | good |
CVE-2026-25136 | 1.6 | 8.1 | 0.0008 | good |
CVE-2025-1395 | 1.6 | 8.2 | 0.0002 | good |
CVE-2026-0648 | 1.6 | 7.8 | 0.0002 | good |
CVE-2024-11864 | 1.5 | 7.5 | 0.0042 | good |
CVE-2024-11625 | 1.5 | 7.7 | 0.0009 | good |
CVE-2026-34388 | 1.5 | 7.5 | 0.0006 | good |
CVE-2025-1075 | 1.5 | 7.5 | 0.0021 | good |
CVE-2026-40245 | 1.5 | 7.5 | 0.0009 | good |
CVE-2026-30912 | 1.5 | 7.5 | 0.0008 | good |
CVE-2024-56113 | 1.5 | 7.5 | 0.0020 | good |