Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SI

SI-16Memory Protection

Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 1 mapping(s) from 1 framework(s): CSF 2.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (36)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-787Out-of-bounds Write16,677Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14,364Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
CWE-416Use After Free9,303Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.
CWE-94Improper Control of Generation of Code ('Code Injection')6,984Directly prevents execution of attacker-supplied code written into data memory regions.
CWE-123Write-what-where Condition57Write-what-where primitives are neutralized when the attacker cannot execute the memory they control.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-24085 KEV10.010.00.1867good
CVE-2025-43529 KEV10.08.80.0844good
CVE-2025-43520 KEV10.05.50.0040good
CVE-2025-21042 KEV10.08.80.1161good
CVE-2025-48543 KEV UPD10.08.80.0054good
CVE-2025-31277 KEV UPD10.08.80.0148good
CVE-2025-32701 KEV UPD10.07.80.0129good
CVE-2025-31201 KEV UPD10.09.80.1236good
CVE-2024-49138 KEV10.07.80.2541good
CVE-2024-36971 KEV10.07.80.0270good
CVE-2023-6549 KEV10.08.20.5763good
CVE-2023-43000 KEV10.08.80.0396good
CVE-2023-42917 KEV10.08.80.0937good
CVE-2023-4211 KEV10.05.50.0136good
CVE-2023-41974 KEV10.07.80.0141good
CVE-2023-41064 KEV10.07.80.1526good
CVE-2023-36036 KEV10.07.80.1654good
CVE-2023-36033 KEV10.07.80.1198good
CVE-2023-33107 KEV10.08.40.0089good
CVE-2023-32435 KEV10.08.80.2295good
CVE-2023-26083 KEV10.03.30.0142good
CVE-2022-48618 KEV10.07.00.0049good
CVE-2022-38181 KEV10.08.80.1259good
CVE-2022-22706 KEV10.07.80.0122good
CVE-2022-22675 KEV10.07.80.1264good

Other controls in family SI

SI-1 SI-10 SI-11 SI-12 SI-13 SI-14 SI-15 SI-17 SI-18 SI-19 SI-2 SI-20 SI-21 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-7 SI-8 SI-9