Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SI

SI-20Tainting

Embed data or capabilities in the following systems or system components to determine if organizational data has been exfiltrated or improperly removed from the organization: {{ insert: param, si-20_odp }}.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (3)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Tainting directly detects exfiltration resulting from exposure of sensitive information to unauthorized actors.
CWE-552Files or Directories Accessible to External Parties563Detects improper removal of data from files or directories that are accessible to external parties.
CWE-201Insertion of Sensitive Information Into Sent Data353Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere342The control detects removal of sensitive system information into an unauthorized control sphere.
CWE-359Exposure of Private Personal Information to an Unauthorized Actor190Tainting enables identification of exfiltration of private personal information to unauthorized parties.
CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory93Tainting makes it possible to determine when sensitive data has been removed from externally accessible files or directories.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2022-41049 KEV10.05.40.0248good
CVE-2026-338737.09.90.0143good
CVE-2026-258817.09.00.0055good
CVE-2025-216225.57.50.0092good
CVE-2026-340417.09.80.0062good

Other controls in family SI

SI-1 SI-10 SI-11 SI-12 SI-13 SI-14 SI-15 SI-16 SI-17 SI-18 SI-19 SI-2 SI-21 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-7 SI-8 SI-9