Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SR

SR-11Component Authenticity

Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and Report counterfeit system components to {{ insert: param, sr-11_odp.01 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 2 mapping(s) from 2 framework(s): OWASP-Web 1 (partial) · CSF 2.0 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (15)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-347Improper Verification of Cryptographic Signature842Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.
CWE-829Inclusion of Functionality from Untrusted Control Sphere298Anti-counterfeit procedures directly block inclusion of components originating from untrusted supply-chain actors.
CWE-494Download of Code Without Integrity Check252Detecting counterfeits requires integrity verification of received components before acceptance.
CWE-506Embedded Malicious Code85Counterfeit components are a common vector for embedding malicious code; preventing their entry reduces this exposure.
CWE-912Hidden Functionality79Policies that verify component provenance make introduction of hidden or undocumented functionality materially harder.
CWE-353Missing Support for Integrity Check40The control mandates support for integrity-checking mechanisms to identify non-genuine components.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-33634 KEV10.08.80.6037good
CVE-2026-344247.09.80.0055good
CVE-2026-64437.09.80.0050good
CVE-2026-348417.09.80.0023good
CVE-2026-401547.09.30.0030good
CVE-2026-319767.09.80.0050good
CVE-2010-201037.09.80.0475good
CVE-2011-100187.09.80.0186good
CVE-2025-342127.09.80.0063good
CVE-2024-417395.58.80.0043good
CVE-2026-413875.57.80.0024good
CVE-2026-42695.57.50.0024good
CVE-2025-275100.00.00.0058good
CVE-2025-59374 KEV10.09.80.0108good
CVE-2024-413345.58.80.0037good
CVE-2026-28500 UPD5.58.60.0032good
CVE-2023-240115.58.20.0033good
CVE-2025-213995.57.40.0066good
CVE-2025-15556 KEV10.07.50.0127good
CVE-2026-8398 KEV UPD10.09.80.0146partial
CVE-2024-4978 KEV10.08.40.2694partial
CVE-2025-276807.09.10.0029good
CVE-2026-350445.58.80.0039good
CVE-2026-44785.58.10.0027good
CVE-2025-10585.58.10.0022good

Other controls in family SR

SR-1 SR-10 SR-12 SR-2 SR-3 SR-4 SR-5 SR-6 SR-7 SR-8 SR-9