SC-31: Covert Channel Analysis
Control Family:
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
Baselines:
- Low
N/A
- Moderate
N/A
- High
N/A
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SC-31: Covert Channel Analysis
Control Statement
The organization:
- Performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert [Selection (one or more): storage; timing] channels; and
- Estimates the maximum bandwidth of those channels.
Supplemental Guidance
Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, for example, in the case of information systems containing export-controlled information and having connections to external networks (i.e., networks not controlled by organizations). Covert channel analysis is also meaningful for multilevel secure (MLS) information systems, multiple security level (MSL) systems, and cross-domain systems.
Control Enhancements
SC-31(1): Test Covert Channels For Exploitability
Baseline(s):
The organization tests a subset of the identified covert channels to determine which channels are exploitable.
SC-31(2): Maximum Bandwidth
Baseline(s):
The organization reduces the maximum bandwidth for identified covert [Selection (one or more); storage; timing] channels to [Assignment: organization-defined values].
SC-31(3): Measure Bandwidth In Operational Environments
Baseline(s):
The organization measures the bandwidth of [Assignment: organization-defined subset of identified covert channels] in the operational environment of the information system.