SC-31(3): Measure Bandwidth In Operational Environments
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
(Not part of any baseline)
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SC-31(3): Measure Bandwidth in Operational Environments
Control Statement
The organization measures the bandwidth of [Assignment: organization-defined subset of identified covert channels] in the operational environment of the information system.
Supplemental Guidance
This control enhancement addresses covert channel bandwidth in operational environments versus developmental environments. Measuring covert channel bandwidth in operational environments helps organizations to determine how much information can be covertly leaked before such leakage adversely affects organizational missions/business functions. Covert channel bandwidth may be significantly different when measured in those settings that are independent of the particular environments of operation (e.g., laboratories or development environments).