SC-35: Honeyclients

Control Family:

System And Communications Protection

Priority:

P0: Security control not selected in any baseline.

Threats Addressed:

Lateral Movement

Baselines:

Low
N/A
Moderate
N/A
High
N/A

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-35: External Malicious Code Identification

Control Statement

The information system includes components that proactively seek to identify malicious websites and/or web-based malicious code.

Supplemental Guidance

Honeyclients differ from honeypots in that the components actively probe the Internet in search of malicious code (e.g., worms) contained on external websites. As with honeypots, honeyclients require some supporting isolation measures (e.g., virtualization) to ensure that any malicious code discovered during the search and subsequently executed does not infect organizational information systems.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 4

Critical Security Controls Version 7.1