SC-7(16): Prevent Discovery Of Components / Devices

Control Family:

System And Communications Protection

Parent Control:

SC-7: Boundary Protection

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-7(16): Prevent Discovery of System Components

Control Statement

The information system prevents discovery of specific system components composing a managed interface.

Supplemental Guidance

This control enhancement protects network addresses of information system components that are part of managed interfaces from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery (e.g., network address not published or entered in domain name systems), requiring prior knowledge for access. Another obfuscation technique is to periodically change network addresses.