SI-4(11): Analyze Communications Traffic Anomalies

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization analyzes outbound communications traffic at the external boundary of the information system and selected [Assignment: organization-defined interior points within the system (e.g., subnetworks, subsystems)] to discover anomalies.

Supplemental Guidance

Anomalies within organizational information systems include, for example, large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.