SI-4(18): Analyze Traffic / Covert Exfiltration

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [Assignment: organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.

Supplemental Guidance

Covert means that can be used for the unauthorized exfiltration of organizational information include, for example, steganography.