SI-4(18): Analyze Traffic / Covert Exfiltration

Control Family:

System And Information Integrity

Parent Control:

SI-4: Information System Monitoring

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.RA-1
PR.DS-5
PR.IP-8
DE.AE-1
DE.AE-2
DE.AE-3
DE.AE-4
DE.CM-1
DE.CM-5
DE.CM-6
DE.CM-7
DE.DP-2
DE.DP-3
DE.DP-4
RS.AN-1
RS.CO-3

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-4(18): Analyze Traffic and Covert Exfiltration

Control Statement

The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [Assignment: organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.

Supplemental Guidance

Covert means that can be used for the unauthorized exfiltration of organizational information include, for example, steganography.