SC-7(16): Prevent Discovery of System Components

CSF v1.1 References:


(Not part of any baseline)

Previous Version:

Control Statement

Prevent the discovery of specific system components that represent a managed interface.

Supplemental Guidance

Preventing the discovery of system components representing a managed interface helps protect network addresses of those components from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery and require prior knowledge for access. Preventing the discovery of components and devices can be accomplished by not publishing network addresses, using network address translation, or not entering the addresses in domain name systems. Another prevention technique is to periodically change network addresses.