SC-7(16): Prevent Discovery of System Components
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SC-7(16): Prevent Discovery Of Components / Devices
Control Statement
Prevent the discovery of specific system components that represent a managed interface.
Supplemental Guidance
Preventing the discovery of system components representing a managed interface helps protect network addresses of those components from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery and require prior knowledge for access. Preventing the discovery of components and devices can be accomplished by not publishing network addresses, using network address translation, or not entering the addresses in domain name systems. Another prevention technique is to periodically change network addresses.