SC-7(16): Prevent Discovery of System Components
(Not part of any baseline)
- NIST Special Publication 800-53 Revision 4:
- SC-7(16): Prevent Discovery Of Components / Devices
Prevent the discovery of specific system components that represent a managed interface.
Preventing the discovery of system components representing a managed interface helps protect network addresses of those components from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery and require prior knowledge for access. Preventing the discovery of components and devices can be accomplished by not publishing network addresses, using network address translation, or not entering the addresses in domain name systems. Another prevention technique is to periodically change network addresses.