SI-4(18): Analyze Traffic and Covert Exfiltration

Control Family:

System and Information Integrity

Parent Control:

SI-4: System Monitoring

CSF v1.1 References:

ID.RA-1
PR.DS-5
PR.IP-8
DE.AE-1
DE.AE-2
DE.AE-3
DE.AE-4
DE.CM-1
DE.CM-4
DE.CM-5
DE.CM-6
DE.CM-7
DE.DP-2
DE.DP-3
DE.DP-4
DE.DP-5
RS.AN-1

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-4(18): Analyze Traffic / Covert Exfiltration

Control Statement

Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: [Assignment: organization-defined interior points within the system].

Supplemental Guidance

Organization-defined interior points include subnetworks and subsystems. Covert means that can be used to exfiltrate information include steganography.