Navigate

CCI-001195

CCI-001195 Definition

The information system includes components specifically designed to be the target of malicious attacks for the purpose of detecting, deflecting, and analyzing such attacks.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed designs the information system to include decoy components specifically designed to be the target of malicious attacks for the purpose of detecting, deflecting, and analyzing such attacks.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the network topology diagrams, architecture documentation, or any other documentation identifying decoy components to be attacked to ensure the organization being inspected/assessed includes components specifically designed to be the target of malicious attacks for the purpose of detecting, deflecting, and analyzing such attacks.

Compelling Evidence

1.) Network topology diagrams. 2.) Architecture documentation (signed and dated), or any other relevant documentation (signed and dated).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001195.

Control	Description
SC-26	The information system includes components specifically designed to be the target of malicious attacks for the purpose of detecting, deflecting, and analyzing such attacks.