CCI-002424

Defines the alternative physical controls to be employed when cryptographic mechanisms to conceal or randomize communication patterns are not implemented.

Implementation Guidance

Determine if cryptographic mechanisms are implemented to conceal or randomize communication patterns unless otherwise protected by [SC-08(04)_ODP; alternative physical controls to protect against unauthorized disclosure of communication patterns are defined].

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing transmission confidentiality and integrity; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer]. Test: [SELECT FROM: Cryptographic mechanisms supporting and/or implementing concealment or randomization of communication patterns; mechanisms supporting and/or implementing alternative physical safeguards; organizational processes for defining and implementing alternative physical safeguards].

The controls below (if any) were marked by NIST as being related to CCI-002424.