CCI-002487

Implementation Guidance

Determine if [SC-30(02)_ODP; techniques employed to introduce randomness into organizational operations and assets are defined] are employed to introduce randomness into organizational operations and assets.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing concealment and misdirection techniques for the system; system design documentation; system configuration settings and associated documentation; system architecture; list of techniques to be employed to introduce randomness into organizational operations and assets; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with the responsibility to implement concealment and misdirection techniques for systems]. Test: [SELECT FROM: Mechanisms supporting and/or implementing randomness as a concealment and misdirection technique].