CCI-002493

Defines the system components in which it will employ realistic but misleading information regarding its security state or posture.

Implementation Guidance

Determine if realistic but misleading information about the security state or posture of [SC-30(04)_ODP; system components for which realistic but misleading information about their security state or posture is employed are defined] is employed.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; configuration management policy and procedures; procedures addressing concealment and misdirection techniques for the system; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with the responsibility to define and employ realistic but misleading information about the security posture of system components]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the employment of realistic but misleading information about the security posture of system components].

The controls below (if any) were marked by NIST as being related to CCI-002493.