Navigate

CCI-002498

CCI-002498 Definition

The organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert storage and/or timing channels.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert storage and/or timing channels. The organization must maintain an audit trail of analyses.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the results of the analysis to ensure the organization being inspected/assessed performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert storage and/or timing channels.

Compelling Evidence

1.) Most current results of covert channel analysis.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002498.

Control	Description
SC-31	The organization: SC-31a.: Performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert [Selection (one or more): storage; timing] channels; and SC-31b.: Estimates the maximum bandwidth of those channels.