CCI-002498

Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert storage and/or timing channels.

Implementation Guidance

Determine if a covert channel analysis is performed to identify those aspects of communications within the system that are potential avenues for covert [SC-31_ODP; one or more of the following PARAMETER VALUES is/are selected: {storage; timing}] channels.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing covert channel analysis; system design documentation; system configuration settings and associated documentation; covert channel analysis documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with covert channel analysis responsibilities; system developers/integrators]. Test: [SELECT FROM: Organizational process for conducting covert channel analysis; mechanisms supporting and/or implementing covert channel analysis; mechanisms supporting and/or implementing the capability to estimate the bandwidth of covert channels].

The controls below (if any) were marked by NIST as being related to CCI-002498.