CCI-002671

Analyze outbound communications traffic at the external interfaces of the system to detect covert exfiltration of information.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to analyze outbound communications traffic at the external boundary of the information system (i.e., system perimeter) to detect covert exfiltration of information. The organization must maintain a record of the analysis.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of analysis to ensure the organization being inspected/assessed analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) to detect covert exfiltration of information.

Compelling Evidence

1.) Signed and dated System security plan documents a process to analyze outbound communications traffic at the external boundary of the information system (i.e., system perimeter) to detect covert exfiltration of information. 2.) Record of analysis.

The controls below (if any) were marked by NIST as being related to CCI-002671.