CCI-002672

Analyze outbound communications traffic at organization-defined interior points within the system to detect covert exfiltration of information.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to analyze outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information. The organization must maintain a record of the analysis.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of analysis to ensure the organization being inspected/assessed analyzes outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information.

Compelling Evidence

1.) Signed and dated System security plan documents a process to analyze outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information. 2.) Record of the analysis.

The controls below (if any) were marked by NIST as being related to CCI-002672.