Navigate

CCI-002672

CCI-002672 Definition

The organization analyzes outbound communications traffic at organization-defined interior points within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to analyze outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information. The organization must maintain a record of the analysis.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of analysis to ensure the organization being inspected/assessed analyzes outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information.

Compelling Evidence

1.) Signed and dated System security plan documents a process to analyze outbound communications traffic at interior points defined in SI-4 (18), CCI 2670 within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information. 2.) Record of the analysis.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002672.

Control	Description
SI-4 (18)	The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [Assignment: organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.