CCI-005042

Defines the systems or system components used to determine if organizational data has been exfiltrated or improperly removed from the organization.

Implementation Guidance

Determine if data or capabilities are embedded in [SI-20_ODP; the systems or system components with data or capabilities to be embedded are defined] to determine if organizational data has been exfiltrated or improperly removed from the organization.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; personally identifiable information processing policy; procedures addressing software and information integrity; system design documentation; system configuration settings and associated documentation; policy and procedures addressing the systems security engineering technique of deception; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for detecting tainted data; organizational personnel with systems security engineering responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Automated mechanisms for post-breach detection; decoys, traps, lures, and methods for deceiving adversaries; detection and notification mechanisms].

The controls below (if any) were marked by NIST as being related to CCI-005042.