Navigate

SI-4 (18)

SI-4 (18): Analyze Traffic / Covert Exfiltration

The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [Assignment: organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.

Supplemental

Covert means that can be used for the unauthorized exfiltration of organizational information include, for example, steganography.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4 (18).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4 (18).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4 (18).

CCI	Definition
CCI-002670	The organization defines the interior points within the system (e.g., subsystems, subnetworks) where outbound communications will be analyzed to detect covert exfiltration of information.
CCI-002671	The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) to detect covert exfiltration of information.
CCI-002672	The organization analyzes outbound communications traffic at organization-defined interior points within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information.