Navigate

SI-4(11)

SI-4(11): Analyze Communications Traffic Anomalies

The organization analyzes outbound communications traffic at the external boundary of the information system and selected [organization-defined interior points within the system (e.g., subnetworks, subsystems)] to discover anomalies.

Supplemental

Anomalies within organizational information systems include, for example, large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.

CIA Levels
Confidentiality	high
Integrity	high
Availability	high

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4(11).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4(11).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4(11).

CCI	Definition
CCI-001273	Analyze outbound communications traffic at the external interfaces to the system to discover anomalies.
CCI-001671	Analyze outbound communications traffic at selected organization-defined interior points within the system to discover anomalies.
CCI-002668	Defines the interior points within the system where outbound communications will be analyzed to discover anomalies.