Navigate

SI-4(18)

SI-4(18): Analyze Traffic / Covert Exfiltration

The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.

Supplemental

Covert means that can be used for the unauthorized exfiltration of organizational information include, for example, steganography.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4(18).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4(18).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4(18).

CCI	Definition
CCI-002670	Defines the interior points within the system where outbound communications will be analyzed to detect covert exfiltration of information.
CCI-002671	Analyze outbound communications traffic at the external interfaces of the system to detect covert exfiltration of information.
CCI-002672	Analyze outbound communications traffic at organization-defined interior points within the system to detect covert exfiltration of information.