Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization analyzes outbound communications traffic at the external boundary of the information system and selected [Assignment: organization-defined interior points within the system (e.g., subnetworks, subsystems)] to discover anomalies.
NIST 800-53 (r4) Supplemental Guidance:
Anomalies within organizational information systems include, for example, large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.
NIST 800-53 (r5) Discussion:
Organization-defined interior points include subnetworks and subsystems. Anomalies within organizational systems include large file transfers, long-time persistent connections, attempts to access information from unexpected locations, the use of unusual protocols and ports, the use of unmonitored network protocols (e.g., IPv6 usage during IPv4 transition), and attempted communications with suspected malicious external addresses.
38North Guidance:
Meets Minimum Requirement:
All outbound communications traffic at the external boundary and at selected interior points needs to be logged and analyzed to detect anomalies.
Best Practice: CSPs should develop a standard baseline for their information system. This baseline should include not only baseline configurations of external and internal boundary devices, but also traffic patterns, login and logoff patterns, normal file sizes, etc. and any deviation from the baseline should be detected and personnel notified to act upon.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configurations of solution(s) supporting and/or implementing monitoring and analysis of outbound communications traffic to detect anomalies..
CSP Implementation Tips: None
Page updated
Report abuse