Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at [Assignment: organization-defined interior points within the system (e.g., subsystems, subnetworks)] to detect covert exfiltration of information.
NIST 800-53 (r4) Supplemental Guidance:
Covert means that can be used for the unauthorized exfiltration of organizational information include, for example, steganography.
NIST 800-53 (r5) Discussion:
Organization-defined interior points include subnetworks and subsystems. Covert means that can be used to exfiltrate information include steganography.
38North Guidance:
Meets Minimum Requirement:
All outbound communications traffic at the external boundary and at selected interior points need to be logged and analyzed to detect covert exfiltration of information.
Best Practice: The CSP should deploy Data Loss Prevention (DLP) tooling within the information system to detect exfiltration of data not only that traverses outside the boundary but within the boundary. This can help mitigate the theft of data from insider threat sources.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configurations of solution(s) supporting and/or implementing monitoring and analysis of outbound communications traffic to detect covert exfiltration of information.
CSP Implementation Tips: None
Page updated
Report abuse