Detections
Analytics

800-53|SC-30

Title

CONCEALMENT AND MISDIRECTION

Description

The organization employs [Assignment: organization-defined concealment and misdirection techniques] for [Assignment: organization-defined information systems] at [Assignment: organization-defined time periods] to confuse and mislead adversaries.

Supplemental

Concealment and misdirection techniques can significantly reduce the targeting capability of adversaries (i.e., window of opportunity and available attack surface) to initiate and complete cyber attacks. For example, virtualization techniques provide organizations with the ability to disguise information systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. Increased use of concealment/misdirection techniques including, for example, randomness, uncertainty, and virtualization, may sufficiently confuse and mislead adversaries and subsequently increase the risk of discovery and/or exposing tradecraft. Concealment/misdirection techniques may also provide organizations additional time to successfully perform core missions and business functions. Because of the time and effort required to support concealment/misdirection techniques, it is anticipated that such techniques would be used by organizations on a very limited basis.

Reference Item Details

Related: SC-26,SC-29,SI-14

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.1 Alter the Advertised server.info String (verify server.info is not set to default)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.2 Alter the Advertised server.number String (verify server.number is not set to default)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.3 Alter the Advertised server.built String (verify server.built is not set to default)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connecters (verify if xpoweredBy is set to false)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connecters (verify the server value is blank)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.6.3 Enable Randomized Virtual Memory Region Placement 'kernel.randomize_va_space = 2'UnixCIS Red Hat Enterprise Linux 5 L1 v2.2
1.12.9 Do not allow custom header status messagesUnixCIS Apache Tomcat5.5/6.0 L2 v1.0
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 8 L2 v1.0.1
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 9 L2 v1.0.0
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 7 L2 v1.1.0
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 7 L2 v1.1.0
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 8 L2 v1.0.1
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 9 L2 v1.0.0
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 7 L2 v1.1.0
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 8 L2 v1.0.1
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 9 L2 v1.0.0
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 7 L2 v1.1.0
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 9 L2 v1.0.0
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 8 L2 v1.0.1
2.7 Ensure Sever Header is Modified To Prevent Information DisclosureUnixCIS Apache Tomcat 9 L2 v1.0.0
2.7 Ensure Sever Header is Modified To Prevent Information DisclosureUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
3.1 Hide BIND Version StringUnixCIS ISC BIND 9.0/9.5 v2.0.0
3.1.9 Disable instance discoverabilityUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.9 Disable instance discoverabilityUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.10 Disable instance discoverabilityUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.10 Disable instance discoverabilityUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.10 Disable instance discoverability - 'discover_inst = disable'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.16 Disable database discoveryUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.16 Disable database discoveryUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.17 Disable database discoveryUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.17 Disable database discoveryUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.2.3 Disable database discover - 'discover_db = disable'UnixCIS IBM DB2 OS L2 v1.2.0
3.11 Ensure Server Header is removed - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
3.11 Ensure Server Header is removed - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
3.11 Ensure X-Powered-By Header is removed - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
3.11 Ensure X-Powered-By Header is removed - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
10.9 Do not allow custom header status messagesUnixCIS Apache Tomcat 8 L2 v1.0.1
10.9 Do not allow custom header status messagesUnixCIS Apache Tomcat 7 L2 v1.1.0
10.9 Do not allow custom header status messagesUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
12 - Remove and mask informational headers - JSP ConfigurationUnixTNS Best Practice JBoss 7 Linux
12 - Remove and mask informational headers - Server Property OverrideUnixTNS Best Practice JBoss 7 Linux
14 - Hide BIND Version StringUnixBIND - TNS BIND Best Practices Audit v1.0.0