800-53|SC-30(2)

Title

RANDOMNESS

Description

The organization employs [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets.

Supplemental

Randomness introduces increased levels of uncertainty for adversaries regarding the actions organizations take in defending against cyber attacks. Such actions may impede the ability of adversaries to correctly target information resources of organizations supporting critical missions/business functions. Uncertainty may also cause adversaries to hesitate before initiating or continuing attacks. Misdirection techniques involving randomness include, for example, performing certain routine actions at different times of day, employing different information technologies (e.g., browsers, search engines), using different suppliers, and rotating roles and responsibilities of organizational personnel.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: CONCEALMENT AND MISDIRECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items