800-53|SC-30(5)

Title

CONCEALMENT OF SYSTEM COMPONENTS

Description

The organization employs [Assignment: organization-defined techniques] to hide or conceal [Assignment: organization-defined information system components].

Supplemental

By hiding, disguising, or otherwise concealing critical information system components, organizations may be able to decrease the probability that adversaries target and successfully compromise those assets. Potential means for organizations to hide and/or conceal information system components include, for example, configuration of routers or the use of honeynets or virtualization techniques.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: CONCEALMENT AND MISDIRECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.1 Alter the Advertised server.info String (verify server.info is not set to default)	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.2 Alter the Advertised server.number String (verify server.number is not set to default)	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.3 Alter the Advertised server.built String (verify server.built is not set to default)	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connecters (verify if xpoweredBy is set to false)	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.4.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connecters (verify the server value is blank)	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.12.9 Do not allow custom header status messages	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
2.1 Alter the Advertised server.info String	Unix	CIS Apache Tomcat 9 L2 v1.0.0
2.1 Alter the Advertised server.info String	Unix	CIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.1 Alter the Advertised server.info String	Unix	CIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.1 Alter the Advertised server.info String	Unix	CIS Apache Tomcat 7 L2 v1.1.0
2.2 Alter the Advertised server.number String	Unix	CIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.2 Alter the Advertised server.number String	Unix	CIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.2 Alter the Advertised server.number String	Unix	CIS Apache Tomcat 7 L2 v1.1.0
2.2 Alter the Advertised server.number String	Unix	CIS Apache Tomcat 9 L2 v1.0.0
2.3 Alter the Advertised server.built Date	Unix	CIS Apache Tomcat 7 L2 v1.1.0
2.3 Alter the Advertised server.built Date	Unix	CIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built Date	Unix	CIS Apache Tomcat 9 L2 v1.0.0
2.3 Alter the Advertised server.built Date	Unix	CIS Apache Tomcat 9 L2 v1.0.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors	Unix	CIS Apache Tomcat 7 L2 v1.1.0
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors	Unix	CIS Apache Tomcat 7 L2 v1.1.0 Middleware
3.1 Hide BIND Version String	Unix	CIS ISC BIND 9.0/9.5 v2.0.0
3.1.9 Disable instance discoverability	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.9 Disable instance discoverability	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.10 Disable instance discoverability - 'discover_inst = disable'	Unix	CIS IBM DB2 OS L2 v1.2.0
3.1.16 Disable database discovery	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.16 Disable database discovery	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.2.3 Disable database discover - 'discover_db = disable'	Unix	CIS IBM DB2 OS L2 v1.2.0
3.8 - Http banner reveals server information - Send Server Header	Unix	TNS Oracle WebLogic Server 11 Linux Best Practices
3.8 - Http banner reveals server information - Send Server Header	Windows	TNS Oracle WebLogic Server 11 Windows Best Practices
3.8 - Http banner reveals server information - X-Powered-By Header	Unix	TNS Oracle WebLogic Server 11 Linux Best Practices
3.8 - Http banner reveals server information - X-Powered-By Header	Windows	TNS Oracle WebLogic Server 11 Windows Best Practices
4.2 Remove Nameserver ID	Unix	CIS ISC BIND 9.0/9.5 v2.0.0
6.1 Hide BIND Version String	Unix	CIS BIND DNS v3.0.1 Authoritative Name Server
6.1 Hide BIND Version String	Unix	CIS BIND DNS v3.0.1 Caching Only Name Server
6.2 Hide Nameserver ID	Unix	CIS BIND DNS v3.0.1 Authoritative Name Server
6.2 Hide Nameserver ID	Unix	CIS BIND DNS v3.0.1 Caching Only Name Server
10.9 Do not allow custom header status messages	Unix	CIS Apache Tomcat 7 L2 v1.1.0
14 - Hide BIND Version String	Unix	BIND - TNS BIND Best Practices Audit v1.0.0
Server version information parameters should be turned off - 'ServerSignature Off'	Windows	TNS IBM HTTP Server Best Practice
Server version information parameters should be turned off - 'ServerSignature Off'	Unix	TNS IBM HTTP Server Best Practice Middleware
Server version information parameters should be turned off - 'ServerTokens Prod'	Windows	TNS IBM HTTP Server Best Practice
WA000-WI120 IIS7 - The Content Location header must not contain proprietary IP addresses.	Windows	DISA IIS 7.0 Web Site v1r19
WDNS-SI-000003 - The DNS Name Server software must be configured to refuse queries for its version information.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v1r14
WDNS-SI-000003 - The DNS Name Server software must be configured to refuse queries for its version information.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v2r1
WDNS-SI-000003 - The DNS Name Server software must be configured to refuse queries for its version information.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v2r4
WG520 A22 - Web server and/or operating system information must be protected.	Unix	DISA STIG Apache Server 2.2 Unix v1r11

Detections

Analytics