800-53|SC-31

Title

COVERT CHANNEL ANALYSIS

Description

The organization:

Supplemental

Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, for example, in the case of information systems containing export-controlled information and having connections to external networks (i.e., networks not controlled by organizations). Covert channel analysis is also meaningful for multilevel secure (MLS) information systems, multiple security level (MSL) systems, and cross-domain systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AC-4,PL-2

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.4.2 Ensure 'preserveFullyQualifiedReferrerUrl' is set to 'false'	Unix	CIS IBM WebSphere Liberty v1.0.0 L1
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000810 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs).	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.2v1 - The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.3v1 - The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.EXO.1.1v1 - Automatic forwarding to external domains SHALL be disabled.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.6.1v1 - Contact folders SHALL NOT be shared with all domains.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.6.2v1 - Calendar details SHALL NOT be shared with all domains.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.1v2 - A DLP solution SHALL be used.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.2v2 - The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.3v1 - The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.4v1 - At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.POWERPLATFORM.1.1v1 - The ability to create production and sandbox environments SHALL be restricted to admins.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.POWERPLATFORM.2.1v1 - A DLP policy SHALL be created to restrict connector access in the default Power Platform environment.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.POWERPLATFORM.2.2v1 - Non-default environments SHOULD have at least one DLP policy affecting them.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.2.1v1 - File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies).	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.3.1v1 - Expiration days for Anyone links SHALL be set to 30 days or less.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.TEAMS.3.1v1 - Contact with Skype users SHALL be blocked.	microsoft_azure	CISA SCuBA Microsoft 365 Teams v1.5.0

Detections

Analytics