800-53|SI-4(11)

Title

ANALYZE COMMUNICATIONS TRAFFIC ANOMALIES

Description

The organization analyzes outbound communications traffic at the external boundary of the information system and selected [Assignment: organization-defined interior points within the system (e.g., subnetworks, subsystems)] to discover anomalies.

Supplemental

Anomalies within organizational information systems include, for example, large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping	Cisco	DISA STIG Cisco NX-OS Switch L2S v1r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping	Cisco	DISA STIG Cisco IOS Switch L2S v2r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping	Cisco	DISA STIG Cisco IOS XE Switch L2S v1r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping	Cisco	DISA STIG Cisco NX-OS Switch L2S v2r1
F5BI-LT-000303 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound SMTP and Extended SMTP communications traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3
F5BI-LT-000303 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound SMTP and Extended SMTP communications traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
F5BI-LT-000305 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound FTP and FTPS communications traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
F5BI-LT-000305 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound FTP and FTPS communications traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3
F5BI-LT-000307 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound HTTP and HTTPS traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
F5BI-LT-000307 - The BIG-IP Core implementation must be configured to inspect for protocol compliance and protocol anomalies in inbound HTTP and HTTPS traffic to virtual servers.	F5	DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3

Detections

Analytics