SI-4(18)—System Monitoring | Analyze Traffic and Covert Exfiltration
IL4 Mod
IL4 High
IL5
IL6
>Control Description
Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: ⚙organization-defined interior points within the system.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
Organization-defined interior points include subnetworks and subsystems. Covert means that can be used to exfiltrate information include steganography.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern analyze traffic and covert exfiltration?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to analyze traffic and covert exfiltration issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-4(18) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
Ask AI
Configure your API key to use AI features.