>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-31Covert Channel Analysis

Technical

>Control Description

(A) The organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert [Selection (one or more): storage; timing] channels. (B) The organization estimates the maximum bandwidth of those channels.

>Supplemental Guidance

Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, for example, in the case of information systems containing export-controlled information and having connections to external networks (i.e., networks not controlled by organizations). Covert channel analysis is also meaningful for multilevel secure (MLS) information systems, multiple security level (MSL) systems, and cross-domain systems.

Related controls: AC-3, AC-4, PL-2

Ask AI

Configure your API key to use AI features.