SC-36(1)—Polling Techniques
>Control Description
Employ polling techniques to identify potential faults, errors, or compromises to the following processing and storage components: ⚙organization-defined distributed processing and storage components; and
Take the following actions in response to identified faults, errors, or compromises: ⚙organization-defined actions.
>Supplemental Guidance
Distributed processing and/or storage may be used to reduce opportunities for adversaries to compromise the confidentiality, integrity, or availability of organizational information and systems. However, the distribution of processing and storage components does not prevent adversaries from compromising one or more of the components. Polling compares the processing results and/or storage content from the distributed components and subsequently votes on the outcomes.
Polling identifies potential faults, compromises, or errors in the distributed processing and storage components.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of polling techniques?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-36(1)?
Technical Implementation:
- •How is polling techniques technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that polling techniques remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-36(1)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.