Back

Introduce randomness into organizational operations and assets.


CONTROL ID
10650
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Operational management, CC ID: 00805

This Control has the following implementation support Control(s):
  • Change the locations of processing facilities at random intervals., CC ID: 10651
  • Change the locations of storage facilities at random intervals., CC ID: 10661


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Employ [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Employ [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Implement the following changes to organizational systems and system components to introduce a degree of unpredictability into operations: [Assignment: organization-defined changes and frequency of changes by system and system component]. (3.13.2e, Enhanced Security Requirements for Protecting Controlled Unclassified Information, NIST SP 800-172)
  • The organization employs {organizationally documented techniques} to introduce randomness into organizational operations and assets. (SC-30(2), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Employ [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employ [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization employs [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets. (SC-30(2) ¶ 1, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)