This Control directly supports the implied Control(s):
Perform penetration tests, as necessary., CC ID: 00655
This Control has the following implementation support Control(s):
Estimate the maximum bandwidth of any covert channels., CC ID: 10653
Test systems to determine which covert channels might be exploited., CC ID: 10654
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Periodically scan for back-channel connections to the Internet that bypass the DMZ, including unauthorized VPN connections and dual-homed hosts connected to the enterprise network and to other networks via wireless, dial-up modems, or other mechanisms. (Control 12.8, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
The organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert {storage} channels. (SC-31a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
The organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert {timing} channels. (SC-31a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
Performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert [Selection (one or more): storage; timing] channels; and (SC-31a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert [Selection (one or more): storage; timing] channels; and (SC-31a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert [Selection (one or more): storage; timing] channels; and (SC-31a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)