Back

Establish, implement, and maintain a Technical Surveillance Countermeasures program.


CONTROL ID
11401
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Provide intelligence support to the organization, as necessary., CC ID: 14020

This Control has the following implementation support Control(s):
  • Determine the need for Technical Surveillance Countermeasures., CC ID: 11402
  • Assign qualified personnel to conduct Technical Surveillance Countermeasures surveys., CC ID: 11407
  • Conduct a Technical Surveillance Countermeasures survey., CC ID: 10637
  • Provide targeting support for the intelligence collection strategy., CC ID: 14268
  • Provide targeting products to support the intelligence collection strategy., CC ID: 14267
  • Establish, implement, and maintain an intelligence collection strategy., CC ID: 14017
  • Establish and maintain target lists, as necessary., CC ID: 14266
  • Collect threat intelligence, as necessary., CC ID: 14064
  • Protect the operations security of the Technical Surveillance Countermeasures program., CC ID: 11406
  • Establish, implement, and maintain Technical Surveillance Countermeasures support request procedures., CC ID: 11414
  • Establish, implement, and maintain cyber threat intelligence tools., CC ID: 12696
  • Conduct Technical Surveillance Countermeasures., CC ID: 11442
  • Evaluate the impact of foreign disclosure of Technical Surveillance Countermeasure equipment or techniques on national security., CC ID: 11476
  • Develop and maintain guidance on gathering intelligence on technical penetrations and Technical Surveillance Countermeasures., CC ID: 11477
  • Store Technical Surveillance Countermeasure equipment only in designated locations., CC ID: 11478
  • Communicate threat intelligence to interested personnel and affected parties., CC ID: 14016


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The FI should implement monitoring or surveillance systems so that it is alerted to any abnormal system activities, transmission errors or unusual online transactions. The FI should establish a follow-up process to verify that these issues or errors are adequately addressed subsequently. (§ 12.1.5, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Where Federal regulations are in conflict, duplicative, or overly burdensome, regulators must work together to minimize these harms. When necessary, the United States will pursue cross-border regulatory harmonization to prevent cybersecurity requirements from impeding digital trade flows. Where feas… (STRATEGIC OBJECTIVE 1.1 Subsection 2 ¶ 2, National Cybersecurity Strategy)