Establish, implement, and maintain a Technical Surveillance Countermeasures program.
CONTROL ID 11401
CONTROL TYPE Technical Security
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Provide intelligence support to the organization, as necessary., CC ID: 14020
This Control has the following implementation support Control(s):
Determine the need for Technical Surveillance Countermeasures., CC ID: 11402
Assign qualified personnel to conduct Technical Surveillance Countermeasures surveys., CC ID: 11407
Conduct a Technical Surveillance Countermeasures survey., CC ID: 10637
Provide targeting support for the intelligence collection strategy., CC ID: 14268
Provide targeting products to support the intelligence collection strategy., CC ID: 14267
Establish, implement, and maintain an intelligence collection strategy., CC ID: 14017
Establish and maintain target lists, as necessary., CC ID: 14266
Collect threat intelligence, as necessary., CC ID: 14064
Protect the operations security of the Technical Surveillance Countermeasures program., CC ID: 11406
Establish, implement, and maintain Technical Surveillance Countermeasures support request procedures., CC ID: 11414
Establish, implement, and maintain cyber threat intelligence tools., CC ID: 12696
Conduct Technical Surveillance Countermeasures., CC ID: 11442
Evaluate the impact of foreign disclosure of Technical Surveillance Countermeasure equipment or techniques on national security., CC ID: 11476
Develop and maintain guidance on gathering intelligence on technical penetrations and Technical Surveillance Countermeasures., CC ID: 11477
Store Technical Surveillance Countermeasure equipment only in designated locations., CC ID: 11478
Communicate threat intelligence to interested personnel and affected parties., CC ID: 14016
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The FI should implement monitoring or surveillance systems so that it is alerted to any abnormal system activities, transmission errors or unusual online transactions. The FI should establish a follow-up process to verify that these issues or errors are adequately addressed subsequently. (§ 12.1.5, Monetary Authority of Singapore: Technology Risk Management Guidelines)
Where Federal regulations are in conflict, duplicative, or overly burdensome, regulators must work together to minimize these harms. When necessary, the United States will pursue cross-border regulatory harmonization to prevent cybersecurity requirements from impeding digital trade flows. Where feas… (STRATEGIC OBJECTIVE 1.1 Subsection 2 ¶ 2, National Cybersecurity Strategy)