myctrl.tools
Compare

SC-26Decoys

>Control Description

Include components within organizational systems specifically designed to be the target of malicious attacks for detecting, deflecting, and analyzing such attacks.

>Control Enhancements(1)

SC-26(1)

>Cross-Framework Mappings

SCF

SEA-11
Compare

>Supplemental Guidance

Decoys (i.e., honeypots, honeynets, or deception nets) are established to attract adversaries and deflect attacks away from the operational systems that support organizational mission and business functions. Use of decoys requires some supporting isolation measures to ensure that any deflected malicious code does not infect organizational systems. Depending on the specific usage of the decoy, consultation with the Office of the General Counsel before deployment may be needed.

>Related Controls

RA-5
SC-7
SC-30
SC-35
SC-44
SI-3
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of decoys?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-26?

Technical Implementation:

  • How is decoys technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that decoys remains effective as the system evolves?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-26?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.