SC-30—Concealment And Misdirection
>Control Description
>Control Enhancements(5)
>Cross-Framework Mappings
>Supplemental Guidance
Concealment and misdirection techniques can significantly reduce the targeting capabilities of adversaries (i.e., window of opportunity and available attack surface) to initiate and complete attacks. For example, virtualization techniques provide organizations with the ability to disguise systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. The increased use of concealment and misdirection techniques and methods--including randomness, uncertainty, and virtualization--may sufficiently confuse and mislead adversaries and subsequently increase the risk of discovery and/or exposing tradecraft.
Concealment and misdirection techniques may provide additional time to perform core mission and business functions. The implementation of concealment and misdirection techniques may add to the complexity and management overhead required for the system.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of concealment and misdirection?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-30?
Technical Implementation:
- •How is concealment and misdirection technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that concealment and misdirection remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-30?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.