SC-48—Sensor Relocation
>Control Description
>Control Enhancements(1)
>Cross-Framework Mappings
>Supplemental Guidance
Adversaries may take various paths and use different approaches as they move laterally through an organization (including its systems) to reach their target or as they attempt to exfiltrate information from the organization. The organization often only has a limited set of monitoring and detection capabilities, and they may be focused on the critical or likely infiltration or exfiltration paths. By using communications paths that the organization typically does not monitor, the adversary can increase its chances of achieving its desired goals.
By relocating its sensors or monitoring capabilities to new locations, the organization can impede the adversary's ability to achieve its goals. The relocation of the sensors or monitoring capabilities might be done based on threat information that the organization has acquired or randomly to confuse the adversary and make its lateral transition through the system or organization more challenging.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of sensor relocation?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-48?
Technical Implementation:
- •How is sensor relocation technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that sensor relocation remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-48?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.