SC-07(09) Restrict Threatening Outgoing Communications Traffic
(a) Detect and deny outgoing communications traffic posing a threat to external systems; and
(b) Audit the identity of internal users associated with denied communications.
Detecting outgoing communications traffic from internal actions that may pose threats to external systems is known as extrusion detection. Extrusion detection is carried out within the system at managed interfaces. Extrusion detection includes the analysis of incoming and outgoing communications traffic while searching for indications of internal threats to the security of external systems. Internal threats to external systems include traffic indicative of denial-of-service attacks, traffic with spoofed source addresses, and traffic that contains malicious code. Organizations have criteria to determine, update, and manage identified threats related to extrusion detection.
Related controls 7
- AU-02 Event Logging L M H P
- AU-06 Audit Record Review, Analysis, and Reporting L M H P
- SC-05 Denial-of-service Protection L M H P
- SC-38 Operations Security L M H P
- SC-44 Detonation Chambers L M H P
- SI-03 Malicious Code Protection L M H P
- SI-04 System Monitoring L M H P