SC-48 Sensor Relocation
Relocate sc-48_odp.01 to sc-48_odp.02 under the following conditions or circumstances: sc-48_odp.03.
| Parameter ID | Definition |
|---|---|
| sc-48_odp.01 | sensors and monitoring capabilities |
| sc-48_odp.02 | locations |
| sc-48_odp.03 | conditions or circumstances |
Baselines
- L
- M
- H
- P
Guidance
Adversaries may take various paths and use different approaches as they move laterally through an organization (including its systems) to reach their target or as they attempt to exfiltrate information from the organization. The organization often only has a limited set of monitoring and detection capabilities, and they may be focused on the critical or likely infiltration or exfiltration paths. By using communications paths that the organization typically does not monitor, the adversary can increase its chances of achieving its desired goals. By relocating its sensors or monitoring capabilities to new locations, the organization can impede the adversary’s ability to achieve its goals. The relocation of the sensors or monitoring capabilities might be done based on threat information that the organization has acquired or randomly to confuse the adversary and make its lateral transition through the system or organization more challenging.
References 1
- SP 800-160-2 Ross RS, Pillitteri VY, Graubart R, Bodeau D, McQuaid R (2019) Developing Cyber Resilient Systems: A Systems Security Engineering Approach. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 2.
Control Enhancements 1
Related controls 3
- AU-02 Event Logging L M H P
- SC-07 Boundary Protection L M H P
- SI-04 System Monitoring L M H P