SC 30 CONCEALMENT AND MISDIRECTION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control: Employ the following concealment and misdirection techniques for [ Assignment: organization-defined systems ] at [ Assignment: organization-defined time periods ] to confuse and mislead adversaries: [ Assignment: organization-defined concealment and misdirection techniques ].

Discussion: Concealment and misdirection techniques can significantly reduce the targeting capabilities of adversaries (i.e., window of opportunity and available attack surface) to initiate and complete attacks. For example, virtualization techniques provide organizations with the ability to disguise systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. The increased use of concealment and misdirection techniques and methods—including randomness, uncertainty, and virtualization—may sufficiently confuse and mislead adversaries and subsequently increase the risk of discovery and/or exposing tradecraft. Concealment and misdirection techniques may provide additional time to perform core mission and business functions. The implementation of concealment and misdirection techniques may add to the complexity and management overhead required for the system.

Related Controls: AC-6 , SC-25 , SC-26 , SC-29 , SC-44 , SI-14.

Control Enhancements:

• (1) CONCEALMENT AND MISDIRECTION / VIRTUALIZATION TECHNIQUES
  [Withdrawn: Incorporated into SC-29(1).]

• (2) CONCEALMENT AND MISDIRECTION / RANDOMNESS
  Employ [ Assignment: organization-defined techniques ] to introduce randomness into organizational operations and assets.

  Discussion: Randomness introduces increased levels of uncertainty for adversaries regarding the actions that organizations take to defend their systems against attacks. Such actions may impede the ability of adversaries to correctly target information resources of organizations that support critical missions or business functions. Uncertainty may also cause adversaries to hesitate before initiating or continuing attacks. Misdirection techniques that involve randomness include performing certain routine actions at different times of day, employing different information technologies, using different suppliers, and rotating roles and responsibilities of organizational personnel.

  Related Controls: None.

• (3) CONCEALMENT AND MISDIRECTION / CHANGE PROCESSING AND STORAGE LOCATIONS
  Change the location of [ Assignment: organization-defined processing and/or storage ] [ Selection: [ Assignment: organization-defined time frequency ] ; at random time intervals ]].

  Discussion: Adversaries target critical mission and business functions and the systems that support those mission and business functions while also trying to minimize the exposure of their existence and tradecraft. The static, homogeneous, and deterministic nature of organizational systems targeted by adversaries make such systems more susceptible to attacks with less adversary cost and effort to be successful. Changing processing and storage locations (also referred to as moving target defense) addresses the advanced persistent threat using techniques such as virtualization, distributed processing, and replication. This enables organizations to relocate the system components (i.e., processing, storage) that support critical mission and business functions. Changing the locations of processing activities and/or storage sites introduces a degree of uncertainty into the targeting activities of adversaries. The targeting uncertainty increases the work factor of adversaries and makes compromises or breaches of the organizational systems more difficult and time-consuming. It also increases the chances that adversaries may inadvertently disclose certain aspects of their tradecraft while attempting to locate critical organizational resources.

  Related Controls: None.

• (4) CONCEALMENT AND MISDIRECTION / MISLEADING INFORMATION
  Employ realistic, but misleading information in [ Assignment: organization-defined system components ] about its security state or posture.

  Discussion: Employing misleading information is intended to confuse potential adversaries regarding the nature and extent of controls deployed by organizations. Thus, adversaries may employ incorrect and ineffective attack techniques. One technique for misleading adversaries is for organizations to place misleading information regarding the specific controls deployed in external systems that are known to be targeted by adversaries. Another technique is the use of deception nets that mimic actual aspects of organizational systems but use, for example, out-of-date software configurations.

  Related Controls: SC-26.

• (5) CONCEALMENT AND MISDIRECTION / CONCEALMENT OF SYSTEM COMPONENTS
  Employ the following techniques to hide or conceal [ Assignment: organization-defined system components ]: [ Assignment: organization-defined techniques ].

  Discussion: By hiding, disguising, or concealing critical system components, organizations may be able to decrease the probability that adversaries target and successfully compromise those assets. Potential means to hide, disguise, or conceal system components include the configuration of routers or the use of encryption or virtualization techniques.

  Related Controls: None.

References: None.