Detections
Analytics

800-53|SC-30

Title

CONCEALMENT AND MISDIRECTION

Description

The organization employs [Assignment: organization-defined concealment and misdirection techniques] for [Assignment: organization-defined information systems] at [Assignment: organization-defined time periods] to confuse and mislead adversaries.

Supplemental

Concealment and misdirection techniques can significantly reduce the targeting capability of adversaries (i.e., window of opportunity and available attack surface) to initiate and complete cyber attacks. For example, virtualization techniques provide organizations with the ability to disguise information systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. Increased use of concealment/misdirection techniques including, for example, randomness, uncertainty, and virtualization, may sufficiently confuse and mislead adversaries and subsequently increase the risk of discovery and/or exposing tradecraft. Concealment/misdirection techniques may also provide organizations additional time to successfully perform core missions and business functions. Because of the time and effort required to support concealment/misdirection techniques, it is anticipated that such techniques would be used by organizations on a very limited basis.

Reference Item Details

Related: SC-26,SC-29,SI-14

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 7 L2 v1.1.0
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 7 L2 v1.1.0
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 7 L2 v1.1.0
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 7 L2 v1.1.0
3.1 Hide BIND Version StringUnixCIS ISC BIND 9.0/9.5 v2.0.0
3.1.9 Disable instance discoverabilityUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.9 Disable instance discoverabilityUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.10 Disable instance discoverability - 'discover_inst = disable'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.16 Disable database discoveryUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.16 Disable database discoveryUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.2.3 Disable database discover - 'discover_db = disable'UnixCIS IBM DB2 OS L2 v1.2.0
4.2 Remove Nameserver IDUnixCIS ISC BIND 9.0/9.5 v2.0.0
4.3 Enable Randomized Virtual Memory Region PlacementUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
6.1 Hide BIND Version StringUnixCIS BIND DNS v3.0.1 Caching Only Name Server
6.1 Hide BIND Version StringUnixCIS BIND DNS v3.0.1 Authoritative Name Server
6.2 Hide Nameserver IDUnixCIS BIND DNS v3.0.1 Caching Only Name Server
6.2 Hide Nameserver IDUnixCIS BIND DNS v3.0.1 Authoritative Name Server
10.9 Do not allow custom header status messagesUnixCIS Apache Tomcat 7 L2 v1.1.0
10.9 Do not allow custom header status messagesUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
12 - Remove and mask informational headers - JSP ConfigurationUnixTNS Best Practice JBoss 7 Linux
12 - Remove and mask informational headers - Server Property OverrideUnixTNS Best Practice JBoss 7 Linux
Server version information parameters should be turned off - 'ServerSignature Off'UnixTNS IBM HTTP Server Best Practice
Server version information parameters should be turned off - 'ServerSignature Off'WindowsTNS IBM HTTP Server Best Practice
Server version information parameters should be turned off - 'ServerSignature Off'UnixTNS IBM HTTP Server Best Practice Middleware
Server version information parameters should be turned off - 'ServerTokens Prod'UnixTNS IBM HTTP Server Best Practice
Server version information parameters should be turned off - 'ServerTokens Prod'WindowsTNS IBM HTTP Server Best Practice
Server version information parameters should be turned off - 'ServerTokens Prod'UnixTNS IBM HTTP Server Best Practice Middleware
WG520 A22 - Web server and/or operating system information must be protected.UnixDISA STIG Apache Server 2.2 Unix v1r11 Middleware
WG520 A22 - Web server and/or operating system information must be protected.UnixDISA STIG Apache Server 2.2 Unix v1r11