800-53|SC-30(2)

Title

RANDOMNESS

Description

The organization employs [Assignment: organization-defined techniques] to introduce randomness into organizational operations and assets.

Supplemental

Randomness introduces increased levels of uncertainty for adversaries regarding the actions organizations take in defending against cyber attacks. Such actions may impede the ability of adversaries to correctly target information resources of organizations supporting critical missions/business functions. Uncertainty may also cause adversaries to hesitate before initiating or continuing attacks. Misdirection techniques involving randomness include, for example, performing certain routine actions at different times of day, employing different information technologies (e.g., browsers, search engines), using different suppliers, and rotating roles and responsibilities of organizational personnel.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: CONCEALMENT AND MISDIRECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.3 Enable Randomized Virtual Memory Region Placement	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0

Detections

Analytics