800-53|SC-7(16)

Title

PREVENT DISCOVERY OF COMPONENTS / DEVICES

Description

The information system prevents discovery of specific system components composing a managed interface.

Supplemental

This control enhancement protects network addresses of information system components that are part of managed interfaces from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery (e.g., network address not published or entered in domain name systems), requiring prior knowledge for access. Another obfuscation technique is to periodically change network addresses.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.1.4 Set 'ip verify unicast source reachable-via'CiscoCIS Cisco IOS 12 L2 v4.0.0
7.2.5 Enable Ignore Broadcast RequestsUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
7.2.5 Enable Ignore Broadcast RequestsUnixCIS Debian Linux 7 L1 v1.0.0
7.2.6 Enable Bad Error Message ProtectionUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
7.2.6 Enable Bad Error Message ProtectionUnixCIS Debian Linux 7 L1 v1.0.0
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Firewall Stealth ModeUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Firewall Stealth ModeUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Ensure 'noproxyarp' is enabled for untrusted interfacesCisco_FirepowerTenable Cisco Firepower Threat Defense Best Practices Audit
Ensure ICMP is restricted for untrusted interfacesCisco_FirepowerTenable Cisco Firepower Threat Defense Best Practices Audit
Front panel securityArubaOSArubaOS Switch 16.x Hardening Guide v1.0.0
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Firewall Stealth ModeUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
PCI 2.2.4 Verify common security parameter settings - 'net.ipv4.icmp_ignore_bogus_error_responses = 1'UnixPCI DSS 2.0/3.0 - Red Hat Linux