800-53|SC-7(16)

Title

PREVENT DISCOVERY OF COMPONENTS / DEVICES

Description

The information system prevents discovery of specific system components composing a managed interface.

Supplemental

This control enhancement protects network addresses of information system components that are part of managed interfaces from discovery through common tools and techniques used to identify devices on networks. Network addresses are not available for discovery (e.g., network address not published or entered in domain name systems), requiring prior knowledge for access. Another obfuscation technique is to periodically change network addresses.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.1.4 Set 'ip verify unicast source reachable-via'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
7.2.5 Enable Ignore Broadcast Requests	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
7.2.5 Enable Ignore Broadcast Requests	Unix	CIS Debian Linux 7 L1 v1.0.0
7.2.6 Enable Bad Error Message Protection	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
7.2.6 Enable Bad Error Message Protection	Unix	CIS Debian Linux 7 L1 v1.0.0
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Firewall Stealth Mode	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Firewall Stealth Mode	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Ensure 'noproxyarp' is enabled for untrusted interfaces	Cisco_Firepower	Tenable Cisco Firepower Threat Defense Best Practices Audit
Ensure ICMP is restricted for untrusted interfaces	Cisco_Firepower	Tenable Cisco Firepower Threat Defense Best Practices Audit
Front panel security	ArubaOS	ArubaOS Switch 16.x Hardening Guide v1.0.0
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Firewall Stealth Mode	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253

Detections

Analytics