NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-19Information Leakage

Protect the system from information leakage due to electromagnetic signals emanations.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Information leakage is the intentional or unintentional release of data or information to an untrusted environment from electromagnetic signals emanations. The security categories or classifications of systems (with respect to confidentiality), organizational security policies, and risk tolerance guide the selection of controls employed to protect systems against information leakage due to electromagnetic signals emanations.

Practitioner Notes

Systems can leak information through electromagnetic signals — screen emissions, cable radiation, and other electronic emanations that can be intercepted from a distance. This control requires protection against such leakage.

Example 1: For systems processing sensitive information, use shielded cables (STP for network, shielded HDMI/DisplayPort) to reduce electromagnetic emissions. Position monitors away from windows where emissions could be captured from outside. Consider TEMPEST-rated equipment for classified environments.

Example 2: For most commercial environments, basic practices provide adequate protection: keep servers in interior rooms away from exterior walls, use fiber optic cabling (which does not emit electromagnetic signals) for connections that cross public spaces, and maintain physical distance between sensitive systems and areas accessible to the public.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification