NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-30(5)Concealment of System Components

Employ the following techniques to hide or conceal {{ insert: param, sc-30.05_odp.02 }}: {{ insert: param, sc-30.05_odp.01 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

By hiding, disguising, or concealing critical system components, organizations may be able to decrease the probability that adversaries target and successfully compromise those assets. Potential means to hide, disguise, or conceal system components include the configuration of routers or the use of encryption or virtualization techniques.

Practitioner Notes

Hide the existence or characteristics of specific system components so attackers do not know what to target.

Example 1: Configure your network to block ICMP echo requests to internal hosts and suppress TCP RST packets for closed ports. Attackers scanning your network receive no response, making it difficult to map your infrastructure.

Example 2: Use a reverse proxy that terminates all connections and presents a uniform front to external users. The proxy hides the number, type, and configuration of backend servers. To an attacker, everything looks like a single web server.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability