NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-31(1)Test Covert Channels for Exploitability

Test a subset of the identified covert channels to determine the channels that are exploitable.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

None.

Practitioner Notes

After identifying covert channels, test whether they can actually be exploited to transfer meaningful amounts of data.

Example 1: Use a DNS tunneling tool (like dnscat2 or iodine) in a controlled test to measure the bandwidth achievable through DNS covert channels on your network. If the bandwidth is high enough to be useful to an attacker, implement countermeasures.

Example 2: Test timing covert channels by measuring whether one process can reliably communicate information to another by modulating its use of shared resources (CPU, memory). Document the maximum achievable bandwidth and determine if it poses an acceptable risk.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability