NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-31(2)Maximum Bandwidth

Reduce the maximum bandwidth for identified covert {{ insert: param, sc-31.02_odp.01 }} channels to {{ insert: param, sc-31.02_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The complete elimination of covert channels, especially covert timing channels, is usually not possible without significant performance impacts.

Practitioner Notes

Set maximum allowable bandwidth for identified covert channels to limit the amount of data that could be exfiltrated through them.

Example 1: After identifying DNS as a potential covert channel, configure your DNS server to limit the rate and size of DNS queries from any single host. Cap queries to 100 per minute and limit TXT record responses to standard sizes.

Example 2: Implement network traffic rate limiting on protocols commonly used for covert channels. Cap ICMP traffic to minimal levels needed for network diagnostics. Limit outbound DNS query rates. These limits reduce the bandwidth available for covert data exfiltration.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability