NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-31(3)Measure Bandwidth in Operational Environments

Measure the bandwidth of {{ insert: param, sc-31.03_odp }} in the operational environment of the system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Measuring covert channel bandwidth in specified operational environments helps organizations determine how much information can be covertly leaked before such leakage adversely affects mission or business functions. Covert channel bandwidth may be significantly different when measured in settings that are independent of the specific environments of operation, including laboratories or system development environments.

Practitioner Notes

Measure covert channel bandwidth in your actual operational environment, not just in a lab. Real-world conditions affect how much data can leak through covert channels.

Example 1: During operational testing, run covert channel bandwidth measurement tools while the system is under normal load. The results may differ significantly from lab measurements because shared resource contention affects covert channel throughput.

Example 2: Monitor network traffic patterns over time using your SIEM to establish baselines for protocol volumes. Significant deviations in DNS query volume, ICMP traffic, or unusual protocol field sizes may indicate active covert channel exploitation.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability