NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-48(1)Dynamic Relocation of Sensors or Monitoring Capabilities

Dynamically relocate {{ insert: param, sc-48.01_odp.01 }} to {{ insert: param, sc-48.01_odp.02 }} under the following conditions or circumstances: {{ insert: param, sc-48.01_odp.03 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

None.

Practitioner Notes

Dynamically relocate sensors based on real-time threat intelligence — moving monitoring to where it is needed most as the threat landscape changes.

Example 1: Configure your SIEM to automatically increase log collection and enable additional detection rules on network segments that show indicators of compromise. If the SIEM detects anomalous traffic on the finance VLAN, automatically enable deep packet inspection on that segment.

Example 2: Use SDN (Software-Defined Networking) to dynamically route traffic through IDS sensors based on threat level. During normal operations, sample 10 percent of traffic. When a threat is detected, route 100 percent of traffic on the affected segment through the IDS for full inspection.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability